package org.jeecg.config.shiro;

import java.util.Set;
import javax.annotation.Resource;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.jeecg.common.api.CommonAPI;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.system.util.JwtUtil;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.RedisUtil;
import org.jeecg.common.util.SpringContextUtils;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.mybatis.TenantContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/jeecg/config/shiro/ShiroRealm.class */
public class ShiroRealm extends AuthorizingRealm {
    private static final Logger log = LoggerFactory.getLogger(ShiroRealm.class);

    @Resource
    @Lazy
    private CommonAPI commonAPI;

    @Resource
    @Lazy
    private RedisUtil redisUtil;

    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof JwtToken;
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        log.info("===============Shiro权限认证开始============ [ roles、permissions]==========");
        String str = null;
        if (principalCollection != null) {
            str = ((LoginUser) principalCollection.getPrimaryPrincipal()).getUsername();
        }
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        Set<String> queryUserRoles = this.commonAPI.queryUserRoles(str);
        System.out.println(queryUserRoles.toString());
        simpleAuthorizationInfo.setRoles(queryUserRoles);
        Set<String> queryUserAuths = this.commonAPI.queryUserAuths(str);
        simpleAuthorizationInfo.addStringPermissions(queryUserAuths);
        System.out.println(queryUserAuths);
        log.info("===============Shiro权限认证成功==============");
        return simpleAuthorizationInfo;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        log.debug("===============Shiro身份认证开始============doGetAuthenticationInfo==========");
        String str = (String) authenticationToken.getCredentials();
        if (str == null) {
            log.info("————————身份认证失败——————————IP地址:  " + oConvertUtils.getIpAddrByRequest(SpringContextUtils.getHttpServletRequest()));
            throw new AuthenticationException("token为空!");
        }
        try {
            return new SimpleAuthenticationInfo(checkUserTokenIsEffect(str), str, getName());
        } catch (AuthenticationException e) {
            JwtUtil.responseError(SpringContextUtils.getHttpServletResponse(), 401, e.getMessage());
            e.printStackTrace();
            return null;
        }
    }

    public LoginUser checkUserTokenIsEffect(String str) throws AuthenticationException {
        String username = JwtUtil.getUsername(str);
        if (username == null) {
            throw new AuthenticationException("token非法无效!");
        }
        log.debug("———校验token是否有效————checkUserTokenIsEffect——————— " + str);
        LoginUser userByName = this.commonAPI.getUserByName(username);
        if (userByName == null) {
            throw new AuthenticationException("用户不存在!");
        }
        if (userByName.getStatus().intValue() != 1) {
            throw new AuthenticationException("账号已被锁定,请联系管理员!");
        }
        if (!jwtTokenRefresh(str, username, userByName.getPassword())) {
            throw new AuthenticationException(CommonConstant.TOKEN_IS_INVALID_MSG);
        }
        String relTenantIds = userByName.getRelTenantIds();
        if (oConvertUtils.isNotEmpty(relTenantIds)) {
            String tenant = TenantContext.getTenant();
            if (oConvertUtils.isNotEmpty(tenant) && !"0".equals(tenant) && String.join(",", relTenantIds).indexOf(tenant) < 0) {
                throw new AuthenticationException("用户租户信息变更,请重新登陆!");
            }
        }
        return userByName;
    }

    public boolean jwtTokenRefresh(String str, String str2, String str3) {
        String valueOf = String.valueOf(this.redisUtil.get(CommonConstant.PREFIX_USER_TOKEN + str));
        if (!oConvertUtils.isNotEmpty(valueOf)) {
            return false;
        }
        if (JwtUtil.verify(valueOf, str2, str3)) {
            return true;
        }
        this.redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + str, JwtUtil.sign(str2, str3));
        this.redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + str, 3600L);
        log.debug("——————————用户在线操作，更新token保证不掉线—————————jwtTokenRefresh——————— " + str);
        return true;
    }

    public void clearCache(PrincipalCollection principalCollection) {
        super.clearCache(principalCollection);
    }
}
