package org.apache.shiro.realm;

import java.util.concurrent.atomic.AtomicInteger;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.AllowAllCredentialsMatcher;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.CollectionUtils;
import org.apache.shiro.util.Initializable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/shiro-core-1.3.2.jar:org/apache/shiro/realm/AuthenticatingRealm.class */
public abstract class AuthenticatingRealm extends CachingRealm implements Initializable {
    private static final Logger log = LoggerFactory.getLogger(AuthenticatingRealm.class);
    private static final AtomicInteger INSTANCE_COUNT = new AtomicInteger();
    private static final String DEFAULT_AUTHORIZATION_CACHE_SUFFIX = ".authenticationCache";
    private CredentialsMatcher credentialsMatcher;
    private Cache<Object, AuthenticationInfo> authenticationCache;
    private boolean authenticationCachingEnabled;
    private String authenticationCacheName;
    private Class<? extends AuthenticationToken> authenticationTokenClass;

    public AuthenticatingRealm() {
        this(null, new SimpleCredentialsMatcher());
    }

    public AuthenticatingRealm(CacheManager cacheManager) {
        this(cacheManager, new SimpleCredentialsMatcher());
    }

    public AuthenticatingRealm(CredentialsMatcher credentialsMatcher) {
        this(null, credentialsMatcher);
    }

    public AuthenticatingRealm(CacheManager cacheManager, CredentialsMatcher credentialsMatcher) {
        this.authenticationTokenClass = UsernamePasswordToken.class;
        this.authenticationCachingEnabled = false;
        int andIncrement = INSTANCE_COUNT.getAndIncrement();
        this.authenticationCacheName = getClass().getName() + DEFAULT_AUTHORIZATION_CACHE_SUFFIX;
        if (andIncrement > 0) {
            this.authenticationCacheName += "." + andIncrement;
        }
        if (cacheManager != null) {
            setCacheManager(cacheManager);
        }
        if (credentialsMatcher != null) {
            setCredentialsMatcher(credentialsMatcher);
        }
    }

    public CredentialsMatcher getCredentialsMatcher() {
        return this.credentialsMatcher;
    }

    public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
        this.credentialsMatcher = credentialsMatcher;
    }

    public Class getAuthenticationTokenClass() {
        return this.authenticationTokenClass;
    }

    public void setAuthenticationTokenClass(Class<? extends AuthenticationToken> cls) {
        this.authenticationTokenClass = cls;
    }

    public void setAuthenticationCache(Cache<Object, AuthenticationInfo> cache) {
        this.authenticationCache = cache;
    }

    public Cache<Object, AuthenticationInfo> getAuthenticationCache() {
        return this.authenticationCache;
    }

    public String getAuthenticationCacheName() {
        return this.authenticationCacheName;
    }

    public void setAuthenticationCacheName(String str) {
        this.authenticationCacheName = str;
    }

    public boolean isAuthenticationCachingEnabled() {
        return this.authenticationCachingEnabled && isCachingEnabled();
    }

    public void setAuthenticationCachingEnabled(boolean z) {
        this.authenticationCachingEnabled = z;
        if (z) {
            setCachingEnabled(true);
        }
    }

    @Override // org.apache.shiro.realm.CachingRealm, org.apache.shiro.util.Nameable
    public void setName(String str) {
        super.setName(str);
        String str2 = this.authenticationCacheName;
        if (str2 == null || !str2.startsWith(getClass().getName())) {
            return;
        }
        this.authenticationCacheName = str + DEFAULT_AUTHORIZATION_CACHE_SUFFIX;
    }

    @Override // org.apache.shiro.realm.Realm
    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken != null && getAuthenticationTokenClass().isAssignableFrom(authenticationToken.getClass());
    }

    @Override // org.apache.shiro.util.Initializable
    public final void init() {
        getAvailableAuthenticationCache();
        onInit();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void onInit() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.realm.CachingRealm
    public void afterCacheManagerSet() {
        getAvailableAuthenticationCache();
    }

    private Cache<Object, AuthenticationInfo> getAvailableAuthenticationCache() {
        Cache<Object, AuthenticationInfo> authenticationCache = getAuthenticationCache();
        boolean isAuthenticationCachingEnabled = isAuthenticationCachingEnabled();
        if (authenticationCache == null && isAuthenticationCachingEnabled) {
            authenticationCache = getAuthenticationCacheLazy();
        }
        return authenticationCache;
    }

    private Cache<Object, AuthenticationInfo> getAuthenticationCacheLazy() {
        if (this.authenticationCache == null) {
            log.trace("No authenticationCache instance set.  Checking for a cacheManager...");
            CacheManager cacheManager = getCacheManager();
            if (cacheManager != null) {
                String authenticationCacheName = getAuthenticationCacheName();
                log.debug("CacheManager [{}] configured.  Building authentication cache '{}'", cacheManager, authenticationCacheName);
                this.authenticationCache = cacheManager.getCache(authenticationCacheName);
            }
        }
        return this.authenticationCache;
    }

    private AuthenticationInfo getCachedAuthenticationInfo(AuthenticationToken authenticationToken) {
        AuthenticationInfo authenticationInfo = null;
        Cache<Object, AuthenticationInfo> availableAuthenticationCache = getAvailableAuthenticationCache();
        if (availableAuthenticationCache != null && authenticationToken != null) {
            log.trace("Attempting to retrieve the AuthenticationInfo from cache.");
            Object authenticationCacheKey = getAuthenticationCacheKey(authenticationToken);
            authenticationInfo = availableAuthenticationCache.get(authenticationCacheKey);
            if (authenticationInfo == null) {
                log.trace("No AuthorizationInfo found in cache for key [{}]", authenticationCacheKey);
            } else {
                log.trace("Found cached AuthorizationInfo for key [{}]", authenticationCacheKey);
            }
        }
        return authenticationInfo;
    }

    private void cacheAuthenticationInfoIfPossible(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {
        if (!isAuthenticationCachingEnabled(authenticationToken, authenticationInfo)) {
            log.debug("AuthenticationInfo caching is disabled for info [{}].  Submitted token: [{}].", authenticationInfo, authenticationToken);
            return;
        }
        Cache<Object, AuthenticationInfo> availableAuthenticationCache = getAvailableAuthenticationCache();
        if (availableAuthenticationCache != null) {
            Object authenticationCacheKey = getAuthenticationCacheKey(authenticationToken);
            availableAuthenticationCache.put(authenticationCacheKey, authenticationInfo);
            log.trace("Cached AuthenticationInfo for continued authentication.  key=[{}], value=[{}].", authenticationCacheKey, authenticationInfo);
        }
    }

    protected boolean isAuthenticationCachingEnabled(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {
        return isAuthenticationCachingEnabled();
    }

    @Override // org.apache.shiro.realm.Realm
    public final AuthenticationInfo getAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        AuthenticationInfo cachedAuthenticationInfo = getCachedAuthenticationInfo(authenticationToken);
        if (cachedAuthenticationInfo == null) {
            cachedAuthenticationInfo = doGetAuthenticationInfo(authenticationToken);
            log.debug("Looked up AuthenticationInfo [{}] from doGetAuthenticationInfo", cachedAuthenticationInfo);
            if (authenticationToken != null && cachedAuthenticationInfo != null) {
                cacheAuthenticationInfoIfPossible(authenticationToken, cachedAuthenticationInfo);
            }
        } else {
            log.debug("Using cached authentication info [{}] to perform credentials matching.", cachedAuthenticationInfo);
        }
        if (cachedAuthenticationInfo != null) {
            assertCredentialsMatch(authenticationToken, cachedAuthenticationInfo);
        } else {
            log.debug("No AuthenticationInfo found for submitted AuthenticationToken [{}].  Returning null.", authenticationToken);
        }
        return cachedAuthenticationInfo;
    }

    protected void assertCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) throws AuthenticationException {
        CredentialsMatcher credentialsMatcher = getCredentialsMatcher();
        if (credentialsMatcher == null) {
            throw new AuthenticationException("A CredentialsMatcher must be configured in order to verify credentials during authentication.  If you do not wish for credentials to be examined, you can configure an " + AllowAllCredentialsMatcher.class.getName() + " instance.");
        }
        if (!credentialsMatcher.doCredentialsMatch(authenticationToken, authenticationInfo)) {
            throw new IncorrectCredentialsException("Submitted credentials for token [" + authenticationToken + "] did not match the expected credentials.");
        }
    }

    protected Object getAuthenticationCacheKey(AuthenticationToken authenticationToken) {
        if (authenticationToken != null) {
            return authenticationToken.getPrincipal();
        }
        return null;
    }

    protected Object getAuthenticationCacheKey(PrincipalCollection principalCollection) {
        return getAvailablePrincipal(principalCollection);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.realm.CachingRealm
    public void doClearCache(PrincipalCollection principalCollection) {
        super.doClearCache(principalCollection);
        clearCachedAuthenticationInfo(principalCollection);
    }

    protected void clearCachedAuthenticationInfo(PrincipalCollection principalCollection) {
        Cache<Object, AuthenticationInfo> availableAuthenticationCache;
        if (CollectionUtils.isEmpty(principalCollection) || (availableAuthenticationCache = getAvailableAuthenticationCache()) == null) {
            return;
        }
        availableAuthenticationCache.remove(getAuthenticationCacheKey(principalCollection));
    }

    protected abstract AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException;
}
