package com.github.davidfantasy.jwtshiro.shiro;

import com.auth0.jwt.interfaces.DecodedJWT;
import com.github.davidfantasy.jwtshiro.AuthUserLoader;
import com.github.davidfantasy.jwtshiro.JWTHelper;
import com.github.davidfantasy.jwtshiro.UserInfo;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

/* loaded from: input_file:com/github/davidfantasy/jwtshiro/shiro/JWTShiroRealm.class */
public class JWTShiroRealm extends AuthorizingRealm {
    private AuthUserLoader userLoader;
    private JWTHelper jwtHelper;

    public JWTShiroRealm(AuthUserLoader authUserLoader, JWTHelper jWTHelper) {
        this.jwtHelper = jWTHelper;
        this.userLoader = authUserLoader;
    }

    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof JWTToken;
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        JWTPrincipal jWTPrincipal = (JWTPrincipal) principalCollection.getPrimaryPrincipal();
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        UserInfo userInfo = this.userLoader.getUserInfo(jWTPrincipal.getAccount());
        if (userInfo != null && userInfo.getPermissions() != null) {
            simpleAuthorizationInfo.addStringPermissions(userInfo.getPermissions());
        }
        return simpleAuthorizationInfo;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String str = (String) authenticationToken.getCredentials();
        String account = this.jwtHelper.getAccount(str);
        if (account == null) {
            throw new AuthenticationException("无效的请求");
        }
        UserInfo userInfo = this.userLoader.getUserInfo(account);
        if (userInfo == null) {
            throw new AuthenticationException("未找到用户信息");
        }
        DecodedJWT verify = this.jwtHelper.verify(str, account, userInfo.getPassword());
        if (verify == null) {
            throw new AuthenticationException("token已经过期，请重新登录");
        }
        JWTPrincipal jWTPrincipal = new JWTPrincipal();
        jWTPrincipal.setAccount(userInfo.getAccount());
        jWTPrincipal.setExpiresAt(verify.getExpiresAt().getTime());
        return new SimpleAuthenticationInfo(jWTPrincipal, str, getName());
    }
}
