package org.nuiton.web.security;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.nuiton.config.ApplicationConfig;
import org.nuiton.util.StringUtil;
import org.nuiton.web.SecurityTopiaApplicationContext;
import org.nuiton.web.SecurityTopiaPersistenceContext;

/* loaded from: input_file:org/nuiton/web/security/TopiaSecurityRealm.class */
public class TopiaSecurityRealm extends AuthorizingRealm implements CredentialsMatcher {
    private static final Log log = LogFactory.getLog(TopiaSecurityRealm.class);
    protected SecurityTopiaApplicationContext rootContext;
    protected ApplicationConfig config;
    protected transient Map<String, SimpleAuthorizationInfo> authorizationCache = new HashMap();

    public TopiaSecurityRealm(SecurityTopiaApplicationContext securityTopiaApplicationContext, ApplicationConfig applicationConfig) {
        this.rootContext = securityTopiaApplicationContext;
        this.config = applicationConfig;
        setCredentialsMatcher(this);
    }

    public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {
        return ((String) authenticationInfo.getCredentials()).equals(StringUtil.encodeMD5(String.valueOf((char[]) authenticationToken.getCredentials())));
    }

    /* JADX WARN: Type inference failed for: r0v32, types: [org.nuiton.web.security.SecurityUser] */
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        String str = (String) principalCollection.getPrimaryPrincipal();
        SimpleAuthorizationInfo simpleAuthorizationInfo = this.authorizationCache.get(str);
        if (simpleAuthorizationInfo == null) {
            Properties flatOptions = this.config.getFlatOptions();
            SecurityTopiaPersistenceContext securityTopiaPersistenceContext = null;
            try {
                try {
                    securityTopiaPersistenceContext = this.rootContext.m0newPersistenceContext();
                    SecurityUserTopiaDao securityUserDao = securityTopiaPersistenceContext.getSecurityUserDao();
                    if (log.isDebugEnabled()) {
                        log.debug("Build autorisation list for user : " + str);
                    }
                    ?? findByLogin = securityUserDao.findByLogin(str);
                    simpleAuthorizationInfo = new SimpleAuthorizationInfo();
                    Iterator<SecurityRole> it = findByLogin.getSecurityRole().iterator();
                    while (it.hasNext()) {
                        for (String str2 : it.next().getPermissions()) {
                            if (log.isDebugEnabled()) {
                                log.debug("- add permission : " + str2);
                            }
                            for (String str3 : flatOptions.stringPropertyNames()) {
                                if (str3.startsWith("topia.security.permission.")) {
                                    String[] split = StringUtils.removeStart(str3, "topia.security.permission.").split("\\.");
                                    if (split.length == 3 && split[2].equals("perm") && split[1].equals(str2)) {
                                        for (String str4 : flatOptions.getProperty(str3).split("\\s*\\;\\s*")) {
                                            simpleAuthorizationInfo.addStringPermission(str4);
                                            if (log.isDebugEnabled()) {
                                                log.debug("  string permission : " + str4);
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                    if (str.equals(SecurityShiroFilter.ANON_LOGIN) && securityUserDao.count() == 1) {
                        simpleAuthorizationInfo.addStringPermission("*");
                        if (log.isDebugEnabled()) {
                            log.debug("Grant all right (*) because no user exists");
                        }
                    }
                    if (this.config.getOptionAsBoolean("topia.security.disable")) {
                        simpleAuthorizationInfo.addStringPermission("*");
                    }
                    simpleAuthorizationInfo.addStringPermission("url" + SecurityUtil.convertToShiroPerm(this.config.getOption("topia.security.loginurl"), this.config.getOption("topia.security.separators")));
                    simpleAuthorizationInfo.addStringPermission("url" + SecurityUtil.convertToShiroPerm(this.config.getOption("topia.security.logouturl"), this.config.getOption("topia.security.separators")));
                    this.authorizationCache.put(str, simpleAuthorizationInfo);
                    if (securityTopiaPersistenceContext != null) {
                        securityTopiaPersistenceContext.close();
                    }
                } catch (Exception e) {
                    if (log.isErrorEnabled()) {
                        log.error("Can't get user permission", e);
                    }
                    if (securityTopiaPersistenceContext != null) {
                        securityTopiaPersistenceContext.close();
                    }
                }
            } catch (Throwable th) {
                if (securityTopiaPersistenceContext != null) {
                    securityTopiaPersistenceContext.close();
                }
                throw th;
            }
        } else if (log.isTraceEnabled()) {
            log.trace("Using autorisation from cache for " + str);
        }
        return simpleAuthorizationInfo;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String username = ((UsernamePasswordToken) authenticationToken).getUsername();
        if (log.isDebugEnabled()) {
            log.debug("doGetAuthenticationInfo for login : " + username);
        }
        SimpleAuthenticationInfo simpleAuthenticationInfo = null;
        SecurityTopiaPersistenceContext securityTopiaPersistenceContext = null;
        try {
            securityTopiaPersistenceContext = this.rootContext.m0newPersistenceContext();
            SecurityUser securityUser = (SecurityUser) securityTopiaPersistenceContext.getSecurityUserDao().forLoginEquals(username).findUniqueOrNull();
            if (securityUser != null) {
                simpleAuthenticationInfo = username.equals(SecurityShiroFilter.ANON_LOGIN) ? new SimpleAuthenticationInfo(securityUser.getLogin(), StringUtil.encodeMD5(""), getName()) : new SimpleAuthenticationInfo(securityUser.getLogin(), securityUser.getPassword(), getName());
                this.authorizationCache.remove(username);
            }
            if (securityTopiaPersistenceContext != null) {
                securityTopiaPersistenceContext.close();
            }
            return simpleAuthenticationInfo;
        } catch (Throwable th) {
            if (securityTopiaPersistenceContext != null) {
                securityTopiaPersistenceContext.close();
            }
            throw th;
        }
    }
}
