package com.baijia.umeng.acs.core.realm;

import com.baijia.umeng.acs.core.authc.QunOpenIdAuthenticationInfo;
import com.baijia.umeng.acs.core.authc.QunOpenIdAuthenticationToken;
import com.baijia.umeng.acs.core.authc.QunPrincipal;
import com.baijia.umeng.acs.core.authc.QunURoleAuthenticationToken;
import com.baijia.umeng.acs.core.data.po.AcsQunAdminPo;
import com.baijia.umeng.acs.core.data.po.AcsQunPermissionPo;
import com.baijia.umeng.acs.core.data.po.AcsQunRolePo;
import com.baijia.umeng.acs.core.data.po.AcsQunUserRoleRelPo;
import com.baijia.umeng.acs.core.data.service.QunUserService;
import com.google.gson.Gson;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.authz.UnauthenticatedException;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

/* loaded from: input_file:com/baijia/umeng/acs/core/realm/QunUserRealm.class */
public class QunUserRealm extends AuthorizingRealm {
    private QunUserService qunUserService;
    private static Log log = LogFactory.getLog(QunUserRealm.class);
    private static Gson json = new Gson();

    public void setQunUserService(QunUserService qunUserService) {
        this.qunUserService = qunUserService;
    }

    public QunUserService getQunUserService() {
        return this.qunUserService;
    }

    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken != null && ((authenticationToken instanceof QunURoleAuthenticationToken) || (authenticationToken instanceof QunOpenIdAuthenticationToken));
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        Object primaryPrincipal = principalCollection.getPrimaryPrincipal();
        return primaryPrincipal instanceof QunPrincipal ? getQunUserAuthorizationInfo((QunPrincipal) primaryPrincipal) : new SimpleAuthorizationInfo();
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        if (authenticationToken instanceof QunOpenIdAuthenticationToken) {
            return new QunOpenIdAuthenticationInfo(((QunOpenIdAuthenticationToken) authenticationToken).getOpenId(), "qunURoleUserRealm");
        }
        if (!(authenticationToken instanceof QunURoleAuthenticationToken)) {
            throw new UnauthenticatedException("无权登陆");
        }
        QunURoleAuthenticationToken qunURoleAuthenticationToken = (QunURoleAuthenticationToken) authenticationToken;
        String str = (String) qunURoleAuthenticationToken.getPrincipal();
        AcsQunAdminPo byAdminId = this.qunUserService.getByAdminId((Integer) qunURoleAuthenticationToken.getCredentials());
        if (byAdminId != null && byAdminId.getOpenId().equals(str) && byAdminId.getStatus().intValue() == 1) {
            return new QunOpenIdAuthenticationInfo(byAdminId.getOpenId(), "qunURoleUserRealm");
        }
        throw new UnauthenticatedException("权限验证失败");
    }

    private QunPrincipal buildQunPrincipal(AcsQunAdminPo acsQunAdminPo) {
        QunPrincipal qunPrincipal = new QunPrincipal();
        qunPrincipal.setOpenId(acsQunAdminPo.getOpenId());
        qunPrincipal.setAdminId(acsQunAdminPo.getId());
        return qunPrincipal;
    }

    private AuthorizationInfo getQunUserAuthorizationInfo(QunPrincipal qunPrincipal) {
        String openId = qunPrincipal.getOpenId();
        int intValue = qunPrincipal.getAdminId().intValue();
        AcsQunAdminPo byAdminId = this.qunUserService.getByAdminId(Integer.valueOf(intValue));
        if (byAdminId == null || !byAdminId.getOpenId().equals(openId)) {
            log.warn("have not find admin or open id not equal, principal->openId:" + openId + ",principal->adminId:" + intValue + ".");
            return new SimpleAuthorizationInfo();
        }
        List<AcsQunUserRoleRelPo> findQunUserRoleRelByAdminId = this.qunUserService.findQunUserRoleRelByAdminId(intValue);
        ArrayList arrayList = new ArrayList();
        if (CollectionUtils.isEmpty(findQunUserRoleRelByAdminId)) {
            log.warn("have not find admin role rel info, adminId:" + intValue + ".");
            return new SimpleAuthorizationInfo();
        }
        Iterator<AcsQunUserRoleRelPo> it = findQunUserRoleRelByAdminId.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getRoleId());
        }
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        List<AcsQunRolePo> findQunRolesByIds = this.qunUserService.findQunRolesByIds(arrayList);
        if (CollectionUtils.isEmpty(findQunRolesByIds)) {
            log.warn("have not find admin roles, roleIds:" + json.toJson(arrayList) + ".");
            return new SimpleAuthorizationInfo();
        }
        Iterator<AcsQunRolePo> it2 = findQunRolesByIds.iterator();
        while (it2.hasNext()) {
            hashSet.add(it2.next().getName());
        }
        List<AcsQunPermissionPo> findQunPermissionsByRoleIds = this.qunUserService.findQunPermissionsByRoleIds(arrayList);
        if (CollectionUtils.isEmpty(findQunPermissionsByRoleIds)) {
            Iterator<AcsQunPermissionPo> it3 = findQunPermissionsByRoleIds.iterator();
            while (it3.hasNext()) {
                hashSet2.add(it3.next().getResource());
            }
        }
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.setRoles(hashSet);
        simpleAuthorizationInfo.setStringPermissions(hashSet2);
        return simpleAuthorizationInfo;
    }
}
