package com.supermap.services.security;

import com.supermap.services.security.PermissionDAO;
import com.supermap.services.util.ProductTypeUtil;
import io.buji.pac4j.realm.Pac4jRealm;
import io.buji.pac4j.subject.Pac4jPrincipal;
import io.buji.pac4j.token.Pac4jToken;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.locks.ReentrantLock;
import org.apache.commons.lang3.RandomUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.util.CollectionUtils;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.ProfileHelper;

/* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/services/security/KeycloakRealm.class */
public class KeycloakRealm extends Pac4jRealm {
    private PermissionDAOs c;
    private ReentrantLock a = new ReentrantLock();
    private ReentrantLock b = new ReentrantLock();
    private PermissionDAO.PermissionModifiedListener d = new PermissionDAO.PermissionModifiedListener() { // from class: com.supermap.services.security.KeycloakRealm.1
        @Override // com.supermap.services.security.PermissionDAO.PermissionModifiedListener
        public void permissionModified(String[] strArr, String[] strArr2, String[] strArr3) {
            Cache authorizationCache = KeycloakRealm.this.getAuthorizationCache();
            if (authorizationCache != null) {
                authorizationCache.clear();
            }
        }

        @Override // com.supermap.services.security.PermissionDAO.PermissionModifiedListener
        public void permissionModified(String[] strArr) {
            Cache authorizationCache = KeycloakRealm.this.getAuthorizationCache();
            if (authorizationCache != null) {
                authorizationCache.clear();
            }
        }
    };

    public KeycloakRealm() {
        setPermissionResolver(new DenySupportedWildcardPermissionResolver());
    }

    private static PrincipalCollection a(PrincipalCollection principalCollection, Collection<Permission> collection) {
        HashSet hashSet = new HashSet(collection.size());
        Iterator<Permission> it = collection.iterator();
        while (it.hasNext()) {
            ResourceIdentifier resourceIdentifier = (Permission) it.next();
            if (resourceIdentifier instanceof ResourceIdentifier) {
                String resourceId = resourceIdentifier.getResourceId();
                if (!StringUtils.isEmpty(resourceId)) {
                    hashSet.addAll(Arrays.asList(StringUtils.split(resourceId, ',')));
                }
            }
        }
        return hashSet.isEmpty() ? principalCollection : new ResourceIdentifiedPrincipalCollection(principalCollection, hashSet);
    }

    public void setPermissionDAOs(PermissionDAOs permissionDAOs) {
        this.c = permissionDAOs;
        this.c.addPermissionModiedLIstener(this.d);
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) {
        LinkedHashMap profiles = ((Pac4jToken) authenticationToken).getProfiles();
        CommonProfile commonProfile = (CommonProfile) ProfileHelper.flatIntoOneProfile(profiles).orElse(new CommonProfile());
        SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(CollectionUtils.asList(new Object[]{commonProfile.getUsername(), new Pac4jPrincipal(profiles, getPrincipalNameAttribute())}), Integer.valueOf(profiles.hashCode()), getName());
        a(commonProfile);
        return simpleAuthenticationInfo;
    }

    private void a(CommonProfile commonProfile) {
        if (ProductTypeUtil.ProductType.iPortal.equals(ProductTypeUtil.getProductType())) {
            String username = commonProfile.getUsername();
            if (Manager.getInstance().getUser(username) == null) {
                try {
                    this.a.lock();
                    if (Manager.getInstance().getUser(username) == null) {
                        User user = new User();
                        user.name = username;
                        user.password = "KC_PSW_" + RandomUtils.nextInt(10, 1000);
                        user.description = "keycloak user";
                        user.email = commonProfile.getEmail();
                        user.userGroups = new String[]{SecurityConstants.GROUP_THIRD_PART_AUTHORIZED};
                        user.roles = (String[]) commonProfile.getRoles().toArray(new String[commonProfile.getRoles().size()]);
                        Manager.getInstance().addUser(user);
                    }
                    return;
                } finally {
                    this.a.unlock();
                }
            }
            try {
                this.b.lock();
                if (Manager.getInstance().getUser(username) != null) {
                    Set roles = commonProfile.getRoles();
                    User user2 = Manager.getInstance().getUser(username);
                    HashSet hashSet = new HashSet(Arrays.asList(user2.roles));
                    hashSet.remove(SecurityConstants.ROLE_NO_PW);
                    if (!(roles.contains("ADMIN") && hashSet.contains("SYSTEM")) && !hashSet.equals(roles)) {
                        User copy = user2.copy();
                        copy.roles = (String[]) roles.toArray(new String[roles.size()]);
                        Manager.getInstance().alterUser(username, copy);
                    }
                }
            } finally {
                this.b.unlock();
            }
        }
    }

    protected final AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        Set<String> emptySet = Collections.emptySet();
        if (principalCollection instanceof ResourceIdentifiedPrincipalCollection) {
            emptySet = ((ResourceIdentifiedPrincipalCollection) principalCollection).getResourceIds();
        }
        return doGetAuthorizationInfo(principalCollection, emptySet);
    }

    public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection, Set<String> set) {
        if (!principalCollection.getRealmNames().contains(getName())) {
            return null;
        }
        SimpleAuthorizationInfo doGetAuthorizationInfo = super.doGetAuthorizationInfo(new SimplePrincipalCollection(principalCollection));
        Set roles = doGetAuthorizationInfo.getRoles();
        if (roles == null) {
            roles = new LinkedHashSet();
        }
        roles.add(SecurityConstants.ROLE_EVERYONE);
        if (!StringUtils.equals(SecurityConstants.USER_GUEST, String.valueOf(principalCollection.getPrimaryPrincipal())) && !roles.contains(SecurityConstants.ROLE_UNAUTHORIZED)) {
            roles.add("USER");
        }
        doGetAuthorizationInfo.setRoles(roles);
        Set stringPermissions = doGetAuthorizationInfo.getStringPermissions();
        if (stringPermissions == null) {
            stringPermissions = new HashSet();
        }
        for (PermissionDAO permissionDAO : this.c.getPermissionDAO()) {
            stringPermissions.addAll(permissionDAO.getPermission("", null, roles, set));
        }
        doGetAuthorizationInfo.setStringPermissions(stringPermissions);
        return doGetAuthorizationInfo;
    }

    public void checkPermission(PrincipalCollection principalCollection, Permission permission) {
        super.checkPermission(a(principalCollection, permission), permission);
    }

    public void checkPermissions(PrincipalCollection principalCollection, Collection<Permission> collection) {
        super.checkPermissions(a(principalCollection, collection), collection);
    }

    public boolean[] isPermitted(PrincipalCollection principalCollection, List<Permission> list) {
        return super.isPermitted(a(principalCollection, list), list);
    }

    public boolean isPermitted(PrincipalCollection principalCollection, Permission permission) {
        return super.isPermitted(a(principalCollection, permission), permission);
    }

    public boolean isPermittedAll(PrincipalCollection principalCollection, Collection<Permission> collection) {
        return super.isPermittedAll(a(principalCollection, collection), collection);
    }

    private static PrincipalCollection a(PrincipalCollection principalCollection, Permission... permissionArr) {
        return a(principalCollection, Arrays.asList(permissionArr));
    }
}
