package com.diboot.iam.shiro;

import com.diboot.core.service.BaseService;
import com.diboot.core.util.ContextHelper;
import com.diboot.core.util.S;
import com.diboot.core.util.V;
import com.diboot.core.vo.LabelValue;
import com.diboot.iam.auth.AuthService;
import com.diboot.iam.auth.AuthServiceFactory;
import com.diboot.iam.auth.IamExtensible;
import com.diboot.iam.config.Cons;
import com.diboot.iam.entity.BaseLoginUser;
import com.diboot.iam.entity.IamAccount;
import com.diboot.iam.entity.IamRole;
import com.diboot.iam.service.IamRoleResourceService;
import com.diboot.iam.service.IamUserRoleService;
import com.diboot.iam.util.IamSecurityUtils;
import com.diboot.iam.vo.PositionDataScope;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/diboot/iam/shiro/IamAuthorizingRealm.class */
public class IamAuthorizingRealm extends AuthorizingRealm {
    private static final Logger log = LoggerFactory.getLogger(IamAuthorizingRealm.class);
    private IamUserRoleService iamUserRoleService;
    private IamRoleResourceService iamRoleResourceService;

    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken != null && (authenticationToken instanceof IamAuthToken);
    }

    public Class<?> getAuthenticationTokenClass() {
        return IamAuthorizingRealm.class;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        LabelValue userExtensionObj;
        IamAuthToken iamAuthToken = (IamAuthToken) authenticationToken;
        if (V.isEmpty((String) iamAuthToken.getPrincipal())) {
            throw new AuthenticationException("无效的用户标识");
        }
        AuthService authService = AuthServiceFactory.getAuthService(iamAuthToken.getAuthType());
        if (authService == null) {
            iamAuthToken.clearAuthtoken();
            throw new AuthenticationException("认证类型: " + iamAuthToken.getAuthType() + " 的AccountAuthService未实现！");
        }
        IamAccount account = authService.getAccount(iamAuthToken);
        if (account == null) {
            iamAuthToken.clearAuthtoken();
            throw new AuthenticationException("用户账号或密码错误！");
        }
        BaseService baseServiceByEntity = ContextHelper.getBaseServiceByEntity(iamAuthToken.getUserTypeClass());
        if (baseServiceByEntity == null) {
            throw new AuthenticationException("用户 " + iamAuthToken.getUserTypeClass().getName() + " 相关的Service未定义！");
        }
        BaseLoginUser baseLoginUser = (BaseLoginUser) baseServiceByEntity.getEntity(account.getUserId());
        if (baseLoginUser == null) {
            throw new AuthenticationException("用户不存在");
        }
        baseLoginUser.setAuthToken(iamAuthToken.getAuthtoken());
        IamExtensible iamExtensible = getIamUserRoleService().getIamExtensible();
        if (iamExtensible != null && (userExtensionObj = iamExtensible.getUserExtensionObj(iamAuthToken.getUserTypeClass().getSimpleName(), account.getUserId(), iamAuthToken.getExtObj())) != null) {
            baseLoginUser.setExtensionObj(userExtensionObj);
        }
        clearCachedAuthorizationInfo(IamSecurityUtils.getSubject().getPrincipals());
        log.debug("获取用户认证信息完成 : {}", iamAuthToken.getCredentials());
        return new SimpleAuthenticationInfo(baseLoginUser, iamAuthToken.getCredentials(), getName());
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        BaseLoginUser baseLoginUser = (BaseLoginUser) principalCollection.getPrimaryPrincipal();
        Long l = null;
        LabelValue extensionObj = baseLoginUser.getExtensionObj();
        if (extensionObj != null && extensionObj.getExt() != null && (extensionObj.getExt() instanceof PositionDataScope)) {
            l = ((PositionDataScope) extensionObj.getExt()).getPositionId();
        }
        List<IamRole> userRoleList = getIamUserRoleService().getUserRoleList(baseLoginUser.getClass().getSimpleName(), baseLoginUser.getId(), l);
        if (V.isEmpty(userRoleList)) {
            return simpleAuthorizationInfo;
        }
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        userRoleList.stream().forEach(iamRole -> {
            hashSet.add(iamRole.getCode());
            arrayList.add(iamRole.m31getId());
        });
        simpleAuthorizationInfo.setRoles(hashSet);
        List<String> permissionCodeList = getIamRoleResourceService().getPermissionCodeList(Cons.APPLICATION, arrayList);
        HashSet hashSet2 = new HashSet();
        if (V.notEmpty(permissionCodeList)) {
            permissionCodeList.forEach(str -> {
                if (!str.contains(",")) {
                    hashSet2.add(str);
                    return;
                }
                for (String str : S.split(str)) {
                    hashSet2.add(str);
                }
            });
        }
        simpleAuthorizationInfo.setStringPermissions(hashSet2);
        log.debug("获取用户授权信息完成 : {}", baseLoginUser.getDisplayName());
        return simpleAuthorizationInfo;
    }

    private IamUserRoleService getIamUserRoleService() {
        if (this.iamUserRoleService == null) {
            this.iamUserRoleService = (IamUserRoleService) ContextHelper.getBean(IamUserRoleService.class);
        }
        return this.iamUserRoleService;
    }

    private IamRoleResourceService getIamRoleResourceService() {
        if (this.iamRoleResourceService == null) {
            this.iamRoleResourceService = (IamRoleResourceService) ContextHelper.getBean(IamRoleResourceService.class);
        }
        return this.iamRoleResourceService;
    }
}
