package com.joe.web.starter.core.secure;

import com.joe.web.starter.core.secure.entity.Role;
import com.joe.web.starter.core.secure.entity.User;
import com.joe.web.starter.core.secure.entity.UserGroup;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Iterator;
import java.util.Set;
import org.glassfish.jersey.server.SubjectSecurityContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/joe/web/starter/core/secure/AppSecurityContext.class */
public class AppSecurityContext implements SubjectSecurityContext {
    private static final Logger logger = LoggerFactory.getLogger("Authorization");
    private User user;
    private AppPrincipal principal;

    public AppSecurityContext(User user) {
        setUser(user);
    }

    public void setUser(User user) {
        if (user == null) {
            user = User.createEmpty();
        }
        if (this.principal == null) {
            this.principal = new AppPrincipal(user);
        }
        this.principal.setUser(user);
        this.user = user;
    }

    public Principal getUserPrincipal() {
        return this.principal;
    }

    public boolean isUserInRole(String str) {
        logger.info("开始验证权限，需要的权限为：{}", str);
        if (this.user == null || User.UNDEFINED_USER.equals(this.user.getName())) {
            logger.error("角色未定义");
            return false;
        }
        if (checkRole(this.user.getRoles(), str)) {
            logger.info("角色{}权限验证通过", this.user.getName());
            return true;
        }
        logger.warn("角色{}权限验证不通过，继续验证该角色的群组权限", this.user.getName());
        Set<UserGroup> groups = this.user.getGroups();
        if (groups == null || groups.isEmpty()) {
            logger.warn("角色{}群组为空，验证失败", this.user.getName());
            logger.error("角色{}没有权限", this.user.getName());
            return false;
        }
        Iterator<UserGroup> it = this.user.getGroups().iterator();
        while (it.hasNext()) {
            if (checkRole(it.next().getRoles(), str)) {
                logger.info("角色{}权限验证通过", this.user.getName());
                return true;
            }
        }
        logger.warn("角色{}没有权限", this.user.getName());
        return false;
    }

    public boolean isSecure() {
        logger.info("该请求不是HTTPS请求");
        return false;
    }

    public String getAuthenticationScheme() {
        logger.warn("AuthenticationScheme未定义");
        return null;
    }

    public Object doAsSubject(PrivilegedAction privilegedAction) {
        return privilegedAction.run();
    }

    private boolean checkRole(Set<Role> set, String str) {
        if (set == null || set.isEmpty()) {
            logger.info("权限列表为空");
            return false;
        }
        Iterator<Role> it = set.iterator();
        while (it.hasNext()) {
            if (str.equalsIgnoreCase(it.next().getRole())) {
                logger.info("该角色" + this.user.getName() + "权限验证通过");
                return true;
            }
        }
        return false;
    }
}
