package org.broadleafcommerce.profile.web.security;

import java.util.ArrayList;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.TextEscapeUtils;

/* loaded from: input_file:org/broadleafcommerce/profile/web/security/BroadleafAuthenticationProcessingFilter.class */
public class BroadleafAuthenticationProcessingFilter extends UsernamePasswordAuthenticationFilter {
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        Authentication authentication;
        try {
            authentication = super.attemptAuthentication(httpServletRequest, httpServletResponse);
        } catch (CredentialsExpiredException e) {
            String obtainUsername = obtainUsername(httpServletRequest);
            String obtainPassword = obtainPassword(httpServletRequest);
            if (obtainUsername == null) {
                obtainUsername = "";
            }
            if (obtainPassword == null) {
                obtainPassword = "";
            }
            String trim = obtainUsername.trim();
            ArrayList arrayList = new ArrayList();
            arrayList.add(new GrantedAuthorityImpl("ROLE_PASSWORD_CHANGE_REQUIRED"));
            Authentication usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(trim, obtainPassword, arrayList);
            if (httpServletRequest.getSession(false) != null || getAllowSessionCreation()) {
                httpServletRequest.getSession().setAttribute("SPRING_SECURITY_LAST_USERNAME", TextEscapeUtils.escapeEntities(trim));
            }
            setDetails(httpServletRequest, usernamePasswordAuthenticationToken);
            authentication = usernamePasswordAuthenticationToken;
        }
        return authentication;
    }
}
