package org.sction.security.shiro;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.sql.DataSource;
import org.apache.log4j.Logger;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cas.CasAuthenticationException;
import org.apache.shiro.cas.CasToken;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.util.CollectionUtils;
import org.apache.shiro.util.JdbcUtils;
import org.apache.shiro.util.StringUtils;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.jasig.cas.client.validation.Saml11TicketValidator;
import org.jasig.cas.client.validation.TicketValidationException;
import org.jasig.cas.client.validation.TicketValidator;
import org.springframework.jdbc.core.JdbcTemplate;

/* loaded from: input_file:org/sction/security/shiro/ShiroCasRealm.class */
public class ShiroCasRealm extends AuthorizingRealm {
    private static final Logger logger = Logger.getLogger(ShiroCasRealm.class);
    protected DataSource dataSource;
    protected String userRolesQuery;
    protected String permissionsQuery;
    public static final String DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME = "longTermAuthenticationRequestTokenUsed";
    public static final String DEFAULT_VALIDATION_PROTOCOL = "CAS";
    protected String casServerUrlPrefix;
    protected String casService;
    private TicketValidator ticketValidator;
    protected String defaultRoles;
    protected String defaultPermissions;
    protected JdbcTemplate jdbc;
    protected String sql;
    protected String roleAttributeNames;
    protected String permissionAttributeNames;
    Set<String> roleNames;
    Set<String> permissions;
    protected boolean permissionsLookupEnabled = true;
    protected String validationProtocol = DEFAULT_VALIDATION_PROTOCOL;
    protected String rememberMeAttributeName = DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME;

    public ShiroCasRealm() {
        setAuthenticationTokenClass(CasToken.class);
    }

    protected void onInit() {
        super.onInit();
        ensureTicketValidator();
    }

    protected TicketValidator ensureTicketValidator() {
        if (this.ticketValidator == null) {
            this.ticketValidator = createTicketValidator();
        }
        logger.info("ticketValidator:" + this.ticketValidator.toString());
        return this.ticketValidator;
    }

    protected TicketValidator createTicketValidator() {
        String casServerUrlPrefix = getCasServerUrlPrefix();
        logger.info("ValidationProtocol:" + getValidationProtocol() + casServerUrlPrefix);
        return "saml".equalsIgnoreCase(getValidationProtocol()) ? new Saml11TicketValidator(casServerUrlPrefix) : new Cas20ServiceTicketValidator(casServerUrlPrefix);
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        CasToken casToken = (CasToken) authenticationToken;
        if (authenticationToken == null) {
            return null;
        }
        String str = (String) casToken.getCredentials();
        if (!StringUtils.hasText(str)) {
            return null;
        }
        try {
            AttributePrincipal principal = ensureTicketValidator().validate(str, getCasService()).getPrincipal();
            String name = principal.getName();
            Map attributes = principal.getAttributes();
            logger.info("Validate ticket : {" + str + "} in CAS server : {" + getCasServerUrlPrefix() + "} to retrieve user : {" + name + "}");
            casToken.setUserId(name);
            String str2 = (String) attributes.get(getRememberMeAttributeName());
            if (str2 != null && Boolean.parseBoolean(str2)) {
                casToken.setRememberMe(true);
            }
            return new SimpleAuthenticationInfo(new SimplePrincipalCollection(CollectionUtils.asList(new Object[]{name, attributes}), getName()), str);
        } catch (TicketValidationException e) {
            logger.error(e.getMessage(), e);
            throw new CasAuthenticationException("Unable to validate ticket [" + str + "]");
        }
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        if (principalCollection == null) {
            throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
        }
        Connection connection = null;
        this.roleNames = split(this.defaultRoles);
        this.permissions = split(this.defaultPermissions);
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        String str = (String) getAvailablePrincipal(principalCollection);
        try {
            if (this.dataSource != null) {
                try {
                    connection = this.dataSource.getConnection();
                    this.roleNames = getRoleNamesForUser(connection, str);
                    if (this.permissionsLookupEnabled) {
                        this.permissions = getPermissions(connection, str, this.roleNames);
                    }
                    JdbcUtils.closeConnection(connection);
                    JdbcUtils.closeConnection(connection);
                    simpleAuthorizationInfo.setRoles(this.roleNames);
                    simpleAuthorizationInfo.setStringPermissions(this.permissions);
                    return simpleAuthorizationInfo;
                } catch (SQLException e) {
                    String str2 = "There was a SQL error while authorizing user [" + str + "]";
                    logger.error(str2, e);
                    throw new AuthorizationException(str2, e);
                }
            }
            if (this.jdbc == null) {
                Map<String, Object> map = (Map) principalCollection.asList().get(1);
                logger.info("来自CAS的用户属性:" + map);
                putRolesPermissions(map);
            } else {
                if (this.sql == null) {
                    throw new AuthorizationException("请设置sql属性");
                }
                this.sql = this.sql.replaceAll("\\?", "'" + str + "'");
                try {
                    List queryForList = this.jdbc.queryForList(this.sql);
                    logger.info("来自本地数据库的用户属性:" + queryForList);
                    if (queryForList != null) {
                        Iterator it = queryForList.iterator();
                        while (it.hasNext()) {
                            putRolesPermissions((Map) it.next());
                        }
                    }
                } catch (Exception e2) {
                    logger.error(this.sql, e2);
                }
            }
            return simpleAuthorizationInfo;
        } catch (Throwable th) {
            JdbcUtils.closeConnection(connection);
            throw th;
        }
    }

    private void putRolesPermissions(Map<String, Object> map) {
        if (this.roleAttributeNames != null && !this.roleAttributeNames.trim().equals(org.sction.util.StringUtils.EMPTY)) {
            Iterator<String> it = split(this.roleAttributeNames).iterator();
            while (it.hasNext()) {
                this.roleNames.addAll(split((String) map.get(it.next())));
            }
        }
        if (this.permissionAttributeNames == null || this.permissionAttributeNames.trim().equals(org.sction.util.StringUtils.EMPTY)) {
            return;
        }
        Iterator<String> it2 = split(this.permissionAttributeNames).iterator();
        while (it2.hasNext()) {
            this.permissions.addAll(split((String) map.get(it2.next())));
        }
    }

    private Set<String> split(String str) {
        HashSet hashSet = new HashSet();
        String[] split = StringUtils.split(str, ',');
        if (split != null) {
            for (String str2 : split) {
                if (StringUtils.hasText(str2)) {
                    hashSet.add(str2.trim());
                }
            }
        }
        return hashSet;
    }

    protected Set<String> getRoleNamesForUser(Connection connection, String str) throws SQLException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        PreparedStatement prepareStatement = connection.prepareStatement(this.userRolesQuery);
        prepareStatement.setString(1, str);
        ResultSet executeQuery = prepareStatement.executeQuery();
        while (executeQuery.next()) {
            String string = executeQuery.getString(1);
            if (string != null) {
                linkedHashSet.add(string);
            } else {
                logger.warn("Null role name found while retrieving role names for user [" + str + "]");
            }
        }
        JdbcUtils.closeResultSet(executeQuery);
        JdbcUtils.closeStatement(prepareStatement);
        return linkedHashSet;
    }

    protected Set<String> getPermissions(Connection connection, String str, Collection<String> collection) throws SQLException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        PreparedStatement prepareStatement = connection.prepareStatement(this.permissionsQuery);
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            prepareStatement.setString(1, it.next());
            ResultSet executeQuery = prepareStatement.executeQuery();
            while (executeQuery.next()) {
                linkedHashSet.add(executeQuery.getString(1));
            }
            JdbcUtils.closeResultSet(executeQuery);
        }
        JdbcUtils.closeStatement(prepareStatement);
        return linkedHashSet;
    }

    public String getCasServerUrlPrefix() {
        return this.casServerUrlPrefix;
    }

    public void setCasServerUrlPrefix(String str) {
        this.casServerUrlPrefix = str;
    }

    public String getCasService() {
        return this.casService;
    }

    public void setCasService(String str) {
        this.casService = str;
    }

    public String getValidationProtocol() {
        return this.validationProtocol;
    }

    public void setValidationProtocol(String str) {
        this.validationProtocol = str;
    }

    public String getRememberMeAttributeName() {
        return this.rememberMeAttributeName;
    }

    public void setRememberMeAttributeName(String str) {
        this.rememberMeAttributeName = str;
    }

    public String getDefaultRoles() {
        return this.defaultRoles;
    }

    public void setDefaultRoles(String str) {
        this.defaultRoles = str;
    }

    public void setDefaultPermissions(String str) {
        this.defaultPermissions = str;
    }

    public void setRoleAttributeNames(String str) {
        this.roleAttributeNames = str;
    }

    public void setPermissionAttributeNames(String str) {
        this.permissionAttributeNames = str;
    }

    public void setSql(String str) {
        this.sql = str;
    }

    public void setJdbc(JdbcTemplate jdbcTemplate) {
        this.jdbc = jdbcTemplate;
    }

    public void setDataSource(DataSource dataSource) {
        this.dataSource = dataSource;
    }

    public void setUserRolesQuery(String str) {
        this.userRolesQuery = str;
    }

    public void setPermissionsQuery(String str) {
        this.permissionsQuery = str;
    }

    public void setPermissionsLookupEnabled(boolean z) {
        this.permissionsLookupEnabled = z;
    }
}
