package com.lc.ibps.auth.client;

import com.lc.ibps.api.org.constant.UserStatus;
import com.lc.ibps.api.org.exception.OrgException;
import com.lc.ibps.auth.client.exception.OAuth2AuthenticationException;
import com.lc.ibps.auth.shiro.authc.ShiroAuthenticationInfo;
import com.lc.ibps.auth.shiro.authz.AuthorizationInfoUtil;
import com.lc.ibps.auth.shiro.exception.InactiveException;
import com.lc.ibps.base.web.model.UrlOption;
import com.lc.ibps.org.party.persistence.entity.DefaultPartyUserPo;
import javax.annotation.Resource;
import org.apache.oltu.oauth2.client.OAuthClient;
import org.apache.oltu.oauth2.client.URLConnectionClient;
import org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest;
import org.apache.oltu.oauth2.client.response.OAuthResourceResponse;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

/* loaded from: input_file:com/lc/ibps/auth/client/OAuth2Realm.class */
public class OAuth2Realm extends AuthorizingRealm {

    @Resource
    private UrlOption urlOption;

    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof OAuth2Token;
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        AuthorizationInfo authorizationInfo = AuthorizationInfoUtil.get(String.valueOf(principalCollection.getPrimaryPrincipal()));
        AuthorizationInfoUtil.set(authorizationInfo);
        return authorizationInfo;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        try {
            DefaultPartyUserPo loginUser = AuthorizationInfoUtil.getLoginUser(extractUsername(((OAuth2Token) authenticationToken).getAccessToken()));
            if (loginUser == null) {
                throw new UnknownAccountException();
            }
            if (UserStatus.LOCKED.getValue().equals(loginUser.getStatus())) {
                throw new LockedAccountException();
            }
            if (UserStatus.INACTIVE.getValue().equals(loginUser.getStatus())) {
                throw new InactiveException();
            }
            if (UserStatus.DISABLED.getValue().equals(loginUser.getStatus())) {
                throw new DisabledAccountException();
            }
            if (UserStatus.EXPIRED.getValue().equals(loginUser.getStatus())) {
                throw new ExpiredCredentialsException();
            }
            return new ShiroAuthenticationInfo("run", loginUser);
        } catch (OrgException e) {
            throw new AuthenticationException(e.getMessage());
        }
    }

    private String extractUsername(String str) {
        try {
            return new OAuthClient(new URLConnectionClient()).resource(new OAuthBearerClientRequest(this.urlOption.getUserUrl()).setAccessToken(str).buildQueryMessage(), "GET", OAuthResourceResponse.class).getBody();
        } catch (Exception e) {
            throw new OAuth2AuthenticationException(e);
        }
    }
}
