package com.lc.ibps.auth.shiro.realm;

import com.lc.ibps.api.org.constant.UserStatus;
import com.lc.ibps.api.org.exception.OrgException;
import com.lc.ibps.auth.shiro.authc.ShiroAuthenticationInfo;
import com.lc.ibps.auth.shiro.authz.AuthorizationInfoUtil;
import com.lc.ibps.auth.shiro.authz.ShiroAuthorizationInfo;
import com.lc.ibps.auth.shiro.constants.RealmConstants;
import com.lc.ibps.auth.shiro.exception.InactiveException;
import com.lc.ibps.auth.shiro.token.RunAsAuthenticationToken;
import com.lc.ibps.org.party.persistence.entity.DefaultPartyUserPo;
import java.util.Collection;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

/* loaded from: input_file:com/lc/ibps/auth/shiro/realm/ShiroRunAsRealm.class */
public class ShiroRunAsRealm extends AuthorizingRealm {
    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof RunAsAuthenticationToken;
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        String str = null;
        String str2 = null;
        Collection fromRealm = principalCollection.fromRealm(RealmConstants.RUN_REALM_NAME);
        if (fromRealm.iterator().hasNext()) {
            str = (String) fromRealm.iterator().next();
        }
        Collection fromRealm2 = principalCollection.fromRealm(RealmConstants.RUN_AS_FROM_REALM_NAME);
        if (fromRealm2.iterator().hasNext()) {
            str2 = (String) fromRealm2.iterator().next();
        }
        AuthorizationInfo authorizationInfo = AuthorizationInfoUtil.get(str);
        ((ShiroAuthorizationInfo) authorizationInfo).setRunAsFrom(str2);
        AuthorizationInfoUtil.set(authorizationInfo);
        return authorizationInfo;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        RunAsAuthenticationToken runAsAuthenticationToken = (RunAsAuthenticationToken) authenticationToken;
        String runName = runAsAuthenticationToken.getRunName();
        String runAsFromName = runAsAuthenticationToken.getRunAsFromName();
        try {
            DefaultPartyUserPo loginUser = AuthorizationInfoUtil.getLoginUser(runName);
            if (loginUser == null) {
                throw new UnknownAccountException();
            }
            if (UserStatus.LOCKED.getValue().equals(loginUser.getStatus())) {
                throw new LockedAccountException();
            }
            if (UserStatus.INACTIVE.getValue().equals(loginUser.getStatus())) {
                throw new InactiveException();
            }
            if (UserStatus.DISABLED.getValue().equals(loginUser.getStatus())) {
                throw new DisabledAccountException();
            }
            if (UserStatus.EXPIRED.getValue().equals(loginUser.getStatus())) {
                throw new ExpiredCredentialsException();
            }
            AuthorizationInfo authorizationInfo = AuthorizationInfoUtil.get(runName);
            ((ShiroAuthorizationInfo) authorizationInfo).setRunAsFrom(runAsFromName);
            AuthorizationInfoUtil.set(authorizationInfo);
            return new ShiroAuthenticationInfo(RealmConstants.RUN_REALM_NAME, RealmConstants.RUN_AS_FROM_REALM_NAME, runAsFromName, loginUser);
        } catch (OrgException e) {
            throw new AuthenticationException(e.getMessage());
        }
    }
}
