package com.supermap.services.security;

import com.supermap.services.rest.resources.SecurityManageResource;
import com.supermap.services.security.PermissionDAO;
import com.supermap.services.util.IterableUtil;
import com.supermap.services.util.LogUtil;
import com.supermap.services.util.ResourceManager;
import java.io.File;
import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.ini4j.Ini;
import org.ini4j.InvalidFileFormatException;
import org.ini4j.Profile;
import org.jasig.cas.client.validation.Saml11TicketValidator;
import org.jasig.cas.client.validation.TicketValidator;
import org.slf4j.cal10n.LocLogger;

/* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/services/security/CasRealm.class */
public class CasRealm extends org.apache.shiro.cas.CasRealm {
    static final String a = "casRealm";
    private TicketValidator h;
    private String i;
    private File l;
    private Ini m;
    private long o;
    private SecurityInfoDAO q;
    protected PermissionDAOs permissionDAO;
    private static ResourceManager b = new ResourceManager("resource.securityManageResources");
    private static LocLogger c = LogUtil.getLocLogger(CasRealm.class, b);
    private static final Set<String> t = Collections.emptySet();
    private boolean d = false;
    private boolean e = true;
    private String f = null;
    private String g = null;
    private String j = null;
    private volatile Map<String, List<String>> k = new HashMap();
    private Object n = new Object();
    private boolean p = true;
    private long r = 180000;
    private PermissionDAO.PermissionModifiedListener s = new PermissionDAO.PermissionModifiedListener() { // from class: com.supermap.services.security.CasRealm.1
        @Override // com.supermap.services.security.PermissionDAO.PermissionModifiedListener
        public void permissionModified(String[] strArr, String[] strArr2, String[] strArr3) {
            Cache authorizationCache = CasRealm.this.getAuthorizationCache();
            if (authorizationCache != null) {
                authorizationCache.clear();
            }
        }

        @Override // com.supermap.services.security.PermissionDAO.PermissionModifiedListener
        public void permissionModified(String[] strArr) {
            Cache authorizationCache = CasRealm.this.getAuthorizationCache();
            if (authorizationCache != null) {
                authorizationCache.clear();
            }
        }
    };

    public CasRealm() {
        setValidationProtocol("saml");
        setPermissionResolver(new DenySupportedWildcardPermissionResolver());
    }

    public void setPermissionDAOs(PermissionDAOs permissionDAOs) {
        this.permissionDAO = permissionDAOs;
        this.permissionDAO.addPermissionModiedLIstener(this.s);
    }

    public void setEnabled(boolean z) {
        this.d = z;
    }

    public boolean isEnabled() {
        d();
        return this.d;
    }

    public void setReserveSystemAccount(boolean z) {
        this.p = z;
    }

    public boolean isReserveSystemAccount() {
        d();
        return this.p;
    }

    public void setCasLoginLogoutPrefix(String str) {
        this.g = str;
        a();
    }

    public String getCasLoginLogoutPrefix() {
        return this.g;
    }

    public void setCasServerUrlPrefix(String str) {
        super.setCasServerUrlPrefix(str);
        a();
    }

    public void setCasService(String str) {
        super.setCasService(str);
        a();
    }

    public long getTolerance() {
        d();
        return this.r;
    }

    public void setTolerance(long j) {
        this.r = j;
    }

    private void a() {
        String casLoginLogoutPrefix = getCasLoginLogoutPrefix();
        if (StringUtils.isBlank(casLoginLogoutPrefix)) {
            casLoginLogoutPrefix = super.getCasServerUrlPrefix();
        }
        String casService = super.getCasService();
        if (StringUtils.isNotBlank(casLoginLogoutPrefix) && StringUtils.isNotBlank(casService)) {
            StringBuilder sb = new StringBuilder();
            sb.append(casLoginLogoutPrefix.trim());
            if (!casLoginLogoutPrefix.trim().endsWith("/")) {
                sb.append("/");
            }
            sb.append("login?service=");
            sb.append(casService.trim());
            this.f = sb.toString();
        }
    }

    public String getLoginURL(ServletRequest servletRequest) {
        return this.f;
    }

    public void setIniFilePath(String str) {
        this.l = ShiroUtil.getShiroIniFile(str);
        this.m = e();
    }

    public void setAttributeRuleMapping(String str) {
        if (StringUtils.isNotBlank(str)) {
            String[] splitByWholeSeparator = StringUtils.splitByWholeSeparator(str.trim(), "},");
            if (splitByWholeSeparator[0].endsWith("}")) {
                this.i = splitByWholeSeparator[0];
            } else {
                this.i = splitByWholeSeparator[0] + "}";
            }
        }
        b();
    }

    private void b() {
        String[] splitByWholeSeparator = StringUtils.splitByWholeSeparator(this.i, "={");
        this.j = splitByWholeSeparator[0];
        if (splitByWholeSeparator.length > 1) {
            this.k = CasConfigUtils.parseAttributeRuleMap(this.j, StringUtils.remove(splitByWholeSeparator[1], '}'));
        }
    }

    public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection, Set<String> set) {
        Set realmNames = principalCollection.getRealmNames();
        String name = getName();
        boolean z = false;
        Iterator it = realmNames.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (StringUtils.containsIgnoreCase(name, (String) it.next())) {
                z = true;
                break;
            }
        }
        if (!z) {
            return null;
        }
        d();
        List asList = principalCollection.asList();
        if (!this.d || !this.e || asList.size() < 2 || !(asList.get(1) instanceof Map)) {
            return null;
        }
        SimpleAuthorizationInfo doGetAuthorizationInfo = super.doGetAuthorizationInfo(new SimplePrincipalCollection(principalCollection));
        Collection fromRealm = principalCollection.fromRealm(a);
        Object[] array = fromRealm.toArray(new Object[fromRealm.size()]);
        final HashSet hashSet = new HashSet();
        final Map<String, List<String>> c2 = c();
        IterableUtil.iterate((array[1] instanceof Map ? (Map) array[1] : Collections.emptyMap()).entrySet(), new IterableUtil.Visitor<Map.Entry<String, Object>>() { // from class: com.supermap.services.security.CasRealm.2
            @Override // com.supermap.services.util.IterableUtil.Visitor
            public boolean visit(Map.Entry<String, Object> entry) {
                Object value = entry.getValue();
                if (!(value instanceof List)) {
                    List list = (List) c2.get(entry.getKey() + ":" + entry.getValue().toString());
                    if (list == null) {
                        return false;
                    }
                    hashSet.addAll(list);
                    return false;
                }
                Iterator it2 = ((List) value).iterator();
                while (it2.hasNext()) {
                    List list2 = (List) c2.get(entry.getKey() + ":" + ((String) it2.next()));
                    if (list2 != null) {
                        hashSet.addAll(list2);
                    }
                }
                return false;
            }
        });
        Set roles = doGetAuthorizationInfo.getRoles();
        if (roles == null) {
            roles = new LinkedHashSet();
        }
        roles.addAll(hashSet);
        roles.add(SecurityConstants.ROLE_EVERYONE);
        if (!StringUtils.equals(SecurityConstants.USER_GUEST, String.valueOf(principalCollection.getPrimaryPrincipal())) && !roles.contains(SecurityConstants.ROLE_UNAUTHORIZED)) {
            roles.add("USER");
        }
        doGetAuthorizationInfo.setRoles(roles);
        Set stringPermissions = doGetAuthorizationInfo.getStringPermissions();
        if (stringPermissions == null) {
            stringPermissions = new HashSet();
        }
        for (PermissionDAO permissionDAO : this.permissionDAO.getPermissionDAO()) {
            stringPermissions.addAll(permissionDAO.getPermission("", t, roles, set));
        }
        doGetAuthorizationInfo.setStringPermissions(stringPermissions);
        return doGetAuthorizationInfo;
    }

    private Map<String, List<String>> c() {
        d();
        return this.k;
    }

    public void setSecurityInfoDAO(SecurityInfoDAO securityInfoDAO) {
        this.q = securityInfoDAO;
    }

    public SecurityInfoDAO getSecurityInfoDAO() {
        return this.q;
    }

    private void d() {
        if (this.o != this.l.lastModified()) {
            synchronized (this.n) {
                if (this.o != this.l.lastModified()) {
                    this.m = e();
                    this.e = Manager.getInstance().isSecurityEnabled();
                    this.d = a("enabled");
                    this.p = !"false".equalsIgnoreCase(b("reserveSystemAccount"));
                    this.r = a("tolerance", this.r);
                    setAttributeRuleMapping(b("attributeRuleMapping"));
                    super.setCasServerUrlPrefix(b("casServerUrlPrefix"));
                    super.setCasService(b("casService"));
                    this.h = createTicketValidator();
                    a();
                }
            }
        }
    }

    private Ini e() {
        Ini ini = null;
        try {
            this.o = this.l.lastModified();
            ini = new Ini(this.l);
        } catch (IOException e) {
            c.warn(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_LOADINI_SHIRO_CONFIGFILE_IOEXCEPTION, this.l.getAbsolutePath(), e.getMessage()));
            c.debug(e.getMessage(), e);
        } catch (InvalidFileFormatException e2) {
            c.warn(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_LOADINI_SHIRO_CONFIGFILE_FORMATEXCEPTION, this.l.getAbsolutePath(), e2.getMessage()));
            c.debug(e2.getMessage(), e2);
        }
        return ini;
    }

    public String getAttributeName() {
        d();
        return this.j;
    }

    private long a(String str, long j) {
        try {
            String b2 = b(str);
            return StringUtils.isNotBlank(b2) ? Long.parseLong(b2) : j;
        } catch (NumberFormatException e) {
            return j;
        }
    }

    private boolean a(String str) {
        return "true".equalsIgnoreCase(b(str));
    }

    private String b(String str) {
        return (String) ((Profile.Section) this.m.get("main")).get("casRealm." + str);
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        d();
        if (this.d && this.e) {
            return super.doGetAuthenticationInfo(authenticationToken);
        }
        return null;
    }

    protected TicketValidator ensureTicketValidator() {
        if (this.h == null) {
            this.h = createTicketValidator();
        }
        return this.h;
    }

    protected TicketValidator createTicketValidator() {
        Saml11TicketValidator createTicketValidator = super.createTicketValidator();
        if (createTicketValidator instanceof Saml11TicketValidator) {
            Saml11TicketValidator saml11TicketValidator = createTicketValidator;
            saml11TicketValidator.setTolerance(getTolerance());
            saml11TicketValidator.setRenew(false);
        }
        return createTicketValidator;
    }

    public void checkPermission(PrincipalCollection principalCollection, Permission permission) {
        super.checkPermission(ResourceIdentifiedPermissionAuthorizingRealm.a(principalCollection, permission), permission);
    }

    public void checkPermissions(PrincipalCollection principalCollection, Collection<Permission> collection) throws AuthorizationException {
        super.checkPermissions(ResourceIdentifiedPermissionAuthorizingRealm.a(principalCollection, collection), collection);
    }

    public boolean[] isPermitted(PrincipalCollection principalCollection, List<Permission> list) {
        return super.isPermitted(ResourceIdentifiedPermissionAuthorizingRealm.a(principalCollection, list), list);
    }

    public boolean isPermitted(PrincipalCollection principalCollection, Permission permission) {
        return super.isPermitted(ResourceIdentifiedPermissionAuthorizingRealm.a(principalCollection, permission), permission);
    }

    public boolean isPermittedAll(PrincipalCollection principalCollection, Collection<Permission> collection) {
        return super.isPermittedAll(ResourceIdentifiedPermissionAuthorizingRealm.a(principalCollection, collection), collection);
    }

    protected final AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        Set<String> emptySet = Collections.emptySet();
        if (principalCollection instanceof ResourceIdentifiedPrincipalCollection) {
            emptySet = ((ResourceIdentifiedPrincipalCollection) principalCollection).getResourceIds();
        }
        return doGetAuthorizationInfo(principalCollection, emptySet);
    }
}
