package com.supermap.services.security;

import com.supermap.services.rest.resources.SecurityManageResource;
import com.supermap.services.security.BuiltInToken;
import com.supermap.services.security.PermissionDAO;
import com.supermap.services.util.LogUtil;
import com.supermap.services.util.ProductTypeUtil;
import com.supermap.services.util.ResourceManager;
import java.io.File;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.naming.NamingException;
import javax.naming.ldap.LdapContext;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.realm.ldap.JndiLdapContextFactory;
import org.apache.shiro.realm.ldap.JndiLdapRealm;
import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.apache.shiro.realm.ldap.LdapUtils;
import org.apache.shiro.subject.PrincipalCollection;
import org.ini4j.Ini;
import org.ini4j.InvalidFileFormatException;
import org.ini4j.Profile;
import org.slf4j.cal10n.LocLogger;

/* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/services/security/LdapRealm.class */
public class LdapRealm extends JndiLdapRealm {
    private static final String a = "ldapRealm";
    private static final String b = "ldapRealm.contextFactory";
    private static ResourceManager c = new ResourceManager("resource.securityManageResources");
    private static LocLogger d = LogUtil.getLocLogger(CasRealm.class, c);
    private String i;
    private String j;
    private String k;
    private File l;
    private Ini m;
    private long q;
    private PermissionDAOs r;
    private volatile Map<String, List<String>> e = new HashMap();
    private ReentrantLock f = new ReentrantLock();
    private boolean g = false;
    private boolean h = true;
    private ReentrantReadWriteLock n = new ReentrantReadWriteLock();
    private Lock o = this.n.readLock();
    private Lock p = this.n.writeLock();
    private LdapHelper s = new LdapHelper();
    private PermissionDAO.PermissionModifiedListener t = new PermissionDAO.PermissionModifiedListener() { // from class: com.supermap.services.security.LdapRealm.1
        @Override // com.supermap.services.security.PermissionDAO.PermissionModifiedListener
        public void permissionModified(String[] strArr, String[] strArr2, String[] strArr3) {
            Cache authorizationCache = LdapRealm.this.getAuthorizationCache();
            if (authorizationCache != null) {
                authorizationCache.clear();
            }
        }

        @Override // com.supermap.services.security.PermissionDAO.PermissionModifiedListener
        public void permissionModified(String[] strArr) {
            Cache authorizationCache = LdapRealm.this.getAuthorizationCache();
            if (authorizationCache != null) {
                authorizationCache.clear();
            }
        }
    };

    public LdapRealm() {
        setPermissionResolver(new DenySupportedWildcardPermissionResolver());
    }

    private static void a(Profile.Section section, String str, String str2) {
        if (StringUtils.isNotBlank(str2)) {
            section.put(str, str2);
        } else {
            section.remove(str);
        }
    }

    private static PrincipalCollection a(PrincipalCollection principalCollection, Collection<Permission> collection) {
        HashSet hashSet = new HashSet(collection.size());
        Iterator<Permission> it = collection.iterator();
        while (it.hasNext()) {
            ResourceIdentifier resourceIdentifier = (Permission) it.next();
            if (resourceIdentifier instanceof ResourceIdentifier) {
                String resourceId = resourceIdentifier.getResourceId();
                if (!StringUtils.isEmpty(resourceId)) {
                    hashSet.addAll(Arrays.asList(StringUtils.split(resourceId, ',')));
                }
            }
        }
        return hashSet.isEmpty() ? principalCollection : new ResourceIdentifiedPrincipalCollection(principalCollection, hashSet);
    }

    private static void a(JndiLdapContextFactory jndiLdapContextFactory, String str, String str2) {
        if (org.apache.shiro.util.StringUtils.hasText(str2)) {
            jndiLdapContextFactory.getEnvironment().put(str, str2);
        } else {
            jndiLdapContextFactory.getEnvironment().remove(str);
        }
    }

    void a(LdapHelper ldapHelper) {
        this.s = ldapHelper;
    }

    void a(LdapContextFactory ldapContextFactory) {
        super.setContextFactory(ldapContextFactory);
    }

    public void setPermissionDAOs(PermissionDAOs permissionDAOs) {
        this.r = permissionDAOs;
        this.r.addPermissionModiedLIstener(this.t);
    }

    public void setEnabled(boolean z) {
        this.g = z;
    }

    public void setRootDN(String str) {
        this.j = str;
    }

    public void setProtocol(String str) {
        this.k = str;
    }

    public void setRoleMapping(String str) {
        this.i = StringUtils.trim(StringUtils.defaultString(str));
        a();
    }

    public void setIniFilePath(String str) {
        this.l = ShiroUtil.getShiroIniFile(str);
        this.m = e();
    }

    public LdapConfig getLdapConfig() {
        b();
        LdapConfig ldapConfig = new LdapConfig();
        ldapConfig.enabled = this.g;
        ldapConfig.rootDN = this.j;
        ldapConfig.roleMapping = this.i;
        ldapConfig.protocol = this.k;
        JndiLdapContextFactory contextFactory = super.getContextFactory();
        if (contextFactory instanceof JndiLdapContextFactory) {
            JndiLdapContextFactory jndiLdapContextFactory = contextFactory;
            ldapConfig.url = StringUtils.defaultString(jndiLdapContextFactory.getUrl());
            ldapConfig.systemUsername = StringUtils.defaultString(jndiLdapContextFactory.getSystemUsername());
            ldapConfig.systemPassword = StringUtils.defaultString(jndiLdapContextFactory.getSystemPassword());
        }
        return ldapConfig;
    }

    public void updateLdapConfig(LdapConfig ldapConfig) {
        this.p.lock();
        try {
            Profile.Section c2 = c();
            c2.put("ldapRealm.enabled", Boolean.valueOf(ldapConfig.enabled));
            a(c2, "ldapRealm.contextFactory.url", ldapConfig.url);
            a(c2, "ldapRealm.contextFactory.systemUsername", ldapConfig.systemUsername);
            a(c2, "ldapRealm.contextFactory.systemPassword", ldapConfig.systemPassword);
            a(c2, "ldapRealm.protocol", ldapConfig.protocol);
            a(c2, "ldapRealm.rootDN", ldapConfig.rootDN);
            a(c2, "ldapRealm.roleMapping", ldapConfig.roleMapping);
            d();
        } finally {
            this.p.unlock();
        }
    }

    public boolean updateLdapUser() {
        return this.s.update();
    }

    public List<String> getAllRoles() {
        b();
        return this.s.getAllRoles();
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        AuthenticationInfo doGetAuthenticationInfo;
        b();
        if (!this.g || !this.h || (doGetAuthenticationInfo = super.doGetAuthenticationInfo(authenticationToken)) == null) {
            return null;
        }
        if (ProductTypeUtil.ProductType.iPortal.equals(ProductTypeUtil.getProductType())) {
            String obj = doGetAuthenticationInfo.getPrincipals().getPrimaryPrincipal().toString();
            String str = new String((char[]) doGetAuthenticationInfo.getCredentials());
            if (Manager.getInstance().getUser(obj) == null) {
                Set<String> userRoles = this.s.getUserRoles(obj);
                try {
                    this.f.lock();
                    if (Manager.getInstance().getUser(obj) == null) {
                        User user = new User();
                        user.name = obj;
                        user.password = str;
                        userRoles.add("PORTAL_USER");
                        user.userGroups = new String[]{SecurityConstants.GROUP_THIRD_PART_AUTHORIZED, SecurityConstants.GROUP_LDAP_AUTHORIZED};
                        user.roles = (String[]) userRoles.toArray(new String[userRoles.size()]);
                        Manager.getInstance().addLdapUser(user);
                    }
                } finally {
                    this.f.unlock();
                }
            }
        }
        return doGetAuthenticationInfo;
    }

    protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken authenticationToken, LdapContextFactory ldapContextFactory) throws NamingException {
        if (authenticationToken instanceof BuiltInToken) {
            return null;
        }
        Object principal = authenticationToken.getPrincipal();
        Object credentials = authenticationToken.getCredentials();
        String userDN = this.s.getUserDN(String.valueOf(principal));
        LdapContext ldapContext = null;
        try {
            ldapContext = ldapContextFactory.getLdapContext(userDN, credentials);
            AuthenticationInfo createAuthenticationInfo = createAuthenticationInfo(authenticationToken, userDN, credentials, ldapContext);
            LdapUtils.closeContext(ldapContext);
            return createAuthenticationInfo;
        } catch (Throwable th) {
            LdapUtils.closeContext(ldapContext);
            throw th;
        }
    }

    protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principalCollection, LdapContextFactory ldapContextFactory) throws NamingException {
        if (principalCollection instanceof BuiltInToken.BuiltInSimplePrincipalCollection) {
            return null;
        }
        Set<String> emptySet = Collections.emptySet();
        if (principalCollection instanceof ResourceIdentifiedPrincipalCollection) {
            emptySet = ((ResourceIdentifiedPrincipalCollection) principalCollection).getResourceIds();
        }
        return doQueryForAuthorizationInfo(principalCollection, emptySet, ldapContextFactory);
    }

    public AuthorizationInfo doQueryForAuthorizationInfo(PrincipalCollection principalCollection, Set<String> set, LdapContextFactory ldapContextFactory) throws NamingException {
        Object primaryPrincipal;
        Collection fromRealm = principalCollection.fromRealm(a);
        if (!this.g || !this.h || CollectionUtils.isEmpty(fromRealm) || (primaryPrincipal = principalCollection.getPrimaryPrincipal()) == null) {
            return null;
        }
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        String valueOf = String.valueOf(primaryPrincipal);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        LinkedHashSet linkedHashSet2 = new LinkedHashSet();
        User user = Manager.getInstance().getUser(valueOf);
        if (user != null) {
            if (ArrayUtils.isNotEmpty(user.roles)) {
                for (String str : user.roles) {
                    linkedHashSet.add(str);
                }
            }
            if (ArrayUtils.isNotEmpty(user.userGroups)) {
                for (String str2 : user.userGroups) {
                    linkedHashSet2.add(str2);
                }
            }
        } else {
            linkedHashSet.addAll(this.s.getUserRoles(valueOf));
        }
        linkedHashSet.add(SecurityConstants.ROLE_EVERYONE);
        if (!StringUtils.equals(SecurityConstants.USER_GUEST, valueOf) && !linkedHashSet.contains(SecurityConstants.ROLE_UNAUTHORIZED)) {
            linkedHashSet.add("USER");
        }
        simpleAuthorizationInfo.setRoles(linkedHashSet);
        HashSet hashSet = new HashSet();
        for (PermissionDAO permissionDAO : this.r.getPermissionDAO()) {
            hashSet.addAll(permissionDAO.getPermission(valueOf, linkedHashSet2, linkedHashSet, set));
        }
        simpleAuthorizationInfo.setStringPermissions(hashSet);
        return simpleAuthorizationInfo;
    }

    public void checkPermission(PrincipalCollection principalCollection, Permission permission) throws AuthorizationException {
        super.checkPermission(a(principalCollection, permission), permission);
    }

    public void checkPermissions(PrincipalCollection principalCollection, Collection<Permission> collection) throws AuthorizationException {
        super.checkPermissions(a(principalCollection, collection), collection);
    }

    public boolean[] isPermitted(PrincipalCollection principalCollection, List<Permission> list) {
        return super.isPermitted(a(principalCollection, list), list);
    }

    public boolean isPermitted(PrincipalCollection principalCollection, Permission permission) {
        return super.isPermitted(a(principalCollection, permission), permission);
    }

    public boolean isPermittedAll(PrincipalCollection principalCollection, Collection<Permission> collection) {
        return super.isPermittedAll(a(principalCollection, collection), collection);
    }

    private PrincipalCollection a(PrincipalCollection principalCollection, Permission... permissionArr) {
        return a(principalCollection, Arrays.asList(permissionArr));
    }

    private void a() {
        HashMap hashMap = new HashMap();
        if (StringUtils.isBlank(this.i)) {
            this.e = hashMap;
            return;
        }
        for (String str : StringUtils.splitByWholeSeparator(StringUtils.removeEnd(StringUtils.removeStart(this.i, "{"), "}"), "],")) {
            if (StringUtils.isNotBlank(str)) {
                String[] splitByWholeSeparator = StringUtils.splitByWholeSeparator(str.trim(), "=[");
                hashMap.put(splitByWholeSeparator[0].trim(), Arrays.asList(StringUtils.split(StringUtils.removeEnd(splitByWholeSeparator[1], "]"), ',')));
            }
        }
        this.e = hashMap;
    }

    private void b() {
        this.o.lock();
        try {
            if (this.q != this.l.lastModified()) {
                this.m = e();
                this.h = Manager.getInstance().isSecurityEnabled();
                this.g = a("enabled");
                this.k = b("protocol");
                this.k = StringUtils.lowerCase(StringUtils.defaultString(this.k));
                this.j = StringUtils.defaultString(b("rootDN"));
                setRoleMapping(b("roleMapping"));
                JndiLdapContextFactory contextFactory = super.getContextFactory();
                if (contextFactory instanceof JndiLdapContextFactory) {
                    JndiLdapContextFactory jndiLdapContextFactory = contextFactory;
                    jndiLdapContextFactory.setUrl(c("url"));
                    jndiLdapContextFactory.setSystemUsername(c("systemUsername"));
                    jndiLdapContextFactory.setSystemPassword(c("systemPassword"));
                    a(jndiLdapContextFactory, "java.naming.security.protocol", StringUtils.trim(this.k));
                }
                this.s.setRootDN(this.j);
                this.s.setRules(this.e);
                this.s.setLdapContextFactory(super.getContextFactory());
            }
        } finally {
            this.o.unlock();
        }
    }

    private boolean a(String str) {
        return "true".equalsIgnoreCase(b(str));
    }

    private String b(String str) {
        return (String) c().get("ldapRealm." + str);
    }

    private String c(String str) {
        return (String) c().get("ldapRealm.contextFactory." + str);
    }

    private Profile.Section c() {
        Profile.Section section = (Profile.Section) this.m.get("main");
        if (section == null) {
            section = this.m.add("main");
        }
        return section;
    }

    private void d() {
        try {
            this.m.store();
        } catch (IOException e) {
            d.warn(c.getMessage((ResourceManager) SecurityManageResource.MANAGER_STOREINI_IOEXCEPTION, new Object[0]));
            d.debug(e.getMessage(), e);
        }
    }

    private Ini e() {
        Ini ini = null;
        try {
            this.q = this.l.lastModified();
            ini = new Ini(this.l);
        } catch (IOException e) {
            d.warn(c.getMessage((ResourceManager) SecurityManageResource.MANAGER_LOADINI_SHIRO_CONFIGFILE_IOEXCEPTION, this.l.getAbsolutePath(), e.getMessage()));
            d.debug(e.getMessage(), e);
        } catch (InvalidFileFormatException e2) {
            d.warn(c.getMessage((ResourceManager) SecurityManageResource.MANAGER_LOADINI_SHIRO_CONFIGFILE_FORMATEXCEPTION, this.l.getAbsolutePath(), e2.getMessage()));
            d.debug(e2.getMessage(), e2);
        }
        return ini;
    }
}
