package com.gccloud.starter.core.shiro;

import com.gccloud.starter.common.config.GlobalConfig;
import com.gccloud.starter.common.constant.GlobalConst;
import com.gccloud.starter.common.entity.SysMenuEntity;
import com.gccloud.starter.common.entity.SysUserEntity;
import com.gccloud.starter.common.exception.GlobalException;
import com.gccloud.starter.common.module.login.cache.SysTokenCache;
import com.gccloud.starter.common.utils.UserUtils;
import com.gccloud.starter.common.vo.CurrentUserBase;
import com.gccloud.starter.core.service.ISysMenuService;
import com.gccloud.starter.core.service.ISysRoleService;
import com.gccloud.starter.core.service.ISysSignatureService;
import com.gccloud.starter.core.service.ISysUserService;
import com.gccloud.starter.plugins.cache.common.IStarterCache;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import java.util.Date;
import java.util.List;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.stereotype.Component;

@ConditionalOnProperty(prefix = "gc.starter.component", name = {"ShiroAuthRealm"}, havingValue = "ShiroAuthRealm", matchIfMissing = true)
@Component
/* loaded from: input_file:com/gccloud/starter/core/shiro/ShiroAuthRealm.class */
public class ShiroAuthRealm extends AuthorizingRealm {
    private static final Logger log = LoggerFactory.getLogger(ShiroAuthRealm.class);

    @Resource
    private ISysUserService userService;

    @Resource
    private ISysRoleService roleService;

    @Resource
    private ISysSignatureService signatureService;

    @Resource
    private GlobalConfig globalConfig;

    @Resource
    private ISysMenuService menuService;

    @Resource
    private IStarterCache starterCache;

    @PostConstruct
    public void initTip() {
        log.info("----------------------------------------");
        log.info("初始化框架默认的Shiro认证逻辑");
        log.info("----------------------------------------");
    }

    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof ShiroAuthToken;
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        CurrentUserBase currentUserBase = (CurrentUserBase) principalCollection.getPrimaryPrincipal();
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.setStringPermissions(currentUserBase.getPermissions());
        simpleAuthorizationInfo.setRoles(currentUserBase.getRoleCodes());
        return simpleAuthorizationInfo;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String str;
        if (authenticationToken.getClass().equals(SignatureAuthToken.class)) {
            HttpServletRequest request = ((SignatureAuthToken) authenticationToken).getRequest();
            this.signatureService.validateSignature(request);
            str = request.getHeader("u-uname");
        } else {
            String str2 = (String) authenticationToken.getPrincipal();
            if ("null".equals(str2)) {
                throw new GlobalException("check if you set token in (header|cookie|path)", 401);
            }
            if (StringUtils.isBlank(str2)) {
                throw new GlobalException("check if you set token in (header|cookie|path)", 401);
            }
            Claims claims = (Claims) Jwts.parser().setSigningKey(this.globalConfig.getJwt().getSecret()).setAllowedClockSkewSeconds(System.currentTimeMillis()).parseClaimsJws(str2).getBody();
            GlobalConst.Jwt.StoreStrategy storeStrategy = this.globalConfig.getJwt().getStoreStrategy();
            if (storeStrategy == GlobalConst.Jwt.StoreStrategy.DIS || storeStrategy == GlobalConst.Jwt.StoreStrategy.PROCESS) {
                String str3 = (String) claims.get("id", String.class);
                if (StringUtils.isBlank(str3)) {
                    log.error("非法访问、无法从jwt中获取id值，生成JWT的服务端未设置该值");
                    throw new GlobalException("illegal token", 500);
                }
                SysTokenCache sysTokenCache = (SysTokenCache) this.starterCache.get(SysTokenCache.class, str3, SysTokenCache.class);
                if (sysTokenCache == null) {
                    log.error("token 未获取到，可能原因：(1) 太长时间没有访问，过期了，属于正常情况 (2)token 缓存用的不是同一个中间件");
                    throw new GlobalException("token has expired", 401);
                }
                if (!StringUtils.equals(sysTokenCache.getToken(), str2)) {
                    log.error("用户: {} 可能被人顶下线了", sysTokenCache.getRealName());
                    throw new GlobalException("You're offline by others", 401);
                }
                sysTokenCache.setDeadDate(new Date(System.currentTimeMillis() + (this.globalConfig.getJwt().getExpiration().longValue() * 1000)));
                this.starterCache.put(SysTokenCache.class, str3, sysTokenCache);
            }
            str = (String) claims.get("uname", String.class);
        }
        String str4 = str;
        return new SimpleAuthenticationInfo(UserUtils.getUser(str4, str5 -> {
            log.debug("缓存中没有用户基本信息以及权限等信息，到数据库中获取");
            SysUserEntity byUserName = this.userService.getByUserName(str4);
            if (byUserName == null) {
                throw new GlobalException(String.format("用户 %s 不存在", str4));
            }
            CurrentUserBase currentUserBase = new CurrentUserBase();
            String moduleCode = this.globalConfig.getModule().getModuleCode();
            List<SysMenuEntity> navMenuList = this.menuService.getNavMenuList(byUserName.getId(), moduleCode);
            currentUserBase.setRoleListByEntity(this.roleService.getRoleList(byUserName.getId()), moduleCode);
            currentUserBase.setId(byUserName.getId());
            currentUserBase.setName(byUserName.getUsername());
            currentUserBase.setOrgId(byUserName.getOrgId());
            currentUserBase.setRealName(byUserName.getRealName());
            currentUserBase.setTenantId(byUserName.getTenantId());
            currentUserBase.setPermissions(navMenuList);
            currentUserBase.setDataRule(navMenuList);
            log.debug("封装用户信息到缓存:{}", navMenuList);
            return currentUserBase;
        }), authenticationToken.getPrincipal(), getName());
    }
}
