package com.diboot.iam.jwt;

import com.diboot.core.config.Cons;
import com.diboot.core.service.BaseService;
import com.diboot.core.util.BeanUtils;
import com.diboot.core.util.ContextHelper;
import com.diboot.core.util.V;
import com.diboot.iam.annotation.process.ApiPermissionCache;
import com.diboot.iam.auth.AuthService;
import com.diboot.iam.auth.AuthServiceFactory;
import com.diboot.iam.entity.IamAccount;
import com.diboot.iam.entity.IamRole;
import com.diboot.iam.service.IamRolePermissionService;
import com.diboot.iam.service.IamUserRoleService;
import com.diboot.iam.util.IamSecurityUtils;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/diboot/iam/jwt/BaseJwtRealm.class */
public class BaseJwtRealm extends AuthorizingRealm {
    private static final Logger log = LoggerFactory.getLogger(BaseJwtRealm.class);

    @Autowired
    private IamUserRoleService iamUserRoleService;

    @Autowired
    private IamRolePermissionService iamRolePermissionService;

    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken != null && (authenticationToken instanceof BaseJwtAuthToken);
    }

    public Class<?> getAuthenticationTokenClass() {
        return BaseJwtRealm.class;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        BaseJwtAuthToken baseJwtAuthToken = (BaseJwtAuthToken) authenticationToken;
        if (V.isEmpty((String) baseJwtAuthToken.getPrincipal())) {
            throw new AuthenticationException("无效的用户标识");
        }
        AuthService authService = AuthServiceFactory.getAuthService(baseJwtAuthToken.getAuthType());
        if (authService == null) {
            baseJwtAuthToken.clearAuthtoken();
            throw new AuthenticationException("认证类型: " + baseJwtAuthToken.getAuthType() + " 的AccountAuthService未实现！");
        }
        IamAccount account = authService.getAccount(baseJwtAuthToken);
        if (account == null) {
            baseJwtAuthToken.clearAuthtoken();
            throw new AuthenticationException("用户账号或密码错误！");
        }
        BaseService baseServiceByEntity = ContextHelper.getBaseServiceByEntity(baseJwtAuthToken.getUserTypeClass());
        if (baseServiceByEntity == null) {
            throw new AuthenticationException("用户 " + baseJwtAuthToken.getUserTypeClass().getName() + " 相关的Service未定义！");
        }
        Object entity = baseServiceByEntity.getEntity(account.getUserId());
        if (entity == null) {
            throw new AuthenticationException("用户不存在");
        }
        clearCachedAuthorizationInfo(IamSecurityUtils.getSubject().getPrincipals());
        return new SimpleAuthenticationInfo(entity, baseJwtAuthToken.getCredentials(), getName());
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        Object primaryPrincipal = principalCollection.getPrimaryPrincipal();
        List<IamRole> userRoleList = this.iamUserRoleService.getUserRoleList(primaryPrincipal.getClass().getSimpleName(), (Long) BeanUtils.getProperty(primaryPrincipal, Cons.FieldName.id.name()));
        if (V.isEmpty(userRoleList)) {
            return simpleAuthorizationInfo;
        }
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        userRoleList.stream().forEach(iamRole -> {
            hashSet.add(iamRole.getCode());
            arrayList.add(iamRole.getId());
        });
        HashSet hashSet2 = new HashSet();
        List<String> apiUrlList = this.iamRolePermissionService.getApiUrlList(com.diboot.iam.config.Cons.APPLICATION, arrayList);
        if (V.notEmpty(apiUrlList)) {
            apiUrlList.stream().forEach(str -> {
                for (String str : str.split(",")) {
                    String permissionCode = ApiPermissionCache.getPermissionCode(str);
                    if (permissionCode != null) {
                        hashSet2.add(permissionCode);
                    }
                }
            });
        }
        simpleAuthorizationInfo.setRoles(hashSet);
        simpleAuthorizationInfo.setStringPermissions(hashSet2);
        return simpleAuthorizationInfo;
    }
}
