package org.isisaddons.module.security.shiro;

import java.util.concurrent.Callable;
import javax.inject.Inject;
import org.apache.isis.core.runtime.system.context.IsisContext;
import org.apache.isis.core.runtime.system.persistence.PersistenceSession;
import org.apache.isis.core.runtime.system.session.IsisSessionFactory;
import org.apache.isis.core.runtime.system.transaction.IsisTransactionManager;
import org.apache.isis.core.runtime.system.transaction.TransactionalClosureWithReturn;
import org.apache.isis.core.runtime.system.transaction.TransactionalClosureWithReturnAbstract;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.CredentialsException;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.isisaddons.module.security.dom.password.PasswordEncryptionService;
import org.isisaddons.module.security.dom.user.AccountType;
import org.isisaddons.module.security.dom.user.ApplicationUser;
import org.isisaddons.module.security.dom.user.ApplicationUserRepository;

/* loaded from: input_file:org/isisaddons/module/security/shiro/IsisModuleSecurityRealm.class */
public class IsisModuleSecurityRealm extends AuthorizingRealm {
    private AuthenticatingRealm delegateAuthenticationRealm;
    private boolean autoCreateUser = true;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/isisaddons/module/security/shiro/IsisModuleSecurityRealm$CheckPasswordResult.class */
    public enum CheckPasswordResult {
        OK,
        BAD_PASSWORD,
        NO_PASSWORD_ENCRYPTION_SERVICE_CONFIGURED
    }

    public IsisModuleSecurityRealm() {
        setPermissionResolver(new PermissionResolverForIsisShiroAuthorizor());
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        if (!(authenticationToken instanceof UsernamePasswordToken)) {
            throw new AuthenticationException();
        }
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
        String username = usernamePasswordToken.getUsername();
        usernamePasswordToken.getPassword();
        PrincipalForApplicationUser lookupPrincipal = lookupPrincipal(username, hasDelegateAuthenticationRealm() && getAutoCreateUser());
        if (lookupPrincipal == null) {
            throw new CredentialsException("Unknown user/password combination");
        }
        if (lookupPrincipal.isDisabled()) {
            throw new DisabledAccountException();
        }
        if (lookupPrincipal.getAccountType() == AccountType.DELEGATED) {
            AuthenticationInfo authenticationInfo = null;
            if (hasDelegateAuthenticationRealm()) {
                try {
                    authenticationInfo = this.delegateAuthenticationRealm.getAuthenticationInfo(authenticationToken);
                } catch (AuthenticationException e) {
                }
            }
            if (authenticationInfo == null) {
                throw new CredentialsException("Unknown user/password combination");
            }
        } else {
            switch (checkPassword(r0, lookupPrincipal.getEncryptedPassword())) {
                case OK:
                    break;
                case BAD_PASSWORD:
                    throw new IncorrectCredentialsException("Unknown user/password combination");
                case NO_PASSWORD_ENCRYPTION_SERVICE_CONFIGURED:
                    throw new AuthenticationException("No password encryption service is installed");
                default:
                    throw new AuthenticationException();
            }
        }
        return new AuthInfoForApplicationUser(lookupPrincipal, getName(), authenticationToken.getCredentials());
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        PrincipalForApplicationUser principalForApplicationUser = (PrincipalForApplicationUser) principalCollection.oneByType(PrincipalForApplicationUser.class);
        if (principalForApplicationUser == null) {
            return null;
        }
        return principalForApplicationUser;
    }

    private PrincipalForApplicationUser lookupPrincipal(final String str, final boolean z) {
        return (PrincipalForApplicationUser) execute(new TransactionalClosureWithReturnAbstract<PrincipalForApplicationUser>() { // from class: org.isisaddons.module.security.shiro.IsisModuleSecurityRealm.1

            @Inject
            private ApplicationUserRepository applicationUserRepository;

            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public PrincipalForApplicationUser m19execute() {
                return PrincipalForApplicationUser.from(lookupUser());
            }

            private ApplicationUser lookupUser() {
                return z ? this.applicationUserRepository.findOrCreateUserByUsername(str) : this.applicationUserRepository.findByUsername(str);
            }
        });
    }

    private CheckPasswordResult checkPassword(final char[] cArr, final String str) {
        return (CheckPasswordResult) execute(new TransactionalClosureWithReturnAbstract<CheckPasswordResult>() { // from class: org.isisaddons.module.security.shiro.IsisModuleSecurityRealm.2

            @Inject
            private PasswordEncryptionService passwordEncryptionService;

            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public CheckPasswordResult m20execute() {
                return this.passwordEncryptionService == null ? CheckPasswordResult.NO_PASSWORD_ENCRYPTION_SERVICE_CONFIGURED : this.passwordEncryptionService.matches(new String(cArr), str) ? CheckPasswordResult.OK : CheckPasswordResult.BAD_PASSWORD;
            }
        });
    }

    public AuthenticatingRealm getDelegateAuthenticationRealm() {
        return this.delegateAuthenticationRealm;
    }

    public void setDelegateAuthenticationRealm(AuthenticatingRealm authenticatingRealm) {
        this.delegateAuthenticationRealm = authenticatingRealm;
    }

    public boolean hasDelegateAuthenticationRealm() {
        return this.delegateAuthenticationRealm != null;
    }

    public boolean getAutoCreateUser() {
        return this.autoCreateUser;
    }

    public void setAutoCreateUser(boolean z) {
        this.autoCreateUser = z;
    }

    <V> V execute(final TransactionalClosureWithReturn<V> transactionalClosureWithReturn) {
        return (V) getSessionFactory().doInSession(new Callable<V>() { // from class: org.isisaddons.module.security.shiro.IsisModuleSecurityRealm.3
            @Override // java.util.concurrent.Callable
            public V call() {
                IsisModuleSecurityRealm.this.getPersistenceSession().getServicesInjector().injectServicesInto(transactionalClosureWithReturn);
                return (V) IsisModuleSecurityRealm.this.doExecute(transactionalClosureWithReturn);
            }
        });
    }

    <V> V doExecute(TransactionalClosureWithReturn<V> transactionalClosureWithReturn) {
        return (V) getTransactionManager(getPersistenceSession()).executeWithinTransaction(transactionalClosureWithReturn);
    }

    protected PersistenceSession getPersistenceSession() {
        return getSessionFactory().getCurrentSession().getPersistenceSession();
    }

    protected IsisTransactionManager getTransactionManager(PersistenceSession persistenceSession) {
        return persistenceSession.getTransactionManager();
    }

    protected IsisSessionFactory getSessionFactory() {
        return IsisContext.getSessionFactory();
    }
}
