package org.njgzr.security.base.realm;

import javax.annotation.PostConstruct;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.njgzr.security.base.AuthorizedUser;
import org.njgzr.security.base.Encodes;
import org.njgzr.security.base.Password;
import org.njgzr.security.base.token.UsernamePasswordWithCaptchaToken;
import org.njgzr.security.credential.MultiCredentialsMatcher;
import org.njgzr.security.interfaces.SecurityService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:org/njgzr/security/base/realm/DbRealm.class */
public class DbRealm extends AuthorizingRealm {

    @Autowired(required = false)
    private SecurityService securityService;

    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof UsernamePasswordWithCaptchaToken;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        AuthorizedUser findByPrincipal = this.securityService.findByPrincipal(authenticationToken.getPrincipal());
        if (findByPrincipal == null) {
            return null;
        }
        if (findByPrincipal.isLocked()) {
            throw new LockedAccountException();
        }
        if (findByPrincipal.isDisable()) {
            throw new DisabledAccountException();
        }
        Password findPassword = this.securityService.findPassword(findByPrincipal);
        return new SimpleAuthenticationInfo(findByPrincipal, findPassword.getValue(), findPassword.getSalt() == null ? null : ByteSource.Util.bytes(Encodes.decodeHex(findPassword.getSalt())), getName());
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        AuthorizedUser authorizedUser = (AuthorizedUser) principalCollection.getPrimaryPrincipal();
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        if (null != authorizedUser.getStringRoles()) {
            simpleAuthorizationInfo.addRoles(authorizedUser.getStringRoles());
        }
        if (null != authorizedUser.getStringPermissions()) {
            simpleAuthorizationInfo.addStringPermissions(authorizedUser.getStringPermissions());
        }
        return simpleAuthorizationInfo;
    }

    @PostConstruct
    public void initCredentialsMatcher() {
        CredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(Password.HASH_ALGORITHM_SHA1);
        hashedCredentialsMatcher.setHashIterations(Password.HASH_INTERATIONS);
        setCredentialsMatcher(new MultiCredentialsMatcher(hashedCredentialsMatcher, new HashedCredentialsMatcher(Password.HASH_ALGORITHM_MD5)));
    }
}
