package org.apache.isis.security.shiro;

import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.isis.applib.Identifier;
import org.apache.isis.core.commons.authentication.AuthenticationSession;
import org.apache.isis.core.commons.config.IsisConfiguration;
import org.apache.isis.core.runtime.authentication.AuthenticationRequest;
import org.apache.isis.core.runtime.authentication.AuthenticationRequestPassword;
import org.apache.isis.core.runtime.authentication.standard.Authenticator;
import org.apache.isis.core.runtime.authentication.standard.SimpleSession;
import org.apache.isis.core.runtime.authorization.standard.Authorizor;
import org.apache.isis.security.shiro.authorization.IsisPermission;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.UnavailableSecurityManagerException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.mgt.RealmSecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizor.class */
public class ShiroAuthenticatorOrAuthorizor implements Authenticator, Authorizor {
    private static final Logger LOG = LoggerFactory.getLogger(ShiroAuthenticatorOrAuthorizor.class);
    private final IsisConfiguration configuration;

    public ShiroAuthenticatorOrAuthorizor(IsisConfiguration isisConfiguration) {
        this.configuration = isisConfiguration;
    }

    public void init() {
    }

    protected synchronized RealmSecurityManager getSecurityManager() {
        try {
            RealmSecurityManager securityManager = SecurityUtils.getSecurityManager();
            if (securityManager instanceof RealmSecurityManager) {
                return securityManager;
            }
            return null;
        } catch (UnavailableSecurityManagerException e) {
            return null;
        }
    }

    public void shutdown() {
    }

    public final boolean canAuthenticate(Class<? extends AuthenticationRequest> cls) {
        if (getSecurityManager() == null) {
            return false;
        }
        return AuthenticationRequestPassword.class.isAssignableFrom(cls);
    }

    public AuthenticationSession authenticate(AuthenticationRequest authenticationRequest, String str) {
        if (getSecurityManager() == null) {
            return null;
        }
        AuthenticationToken asAuthenticationToken = asAuthenticationToken(authenticationRequest);
        Subject subject = SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            subject.logout();
        }
        try {
            subject.login(asAuthenticationToken);
            List<String> roles = getRoles(subject, asAuthenticationToken);
            roles.addAll(authenticationRequest.getRoles());
            return new SimpleSession(authenticationRequest.getName(), roles, str);
        } catch (UnknownAccountException e) {
            LOG.debug("Unable to authenticate", e);
            return null;
        } catch (ExcessiveAttemptsException e2) {
            LOG.info("Unable to authenticate", e2);
            return null;
        } catch (LockedAccountException e3) {
            LOG.info("Unable to authenticate", e3);
            return null;
        } catch (IncorrectCredentialsException e4) {
            LOG.debug("Unable to authenticate", e4);
            return null;
        } catch (AuthenticationException e5) {
            LOG.error("Unable to authenticate", e5);
            return null;
        }
    }

    protected List<String> getRoles(Subject subject, AuthenticationToken authenticationToken) {
        ArrayList newArrayList = Lists.newArrayList();
        RealmSecurityManager securityManager = getSecurityManager();
        if (securityManager == null) {
            return newArrayList;
        }
        Set<String> realmNamesOf = realmNamesOf(subject);
        for (Realm realm : securityManager.getRealms()) {
            if (realmNamesOf.contains(realm.getName())) {
                AuthorizationInfo authenticationInfo = realm.getAuthenticationInfo(authenticationToken);
                if (authenticationInfo instanceof AuthorizationInfo) {
                    Iterator it = authenticationInfo.getRoles().iterator();
                    while (it.hasNext()) {
                        newArrayList.add(realm.getName() + ":" + ((String) it.next()));
                    }
                }
            }
        }
        return newArrayList;
    }

    private static Set<String> realmNamesOf(Subject subject) {
        PrincipalCollection principals = subject.getPrincipals();
        return principals != null ? principals.getRealmNames() : Collections.emptySet();
    }

    private static AuthenticationToken asAuthenticationToken(AuthenticationRequest authenticationRequest) {
        AuthenticationRequestPassword authenticationRequestPassword = (AuthenticationRequestPassword) authenticationRequest;
        return new UsernamePasswordToken(authenticationRequestPassword.getName(), authenticationRequestPassword.getPassword());
    }

    public boolean isValid(AuthenticationRequest authenticationRequest) {
        return false;
    }

    public boolean isVisibleInAnyRole(Identifier identifier) {
        return isPermitted(identifier, "r");
    }

    public boolean isUsableInAnyRole(Identifier identifier) {
        return isPermitted(identifier, "w");
    }

    private boolean isPermitted(Identifier identifier, String str) {
        if (getSecurityManager() == null) {
            return false;
        }
        try {
            boolean isPermitted = SecurityUtils.getSubject().isPermitted(asPermissionsString(identifier) + ":" + str);
            IsisPermission.resetVetoedPermissions();
            return isPermitted;
        } catch (Throwable th) {
            IsisPermission.resetVetoedPermissions();
            throw th;
        }
    }

    private static String asPermissionsString(Identifier identifier) {
        String str;
        String str2;
        String className = identifier.getClassName();
        int lastIndexOf = className.lastIndexOf(46);
        if (lastIndexOf > 0) {
            str = className.substring(0, lastIndexOf);
            str2 = className.substring(lastIndexOf + 1);
        } else {
            str = "";
            str2 = className;
        }
        return str + ":" + str2 + ":" + identifier.getMemberName();
    }

    public boolean isVisibleInRole(String str, Identifier identifier) {
        return false;
    }

    public boolean isUsableInRole(String str, Identifier identifier) {
        return false;
    }

    public IsisConfiguration getConfiguration() {
        return this.configuration;
    }
}
