package com.springframework.boxes.oauth.starter.jwt;

import com.alibaba.fastjson.JSON;
import com.github.dennisit.vplus.data.security.AuthorityIFace;
import com.spring.boxes.dollar.enums.EnableEnum;
import com.spring.boxes.dollar.term.Authority;
import com.springframework.boxes.oauth.starter.jwt.JwtSubject;
import java.util.Optional;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/springframework/boxes/oauth/starter/jwt/JwtRealm.class */
public class JwtRealm extends AuthorizingRealm {
    private static final Logger log = LoggerFactory.getLogger(JwtRealm.class);
    private AuthorityIFace<Authority, Long> authorityIFace;

    public JwtRealm(AuthorityIFace<Authority, Long> authorityIFace) {
        this.authorityIFace = authorityIFace;
    }

    public Class getAuthenticationTokenClass() {
        return JwtToken.class;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        log.debug("[JwtRealm][doGetAuthorizationInfo][身份认证:验证用户输入的账号和密码是否正确, 获取身份验证信息, 错误抛出异常(登录时调用)]");
        String str = (String) authenticationToken.getCredentials();
        long longValue = ((Long) Optional.ofNullable(JwtSubject.getVal(str, JwtSubject.Fields.USER_ID)).map(str2 -> {
            return Long.valueOf(str2);
        }).orElse(0L)).longValue();
        Authority selectByUserId = this.authorityIFace.selectByUserId(Long.valueOf(longValue));
        log.info("[JwtRealm][doGetAuthorizationInfo] token:{}, userId:{}, authority:{}", new Object[]{str, Long.valueOf(longValue), JSON.toJSON(selectByUserId)});
        if (null == selectByUserId) {
            throw new UnknownAccountException("账号不存在.");
        }
        if (EnableEnum.DISABLE.getValue().intValue() == selectByUserId.getEnabled()) {
            throw new LockedAccountException("账号被锁定.");
        }
        if (JwtSubject.verify(str, selectByUserId.getAccount(), selectByUserId.getPassword())) {
            return new SimpleAuthenticationInfo(selectByUserId, str, super.getName());
        }
        throw new ExpiredCredentialsException("会话信息过期/无效,请重新登录.");
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        log.debug("[JwtRealm][doGetAuthorizationInfo][权限验证:用户用户授权信息(角色以及角色权限),只有当触发加测权限时才会调用此方法]");
        Authority authority = (Authority) principalCollection.getPrimaryPrincipal();
        log.info("[JwtRealm][doGetAuthorizationInfo] authority:{}", JSON.toJSON(authority));
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.addStringPermissions(this.authorityIFace.selectPermissions(Long.valueOf(authority.getUserId())));
        simpleAuthorizationInfo.addRoles(this.authorityIFace.selectRoles(Long.valueOf(authority.getUserId())));
        return simpleAuthorizationInfo;
    }
}
