package com.jeeplus.modules.sys.security;

import com.jeeplus.common.config.Global;
import com.jeeplus.common.utils.Encodes;
import com.jeeplus.common.utils.SpringContextHolder;
import com.jeeplus.common.web.Servlets;
import com.jeeplus.modules.sys.entity.Menu;
import com.jeeplus.modules.sys.entity.Role;
import com.jeeplus.modules.sys.entity.User;
import com.jeeplus.modules.sys.service.SystemService;
import com.jeeplus.modules.sys.utils.LogUtils;
import com.jeeplus.modules.sys.utils.UserUtils;
import java.io.Serializable;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/jeeplus/modules/sys/security/SystemAuthorizingRealm.class */
public class SystemAuthorizingRealm extends AuthorizingRealm {
    private Logger logger = LoggerFactory.getLogger(getClass());
    private SystemService systemService;

    @Autowired
    HttpServletRequest request;

    /* loaded from: input_file:com/jeeplus/modules/sys/security/SystemAuthorizingRealm$Principal.class */
    public static class Principal implements Serializable {
        private static final long serialVersionUID = 1;
        private String id;
        private String loginName;
        private String name;
        private boolean mobileLogin;

        public Principal(User user, boolean z) {
            this.id = user.getId();
            this.loginName = user.getLoginName();
            this.name = user.getName();
            this.mobileLogin = z;
        }

        public String getId() {
            return this.id;
        }

        public String getLoginName() {
            return this.loginName;
        }

        public String getName() {
            return this.name;
        }

        public boolean isMobileLogin() {
            return this.mobileLogin;
        }

        public String getSessionid() {
            try {
                return (String) UserUtils.getSession().getId();
            } catch (Exception e) {
                return "";
            }
        }

        public String toString() {
            return this.id;
        }
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) {
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
        int size = getSystemService().getSessionDao().getActiveSessions(false).size();
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("login submit, active session size: {}, username: {}", Integer.valueOf(size), usernamePasswordToken.getUsername());
        }
        User userByLoginName = getSystemService().getUserByLoginName(usernamePasswordToken.getUsername());
        if (userByLoginName == null) {
            return null;
        }
        if (userByLoginName.getLocked() == Global.ENABLE) {
            throw new AuthenticationException("msg:该已帐号禁止登录.");
        }
        return new SimpleAuthenticationInfo(new Principal(userByLoginName, usernamePasswordToken.isMobileLogin()), userByLoginName.getPassword().substring(16), ByteSource.Util.bytes(Encodes.decodeHex(userByLoginName.getPassword().substring(0, 16))), getName());
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        Principal principal = (Principal) getAvailablePrincipal(principalCollection);
        if (!Global.TRUE.equals(Global.getConfig("user.multiAccountLogin"))) {
            Collection<Session> activeSessions = getSystemService().getSessionDao().getActiveSessions(true, principal, UserUtils.getSession());
            if (activeSessions.size() > 0) {
                if (!UserUtils.getSubject().isAuthenticated()) {
                    UserUtils.getSubject().logout();
                    throw new AuthenticationException("msg:账号已在其它地方登录，请重新登录。");
                }
                Iterator<Session> it = activeSessions.iterator();
                while (it.hasNext()) {
                    getSystemService().getSessionDao().delete(it.next());
                }
            }
        }
        User userByLoginName = getSystemService().getUserByLoginName(principal.getLoginName());
        if (userByLoginName == null) {
            return null;
        }
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        for (Menu menu : UserUtils.getMenuList()) {
            if (StringUtils.isNotBlank(menu.getPermission())) {
                for (String str : StringUtils.split(menu.getPermission(), ",")) {
                    simpleAuthorizationInfo.addStringPermission(str);
                }
            }
        }
        simpleAuthorizationInfo.addStringPermission("user");
        Iterator<Role> it2 = userByLoginName.getRoleList().iterator();
        while (it2.hasNext()) {
            simpleAuthorizationInfo.addRole(it2.next().getEnname());
        }
        getSystemService().updateUserLoginInfo(userByLoginName);
        LogUtils.saveLog(Servlets.getRequest(), "系统登录");
        return simpleAuthorizationInfo;
    }

    protected void checkPermission(Permission permission, AuthorizationInfo authorizationInfo) {
        authorizationValidate(permission);
        super.checkPermission(permission, authorizationInfo);
    }

    protected boolean[] isPermitted(List<Permission> list, AuthorizationInfo authorizationInfo) {
        if (list != null && !list.isEmpty()) {
            Iterator<Permission> it = list.iterator();
            while (it.hasNext()) {
                authorizationValidate(it.next());
            }
        }
        return super.isPermitted(list, authorizationInfo);
    }

    public boolean isPermitted(PrincipalCollection principalCollection, Permission permission) {
        authorizationValidate(permission);
        return super.isPermitted(principalCollection, permission);
    }

    protected boolean isPermittedAll(Collection<Permission> collection, AuthorizationInfo authorizationInfo) {
        if (collection != null && !collection.isEmpty()) {
            Iterator<Permission> it = collection.iterator();
            while (it.hasNext()) {
                authorizationValidate(it.next());
            }
        }
        return super.isPermittedAll(collection, authorizationInfo);
    }

    private void authorizationValidate(Permission permission) {
    }

    @PostConstruct
    public void initCredentialsMatcher() {
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(SystemService.HASH_ALGORITHM);
        hashedCredentialsMatcher.setHashIterations(SystemService.HASH_INTERATIONS);
        setCredentialsMatcher(hashedCredentialsMatcher);
    }

    @Deprecated
    public void clearAllCachedAuthorizationInfo() {
    }

    public SystemService getSystemService() {
        if (this.systemService == null) {
            this.systemService = (SystemService) SpringContextHolder.getBean(SystemService.class);
        }
        return this.systemService;
    }
}
