package com.myj.admin.module.system.service.impl;

import com.myj.admin.common.shiro.JwtToken;
import com.myj.admin.common.shiro.JwtUtils;
import com.myj.admin.module.system.domain.SysMenu;
import com.myj.admin.module.system.domain.SysRole;
import com.myj.admin.module.system.domain.SysUser;
import com.myj.admin.module.system.service.SysMenuService;
import com.myj.admin.module.system.service.SysRoleService;
import com.myj.admin.module.system.service.SysUserService;
import com.myj.admin.module.system.service.UserRealmService;
import java.util.HashSet;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/classes/com/myj/admin/module/system/service/impl/UserRealmServiceImpl.class */
public class UserRealmServiceImpl extends AuthorizingRealm implements UserRealmService {

    @Autowired
    @Lazy
    private SysUserService sysUserService;

    @Autowired
    @Lazy
    private SysRoleService sysRoleService;

    @Autowired
    @Lazy
    private SysMenuService sysMenuService;

    @Override // org.apache.shiro.realm.AuthenticatingRealm, org.apache.shiro.realm.Realm
    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof JwtToken;
    }

    @Override // org.apache.shiro.realm.AuthorizingRealm
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SysUser sysUser = (SysUser) principalCollection.getPrimaryPrincipal();
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        List<SysRole> findByUserId = this.sysRoleService.findByUserId(sysUser.getUserId());
        HashSet hashSet = new HashSet();
        for (int i = 0; i < findByUserId.size(); i++) {
            hashSet.add(String.valueOf(findByUserId.get(i).getRoleId()));
        }
        simpleAuthorizationInfo.setRoles(hashSet);
        List<SysMenu> list = sysUser.getUserId().intValue() == 1 ? this.sysMenuService.list() : this.sysMenuService.listByUserId(sysUser.getUserId());
        HashSet hashSet2 = new HashSet();
        for (int i2 = 0; i2 < list.size(); i2++) {
            String authority = list.get(i2).getAuthority();
            if (StringUtils.isNotBlank(authority)) {
                hashSet2.add(authority);
            }
        }
        simpleAuthorizationInfo.setStringPermissions(hashSet2);
        return simpleAuthorizationInfo;
    }

    @Override // org.apache.shiro.realm.AuthenticatingRealm
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String str = (String) authenticationToken.getCredentials();
        if (StringUtils.isBlank(str)) {
            throw new AuthenticationException("账号不存在");
        }
        String tokenClaim = JwtUtils.getTokenClaim(str, FormAuthenticationFilter.DEFAULT_USERNAME_PARAM);
        if (StringUtils.isBlank(str)) {
            throw new AuthenticationException("账号不存在");
        }
        SysUser sysUser = new SysUser();
        sysUser.setUserName(tokenClaim);
        SysUser find = this.sysUserService.find(sysUser);
        if (find == null) {
            throw new UnknownAccountException("账号不存在");
        }
        if (!JwtUtils.verify(str, tokenClaim, find.getPassWord())) {
            throw new AuthenticationException("Username or password error");
        }
        if ("0".equals(find.getStatus())) {
            return new SimpleAuthenticationInfo(find, str, getName());
        }
        throw new LockedAccountException("账号被锁定");
    }
}
