package de.mhus.lib.core.aaa;

import de.mhus.lib.core.M;
import de.mhus.lib.core.MSystem;
import de.mhus.lib.core.logging.Log;
import java.util.HashMap;
import java.util.Map;
import org.apache.shiro.ShiroException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.BearerToken;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.permission.WildcardPermission;
import org.apache.shiro.config.Ini;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.CollectionUtils;

/* loaded from: input_file:de/mhus/lib/core/aaa/IniDataRealm.class */
public class IniDataRealm extends IniRealm implements PrincipalDataRealm, BearerRealm {
    public static final String DATA_SECTION_NAME = "data";
    private final transient Log log;
    private HashMap<String, Map<String, String>> userData;
    private String rolePermission;
    protected M.DEBUG debugPermissions;

    public IniDataRealm() {
        this.log = Log.getLog(getClass());
        this.userData = new HashMap<>();
        setCredentialsMatcher(new CombiCredentialsMatcher());
    }

    public IniDataRealm(Ini ini) {
        super(ini);
        this.log = Log.getLog(getClass());
        this.userData = new HashMap<>();
        setCredentialsMatcher(new CombiCredentialsMatcher());
    }

    public IniDataRealm(String str) {
        super(str);
        this.log = Log.getLog(getClass());
        this.userData = new HashMap<>();
        setCredentialsMatcher(new CombiCredentialsMatcher());
    }

    public boolean supports(AuthenticationToken authenticationToken) {
        if (authenticationToken == null || !((authenticationToken instanceof TrustedToken) || (authenticationToken instanceof BearerToken))) {
            return super.supports(authenticationToken);
        }
        return true;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String str = null;
        if (authenticationToken instanceof UsernamePasswordToken) {
            str = ((UsernamePasswordToken) authenticationToken).getUsername();
        } else if (authenticationToken instanceof BearerToken) {
            str = ((JwtProvider) M.l(JwtProvider.class)).readToken(((BearerToken) authenticationToken).getToken()).getSubject();
        } else if (authenticationToken instanceof TrustedToken) {
            str = (String) ((TrustedToken) authenticationToken).getPrincipal();
            if (str.equals(Aaa.USER_GUEST.value())) {
                return Aaa.ACCOUNT_GUEST;
            }
            if (!((TrustedToken) authenticationToken).hasAccess(this.debugPermissions)) {
                if (this.debugPermissions != M.DEBUG.NO) {
                    this.log.i("TrustedToken access denied (3)", new Object[0]);
                }
                throw new AuthenticationException("TrustedToken access denied (3)");
            }
            if (this.debugPermissions != M.DEBUG.NO) {
                this.log.i("TrustedToken access granted", Aaa.getPrincipal(), str);
            }
            if (this.debugPermissions == M.DEBUG.TRACE) {
                this.log.d(MSystem.currentStackTrace(str), new Object[0]);
            }
        }
        if (str == null) {
            throw new AuthenticationException("User or Token not found");
        }
        return doGetAuthenticationInfo(str, authenticationToken);
    }

    private AuthenticationInfo doGetAuthenticationInfo(String str, AuthenticationToken authenticationToken) {
        return getUser(str);
    }

    @Override // de.mhus.lib.core.aaa.PrincipalDataRealm
    public Map<String, String> getUserData(Subject subject) {
        Map<String, String> map = this.userData.get(Aaa.getPrincipal(subject));
        if (map == null) {
            return null;
        }
        return map;
    }

    protected void onInit() {
        super.onInit();
        processDefinitions(getIni());
    }

    private void processDefinitions(Ini ini) {
        if (CollectionUtils.isEmpty(ini)) {
            this.log.w("defined, but the ini instance is null or empty.", getClass().getSimpleName());
            return;
        }
        Ini.Section section = ini.getSection(DATA_SECTION_NAME);
        if (CollectionUtils.isEmpty(section)) {
            return;
        }
        this.log.d("Discovered the section.  Processing...", DATA_SECTION_NAME);
        processDataDefinitions(section);
    }

    protected void processDataDefinitions(Map<String, String> map) {
        if (map == null || map.isEmpty()) {
            return;
        }
        for (String str : map.keySet()) {
            String str2 = map.get(str);
            int indexOf = str.indexOf(35);
            if (indexOf > 0) {
                String substring = str.substring(0, indexOf);
                String substring2 = str.substring(indexOf + 1);
                Map<String, String> map2 = this.userData.get(substring);
                if (map2 == null) {
                    map2 = new HashMap();
                    this.userData.put(substring, map2);
                }
                map2.put(substring2, str2);
            }
        }
    }

    protected boolean isPermitted(Permission permission, AuthorizationInfo authorizationInfo) {
        boolean isPermitted = super.isPermitted(permission, authorizationInfo);
        if (this.debugPermissions != M.DEBUG.NO && !isPermitted) {
            this.log.i("perm access denied", authorizationInfo, permission);
            if (this.debugPermissions == M.DEBUG.TRACE) {
                this.log.d(MSystem.currentStackTrace(null), new Object[0]);
            }
        }
        return isPermitted;
    }

    protected boolean hasRole(String str, AuthorizationInfo authorizationInfo) {
        if (this.rolePermission != null && isPermitted(new WildcardPermission(this.rolePermission + ":*:" + str), authorizationInfo)) {
            return true;
        }
        boolean hasRole = super.hasRole(str, authorizationInfo);
        if (this.debugPermissions != M.DEBUG.NO && !hasRole) {
            this.log.i("role access denied", authorizationInfo, str);
            if (this.debugPermissions == M.DEBUG.TRACE) {
                this.log.d(MSystem.currentStackTrace(str), new Object[0]);
            }
        }
        return hasRole;
    }

    public String getRolePermission() {
        return this.rolePermission;
    }

    public void setRolePermission(String str) {
        this.rolePermission = str;
    }

    @Override // de.mhus.lib.core.aaa.BearerRealm
    public String createBearerToken(Subject subject, String str, BearerConfiguration bearerConfiguration) throws ShiroException {
        String principal = Aaa.getPrincipal(subject);
        if (getUser(principal) != null) {
            return ((JwtProvider) M.l(JwtProvider.class)).createBearerToken(principal, str, bearerConfiguration);
        }
        throw new UnknownAccountException("User unknown: " + principal);
    }

    public M.DEBUG getDebugPermissions() {
        return this.debugPermissions;
    }

    public void setDebugPermissions(M.DEBUG debug) {
        this.debugPermissions = debug;
    }

    protected AuthorizationInfo getAuthorizationInfo(PrincipalCollection principalCollection) {
        AuthorizationInfo authorizationInfo;
        String username = getUsername(principalCollection);
        return username.equals(Aaa.USER_ADMIN.value()) ? (!Aaa.ADMIN_LOGIN_ALLOWED.value().booleanValue() || (authorizationInfo = super.getAuthorizationInfo(principalCollection)) == null) ? Aaa.ACCOUNT_ADMIN : authorizationInfo : username.equals(Aaa.USER_GUEST.value()) ? Aaa.ACCOUNT_GUEST : super.getAuthorizationInfo(principalCollection);
    }
}
