package org.apache.inlong.manager.web.auth.tenant;

import java.util.HashSet;
import org.apache.commons.collections.CollectionUtils;
import org.apache.inlong.manager.common.util.Preconditions;
import org.apache.inlong.manager.pojo.user.InlongRoleInfo;
import org.apache.inlong.manager.pojo.user.LoginUserUtils;
import org.apache.inlong.manager.pojo.user.TenantRoleInfo;
import org.apache.inlong.manager.pojo.user.UserInfo;
import org.apache.inlong.manager.service.tenant.InlongTenantService;
import org.apache.inlong.manager.service.user.InlongRoleService;
import org.apache.inlong.manager.service.user.TenantRoleService;
import org.apache.inlong.manager.service.user.UserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/inlong/manager/web/auth/tenant/TenantAuthenticatingRealm.class */
public class TenantAuthenticatingRealm extends AuthenticatingRealm {
    private static final Logger log = LoggerFactory.getLogger(TenantAuthenticatingRealm.class);
    private TenantRoleService tenantRoleService;
    private InlongRoleService inlongRoleService;
    private UserService userService;
    private InlongTenantService tenantService;

    public TenantAuthenticatingRealm(TenantRoleService tenantRoleService, InlongRoleService inlongRoleService, UserService userService, InlongTenantService inlongTenantService) {
        this.tenantRoleService = tenantRoleService;
        this.inlongRoleService = inlongRoleService;
        this.userService = userService;
        this.tenantService = inlongTenantService;
    }

    public AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        try {
            TenantToken tenantToken = (TenantToken) authenticationToken;
            String username = tenantToken.getUsername();
            String tenant = tenantToken.getTenant();
            if (this.tenantService.getByName(tenant) == null) {
                String format = String.format("tenant=[%s] not found", tenant);
                log.error(format);
                throw new AuthenticationException(format);
            }
            InlongRoleInfo byUsername = this.inlongRoleService.getByUsername(username);
            TenantRoleInfo byUsernameAndTenant = this.tenantRoleService.getByUsernameAndTenant(username, tenant);
            if (byUsername == null && byUsernameAndTenant == null) {
                String format2 = String.format("user=[%s] has no privilege for tenant=[%s]", username, tenant);
                log.error(format2);
                throw new AuthenticationException(format2);
            }
            UserInfo userInfo = getUserInfo(username);
            if (byUsername != null) {
                addRole(userInfo, byUsername.getRoleCode());
            }
            if (byUsernameAndTenant != null) {
                addRole(userInfo, byUsernameAndTenant.getRoleCode());
            }
            userInfo.setTenant(tenant);
            return new SimpleAuthenticationInfo(userInfo, tenant, getName());
        } catch (Throwable th) {
            log.error("failed to do tenant authentication", th);
            throw th;
        }
    }

    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof TenantToken;
    }

    private UserInfo getUserInfo(String str) {
        UserInfo loginUser = LoginUserUtils.getLoginUser();
        if (loginUser == null) {
            loginUser = this.userService.getByName(str);
        }
        Preconditions.expectNotNull(loginUser, "User doesn't exist");
        return loginUser;
    }

    private void addRole(UserInfo userInfo, final String str) {
        HashSet<String> hashSet = new HashSet<String>() { // from class: org.apache.inlong.manager.web.auth.tenant.TenantAuthenticatingRealm.1
            {
                add(str);
            }
        };
        if (CollectionUtils.isEmpty(userInfo.getRoles())) {
            hashSet.addAll(userInfo.getRoles());
        }
        userInfo.setRoles(hashSet);
    }
}
