package org.seedstack.seed.security.internal;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import javax.inject.Inject;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.pam.UnsupportedTokenException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.seedstack.seed.security.IncorrectCredentialsException;
import org.seedstack.seed.security.PrincipalCustomizer;
import org.seedstack.seed.security.Realm;
import org.seedstack.seed.security.Role;
import org.seedstack.seed.security.UnknownAccountException;
import org.seedstack.seed.security.internal.authorization.SeedAuthorizationInfo;
import org.seedstack.seed.security.internal.realms.AuthenticationTokenWrapper;
import org.seedstack.seed.security.principals.PrincipalProvider;

/* loaded from: input_file:org/seedstack/seed/security/internal/ShiroRealmAdapter.class */
class ShiroRealmAdapter extends AuthorizingRealm {
    private Realm realm;

    @Inject
    private Set<PrincipalCustomizer> principalCustomizers;

    ShiroRealmAdapter() {
    }

    public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principalCollection) {
        return super.getAuthorizationInfo(principalCollection);
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SeedAuthorizationInfo seedAuthorizationInfo = new SeedAuthorizationInfo();
        PrincipalProvider principalProvider = (PrincipalProvider) principalCollection.getPrimaryPrincipal();
        ArrayList arrayList = new ArrayList();
        arrayList.add(principalProvider);
        for (Object obj : principalCollection) {
            if (obj instanceof PrincipalProvider) {
                arrayList.add((PrincipalProvider) obj);
            }
        }
        for (Role role : this.realm.getRoleMapping().resolveRoles(this.realm.getRealmRoles(principalProvider, principalCollection.asList()), arrayList)) {
            role.getPermissions().addAll(this.realm.getRolePermissionResolver().resolvePermissionsInRole(role));
            seedAuthorizationInfo.addRole(role);
        }
        return seedAuthorizationInfo;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        org.seedstack.seed.security.AuthenticationToken convertToken = convertToken(authenticationToken);
        if (convertToken == null) {
            throw new UnsupportedTokenException("The token " + authenticationToken.getClass() + " is not supported");
        }
        try {
            org.seedstack.seed.security.AuthenticationInfo authenticationInfo = this.realm.getAuthenticationInfo(convertToken);
            SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo();
            SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection(authenticationInfo.getIdentityPrincipal(), getName());
            simpleAuthenticationInfo.setCredentials(authenticationToken.getCredentials());
            Iterator it = authenticationInfo.getOtherPrincipals().iterator();
            while (it.hasNext()) {
                simplePrincipalCollection.add((PrincipalProvider) it.next(), getName());
            }
            for (PrincipalCustomizer principalCustomizer : this.principalCustomizers) {
                if (principalCustomizer.supportedRealm().isAssignableFrom(getRealm().getClass())) {
                    Iterator it2 = principalCustomizer.principalsToAdd(authenticationInfo.getIdentityPrincipal(), authenticationInfo.getOtherPrincipals()).iterator();
                    while (it2.hasNext()) {
                        simplePrincipalCollection.add((PrincipalProvider) it2.next(), getName());
                    }
                }
            }
            simpleAuthenticationInfo.setPrincipals(simplePrincipalCollection);
            return simpleAuthenticationInfo;
        } catch (UnknownAccountException e) {
            throw new org.apache.shiro.authc.UnknownAccountException(e);
        } catch (IncorrectCredentialsException e2) {
            throw new org.apache.shiro.authc.IncorrectCredentialsException(e2);
        } catch (org.seedstack.seed.security.AuthenticationException e3) {
            throw new AuthenticationException(e3);
        } catch (org.seedstack.seed.security.UnsupportedTokenException e4) {
            throw new UnsupportedTokenException(e4);
        }
    }

    public boolean supports(AuthenticationToken authenticationToken) {
        org.seedstack.seed.security.AuthenticationToken convertToken = convertToken(authenticationToken);
        return convertToken != null && this.realm.supportedToken().isAssignableFrom(convertToken.getClass());
    }

    protected Object getAuthenticationCacheKey(AuthenticationToken authenticationToken) {
        Object authenticationCacheKey = super.getAuthenticationCacheKey(authenticationToken);
        return authenticationCacheKey instanceof PrincipalProvider ? ((PrincipalProvider) authenticationCacheKey).getPrincipal() : authenticationCacheKey;
    }

    protected Object getAuthenticationCacheKey(PrincipalCollection principalCollection) {
        Object authenticationCacheKey = super.getAuthenticationCacheKey(principalCollection);
        return authenticationCacheKey instanceof PrincipalProvider ? ((PrincipalProvider) authenticationCacheKey).getPrincipal() : authenticationCacheKey;
    }

    protected Object getAuthorizationCacheKey(PrincipalCollection principalCollection) {
        Object authenticationCacheKey = super.getAuthenticationCacheKey(principalCollection);
        return authenticationCacheKey instanceof PrincipalProvider ? ((PrincipalProvider) authenticationCacheKey).getPrincipal() : authenticationCacheKey;
    }

    Realm getRealm() {
        return this.realm;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRealm(Realm realm) {
        this.realm = realm;
    }

    private org.seedstack.seed.security.AuthenticationToken convertToken(AuthenticationToken authenticationToken) {
        if (authenticationToken instanceof org.seedstack.seed.security.AuthenticationToken) {
            return (org.seedstack.seed.security.AuthenticationToken) authenticationToken;
        }
        if (authenticationToken instanceof UsernamePasswordToken) {
            UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
            return new org.seedstack.seed.security.UsernamePasswordToken(usernamePasswordToken.getUsername(), usernamePasswordToken.getPassword());
        }
        if (authenticationToken instanceof AuthenticationTokenWrapper) {
            return ((AuthenticationTokenWrapper) authenticationToken).getSeedToken();
        }
        return null;
    }
}
