package org.apache.inlong.manager.web.auth;

import java.util.Arrays;
import java.util.Collection;
import java.util.LinkedHashMap;
import org.apache.inlong.manager.common.auth.InlongShiro;
import org.apache.inlong.manager.service.tenant.InlongTenantService;
import org.apache.inlong.manager.service.user.InlongRoleService;
import org.apache.inlong.manager.service.user.TenantRoleService;
import org.apache.inlong.manager.service.user.UserService;
import org.apache.inlong.manager.web.auth.openapi.OpenAPIAuthenticatingRealm;
import org.apache.inlong.manager.web.auth.openapi.OpenAPIFilter;
import org.apache.inlong.manager.web.auth.tenant.TenantAuthenticatingFilter;
import org.apache.inlong.manager.web.auth.tenant.TenantAuthenticatingRealm;
import org.apache.inlong.manager.web.auth.web.AuthenticationFilter;
import org.apache.inlong.manager.web.auth.web.WebAuthorizingRealm;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.WebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.session.mgt.WebSessionManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.stereotype.Component;

@ConditionalOnProperty(name = {"type"}, prefix = "inlong.auth", havingValue = "default")
@Component
/* loaded from: input_file:org/apache/inlong/manager/web/auth/InlongShiroImpl.class */
public class InlongShiroImpl implements InlongShiro {
    private static final String FILTER_NAME_WEB = "authWeb";
    private static final String FILTER_NAME_API = "authAPI";
    private static final String FILTER_NAME_TENANT = "authTenant";

    @Autowired
    private UserService userService;

    @Autowired
    private InlongRoleService inlongRoleService;

    @Autowired
    private TenantRoleService tenantRoleService;

    @Autowired
    private InlongTenantService tenantService;

    @Value("${openapi.auth.enabled:false}")
    private Boolean openAPIAuthEnabled;

    public WebSecurityManager getWebSecurityManager() {
        return new DefaultWebSecurityManager();
    }

    public Collection<Realm> getShiroRealms() {
        Realm webAuthorizingRealm = new WebAuthorizingRealm(this.userService);
        webAuthorizingRealm.setCredentialsMatcher(getCredentialsMatcher());
        return Arrays.asList(webAuthorizingRealm, new OpenAPIAuthenticatingRealm(this.userService, this.openAPIAuthEnabled.booleanValue()), new TenantAuthenticatingRealm(this.tenantRoleService, this.inlongRoleService, this.userService, this.tenantService));
    }

    public WebSessionManager getWebSessionManager() {
        return new DefaultWebSessionManager();
    }

    public CredentialsMatcher getCredentialsMatcher() {
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        hashedCredentialsMatcher.setHashAlgorithmName("SHA-256");
        hashedCredentialsMatcher.setHashIterations(1024);
        return hashedCredentialsMatcher;
    }

    public ShiroFilterFactoryBean getShiroFilter(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(FILTER_NAME_WEB, new AuthenticationFilter());
        shiroFilterFactoryBean.setFilters(linkedHashMap);
        LinkedHashMap linkedHashMap2 = new LinkedHashMap();
        linkedHashMap2.put("/api/anno/**/*", "anon");
        linkedHashMap2.put("/doc.html", "anon");
        linkedHashMap2.put("/v2/api-docs/**/**", "anon");
        linkedHashMap2.put("/webjars/**/*", "anon");
        linkedHashMap2.put("/swagger-resources/**/*", "anon");
        linkedHashMap2.put("/swagger-resources", "anon");
        linkedHashMap.put(FILTER_NAME_API, new OpenAPIFilter(this.openAPIAuthEnabled.booleanValue()));
        linkedHashMap2.put("/openapi/**/*", genFiltersInOrder(FILTER_NAME_API, FILTER_NAME_TENANT));
        linkedHashMap2.put("/**", genFiltersInOrder(FILTER_NAME_WEB, FILTER_NAME_TENANT));
        linkedHashMap.put(FILTER_NAME_TENANT, new TenantAuthenticatingFilter());
        shiroFilterFactoryBean.setFilterChainDefinitionMap(linkedHashMap2);
        return shiroFilterFactoryBean;
    }

    public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

    private String genFiltersInOrder(String... strArr) {
        if (strArr.length == 1) {
            return strArr[0];
        }
        StringBuilder sb = new StringBuilder();
        for (String str : strArr) {
            sb.append(str).append(",");
        }
        sb.deleteCharAt(sb.length() - 1);
        return sb.toString();
    }
}
