package annis.security;

import java.util.Iterator;
import org.apache.commons.lang3.Validate;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.authz.permission.RolePermissionResolverAware;
import org.apache.shiro.crypto.hash.Sha256Hash;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.crypto.hash.format.Shiro1CryptFormat;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;

/* loaded from: input_file:annis/security/ANNISUserRealm.class */
public class ANNISUserRealm extends AuthorizingRealm implements RolePermissionResolverAware {
    private ANNISUserConfigurationManager confManager;
    private String defaultUserRole = "user";
    private String anonymousUser = "anonymous";

    public ANNISUserRealm() {
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher("SHA-256");
        hashedCredentialsMatcher.setHashIterations(1);
        setCredentialsMatcher(hashedCredentialsMatcher);
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        Validate.isInstanceOf(String.class, principalCollection.getPrimaryPrincipal());
        String str = (String) principalCollection.getPrimaryPrincipal();
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        User user = this.confManager.getUser(str);
        if (user != null) {
            if (user.getExpires() == null || user.getExpires().isAfterNow()) {
                simpleAuthorizationInfo.addRole(str);
                simpleAuthorizationInfo.addRoles(user.getGroups());
                simpleAuthorizationInfo.addRole(this.defaultUserRole);
                simpleAuthorizationInfo.addStringPermission("shortener:create:*");
                simpleAuthorizationInfo.addStringPermissions(user.getPermissions());
            }
        } else if (str.equals(this.anonymousUser)) {
            simpleAuthorizationInfo.addRole(this.anonymousUser);
            if (this.confManager.getUseShortenerWithoutLogin() != null) {
                Iterator<String> it = this.confManager.getUseShortenerWithoutLogin().iterator();
                while (it.hasNext()) {
                    simpleAuthorizationInfo.addStringPermission("shortener:create:" + it.next().replaceAll("[.:]", "_"));
                }
            }
        }
        return simpleAuthorizationInfo;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String passwordHash;
        Validate.isInstanceOf(String.class, authenticationToken.getPrincipal());
        String str = (String) authenticationToken.getPrincipal();
        if (str.equals(this.anonymousUser)) {
            return new SimpleAuthenticationInfo(str, new Sha256Hash(str).getBytes(), ANNISUserRealm.class.getName());
        }
        User user = this.confManager.getUser(str);
        if (user == null || (passwordHash = user.getPasswordHash()) == null) {
            return null;
        }
        if (!passwordHash.startsWith("$")) {
            return new SimpleAuthenticationInfo(authenticationToken.getPrincipal(), passwordHash, ANNISUserRealm.class.getName());
        }
        SimpleHash parse = new Shiro1CryptFormat().parse(passwordHash);
        if (!(parse instanceof SimpleHash)) {
            return null;
        }
        SimpleHash simpleHash = parse;
        Validate.isTrue(simpleHash.getIterations() == 1, "Hash iteration count must be 1 for every password hash!", new Object[0]);
        SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(str, simpleHash.getBytes(), ANNISUserRealm.class.getName());
        simpleAuthenticationInfo.setCredentialsSalt(new SerializableByteSource(simpleHash.getSalt()));
        return simpleAuthenticationInfo;
    }

    public boolean updateUser(User user) {
        if (!getConfManager().writeUser(user)) {
            return false;
        }
        clearCacheForUser(user.getName());
        return true;
    }

    public void clearCacheForUser(String str) {
        clearCache(new SimplePrincipalCollection(str, ANNISUserRealm.class.getName()));
    }

    public ANNISUserConfigurationManager getConfManager() {
        return this.confManager;
    }

    public void setConfManager(ANNISUserConfigurationManager aNNISUserConfigurationManager) {
        this.confManager = aNNISUserConfigurationManager;
    }

    public String getDefaultUserRole() {
        return this.defaultUserRole;
    }

    public void setDefaultUserRole(String str) {
        this.defaultUserRole = str;
    }

    public String getAnonymousUser() {
        return this.anonymousUser;
    }

    public void setAnonymousUser(String str) {
        this.anonymousUser = str;
    }
}
