package com.fit2cloud.commons.server.security;

import com.fit2cloud.commons.server.base.domain.User;
import com.fit2cloud.commons.server.i18n.Translator;
import com.fit2cloud.commons.server.model.SessionUser;
import com.fit2cloud.commons.server.module.ServerInfo;
import com.fit2cloud.commons.server.service.MenuService;
import com.fit2cloud.commons.server.service.UserCommonService;
import com.fit2cloud.commons.server.utils.SessionUtils;
import com.fit2cloud.commons.utils.EncryptUtils;
import com.fit2cloud.commons.utils.GlobalConfigurations;
import com.fit2cloud.commons.utils.LogUtil;
import java.util.Set;
import javax.annotation.Resource;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;

/* loaded from: input_file:com/fit2cloud/commons/server/security/ShiroDBRealm.class */
public class ShiroDBRealm extends AuthorizingRealm {
    private Logger logger = LogUtil.getLogger();

    @Resource
    private UserCommonService userCommonService;

    @Resource
    private MenuService menuService;

    @Resource
    private ServerInfo serverInfo;

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
        String username = usernamePasswordToken.getUsername();
        String valueOf = String.valueOf(usernamePasswordToken.getPassword());
        try {
            User userBySth = this.userCommonService.getUserBySth(username);
            if (userBySth == null) {
                this.logger.warn("not exist user is trying to login, user:" + username);
                throw new UnknownAccountException(String.format(Translator.get("i18n_ex_user_not_exist"), username));
            }
            if (!userBySth.getActive().booleanValue()) {
                this.logger.warn("user is not active, user:" + username);
                throw new LockedAccountException(String.format(Translator.get("i18n_ex_user_disable"), username));
            }
            if (GlobalConfigurations.isReleaseMode() && !StringUtils.equals(EncryptUtils.md5Encrypt(valueOf).toString(), userBySth.getPassword()) && !StringUtils.equalsIgnoreCase(valueOf, SsoSessionHandler.random)) {
                this.logger.warn("wrong password input, " + username + ", wrong password: " + valueOf);
                throw new IncorrectCredentialsException(Translator.get("i18n_ex_password_not_correct"));
            }
            try {
                SessionUser fromUser = SessionUser.fromUser(userBySth);
                SessionUtils.putUser(fromUser);
                if (CollectionUtils.isEmpty(fromUser.getRoleIdList())) {
                    throw new AuthenticationException(String.format(Translator.get("i18n_ex_user_no_role"), username));
                }
                SecurityUtils.getSubject().getSession().setAttribute(this.serverInfo.getModule().getId(), this.menuService.getPermissionIdList(fromUser.getRoleIdList()));
                SecurityUtils.getSubject().getSession().setAttribute(this.serverInfo.getModule().getId() + "PERMISSION", this.menuService.getPermissions(fromUser.getRoleIdList()));
                return new SimpleAuthenticationInfo(username, valueOf, getName());
            } catch (Exception e) {
                throw new AuthenticationException(e.getMessage());
            }
        } catch (Exception e2) {
            throw new AuthenticationException(e2.getMessage());
        }
    }

    public boolean isPermitted(PrincipalCollection principalCollection, String str) {
        Set<String> set;
        Session session = SecurityUtils.getSubject().getSession();
        Object attribute = session.getAttribute(this.serverInfo.getModule().getId());
        if (attribute == null) {
            set = this.menuService.getPermissionIdList(SessionUtils.getRoleIdList());
            session.setAttribute(this.serverInfo.getModule().getId(), set);
            session.setAttribute(this.serverInfo.getModule().getId() + "PERMISSION", this.menuService.getPermissions(SessionUtils.getRoleIdList()));
        } else {
            set = (Set) attribute;
        }
        return set.contains(str);
    }
}
