package org.commonjava.auth.shiro.couch;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAccount;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.PrincipalCollection;
import org.commonjava.auth.couch.data.UserDataException;
import org.commonjava.auth.couch.data.UserDataManager;
import org.commonjava.auth.shiro.couch.model.ShiroPermission;
import org.commonjava.auth.shiro.couch.model.ShiroUserUtils;
import org.commonjava.couch.rbac.Permission;
import org.commonjava.couch.rbac.Role;
import org.commonjava.couch.rbac.User;
import org.commonjava.util.logging.Logger;

@Singleton
/* loaded from: input_file:org/commonjava/auth/shiro/couch/CouchRealm.class */
public class CouchRealm extends AuthorizingRealm {
    private final Logger logger = new Logger(getClass());

    @Inject
    private UserDataManager dataManager;

    @Inject
    private CouchPermissionResolver resolver;
    private SecurityManager sm;

    CouchRealm() {
    }

    public CouchRealm(UserDataManager userDataManager, CouchPermissionResolver couchPermissionResolver) {
        this.dataManager = userDataManager;
        this.resolver = couchPermissionResolver;
        initRealm();
    }

    public void setupSecurityManager(Realm... realmArr) {
        if (this.sm == null) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(this);
            for (Realm realm : realmArr) {
                if (realm != null) {
                    arrayList.add(realm);
                }
            }
            this.sm = new DefaultSecurityManager(arrayList);
            SecurityUtils.setSecurityManager(this.sm);
        }
    }

    @PostConstruct
    protected void initRealm() {
        setRolePermissionResolver(this.resolver);
        setPermissionResolver(this.resolver);
        setCacheManager(new MemoryConstrainedCacheManager());
        setCachingEnabled(true);
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        Object primaryPrincipal = principalCollection.getPrimaryPrincipal();
        try {
            User user = this.dataManager.getUser(primaryPrincipal.toString());
            if (user == null) {
                throw new AuthenticationException("Authentication failed: " + primaryPrincipal);
            }
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            if (user.getRoles() != null) {
                try {
                    for (Role role : this.dataManager.getRoles(user)) {
                        hashSet.add(role.getName());
                        try {
                            Set permissions = this.dataManager.getPermissions(role);
                            if (permissions != null) {
                                Iterator it = permissions.iterator();
                                while (it.hasNext()) {
                                    hashSet2.add(new ShiroPermission((Permission) it.next()));
                                }
                            }
                        } catch (UserDataException e) {
                            this.logger.error("Failed to retrieve permissions for role: %s. Reason: %s", e, new Object[]{role.getName(), e.getMessage()});
                            throw new AuthenticationException("Cannot retrieve role permissions. System configuration is invalid.");
                        }
                    }
                } catch (UserDataException e2) {
                    this.logger.error("Failed to retrieve roles for user: %s. Reason: %s", e2, new Object[]{primaryPrincipal, e2.getMessage()});
                    throw new AuthenticationException("Cannot retrieve user roles. System configuration is invalid.");
                }
            }
            return new SimpleAccount(principalCollection, user.getPasswordDigest(), hashSet, hashSet2);
        } catch (UserDataException e3) {
            this.logger.error("Failed to retrieve user: %s. Reason: %s", e3, new Object[]{primaryPrincipal, e3.getMessage()});
            throw new AuthenticationException("Cannot retrieve user. System configuration is invalid.");
        }
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        if (!(authenticationToken instanceof UsernamePasswordToken)) {
            throw new AuthenticationException("Cannot use authentication token of type: " + authenticationToken.getClass().getName() + " with this service.");
        }
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
        try {
            return ShiroUserUtils.getAuthenticationInfo(this.dataManager.getUser(usernamePasswordToken.getUsername()));
        } catch (UserDataException e) {
            this.logger.error("Failed to retrieve user: %s. Reason: %s", e, new Object[]{usernamePasswordToken.getUsername(), e.getMessage()});
            throw new AuthenticationException("Cannot retrieve user. System configuration is invalid.");
        }
    }

    public void setAutoCreateAuthorizationInfo(boolean z) {
        this.resolver.setAutoCreateAuthorizationInfo(z);
    }

    public boolean isAutoCreateAuthorizationInfo() {
        return this.resolver.isAutoCreateAuthorizationInfo();
    }
}
