package com.github.dennisit.vplus.data.security.jwt;

import com.alibaba.fastjson.JSON;
import com.github.dennisit.vplus.data.enums.common.EnableEnum;
import com.github.dennisit.vplus.data.security.Authority;
import com.github.dennisit.vplus.data.security.AuthorityIFace;
import com.github.dennisit.vplus.data.utils.JWTUtils;
import com.github.dennisit.vplus.data.utils.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/dennisit/vplus/data/security/jwt/JWTRealm.class */
public class JWTRealm extends AuthorizingRealm {
    private static final Logger log = LoggerFactory.getLogger(JWTRealm.class);
    private AuthorityIFace<Authority, Long> authorityIFace;

    public JWTRealm(AuthorityIFace<Authority, Long> authorityIFace) {
        this.authorityIFace = authorityIFace;
    }

    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof JWTToken;
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        Authority authority = (Authority) principalCollection.getPrimaryPrincipal();
        log.info("[AuthorizationInfo] userId:{}, authority:{}", Long.valueOf(authority.getUserId()), JSON.toJSON(authority));
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.addStringPermissions(this.authorityIFace.selectPermissions(Long.valueOf(authority.getUserId())));
        simpleAuthorizationInfo.addRoles(this.authorityIFace.selectRoles(Long.valueOf(authority.getUserId())));
        return simpleAuthorizationInfo;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String str = (String) authenticationToken.getCredentials();
        long jwtUserId = getJwtUserId(str);
        Authority selectByUserId = this.authorityIFace.selectByUserId(Long.valueOf(jwtUserId));
        log.info("[AuthenticationInfo] token:{}, userId:{}, authority:{}", new Object[]{str, Long.valueOf(jwtUserId), JSON.toJSON(selectByUserId)});
        if (null == selectByUserId) {
            throw new UnknownAccountException("账号不存在.");
        }
        if (EnableEnum.DISABLE.getValue() == selectByUserId.getEnabled()) {
            throw new LockedAccountException("账号被锁定.");
        }
        if (JWTUtils.jwtUidVerify(str, String.valueOf(selectByUserId.getUserId()), selectByUserId.getPassword())) {
            return new SimpleAuthenticationInfo(selectByUserId, str, getName());
        }
        throw new AuthenticationException("会话信息过期/无效,请重新登录.");
    }

    public long getJwtUserId(String str) {
        if (StringUtils.isBlank(str)) {
            throw new IncorrectCredentialsException("会话凭证无效");
        }
        String jwtUidGet = JWTUtils.jwtUidGet(str);
        if (StringUtils.isBlank(jwtUidGet)) {
            throw new IncorrectCredentialsException("会话凭证无效");
        }
        return Long.valueOf(jwtUidGet).longValue();
    }
}
