package org.graylog2.security.realm;

import com.google.common.collect.Sets;
import com.google.common.eventbus.EventBus;
import com.google.common.eventbus.Subscribe;
import java.util.List;
import javax.inject.Inject;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.graylog2.plugin.database.users.User;
import org.graylog2.security.MongoDbAuthorizationCacheManager;
import org.graylog2.shared.users.UserService;
import org.graylog2.users.events.UserChangedEvent;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog2/security/realm/MongoDbAuthorizationRealm.class */
public class MongoDbAuthorizationRealm extends AuthorizingRealm {
    private static final Logger LOG = LoggerFactory.getLogger(MongoDbAuthorizationRealm.class);
    private final UserService userService;

    @Inject
    MongoDbAuthorizationRealm(UserService userService, MongoDbAuthorizationCacheManager mongoDbAuthorizationCacheManager, EventBus eventBus) {
        this.userService = userService;
        setCachingEnabled(true);
        setCacheManager(mongoDbAuthorizationCacheManager);
        eventBus.register(this);
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        LOG.debug("Retrieving authorization information for {}", principalCollection);
        User load = this.userService.load(principalCollection.getPrimaryPrincipal().toString());
        if (load == null) {
            return new SimpleAuthorizationInfo();
        }
        UserAuthorizationInfo userAuthorizationInfo = new UserAuthorizationInfo(load);
        List<String> permissions = load.getPermissions();
        if (permissions != null) {
            userAuthorizationInfo.setStringPermissions(Sets.newHashSet(permissions));
        }
        userAuthorizationInfo.setRoles(load.getRoleIds());
        LOG.debug("User {} has permissions: {}", principalCollection, permissions);
        return userAuthorizationInfo;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        return null;
    }

    @Subscribe
    public void handleUserSave(UserChangedEvent userChangedEvent) {
        getAuthorizationCache().clear();
    }
}
