package com.supwisdom.eams.security.authc;

import com.supwisdom.eams.security.helper.PrincipalHelper;
import com.supwisdom.eams.security.subject.Principal;
import com.supwisdom.eams.system.account.domain.model.Account;
import com.supwisdom.eams.system.account.domain.repo.AccountRepository;
import com.supwisdom.eams.system.person.domain.model.Person;
import com.supwisdom.eams.system.person.domain.repo.PersonRepository;
import com.supwisdom.eams.system.role.domain.repo.RoleRepository;
import com.supwisdom.eams.system.security.Identity;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.realm.AuthenticatingRealm;

/* loaded from: input_file:com/supwisdom/eams/security/authc/AuthcRealmBase.class */
public abstract class AuthcRealmBase extends AuthenticatingRealm {
    protected AccountRepository accountRepository;
    protected PersonRepository personRepository;
    protected RoleRepository roleRepository;
    protected List<CustomAuthcGuard> customAuthcGuardList;

    public AuthcRealmBase() {
        this.customAuthcGuardList = new ArrayList();
    }

    public AuthcRealmBase(CacheManager cacheManager) {
        super(cacheManager);
        this.customAuthcGuardList = new ArrayList();
    }

    public AuthcRealmBase(CredentialsMatcher credentialsMatcher) {
        super(credentialsMatcher);
        this.customAuthcGuardList = new ArrayList();
    }

    public AuthcRealmBase(CacheManager cacheManager, CredentialsMatcher credentialsMatcher) {
        super(cacheManager, credentialsMatcher);
        this.customAuthcGuardList = new ArrayList();
    }

    protected AuthenticationInfo doGetAuthenticationInfoByUsername(String str) {
        Account byLoginName = this.accountRepository.getByLoginName(str);
        if (byLoginName == null) {
            throw new UnknownAccountException(str + " 账号不存在");
        }
        if (!byLoginName.isEnabled()) {
            throw new LockedAccountException(str + " 账号禁用");
        }
        if (byLoginName.isExpired()) {
            throw new LockedAccountException(str + " 账号过期");
        }
        List identities = this.roleRepository.getIdentities(byLoginName.getMemberOf());
        if (CollectionUtils.isEmpty(identities) || !identities.contains(getSupportedIdentity())) {
            throw new AuthenticationException(str + "身份不匹配");
        }
        Iterator<CustomAuthcGuard> it = this.customAuthcGuardList.iterator();
        while (it.hasNext()) {
            String doGuard = it.next().doGuard(byLoginName);
            if (StringUtils.isNotBlank(doGuard)) {
                throw new AuthenticationException(doGuard);
            }
        }
        Person byAssoc = this.personRepository.getByAssoc(byLoginName.getPersonAssoc());
        Principal createPrincipal = PrincipalHelper.createPrincipal(byLoginName.getLoginName(), byLoginName.getId(), byAssoc.getName(), byAssoc.getId());
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(byLoginName.getLoginName());
        arrayList.add(createPrincipal);
        return new SimpleAuthenticationInfo(arrayList, byLoginName.getPlainPassword().toCharArray(), getName());
    }

    protected abstract Identity getSupportedIdentity();

    public void setAccountRepository(AccountRepository accountRepository) {
        this.accountRepository = accountRepository;
    }

    public void setPersonRepository(PersonRepository personRepository) {
        this.personRepository = personRepository;
    }

    public void setRoleRepository(RoleRepository roleRepository) {
        this.roleRepository = roleRepository;
    }

    public void setCustomAuthcGuardList(List<CustomAuthcGuard> list) {
        this.customAuthcGuardList = list;
    }
}
