package io.renren.modules.sys.shiro;

import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.google.common.collect.Maps;
import io.renren.common.config.AppConfig;
import io.renren.common.utils.Constant;
import io.renren.common.utils.HttpContextUtils;
import io.renren.common.utils.HttpUtil;
import io.renren.modules.sys.dao.SysMenuDao;
import io.renren.modules.sys.dao.SysUserDao;
import io.renren.modules.sys.entity.SsoEntity;
import io.renren.modules.sys.entity.SysMenuEntity;
import io.renren.modules.sys.entity.SysUserEntity;
import io.renren.modules.sys.service.SysUserService;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/classes/io/renren/modules/sys/shiro/UserRealm.class */
public class UserRealm extends AuthorizingRealm {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) UserRealm.class);

    @Autowired
    private SysUserDao sysUserDao;

    @Autowired
    private SysMenuDao sysMenuDao;

    @Autowired
    AppConfig appConfig;

    @Autowired
    SysUserService sysUserService;

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.shiro.realm.AuthorizingRealm
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        List<String> arrayList;
        String userId = ((SysUserEntity) principalCollection.getPrimaryPrincipal()).getUserId();
        if (userId == "1" || StringUtils.isNotEmpty(this.appConfig.getSsoUrl())) {
            List<SysMenuEntity> selectList = this.sysMenuDao.selectList(null);
            arrayList = new ArrayList(selectList.size());
            Iterator<SysMenuEntity> it = selectList.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getPerms());
            }
        } else {
            arrayList = this.sysUserDao.queryAllPerms(userId);
        }
        HashSet hashSet = new HashSet();
        for (String str : arrayList) {
            if (!StringUtils.isBlank(str)) {
                hashSet.addAll(Arrays.asList(str.trim().split(",")));
            }
        }
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.setStringPermissions(hashSet);
        return simpleAuthorizationInfo;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.shiro.realm.AuthenticatingRealm
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
        HttpServletRequest httpServletRequest = HttpContextUtils.getHttpServletRequest();
        String header = httpServletRequest.getHeader("ssoHeader");
        if (StringUtils.isNotEmpty(this.appConfig.getSsoUrl())) {
            SysUserEntity selectOne = this.sysUserDao.selectOne((Wrapper) new QueryWrapper().eq("username", usernamePasswordToken.getUsername()));
            HashMap newHashMap = Maps.newHashMap();
            String parameter = httpServletRequest.getParameter("username");
            String parameter2 = httpServletRequest.getParameter("password");
            log.info("单点登录认证：username >>> {}", parameter);
            newHashMap.put("username", parameter);
            newHashMap.put("password", parameter2);
            Pair<String, String> doPostForm2 = HttpUtil.doPostForm2(this.appConfig.getSsoUrl(), newHashMap);
            log.info("单点登录 resp >>> status = {}", doPostForm2.getKey());
            if (!"200".equals(doPostForm2.getKey())) {
                return new SimpleAuthenticationInfo(selectOne, UUID.randomUUID(), ByteSource.Util.bytes(selectOne.getSalt()), getName());
            }
            String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(20);
            String str = new String(ShiroUtils.sha256(new String(usernamePasswordToken.getPassword()), randomAlphanumeric));
            if (selectOne == null) {
                this.sysUserService.saveDefaultUser(usernamePasswordToken.getUsername(), new String(usernamePasswordToken.getPassword()));
                selectOne = this.sysUserDao.selectOne((Wrapper) new QueryWrapper().eq("username", usernamePasswordToken.getUsername()));
            }
            return new SimpleAuthenticationInfo(selectOne, str, ByteSource.Util.bytes(randomAlphanumeric), getName());
        }
        if (!StringUtils.isNotEmpty(header)) {
            SysUserEntity selectOne2 = this.sysUserDao.selectOne((Wrapper) new QueryWrapper().eq("username", usernamePasswordToken.getUsername()));
            if (selectOne2 == null) {
                throw new UnknownAccountException("账号或密码不正确");
            }
            if (selectOne2.getStatus().intValue() == 0) {
                throw new LockedAccountException("账号已被锁定,请联系管理员");
            }
            return new SimpleAuthenticationInfo(selectOne2, selectOne2.getPassword(), ByteSource.Util.bytes(selectOne2.getSalt()), getName());
        }
        if (!StringUtils.equals(this.appConfig.getSsoHeader(), header)) {
            throw new UnknownAccountException("单点登录Header不正确");
        }
        SsoEntity ssoEntity = (SsoEntity) HttpContextUtils.getHttpSession().getAttribute(Constant.SESSION_ssoUser);
        log.info("单点登录 >> {}", ssoEntity);
        if (null == ssoEntity || !BooleanUtils.toBoolean(ssoEntity.getIsLogin())) {
            throw new UnknownAccountException("非法的单点登录");
        }
        SysUserEntity selectOne3 = this.sysUserDao.selectOne((Wrapper) new QueryWrapper().eq("username", usernamePasswordToken.getUsername()));
        String randomAlphanumeric2 = RandomStringUtils.randomAlphanumeric(20);
        String str2 = new String(ShiroUtils.sha256(new String(usernamePasswordToken.getPassword()), randomAlphanumeric2));
        if (selectOne3 == null) {
            this.sysUserService.saveDefaultUser(usernamePasswordToken.getUsername(), new String(usernamePasswordToken.getPassword()));
            selectOne3 = this.sysUserDao.selectOne((Wrapper) new QueryWrapper().eq("username", usernamePasswordToken.getUsername()));
        }
        return new SimpleAuthenticationInfo(selectOne3, str2, ByteSource.Util.bytes(randomAlphanumeric2), getName());
    }

    @Override // org.apache.shiro.realm.AuthenticatingRealm
    public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        hashedCredentialsMatcher.setHashAlgorithmName("SHA-256");
        hashedCredentialsMatcher.setHashIterations(16);
        super.setCredentialsMatcher(hashedCredentialsMatcher);
    }
}
