package com.supermap.services.security;

import com.supermap.services.event.SimpleEventHelper;
import com.supermap.services.rest.resources.SecurityManageResource;
import com.supermap.services.security.PermissionDAO;
import com.supermap.services.util.ResourceManager;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheException;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;

/* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/services/security/UsernamePasswordRealm.class */
public class UsernamePasswordRealm extends ResourceIdentifiedPermissionAuthorizingRealm {
    private static ResourceManager a = new ResourceManager((Class<? extends Enum<?>>) SecurityManageResource.class);
    private UsernamePasswordAuthorizingDAO c;
    protected PermissionDAOs permissionDAO;
    private UsernamePasswordRealmListener b = (UsernamePasswordRealmListener) SimpleEventHelper.createDelegate(UsernamePasswordRealmListener.class);
    private PermissionDAO.PermissionModifiedListener d = new PermissionDAO.PermissionModifiedListener() { // from class: com.supermap.services.security.UsernamePasswordRealm.1
        @Override // com.supermap.services.security.PermissionDAO.PermissionModifiedListener
        public void permissionModified(String[] strArr, String[] strArr2, String[] strArr3) {
            UsernamePasswordRealm.this.a();
        }

        @Override // com.supermap.services.security.PermissionDAO.PermissionModifiedListener
        public void permissionModified(String[] strArr) {
            UsernamePasswordRealm.this.a();
        }
    };
    protected volatile Map<String, ExtendedUserStorage> extendedStorageMap = Collections.emptyMap();

    /* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/services/security/UsernamePasswordRealm$PasswordMatcher.class */
    private static class PasswordMatcher implements CredentialsMatcher {
        private PasswordMatcher() {
        }

        public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {
            return true;
        }
    }

    public UsernamePasswordRealm() {
        super.setCredentialsMatcher(new PasswordMatcher());
    }

    public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
    }

    public void setCacheManager(final CacheManager cacheManager) {
        super.setCacheManager(new CacheManager() { // from class: com.supermap.services.security.UsernamePasswordRealm.2
            public <K, V> Cache<K, V> getCache(String str) throws CacheException {
                return new NullKeySupportedCache(cacheManager.getCache(str));
            }
        });
    }

    public void setExtendedUserStorage(List<ExtendedUserStorage> list) {
        String a2;
        if (CollectionUtils.isEmpty(list)) {
            return;
        }
        HashMap hashMap = new HashMap();
        for (ExtendedUserStorage extendedUserStorage : list) {
            if (extendedUserStorage != null && (a2 = a(extendedUserStorage)) != null && !hashMap.containsKey(a2)) {
                hashMap.put(a2, extendedUserStorage);
            }
        }
        this.extendedStorageMap = hashMap;
    }

    protected Object getAuthorizationCacheKey(PrincipalCollection principalCollection) {
        if (principalCollection.fromRealm(SecurityConstants.EXTENDED_STORAGE_REALM).isEmpty()) {
            return super.getAuthorizationCacheKey(principalCollection);
        }
        return null;
    }

    private String a(ExtendedUserStorage extendedUserStorage) {
        ExtendedUserStorageIdentification extendedUserStorageIdentification = (ExtendedUserStorageIdentification) extendedUserStorage.getClass().getAnnotation(ExtendedUserStorageIdentification.class);
        if (extendedUserStorageIdentification == null) {
            return null;
        }
        return extendedUserStorageIdentification.value();
    }

    public void setPermissionDAOs(PermissionDAOs permissionDAOs) {
        this.permissionDAO = permissionDAOs;
        this.permissionDAO.addPermissionModiedLIstener(this.d);
    }

    @Override // com.supermap.services.security.ResourceIdentifiedPermissionAuthorizingRealm
    public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection, Set<String> set) {
        if (principalCollection == null) {
            throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
        }
        ExtendedUserInfo extendedUserInfo = SecurityUtility.getExtendedUserInfo(principalCollection);
        String str = (String) getAvailablePrincipal(principalCollection);
        if (extendedUserInfo == null) {
            return a(str, getAuthorizingDAO(), set, this.permissionDAO.getPermissionDAO());
        }
        Set<String> set2 = extendedUserInfo.groups;
        if (set2 == null) {
            set2 = Collections.emptySet();
        }
        Set<String> set3 = extendedUserInfo.roles;
        if (set3 == null) {
            set3 = new LinkedHashSet();
        }
        if (set2 != null && !set2.isEmpty()) {
            set3.addAll(getAuthorizingDAO().getRoles(null, set2));
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (set3.contains("ADMIN") || set3.contains("SYSTEM")) {
            linkedHashSet.add("*");
        } else {
            set3 = new HashSet(set3);
            set3.add(SecurityConstants.ROLE_EVERYONE);
            if (!StringUtils.equals(SecurityConstants.USER_GUEST, str)) {
                set3.add("USER");
            }
            if (!set.isEmpty()) {
                linkedHashSet.addAll(UsernameBasedRealmUtil.a(str, set2, set3, set, this.permissionDAO.getPermissionDAO()));
            }
        }
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(set3);
        simpleAuthorizationInfo.setStringPermissions(linkedHashSet);
        return simpleAuthorizationInfo;
    }

    static AuthorizationInfo a(String str, UsernamePasswordAuthorizingDAO usernamePasswordAuthorizingDAO, Set<String> set, PermissionDAO[] permissionDAOArr) {
        Set<String> groups = usernamePasswordAuthorizingDAO.getGroups(str);
        Set<String> roles = usernamePasswordAuthorizingDAO.getRoles(str, groups);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (!roles.contains("ADMIN") && !roles.contains("SYSTEM")) {
            roles = new HashSet(roles);
            roles.add(SecurityConstants.ROLE_EVERYONE);
            if (!StringUtils.equals(SecurityConstants.USER_GUEST, str) && !roles.contains(SecurityConstants.ROLE_UNAUTHORIZED)) {
                roles.add("USER");
            }
            linkedHashSet.addAll(UsernameBasedRealmUtil.a(str, groups, roles, set, permissionDAOArr));
        } else if (UsernameBasedRealmUtil.a(null, null, null, set, permissionDAOArr).contains(Constant.DOES_NOT_EXIST_RESOURCE)) {
            linkedHashSet.add(Constant.DOES_NOT_EXIST_RESOURCE);
        } else {
            linkedHashSet.add("*");
        }
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(roles);
        simpleAuthorizationInfo.setStringPermissions(linkedHashSet);
        return simpleAuthorizationInfo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        SimpleAuthenticationInfo a2;
        User user;
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
        String username = usernamePasswordToken.getUsername();
        if (Manager.getInstance() != null && (user = Manager.getInstance().getUser(username)) != null && user.isUserGroup(SecurityConstants.GROUP_LDAP_AUTHORIZED)) {
            return null;
        }
        char[] password = usernamePasswordToken.getPassword();
        AuthenticateUsernamePasswordResult authenticate = getAuthorizingDAO().authenticate(usernamePasswordToken.getUsername(), password);
        switch (authenticate.type) {
            case VALIED:
                a2 = new SimpleAuthenticationInfo(usernamePasswordToken.getUsername(), password, getName());
                break;
            case INVALID:
                a2 = null;
                break;
            case LOCKED:
                throw new LockedAccountException(a.getMessage((ResourceManager) SecurityManageResource.USER_WAS_LOCKED, usernamePasswordToken.getUsername()));
            case EXPIRED:
                throw new LockedAccountException(a.getMessage((ResourceManager) SecurityManageResource.USER_WAS_EXPIRED, usernamePasswordToken.getUsername()));
            case DOEST_NOT_EXIST:
                a2 = a(username, password);
                break;
            case EXTENDED:
                a2 = a(authenticate.extendedStorage, username, password);
                break;
            default:
                throw new IllegalStateException("should no be here.");
        }
        return a2;
    }

    private AuthenticationInfo a(String str, char[] cArr) {
        ExtendedUserInfo user;
        Map<String, ExtendedUserStorage> map = this.extendedStorageMap;
        if (map.isEmpty()) {
            return null;
        }
        String str2 = new String(cArr);
        for (Map.Entry<String, ExtendedUserStorage> entry : map.entrySet()) {
            ExtendedUserStorage value = entry.getValue();
            if (value.isValid(str, str2) && (user = value.getUser(str)) != null) {
                this.b.extendedUserAdded(entry.getKey(), str, user);
                SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(str, cArr, getName());
                SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
                simplePrincipalCollection.addAll(simpleAuthenticationInfo.getPrincipals());
                simplePrincipalCollection.addAll(Arrays.asList(new ExtendedStorageId(entry.getKey()), user), SecurityConstants.EXTENDED_STORAGE_REALM);
                simpleAuthenticationInfo.setPrincipals(simplePrincipalCollection);
                return simpleAuthenticationInfo;
            }
        }
        return null;
    }

    private AuthenticationInfo a(String str, String str2, char[] cArr) {
        ExtendedUserStorage extendedUserStorage = this.extendedStorageMap.get(str);
        if (extendedUserStorage == null || !extendedUserStorage.isValid(str2, new String(cArr))) {
            return null;
        }
        ExtendedUserInfo user = extendedUserStorage.getUser(str2);
        if (user == null) {
            user = new ExtendedUserInfo();
        }
        SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(str2, cArr, getName());
        SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
        simplePrincipalCollection.addAll(simpleAuthenticationInfo.getPrincipals());
        simplePrincipalCollection.addAll(Arrays.asList(new ExtendedStorageId(str), user), SecurityConstants.EXTENDED_STORAGE_REALM);
        simpleAuthenticationInfo.setPrincipals(simplePrincipalCollection);
        return simpleAuthenticationInfo;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void a() {
        Cache authorizationCache = getAuthorizationCache();
        if (authorizationCache != null) {
            authorizationCache.clear();
        }
    }

    public void setAuthorizingDAO(UsernamePasswordAuthorizingDAO usernamePasswordAuthorizingDAO) {
        this.c = usernamePasswordAuthorizingDAO;
    }

    public UsernamePasswordAuthorizingDAO getAuthorizingDAO() {
        return this.c;
    }

    public void addListener(UsernamePasswordRealmListener usernamePasswordRealmListener) {
        SimpleEventHelper.addListener(this.b, usernamePasswordRealmListener);
    }
}
