package net.gbicc.cloud.word.service.impl;

import java.util.List;
import java.util.Set;
import javax.annotation.Resource;
import net.gbicc.cloud.redis.RedisConstants;
import net.gbicc.cloud.word.config.SystemConfig;
import net.gbicc.cloud.word.model.base.SysPermission;
import net.gbicc.cloud.word.model.base.SysRole;
import net.gbicc.cloud.word.model.base.SysUser;
import net.gbicc.cloud.word.model.base.SysUserInfo;
import net.gbicc.cloud.word.model.report.CrRoleObjectPermission;
import net.gbicc.cloud.word.service.base.SysUserServiceI;
import net.gbicc.cloud.word.service.report.CrRoleObjectPermissionServiceI;
import net.gbicc.cloud.word.util.CaptchaUsernamePasswordMobileToken;
import net.gbicc.cloud.word.util.IncorrectAccessException;
import net.gbicc.cloud.word.util.IncorrectCaptchaException;
import net.gbicc.cloud.word.util.IncorrectMobileException;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.data.redis.core.HashOperations;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.ValueOperations;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:net/gbicc/cloud/word/service/impl/XbrlRealm.class */
public class XbrlRealm extends AuthorizingRealm {

    @Autowired
    private SysUserServiceI a;

    @Autowired
    private CrRoleObjectPermissionServiceI b;

    @Autowired
    private RedisTemplate<String, String> c;

    @Resource(name = "redisTemplate")
    private HashOperations<String, String, SysUserInfo> d;

    @Resource(name = "redisTemplate")
    private ValueOperations<String, String> e;

    @Value("${isCaptcha}")
    private String f;
    private final String[] g = SystemConfig.getInstance().getDisalbedOrgIDs();

    public SysUserServiceI getSysUserService() {
        return this.a;
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        String str = (String) super.getAvailablePrincipal(principalCollection);
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        if (null != str) {
            SysUser byUserName = this.a.getByUserName(str.toLowerCase());
            Set<SysRole> syroles = byUserName != null ? byUserName.getSyroles() : null;
            if (syroles != null && !syroles.isEmpty()) {
                for (SysRole sysRole : syroles) {
                    if (sysRole.getToken() != null) {
                        simpleAuthorizationInfo.addRole(sysRole.getToken().trim());
                    }
                    Set<SysPermission> sypermissions = sysRole.getSypermissions();
                    if (sypermissions != null && sypermissions.size() > 0) {
                        for (SysPermission sysPermission : sypermissions) {
                            if (sysPermission.getToken() != null && !StringUtils.isEmpty(sysPermission.getUrl().trim())) {
                                String[] split = sysPermission.getUrl().split("\\|");
                                int i = 0;
                                while (i < split.length) {
                                    String trim = sysPermission.getToken().trim();
                                    simpleAuthorizationInfo.addStringPermission(i == 0 ? trim : trim.contains("?") ? trim.substring(0, trim.indexOf("?")) : trim);
                                    i++;
                                }
                            }
                        }
                    }
                }
            }
            List<CrRoleObjectPermission> roleObjectPermissionBy = this.b.getRoleObjectPermissionBy(byUserName != null ? byUserName.getId() : "");
            if (roleObjectPermissionBy != null) {
                for (CrRoleObjectPermission crRoleObjectPermission : roleObjectPermissionBy) {
                    simpleAuthorizationInfo.addStringPermission(crRoleObjectPermission.getPermission() + ":" + crRoleObjectPermission.getObjectId());
                }
            }
        }
        doInitSessionAfterAuthorization();
        return simpleAuthorizationInfo;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String[] strArr;
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
        CaptchaUsernamePasswordMobileToken captchaUsernamePasswordMobileToken = null;
        if (authenticationToken instanceof CaptchaUsernamePasswordMobileToken) {
            captchaUsernamePasswordMobileToken = (CaptchaUsernamePasswordMobileToken) authenticationToken;
            String captcha = captchaUsernamePasswordMobileToken.getCaptcha();
            if (!StringUtils.equals(this.f, "false")) {
                String str = (String) SecurityUtils.getSubject().getSession().getAttribute("KAPTCHA_SESSION_KEY");
                if (null == captcha || !captcha.equalsIgnoreCase(str)) {
                    throw new IncorrectCaptchaException("验证码错误");
                }
            }
        }
        String username = usernamePasswordToken.getUsername();
        SimpleAuthenticationInfo simpleAuthenticationInfo = null;
        if (username != null && !"".equals(username.trim())) {
            if (!this.d.hasKey(RedisConstants.REDIS_USER_PREFIX, username).booleanValue()) {
                throw new UnknownAccountException("未知账户");
            }
            if (captchaUsernamePasswordMobileToken != null) {
                String mobile = captchaUsernamePasswordMobileToken.getMobile();
                if ((StringUtils.isNotEmpty(mobile) || this.c.hasKey(RedisConstants.REDIS_MOBILE_CODE_PREFIX + username).booleanValue()) && !StringUtils.equals(mobile, (String) this.e.get(RedisConstants.REDIS_MOBILE_CODE_PREFIX + username))) {
                    throw new IncorrectMobileException("手机验证码错误");
                }
            }
            SysUserInfo sysUserInfo = (SysUserInfo) this.d.get(RedisConstants.REDIS_USER_PREFIX, username);
            if (sysUserInfo != null) {
                String orgId = sysUserInfo.getOrgId();
                if (!StringUtils.isEmpty(orgId) && (strArr = this.g) != null && strArr.length > 0 && ArrayUtils.contains(strArr, orgId)) {
                    throw new IncorrectAccessException("当前访问被禁用，请使用其他网络");
                }
                String status = sysUserInfo.getStatus();
                if (!StringUtils.isEmpty(status)) {
                    if (SysUser.LOCKED.equals(status)) {
                        throw new LockedAccountException("账号已锁定，请联系支持人员");
                    }
                    throw new DisabledAccountException("未知账户, 请联系支持人员");
                }
                simpleAuthenticationInfo = new SimpleAuthenticationInfo(sysUserInfo.getUserName(), sysUserInfo.getPwd(), getName());
            }
            initSessionAfterAuthentication(username);
        }
        return simpleAuthenticationInfo;
    }

    protected void initSessionAfterAuthentication(String str) {
    }

    protected void doInitSessionAfterAuthorization() {
    }

    public void clearAuthorization(String str) {
        SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
        simplePrincipalCollection.add(str, getName());
        clearCachedAuthorizationInfo(simplePrincipalCollection);
        getAuthorizationInfo(simplePrincipalCollection);
    }

    public AuthorizationInfo getAuthor(PrincipalCollection principalCollection) {
        return getAuthorizationInfo(principalCollection);
    }
}
