package com.abasecode.opencode.base.token.auth;

import com.abasecode.opencode.base.code.CodeException;
import com.abasecode.opencode.base.token.TokenHandler;
import com.abasecode.opencode.base.token.config.TokenConfig;
import com.abasecode.opencode.base.token.entity.Token;
import com.abasecode.opencode.base.token.entity.TokenInfo;
import com.abasecode.opencode.base.token.entity.TokenUser;
import com.abasecode.opencode.base.token.util.CodeRedisUtils;
import com.abasecode.opencode.base.token.util.TokenKeysUtils;
import com.alibaba.fastjson.JSON;
import io.jsonwebtoken.Claims;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/abasecode/opencode/base/token/auth/AuthRealm.class */
public class AuthRealm extends AuthorizingRealm {

    @Autowired
    TokenHandler tokenHandler;

    @Autowired
    RedisTemplate redisTemplate;

    @Autowired
    CodeRedisUtils codeRedisUtils;

    @Autowired
    TokenConfig.ApiToken apiToken;

    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof AuthToken;
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        Integer userId = ((TokenUser) principalCollection.getPrimaryPrincipal()).getUserId();
        Set set = (Set) JSON.parseObject(this.codeRedisUtils.getObject(TokenKeysUtils.getPermissionKey(this.apiToken.getKey(), userId)).toString(), Set.class);
        Set set2 = (Set) JSON.parseObject(this.codeRedisUtils.getObject(TokenKeysUtils.getRolesKey(this.apiToken.getKey(), userId)).toString(), Set.class);
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.setStringPermissions(set);
        simpleAuthorizationInfo.setRoles(set2);
        if (SecurityUtils.getSubject().getPrincipal() == null) {
            throw new CodeException("Authorization required!", HttpStatus.UNAUTHORIZED.value());
        }
        return simpleAuthorizationInfo;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String str = (String) authenticationToken.getPrincipal();
        if (StringUtils.isBlank(str)) {
            throw new CodeException("Authorization required!!", HttpStatus.UNAUTHORIZED.value());
        }
        try {
            Claims claimByToken = this.tokenHandler.getClaimByToken(str);
            if (claimByToken == null || this.tokenHandler.isTokenExpired(claimByToken.getExpiration())) {
                throw new CodeException("The authorization is invalid, please login again!", HttpStatus.UNAUTHORIZED.value());
            }
            TokenInfo tokenInfoByClaim = this.tokenHandler.getTokenInfoByClaim(str);
            if (!tokenInfoByClaim.getAppKey().equals(this.apiToken.getKey())) {
                throw new CodeException("The token is invalid, check baseKey!", HttpStatus.UNAUTHORIZED.value());
            }
            Token token = (Token) JSON.parseObject(this.codeRedisUtils.getObject(TokenKeysUtils.getTokenKey(tokenInfoByClaim.getAppKey(), tokenInfoByClaim.getUserId())).toString(), Token.class);
            if (token == null || !token.getToken().equals(str)) {
                throw new CodeException("The authorization is invalid, please login again!!!", HttpStatus.UNAUTHORIZED.value());
            }
            TokenUser tokenUser = (TokenUser) JSON.parseObject(this.codeRedisUtils.getObject(TokenKeysUtils.getUserKey(tokenInfoByClaim.getAppKey(), tokenInfoByClaim.getUserId())).toString(), TokenUser.class);
            if (tokenUser == null) {
                throw new CodeException("The account is invalid!", HttpStatus.UNAUTHORIZED.value());
            }
            if (tokenUser.getStatus().intValue() == 1) {
                throw new CodeException("The account is invalid!!", HttpStatus.UNAUTHORIZED.value());
            }
            return new SimpleAuthenticationInfo(tokenUser, str, getName());
        } catch (Exception e) {
            throw new CodeException("The authorization information is wrong!", HttpStatus.UNAUTHORIZED.value());
        }
    }
}
