package br.eti.arthurgregorio.shiroee.realm;

import br.eti.arthurgregorio.shiroee.auth.AuthenticationMechanism;
import br.eti.arthurgregorio.shiroee.auth.EmptyAuthenticationMechanism;
import br.eti.arthurgregorio.shiroee.config.jdbc.UserDetails;
import br.eti.arthurgregorio.shiroee.config.ldap.LdapUserProvider;
import br.eti.arthurgregorio.shiroee.config.messages.Messages;
import java.util.Set;
import javax.naming.NamingException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.ldap.DefaultLdapRealm;
import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.apache.shiro.subject.PrincipalCollection;

/* loaded from: input_file:br/eti/arthurgregorio/shiroee/realm/LdapSecurityRealm.class */
public class LdapSecurityRealm extends DefaultLdapRealm {
    private final LdapUserProvider ldapUserProvider;
    private final AuthenticationMechanism<? extends UserDetails> mechanism;

    public LdapSecurityRealm(LdapUserProvider ldapUserProvider) {
        this.ldapUserProvider = ldapUserProvider;
        this.mechanism = new EmptyAuthenticationMechanism();
    }

    public LdapSecurityRealm(LdapUserProvider ldapUserProvider, AuthenticationMechanism<? extends UserDetails> authenticationMechanism) {
        this.mechanism = authenticationMechanism;
        this.ldapUserProvider = ldapUserProvider;
    }

    protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken authenticationToken, LdapContextFactory ldapContextFactory) throws NamingException {
        String valueOf = String.valueOf(authenticationToken.getPrincipal());
        UserDetails account = this.mechanism.getAccount(valueOf);
        if (!account.isLdapBindAccount() || account.isBlocked()) {
            throw new IncorrectCredentialsException(Messages.AUTHENTICATION_ERROR.format(valueOf));
        }
        return super.queryForAuthenticationInfo(authenticationToken, ldapContextFactory);
    }

    protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principalCollection, LdapContextFactory ldapContextFactory) throws NamingException {
        Set<String> permissions = this.mechanism.getPermissions((String) getAvailablePrincipal(principalCollection));
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.setStringPermissions(permissions);
        return simpleAuthorizationInfo;
    }

    protected String getUserDn(String str) {
        return this.ldapUserProvider.search(str).orElseThrow(() -> {
            return new UnknownAccountException(Messages.AUTHENTICATION_ERROR.format(str));
        }).getDistinguishedName();
    }
}
