package com.erigir.wrench.shiro;

import com.erigir.wrench.shiro.provider.OauthProvider;
import com.erigir.wrench.shiro.provider.ProviderRegistry;
import java.util.Iterator;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.util.CollectionUtils;
import org.apache.shiro.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/erigir/wrench/shiro/OauthRealm.class */
public class OauthRealm extends AuthorizingRealm {
    public static final String DEFAULT_VALIDATION_PROTOCOL = "CAS";
    private static Logger LOG = LoggerFactory.getLogger(OauthRealm.class);
    private ProviderRegistry providerRegistry;
    private String oauthService;
    private String validationProtocol = DEFAULT_VALIDATION_PROTOCOL;
    private OauthCustomPrincipalBuilder oauthCustomPrincipalBuilder;

    public OauthRealm() {
        setAuthenticationTokenClass(OauthToken.class);
    }

    protected void onInit() {
        super.onInit();
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        OauthToken oauthToken = (OauthToken) authenticationToken;
        if (oauthToken == null || !StringUtils.hasText(oauthToken.m4getCredentials())) {
            return null;
        }
        try {
            String str = (String) SecurityUtils.getSubject().getSession().getAttribute(DynamicOauthLoginFilter.DYNAMIC_RETURN_URL_KEY);
            OauthProvider fetchProviderForSession = this.providerRegistry.fetchProviderForSession();
            OauthPrincipal validate = fetchProviderForSession.validate(oauthToken, str);
            fetchProviderForSession.fetchUserData(validate);
            validate.setOauthProviderName(fetchProviderForSession.getName());
            this.oauthCustomPrincipalBuilder.updatePrincipal(validate);
            LOG.debug("Validate ticket : {} in OAuth server : {} to retrieve accesstoken : {}", new Object[]{oauthToken, fetchProviderForSession.getClass(), validate});
            return new SimpleAuthenticationInfo(new SimplePrincipalCollection(CollectionUtils.asList(new Object[]{validate}), getName()), oauthToken.m4getCredentials());
        } catch (OauthException e) {
            throw new OauthAuthenticationException("Unable to validate token [" + oauthToken + "]", e);
        }
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        OauthPrincipal oauthPrincipal = (OauthPrincipal) ((SimplePrincipalCollection) principalCollection).byType(OauthPrincipal.class).iterator().next();
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        Iterator<String> it = oauthPrincipal.getRoles().iterator();
        while (it.hasNext()) {
            simpleAuthorizationInfo.addRole(it.next());
        }
        simpleAuthorizationInfo.addStringPermissions(oauthPrincipal.getPermissions());
        return simpleAuthorizationInfo;
    }

    public String getOauthService() {
        return this.oauthService;
    }

    public void setOauthService(String str) {
        this.oauthService = str;
    }

    public String getValidationProtocol() {
        return this.validationProtocol;
    }

    public void setValidationProtocol(String str) {
        this.validationProtocol = str;
    }

    public OauthCustomPrincipalBuilder getOauthCustomPrincipalBuilder() {
        return this.oauthCustomPrincipalBuilder;
    }

    public void setOauthCustomPrincipalBuilder(OauthCustomPrincipalBuilder oauthCustomPrincipalBuilder) {
        this.oauthCustomPrincipalBuilder = oauthCustomPrincipalBuilder;
    }

    public void setProviderRegistry(ProviderRegistry providerRegistry) {
        this.providerRegistry = providerRegistry;
    }
}
