package org.seedstack.seed.security.internal;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.inject.Inject;
import org.apache.commons.lang.ArrayUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.seedstack.seed.security.Role;
import org.seedstack.seed.security.Scope;
import org.seedstack.seed.security.SecuritySupport;
import org.seedstack.seed.security.SimpleScope;
import org.seedstack.seed.security.internal.authorization.ScopePermission;
import org.seedstack.seed.security.internal.authorization.SeedAuthorizationInfo;
import org.seedstack.seed.security.principals.PrincipalProvider;
import org.seedstack.seed.security.principals.Principals;
import org.seedstack.seed.security.principals.SimplePrincipalProvider;

/* loaded from: input_file:org/seedstack/seed/security/internal/ShiroSecuritySupport.class */
class ShiroSecuritySupport implements SecuritySupport {

    @Inject
    private Set<Realm> realms;

    public PrincipalProvider<?> getIdentityPrincipal() {
        Subject subject = SecurityUtils.getSubject();
        return subject.getPrincipal() instanceof PrincipalProvider ? (PrincipalProvider) subject.getPrincipal() : Principals.identityPrincipal("");
    }

    public Collection<PrincipalProvider<?>> getOtherPrincipals() {
        ArrayList arrayList = new ArrayList();
        PrincipalCollection principals = SecurityUtils.getSubject().getPrincipals();
        if (principals == null) {
            return Collections.emptyList();
        }
        for (Object obj : principals.asList()) {
            if (obj instanceof PrincipalProvider) {
                arrayList.add((PrincipalProvider) obj);
            }
        }
        return arrayList;
    }

    public <T extends Serializable> Collection<PrincipalProvider<T>> getPrincipalsByType(Class<T> cls) {
        return Principals.getPrincipalsByType(getOtherPrincipals(), cls);
    }

    public Collection<SimplePrincipalProvider> getSimplePrincipals() {
        return Principals.getSimplePrincipals(getOtherPrincipals());
    }

    public SimplePrincipalProvider getSimplePrincipalByName(String str) {
        return Principals.getSimplePrincipalByName(getOtherPrincipals(), str);
    }

    public boolean isAuthenticated() {
        return SecurityUtils.getSubject().isAuthenticated();
    }

    public boolean isPermitted(String str) {
        return SecurityUtils.getSubject().isPermitted(str);
    }

    public boolean isPermitted(String str, Scope... scopeArr) {
        if (ArrayUtils.isEmpty(scopeArr)) {
            return isPermitted(str);
        }
        boolean z = true;
        for (Scope scope : scopeArr) {
            z = z && SecurityUtils.getSubject().isPermitted(new ScopePermission(str, scope));
        }
        return z;
    }

    public boolean isPermittedAll(String... strArr) {
        return SecurityUtils.getSubject().isPermittedAll(strArr);
    }

    public boolean isPermittedAny(String... strArr) {
        return ArrayUtils.contains(SecurityUtils.getSubject().isPermitted(strArr), true);
    }

    public void checkPermission(String str) {
        try {
            SecurityUtils.getSubject().checkPermission(str);
        } catch (AuthorizationException e) {
            throw new org.seedstack.seed.security.AuthorizationException("Subject doesn't have permission " + str, e);
        }
    }

    public void checkPermission(String str, Scope... scopeArr) {
        try {
            if (ArrayUtils.isEmpty(scopeArr)) {
                checkPermission(str);
            } else {
                for (Scope scope : scopeArr) {
                    SecurityUtils.getSubject().checkPermission(new ScopePermission(str, scope));
                }
            }
        } catch (AuthorizationException e) {
            throw new org.seedstack.seed.security.AuthorizationException("Subject doesn't have permission " + str, e);
        }
    }

    public void checkPermissions(String... strArr) {
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            arrayList.add(new ScopePermission(str));
        }
        try {
            SecurityUtils.getSubject().checkPermissions(arrayList);
        } catch (AuthorizationException e) {
            throw new org.seedstack.seed.security.AuthorizationException("Subject doesn't have permissions " + Arrays.toString(strArr), e);
        }
    }

    public boolean hasRole(String str) {
        return SecurityUtils.getSubject().hasRole(str);
    }

    public boolean hasRole(String str, Scope... scopeArr) {
        if (ArrayUtils.isEmpty(scopeArr)) {
            return hasRole(str);
        }
        Role role = null;
        Iterator<Role> it = getRoles().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Role next = it.next();
            if (next.getName().equals(str)) {
                role = next;
                break;
            }
        }
        if (role == null) {
            return false;
        }
        return role.getScopes().containsAll(Arrays.asList(scopeArr));
    }

    public boolean hasAllRoles(String... strArr) {
        return SecurityUtils.getSubject().hasAllRoles(Arrays.asList(strArr));
    }

    public boolean hasAnyRole(String... strArr) {
        return ArrayUtils.contains(SecurityUtils.getSubject().hasRoles(Arrays.asList(strArr)), true);
    }

    public void checkRole(String str) {
        try {
            SecurityUtils.getSubject().checkRole(str);
        } catch (AuthorizationException e) {
            throw new org.seedstack.seed.security.AuthorizationException("Subject doesn't have role " + str, e);
        }
    }

    public void checkRoles(String... strArr) {
        try {
            SecurityUtils.getSubject().checkRoles(strArr);
        } catch (AuthorizationException e) {
            throw new org.seedstack.seed.security.AuthorizationException("Subject doesn't have roles " + Arrays.toString(strArr), e);
        }
    }

    public void logout() {
        SecurityUtils.getSubject().logout();
    }

    private SeedAuthorizationInfo getAuthorizationInfo(Realm realm) {
        SeedAuthorizationInfo seedAuthorizationInfo = null;
        if (realm instanceof ShiroRealmAdapter) {
            seedAuthorizationInfo = (SeedAuthorizationInfo) ((ShiroRealmAdapter) realm).getAuthorizationInfo(SecurityUtils.getSubject().getPrincipals());
        }
        return seedAuthorizationInfo;
    }

    public Set<Role> getRoles() {
        HashSet hashSet = new HashSet();
        Iterator<Realm> it = this.realms.iterator();
        while (it.hasNext()) {
            SeedAuthorizationInfo authorizationInfo = getAuthorizationInfo(it.next());
            if (authorizationInfo != null) {
                Iterator<Role> it2 = authorizationInfo.getObjectRoles().iterator();
                while (it2.hasNext()) {
                    hashSet.add(Role.unmodifiableRole(it2.next()));
                }
            }
        }
        return hashSet;
    }

    public Set<SimpleScope> getSimpleScopes() {
        HashSet hashSet = new HashSet();
        Iterator<Role> it = getRoles().iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().getScopesByType(SimpleScope.class));
        }
        return hashSet;
    }

    public String getHost() {
        Session session = SecurityUtils.getSubject().getSession(false);
        if (session == null) {
            return null;
        }
        return session.getHost();
    }
}
