package org.apache.inlong.manager.web.auth.openapi;

import com.google.common.collect.Sets;
import java.util.Date;
import org.apache.inlong.manager.common.enums.InlongUserTypeEnum;
import org.apache.inlong.manager.common.enums.TenantUserTypeEnum;
import org.apache.inlong.manager.common.util.AESUtils;
import org.apache.inlong.manager.common.util.Preconditions;
import org.apache.inlong.manager.pojo.user.UserInfo;
import org.apache.inlong.manager.service.user.UserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/inlong/manager/web/auth/openapi/OpenAPIAuthenticatingRealm.class */
public class OpenAPIAuthenticatingRealm extends AuthenticatingRealm {
    private static final Logger log = LoggerFactory.getLogger(OpenAPIAuthenticatingRealm.class);
    private final UserService userService;
    private final boolean openAPIAuthEnabled;

    public OpenAPIAuthenticatingRealm(UserService userService, boolean z) {
        this.userService = userService;
        this.openAPIAuthEnabled = z;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        return this.openAPIAuthEnabled ? doRealAuth(authenticationToken) : doDefaultAuth(authenticationToken);
    }

    private AuthenticationInfo doDefaultAuth(AuthenticationToken authenticationToken) {
        try {
            UserInfo byName = this.userService.getByName("admin");
            byName.setRoles(Sets.newHashSet(new String[]{InlongUserTypeEnum.INLONG_ADMIN.name(), InlongUserTypeEnum.INLONG_OPERATOR.name(), TenantUserTypeEnum.TENANT_ADMIN.name(), TenantUserTypeEnum.TENANT_OPERATOR.name()}));
            return new SimpleAuthenticationInfo(byName, authenticationToken.getCredentials(), getName());
        } catch (Exception e) {
            log.error("got some exception when do default openapi auth", e);
            throw new AuthenticationException("internal error: " + e.getMessage());
        }
    }

    private AuthenticationInfo doRealAuth(AuthenticationToken authenticationToken) {
        UserInfo byName = this.userService.getByName(((SecretToken) authenticationToken).getSecretId());
        Preconditions.expectNotNull(byName, "User doesn't exist");
        Preconditions.expectTrue(byName.getDueDate().after(new Date()), "user has expired");
        try {
            String str = new String(AESUtils.decryptAsString(byName.getSecretKey(), byName.getEncryptVersion()));
            String[] strArr = new String[1];
            strArr[0] = byName.getAccountType().intValue() == 0 ? TenantUserTypeEnum.TENANT_ADMIN.name() : TenantUserTypeEnum.TENANT_OPERATOR.name();
            byName.setRoles(Sets.newHashSet(strArr));
            return new SimpleAuthenticationInfo(byName, str, getName());
        } catch (Exception e) {
            log.error("when do real openapi auth, decrypt secret key fail: ", e);
            throw new AuthenticationException("internal error: " + e.getMessage());
        }
    }

    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof SecretToken;
    }
}
