package io.starter.ignite.security;

import io.starter.ignite.security.dao.ConnectionFactory;
import io.starter.ignite.util.SystemConstants;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.sql.DataSource;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.authz.permission.RolePermissionResolver;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.CollectionUtils;
import org.apache.shiro.util.JdbcUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/starter/ignite/security/RoleSecurityJdbcRealm.class */
public class RoleSecurityJdbcRealm extends JdbcRealm {
    protected static final Logger logger = LoggerFactory.getLogger(RoleSecurityJdbcRealm.class);
    protected static final String DEFAULT_AUTHENTICATION_QUERY = "select password, id from user where user_name = ?";
    protected static final String DEFAULT_SALTED_AUTHENTICATION_QUERY = "select password, password_salt from user where user_name = ?";
    protected static final String USER_ID_QUERY = "select id from user where user_name = ?";

    protected Object getAuthenticationCacheKey(AuthenticationToken authenticationToken) {
        return super.getAuthenticationCacheKey(authenticationToken);
    }

    protected Object getAuthenticationCacheKey(PrincipalCollection principalCollection) {
        return super.getAuthenticationCacheKey(principalCollection);
    }

    public RoleSecurityJdbcRealm() throws NamingException, SQLException {
        logger.info("Initializing RoleSecurityJdbcRealm");
        setAuthenticationQuery(DEFAULT_AUTHENTICATION_QUERY);
        setPermissionsLookupEnabled(true);
        setAuthorizationCachingEnabled(true);
        initializeDB();
        logger.info("Done Initializing RoleSecurityJdbcRealm");
    }

    public boolean clearCacheForAllActiveUsers() {
        Iterator<String> it = this.cachedPermissions.keySet().iterator();
        while (it.hasNext()) {
            this.cachedPermissions.remove(it.next());
        }
        return this.cachedPermissions.isEmpty();
    }

    public boolean clearCacheForPrincipalCollection(PrincipalCollection principalCollection) {
        clearCachedAuthorizationInfo(principalCollection);
        clearCachedAuthenticationInfo(principalCollection);
        return clearPrincipalCacheForUser((String) getAvailablePrincipal(principalCollection));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.starter.ignite.security.JdbcRealm
    public AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        Connection connection = null;
        try {
            try {
                connection = this.dataSource.getConnection();
                if (connection.isClosed()) {
                    initializeDB();
                }
                JdbcUtils.closeConnection(connection);
            } catch (Exception unused) {
                try {
                    initializeDB();
                } catch (Exception e) {
                    logger.error("RoleSecurityJDBCRealm could not re-init DB.", e);
                }
                JdbcUtils.closeConnection(connection);
            }
            return super.doGetAuthenticationInfo(authenticationToken);
        } catch (Throwable th) {
            JdbcUtils.closeConnection(connection);
            throw th;
        }
    }

    public boolean isPermitted(PrincipalCollection principalCollection, Permission permission) {
        return isPermitted(permission, getAuthorizationInfo(principalCollection));
    }

    private boolean isPermitted(Permission permission, AuthorizationInfo authorizationInfo) {
        Collection<Permission> permissions = getPermissions(authorizationInfo);
        if (permissions == null || permissions.isEmpty()) {
            return false;
        }
        if (permissions.contains(permission)) {
            return true;
        }
        for (Permission permission2 : permissions) {
            if (permission2.toString().equals(permission.toString()) || permission2.implies(permission)) {
                return true;
            }
        }
        return false;
    }

    private Collection<Permission> getPermissions(AuthorizationInfo authorizationInfo) {
        HashSet hashSet = new HashSet();
        if (authorizationInfo != null) {
            Collection objectPermissions = authorizationInfo.getObjectPermissions();
            if (!CollectionUtils.isEmpty(objectPermissions)) {
                hashSet.addAll(objectPermissions);
            }
            Collection<Permission> resolvePermissions = resolvePermissions(authorizationInfo.getStringPermissions());
            if (!CollectionUtils.isEmpty(resolvePermissions)) {
                hashSet.addAll(resolvePermissions);
            }
            Collection<Permission> resolveRolePermissions = resolveRolePermissions(authorizationInfo.getRoles());
            if (!CollectionUtils.isEmpty(resolveRolePermissions)) {
                hashSet.addAll(resolveRolePermissions);
            }
        }
        return hashSet.isEmpty() ? Collections.emptySet() : Collections.unmodifiableSet(hashSet);
    }

    private Collection<Permission> resolveRolePermissions(Collection<String> collection) {
        Set emptySet = Collections.emptySet();
        RolePermissionResolver rolePermissionResolver = getRolePermissionResolver();
        if (rolePermissionResolver != null && !CollectionUtils.isEmpty(collection)) {
            emptySet = new LinkedHashSet(collection.size());
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                Collection resolvePermissionsInRole = rolePermissionResolver.resolvePermissionsInRole(it.next());
                if (!CollectionUtils.isEmpty(resolvePermissionsInRole)) {
                    emptySet.addAll(resolvePermissionsInRole);
                }
            }
        }
        return emptySet;
    }

    private Collection<Permission> resolvePermissions(Collection<String> collection) {
        Set emptySet = Collections.emptySet();
        if (getPermissionResolver() != null && !CollectionUtils.isEmpty(collection)) {
            emptySet = new LinkedHashSet(collection.size());
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                emptySet.add(getPermissionResolver().resolvePermission(it.next()));
            }
        }
        return emptySet;
    }

    @Override // io.starter.ignite.security.JdbcRealm
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        if (principalCollection == null) {
            throw new AuthorizationException("RoleSecurityJdbcRealm.doGetAuthorizationInfo: PrincipalCollection method argument cannot be null.");
        }
        String str = (String) getAvailablePrincipal(principalCollection);
        Connection connection = null;
        Set<String> set = null;
        try {
            try {
                Connection connection2 = this.dataSource.getConnection();
                int userIdFromUserName = getUserIdFromUserName(connection2, str);
                Set<String> roleNamesForUser = getRoleNamesForUser(connection2, String.valueOf(userIdFromUserName));
                if (this.permissionsLookupEnabled && roleNamesForUser.size() > 0) {
                    set = getPermissions(connection2, String.valueOf(userIdFromUserName), roleNamesForUser);
                }
                connection2.close();
                connection = null;
                JdbcUtils.closeConnection((Connection) null);
                SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(roleNamesForUser);
                simpleAuthorizationInfo.setStringPermissions(set);
                return simpleAuthorizationInfo;
            } catch (Exception e) {
                String str2 = "RoleSecurityJdbcRealm.doGetAuthorizationInfo: There was a SQL error while authorizing user [" + str + "]";
                JdbcUtils.closeConnection(connection);
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            JdbcUtils.closeConnection(connection);
            throw th;
        }
    }

    private int getUserIdFromUserName(Connection connection, String str) throws SQLException {
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            preparedStatement = connection.prepareStatement(USER_ID_QUERY);
            preparedStatement.setString(1, str);
            resultSet = preparedStatement.executeQuery();
            resultSet.next();
            int i = resultSet.getInt(1);
            JdbcUtils.closeResultSet(resultSet);
            JdbcUtils.closeStatement(preparedStatement);
            return i;
        } catch (Throwable th) {
            JdbcUtils.closeResultSet(resultSet);
            JdbcUtils.closeStatement(preparedStatement);
            throw th;
        }
    }

    private void initializeDB() throws NamingException, SQLException {
        String str = SystemConstants.JNDI_DB_LOOKUP_STRING;
        if (System.getProperty("PARAM1") != null && !System.getProperty("PARAM1").equalsIgnoreCase("production") && System.getProperty("PARAM1").equalsIgnoreCase("staging")) {
            str = "jndi/ignite_staging";
        }
        logger.info("RoleSecurityJdbcRealm: initializing dataSource: " + str);
        try {
            DataSource dataSource = (DataSource) new InitialContext().lookup(str);
            Connection connection = dataSource.getConnection();
            setDataSource(dataSource);
            connection.close();
        } catch (Exception e) {
            logger.info("RoleSecurityJdbcRealm.initializeDB() Falling back to non-JNDI ConnectionFactory connection:" + e.getLocalizedMessage());
            ConnectionFactory connectionFactory = ConnectionFactory.instance;
            DataSource dataSource2 = ConnectionFactory.getDataSource();
            Connection connection2 = dataSource2.getConnection();
            setDataSource(dataSource2);
            connection2.close();
        }
        logger.info(" Datasource set OK!");
    }

    public boolean clearPrincipalCacheForUser(String str) {
        Connection connection = null;
        try {
            try {
                connection = this.dataSource.getConnection();
                if (connection.isClosed()) {
                    initializeDB();
                }
                this.cachedPermissions.remove(String.valueOf(getUserIdFromUserName(connection, str)));
                JdbcUtils.closeConnection(connection);
                return true;
            } catch (Exception unused) {
                try {
                    initializeDB();
                } catch (Exception e) {
                    logger.error("RoleSecurityJDBCRealm could not re-init DB.", e);
                }
                JdbcUtils.closeConnection(connection);
                return true;
            }
        } catch (Throwable th) {
            JdbcUtils.closeConnection(connection);
            throw th;
        }
    }
}
