package de.mhus.lib.core.aaa;

import de.mhus.lib.core.M;
import de.mhus.lib.core.MPeriod;
import de.mhus.lib.core.MSystem;
import de.mhus.lib.core.cache.CacheConfig;
import de.mhus.lib.core.cache.ICache;
import de.mhus.lib.core.cache.ICacheService;
import de.mhus.lib.core.cfg.CfgBoolean;
import de.mhus.lib.core.cfg.CfgLong;
import java.io.File;
import java.util.HashMap;
import java.util.Map;
import org.apache.shiro.ShiroException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAccount;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.SimpleRole;
import org.apache.shiro.authz.permission.WildcardPermission;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;

/* loaded from: input_file:de/mhus/lib/core/aaa/FileSourceRealm.class */
public abstract class FileSourceRealm extends AbstractRealm implements PrincipalDataRealm {
    protected String resourcesPath;
    protected File userDir;
    protected File rolesDir;
    protected String defaultRole;
    protected String rolePermission;
    private ICache<String, SimpleAccount> userCacheApi;
    private ICache<String, SimpleRole> roleCacheApi;
    private ICache<String, HashMap> dataCacheApi;
    private boolean useCache;
    private long cacheTTL = MPeriod.HOUR_IN_MILLISECONDS;
    private CfgBoolean CFG_USE_CACHE = (CfgBoolean) new CfgBoolean(getClass(), "cacheEnabled", true).updateAction(bool -> {
        setUseCache(bool.booleanValue());
    }).doUpdateAction();
    private CfgLong CFG_CACHE_TTL = (CfgLong) new CfgLong(getClass(), "cacheTTL", 1800000).updateAction(l -> {
        setCacheTTL(l.longValue());
    }).doUpdateAction();

    public FileSourceRealm() {
        setCredentialsMatcher(new CombiCredentialsMatcher());
    }

    protected void onInit() {
        this.userDir = new File(this.resourcesPath + File.separator + "users");
        this.rolesDir = new File(this.resourcesPath + File.separator + "roles");
        super.onInit();
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return getUser(getUsername(principalCollection));
    }

    @Override // de.mhus.lib.core.aaa.AbstractRealm
    protected AuthenticationInfo doGetAuthenticationInfo(String str, AuthenticationToken authenticationToken) throws AuthenticationException {
        SimpleAccount user = getUser(str);
        if (user == null) {
            return null;
        }
        if (user.isLocked()) {
            throw new LockedAccountException("Account [" + user + "] is locked.");
        }
        if (user.isCredentialsExpired()) {
            throw new ExpiredCredentialsException("The credentials for account [" + user + "] are expired");
        }
        return user;
    }

    protected SimpleAccount getUser(String str) {
        SimpleAccount simpleAccount;
        if (Aaa.USER_ADMIN.value().equals(str)) {
            return Aaa.ACCOUNT_ADMIN;
        }
        if (Aaa.USER_GUEST.value().equals(str)) {
            return Aaa.ACCOUNT_GUEST;
        }
        if (this.useCache) {
            initCache();
            if (this.userCacheApi != null && (simpleAccount = (SimpleAccount) this.userCacheApi.get(str)) != null) {
                return simpleAccount;
            }
        }
        try {
            SimpleAccount createUser = createUser(str);
            if (createUser == null) {
                this.log.d("user not found", str);
            } else if (this.useCache && this.userCacheApi != null) {
                this.userCacheApi.put(str, createUser);
            }
            return createUser;
        } catch (Exception e) {
            this.log.d(str, e);
            return null;
        }
    }

    protected abstract SimpleAccount createUser(String str) throws Exception;

    private synchronized void initCache() {
        if (this.useCache && this.userCacheApi == null) {
            try {
                ICacheService iCacheService = (ICacheService) M.l(ICacheService.class);
                if (iCacheService == null) {
                    return;
                }
                this.userCacheApi = iCacheService.createCache(this, getName() + ":user", String.class, SimpleAccount.class, new CacheConfig().setHeapSize(10000).setTTL(this.cacheTTL));
                this.roleCacheApi = iCacheService.createCache(this, getName() + ":role", String.class, SimpleRole.class, new CacheConfig().setHeapSize(10000).setTTL(this.cacheTTL));
                this.dataCacheApi = iCacheService.createCache(this, getName() + ":data", String.class, HashMap.class, new CacheConfig().setHeapSize(10000).setTTL(this.cacheTTL));
            } catch (Throwable th) {
                this.log.d(th);
            }
        }
    }

    public SimpleRole getRole(String str) {
        SimpleRole simpleRole;
        if (this.useCache) {
            initCache();
            if (this.roleCacheApi != null && (simpleRole = (SimpleRole) this.roleCacheApi.get(str)) != null) {
                return simpleRole;
            }
        }
        try {
            SimpleRole createRole = createRole(str);
            if (createRole == null) {
                this.log.d("role not found", str);
            } else if (this.useCache && this.roleCacheApi != null) {
                this.roleCacheApi.put(str, createRole);
            }
            return createRole;
        } catch (Exception e) {
            this.log.d(str, e);
            return null;
        }
    }

    protected abstract SimpleRole createRole(String str) throws Exception;

    public String getResourcesPath() {
        return this.resourcesPath;
    }

    public void setResourcesPath(String str) {
        this.resourcesPath = str;
    }

    @Override // de.mhus.lib.core.aaa.PrincipalDataRealm
    public Map<String, String> getUserData(Subject subject) {
        Map<String, String> map;
        String principal = Aaa.getPrincipal(subject);
        if (this.useCache) {
            initCache();
            if (this.dataCacheApi != null && (map = (Map) this.dataCacheApi.get(principal)) != null) {
                return map;
            }
        }
        try {
            HashMap<String, String> createData = createData(principal);
            if (createData == null) {
                this.log.d("data not found", principal);
            } else if (this.useCache && this.dataCacheApi != null) {
                this.dataCacheApi.put(principal, createData);
            }
            return createData;
        } catch (Exception e) {
            this.log.d(principal, e);
            return null;
        }
    }

    protected abstract HashMap<String, String> createData(String str) throws Exception;

    public String getDefaultRole() {
        return this.defaultRole;
    }

    public void setDefaultRole(String str) {
        this.defaultRole = str;
    }

    protected boolean isPermitted(Permission permission, AuthorizationInfo authorizationInfo) {
        boolean isPermitted = super.isPermitted(permission, authorizationInfo);
        if (this.debugPermissions != M.DEBUG.NO && !isPermitted) {
            this.log.d("perm access denied", Aaa.CURRENT_PRINCIPAL_OR_GUEST, permission);
            if (this.debugPermissions == M.DEBUG.TRACE) {
                this.log.d(MSystem.currentStackTrace(String.valueOf(permission)), new Object[0]);
            }
        }
        return isPermitted;
    }

    protected boolean hasRole(String str, AuthorizationInfo authorizationInfo) {
        if (this.rolePermission != null && isPermitted(new WildcardPermission(this.rolePermission + ":*:" + str), authorizationInfo)) {
            return true;
        }
        boolean hasRole = super.hasRole(str, authorizationInfo);
        if (this.debugPermissions != M.DEBUG.NO && !hasRole) {
            if (!Aaa.ROLE_ADMIN.value().equals(str)) {
                this.log.d("role access denied", Aaa.CURRENT_PRINCIPAL_OR_GUEST, str);
            }
            if (this.debugPermissions == M.DEBUG.TRACE) {
                this.log.d(MSystem.currentStackTrace(str), new Object[0]);
            }
        }
        return hasRole;
    }

    public String getRolePermission() {
        return this.rolePermission;
    }

    public void setRolePermission(String str) {
        this.rolePermission = str;
    }

    @Override // de.mhus.lib.core.aaa.BearerRealm
    public String createBearerToken(Subject subject, String str, BearerConfiguration bearerConfiguration) throws ShiroException {
        String principal = Aaa.getPrincipal(subject);
        SimpleAccount user = getUser(principal);
        if (user == null || user.isLocked()) {
            throw new UnknownAccountException("User unknown: " + principal);
        }
        return ((JwtProvider) M.l(JwtProvider.class)).createBearerToken(principal, str, bearerConfiguration);
    }

    public boolean isUseCache() {
        return this.useCache;
    }

    public void setUseCache(boolean z) {
        this.useCache = z;
    }

    public long getCacheTTL() {
        return this.cacheTTL;
    }

    public void setCacheTTL(long j) {
        this.cacheTTL = j;
    }

    public void invalidateUserCache(String str) {
        if (this.useCache) {
            if (this.dataCacheApi != null) {
                this.dataCacheApi.remove(str);
            }
            if (this.userCacheApi != null) {
                this.userCacheApi.remove(str);
            }
        }
    }

    public void invalidateRoleCache(String str) {
        if (!this.useCache || this.roleCacheApi == null) {
            return;
        }
        this.roleCacheApi.remove(str);
    }
}
