package net.parim.system.security;

import java.util.List;
import javax.annotation.PostConstruct;
import net.parim.system.entity.Privilege;
import net.parim.system.entity.User;
import net.parim.system.entity.UserRole;
import net.parim.system.service.AccountService;
import net.parim.system.service.PermissionService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:net/parim/system/security/SystemAuthorizingRealm.class */
public class SystemAuthorizingRealm extends AuthorizingRealm {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private AccountService accountService;

    @Autowired
    private PermissionService permissionService;

    @Autowired
    public SystemAuthorizingRealm(DefaultWebSecurityManager defaultWebSecurityManager) {
        if (null != defaultWebSecurityManager) {
            defaultWebSecurityManager.setRealm(this);
        }
    }

    @PostConstruct
    public void initCredentialsMatcher() {
        setCredentialsMatcher(new CustomCredentialsMatcher());
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        if (!(authenticationToken instanceof UsernamePasswordToken)) {
            return null;
        }
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Login submit, active session size: {}, username: {}", 0, usernamePasswordToken.getUsername());
        }
        User findUserByUsername = this.accountService.findUserByUsername(usernamePasswordToken.getUsername());
        if (findUserByUsername == null) {
            return null;
        }
        return new SimpleAuthenticationInfo(findUserByUsername, findUserByUsername.getPassword(), ByteSource.Util.bytes(findUserByUsername.getSalt().getBytes()), getClass().getName());
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        User user = (User) getAvailablePrincipal(principalCollection);
        if (user != null) {
            return authzPermissions(user);
        }
        return null;
    }

    protected AuthorizationInfo authzPermissions(User user) {
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        List<UserRole> findUserPrivilegeXref = this.permissionService.findUserPrivilegeXref(user);
        if (null != findUserPrivilegeXref && !findUserPrivilegeXref.isEmpty()) {
            for (UserRole userRole : findUserPrivilegeXref) {
                String identifier = userRole.getPrivilege().getIdentifier();
                if (userRole.getPrivilege().getType() == Privilege.Type.resource) {
                    identifier = identifier + ":" + userRole.getTargetId();
                }
                simpleAuthorizationInfo.addStringPermission(identifier);
                this.logger.debug("User " + user.getId() + user.getUsername() + " is permissed: " + identifier);
            }
        }
        if (null != simpleAuthorizationInfo.getStringPermissions()) {
            this.logger.debug(simpleAuthorizationInfo.getStringPermissions().size() + "");
        }
        return simpleAuthorizationInfo;
    }
}
