package org.rdlinux.ezsecurity.shiro.security.rootfilter.secutirylogic.impl;

import java.util.concurrent.TimeUnit;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.rdlinux.ezsecurity.shiro.content.EzSecurityContent;
import org.rdlinux.ezsecurity.shiro.security.authc.SecurityToken;
import org.rdlinux.ezsecurity.shiro.security.client.AuthClient;
import org.rdlinux.ezsecurity.shiro.security.client.ClientHolder;
import org.rdlinux.ezsecurity.shiro.security.profile.SubjectProfile;
import org.rdlinux.ezsecurity.shiro.security.rootfilter.secutirylogic.SecurityLogic;
import org.rdlinux.ezsecurity.shiro.security.session.SessionKeyStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/rdlinux/ezsecurity/shiro/security/rootfilter/secutirylogic/impl/DefaultSecurityLogic.class */
public class DefaultSecurityLogic implements SecurityLogic {
    private static final Logger log = LoggerFactory.getLogger(DefaultSecurityLogic.class);
    private static final String SUBJECT_PROFILE_KEY = "subjectProfile";
    private ClientHolder clientHolder;
    private SessionKeyStore sessionKeyStore;
    private boolean enableSession = true;

    @Override // org.rdlinux.ezsecurity.shiro.security.rootfilter.secutirylogic.SecurityLogic
    public boolean logic(ServletRequest servletRequest, ServletResponse servletResponse, Subject subject) {
        EzSecurityContent.setCurrentClient(this.clientHolder.find(servletRequest));
        if (isAccessAllowed(subject)) {
            return true;
        }
        return onAccessDenied(servletRequest, servletResponse, subject);
    }

    protected boolean isAccessAllowed(Subject subject) {
        return subject.isAuthenticated() && EzSecurityContent.getCurrentClient().lazyAuth();
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse, Subject subject) {
        AuthClient currentClient = EzSecurityContent.getCurrentClient();
        try {
            SubjectProfile subjectProfile = currentClient.getSubjectProfile(servletRequest);
            if (subjectProfile != null) {
                servletRequest.setAttribute(SUBJECT_PROFILE_KEY, subjectProfile);
                return executeLogin(servletRequest, servletResponse, subject, subjectProfile);
            }
            if (!currentClient.lazyAuth() && subject.isAuthenticated()) {
                subject.logout();
            }
            return true;
        } catch (Exception e) {
            log.error("执行登录失败", e);
            EzSecurityContent.setException(e);
            return true;
        }
    }

    protected boolean executeLogin(ServletRequest servletRequest, ServletResponse servletResponse, Subject subject, SubjectProfile subjectProfile) {
        AuthClient currentClient = EzSecurityContent.getCurrentClient();
        if (!currentClient.lazyAuth() || !subject.isAuthenticated()) {
            SecurityToken securityToken = new SecurityToken(subjectProfile);
            boolean signInBefore = currentClient.signInBefore(subjectProfile, servletRequest, servletResponse);
            if (signInBefore) {
                subject.login(securityToken);
                signInBefore = currentClient.signInAfter(subjectProfile, servletRequest, servletResponse);
            }
            return signInBefore;
        }
        if (!this.enableSession) {
            return true;
        }
        try {
            Session session = subject.getSession();
            if (this.sessionKeyStore != null) {
                this.sessionKeyStore.addMap(currentClient.getSessionIdKey(servletRequest), session.getId().toString(), session.getTimeout(), TimeUnit.MILLISECONDS);
            }
            return true;
        } catch (Exception e) {
            return true;
        }
    }

    public ClientHolder getClientHolder() {
        return this.clientHolder;
    }

    public SessionKeyStore getSessionKeyStore() {
        return this.sessionKeyStore;
    }

    public boolean isEnableSession() {
        return this.enableSession;
    }

    public void setClientHolder(ClientHolder clientHolder) {
        this.clientHolder = clientHolder;
    }

    public void setSessionKeyStore(SessionKeyStore sessionKeyStore) {
        this.sessionKeyStore = sessionKeyStore;
    }

    public void setEnableSession(boolean z) {
        this.enableSession = z;
    }
}
