package com.els.modules.shiro.authc;

import com.els.common.constant.CommonConstant;
import com.els.common.system.api.ISysBaseAPI;
import com.els.common.system.util.JwtUtil;
import com.els.common.system.vo.LoginUser;
import com.els.common.util.ConvertUtils;
import com.els.common.util.RedisUtil;
import com.els.common.util.SpringContextUtils;
import com.els.config.mybatis.TenantContext;
import com.els.modules.system.service.ElsSubAccountService;
import com.els.modules.system.util.AdminFlagUtil;
import com.els.modules.system.util.PermissionDataUtil;
import com.els.modules.system.util.PermissionFlagUtil;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/els/modules/shiro/authc/ShiroRealm.class */
public class ShiroRealm extends AuthorizingRealm {
    private static final Logger log = LoggerFactory.getLogger(ShiroRealm.class);

    @Autowired
    @Lazy
    private ElsSubAccountService sysUserService;

    @Autowired
    @Lazy
    private ISysBaseAPI sysBaseAPI;

    @Autowired
    @Lazy
    private RedisUtil redisUtil;

    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof JwtToken;
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        log.info("===============Shiro权限认证开始============ [ roles、permissions]==========");
        String str = null;
        String str2 = null;
        if (principalCollection != null) {
            LoginUser loginUser = (LoginUser) principalCollection.getPrimaryPrincipal();
            str = loginUser.getElsAccount();
            str2 = loginUser.getSubAccount();
        }
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.setRoles(this.sysUserService.getUserRolesSet(str, str2));
        simpleAuthorizationInfo.addStringPermissions(this.sysUserService.getUserPermissionsSet(str + "_" + str2));
        log.info("===============Shiro权限认证成功==============");
        return simpleAuthorizationInfo;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String str = (String) authenticationToken.getCredentials();
        if (str != null) {
            return new SimpleAuthenticationInfo(checkUserTokenIsEffect(str), str, getName());
        }
        log.info("————————身份认证失败——————————IP地址:  " + ConvertUtils.getIpAddrByRequest(SpringContextUtils.getHttpServletRequest()));
        throw new AuthenticationException("token为空!");
    }

    public LoginUser checkUserTokenIsEffect(String str) throws AuthenticationException {
        String account = JwtUtil.getAccount(str);
        if (account == null) {
            throw new AuthenticationException("token非法无效!");
        }
        log.info("———校验token是否有效————checkUserTokenIsEffect——————— " + str);
        LoginUser userByAccount = this.sysBaseAPI.getUserByAccount(account);
        if (userByAccount == null) {
            throw new AuthenticationException("用户不存在!");
        }
        if (userByAccount.getStatus().intValue() != 1) {
            throw new AuthenticationException("账号已被锁定,请联系管理员!");
        }
        if (!jwtTokenRefresh(str, account, userByAccount.getPassword())) {
            log.info("———Token失效，请重新登录!——————— " + str);
            throw new AuthenticationException("Token失效，请重新登录!");
        }
        AdminFlagUtil.setAdminFlag((String) this.redisUtil.get(CommonConstant.SYS_TOKEN_ROLE + str));
        PermissionFlagUtil.setPermissionFlag("0");
        PermissionDataUtil.setData(null);
        return userByAccount;
    }

    public boolean jwtTokenRefresh(String str, String str2, String str3) {
        String valueOf = String.valueOf(this.redisUtil.get(CommonConstant.PREFIX_USER_TOKEN + str));
        if (!ConvertUtils.isNotEmpty(valueOf)) {
            if (!JwtUtil.verify(str, str2, str3)) {
                return false;
            }
            TenantContext.setTenant(str2.split("_")[0]);
            return true;
        }
        if (!JwtUtil.verify(valueOf, str2, str3)) {
            this.redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + str, JwtUtil.sign(str2, str3));
            this.redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + str, 3600L);
            log.info("——————————用户在线操作，更新token保证不掉线—————————jwtTokenRefresh——————— " + str);
        }
        TenantContext.setTenant(str2.split("_")[0]);
        return true;
    }

    public void clearCache(PrincipalCollection principalCollection) {
        super.clearCache(principalCollection);
    }
}
