package com.stormpath.shiro.realm;

import com.stormpath.sdk.account.Account;
import com.stormpath.sdk.application.Application;
import com.stormpath.sdk.authc.AuthenticationRequest;
import com.stormpath.sdk.client.Client;
import com.stormpath.sdk.group.Group;
import com.stormpath.sdk.impl.authc.DefaultUsernamePasswordRequest;
import com.stormpath.sdk.resource.ResourceException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.AllowAllCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.util.CollectionUtils;
import org.apache.shiro.util.StringUtils;

/* loaded from: input_file:com/stormpath/shiro/realm/ApplicationRealm.class */
public class ApplicationRealm extends AuthorizingRealm {
    private Client client;
    private String applicationRestUrl;
    private GroupRoleResolver groupRoleResolver;
    private GroupPermissionResolver groupPermissionResolver;
    private AccountPermissionResolver accountPermissionResolver;
    private AccountRoleResolver accountRoleResolver;
    private ApplicationResolver applicationResolver;
    private Application application;

    public ApplicationRealm() {
        setCredentialsMatcher(new AllowAllCredentialsMatcher());
        setGroupRoleResolver(new DefaultGroupRoleResolver());
        setGroupPermissionResolver(new GroupCustomDataPermissionResolver());
        setAccountPermissionResolver(new AccountCustomDataPermissionResolver());
        setApplicationResolver(new DefaultApplicationResolver());
    }

    public Client getClient() {
        return this.client;
    }

    public void setClient(Client client) {
        this.client = client;
    }

    public String getApplicationRestUrl() {
        return this.applicationRestUrl;
    }

    public void setApplicationRestUrl(String str) {
        this.applicationRestUrl = str;
    }

    public GroupRoleResolver getGroupRoleResolver() {
        return this.groupRoleResolver;
    }

    public void setGroupRoleResolver(GroupRoleResolver groupRoleResolver) {
        this.groupRoleResolver = groupRoleResolver;
    }

    public GroupPermissionResolver getGroupPermissionResolver() {
        return this.groupPermissionResolver;
    }

    public void setGroupPermissionResolver(GroupPermissionResolver groupPermissionResolver) {
        this.groupPermissionResolver = groupPermissionResolver;
    }

    public AccountPermissionResolver getAccountPermissionResolver() {
        return this.accountPermissionResolver;
    }

    public void setAccountPermissionResolver(AccountPermissionResolver accountPermissionResolver) {
        this.accountPermissionResolver = accountPermissionResolver;
    }

    public AccountRoleResolver getAccountRoleResolver() {
        return this.accountRoleResolver;
    }

    public void setAccountRoleResolver(AccountRoleResolver accountRoleResolver) {
        this.accountRoleResolver = accountRoleResolver;
    }

    public ApplicationResolver getApplicationResolver() {
        return this.applicationResolver;
    }

    public void setApplicationResolver(ApplicationResolver applicationResolver) {
        this.applicationResolver = applicationResolver;
    }

    protected void onInit() {
        super.onInit();
        assertState();
        if (this.application == null) {
            this.application = ensureApplicationReference();
        }
    }

    private void assertState() {
        if (this.client == null) {
            throw new IllegalStateException("Stormpath SDK Client instance must be configured.");
        }
    }

    protected final Application ensureApplicationReference() {
        if (this.application == null) {
            assertState();
            Application application = this.applicationResolver.getApplication(this.client, this.applicationRestUrl);
            if (application == null) {
                throw new IllegalStateException("ApplicationResolver returned 'null' Application, this is likely a configuration error.");
            }
            this.application = application;
        }
        return this.application;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        assertState();
        try {
            try {
                return new SimpleAuthenticationInfo(createPrincipals(ensureApplicationReference().authenticateAccount(createAuthenticationRequest((UsernamePasswordToken) authenticationToken)).getAccount()), (Object) null);
            } catch (Exception e) {
                throw new AuthenticationException("Unable to obtain authenticated account properties.", e);
            }
        } catch (ResourceException e2) {
            String clean = StringUtils.clean(e2.getMessage());
            if (clean == null) {
                clean = StringUtils.clean(e2.getDeveloperMessage());
            }
            if (clean == null) {
                clean = "Invalid login or password.";
            }
            throw new AuthenticationException(clean, e2);
        }
    }

    protected AuthenticationRequest createAuthenticationRequest(UsernamePasswordToken usernamePasswordToken) {
        String username = usernamePasswordToken.getUsername();
        char[] password = usernamePasswordToken.getPassword();
        String host = usernamePasswordToken.getHost();
        DefaultUsernamePasswordRequest defaultUsernamePasswordRequest = new DefaultUsernamePasswordRequest(username, password);
        if (host != null) {
            defaultUsernamePasswordRequest.setHost(host);
        }
        return defaultUsernamePasswordRequest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PrincipalCollection createPrincipals(Account account) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("href", account.getHref());
        nullSafePut(linkedHashMap, "username", account.getUsername());
        nullSafePut(linkedHashMap, "email", account.getEmail());
        nullSafePut(linkedHashMap, "givenName", account.getGivenName());
        nullSafePut(linkedHashMap, "middleName", account.getMiddleName());
        nullSafePut(linkedHashMap, "surname", account.getSurname());
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(account.getHref());
        arrayList.add(linkedHashMap);
        return new SimplePrincipalCollection(arrayList, getName());
    }

    private void nullSafePut(Map<String, String> map, String str, String str2) {
        String clean = StringUtils.clean(str2);
        if (clean != null) {
            map.put(str, clean);
        }
    }

    protected String getAccountHref(PrincipalCollection principalCollection) {
        return (String) principalCollection.fromRealm(getName()).iterator().next();
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        assertState();
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        Account account = (Account) getClient().getDataStore().getResource(getAccountHref(principalCollection), Account.class);
        for (Group group : account.getGroups()) {
            Iterator<String> it = resolveRoles(group).iterator();
            while (it.hasNext()) {
                simpleAuthorizationInfo.addRole(it.next());
            }
            Iterator<Permission> it2 = resolvePermissions(group).iterator();
            while (it2.hasNext()) {
                simpleAuthorizationInfo.addObjectPermission(it2.next());
            }
        }
        Iterator<String> it3 = resolveRoles(account).iterator();
        while (it3.hasNext()) {
            simpleAuthorizationInfo.addRole(it3.next());
        }
        Iterator<Permission> it4 = resolvePermissions(account).iterator();
        while (it4.hasNext()) {
            simpleAuthorizationInfo.addObjectPermission(it4.next());
        }
        if (CollectionUtils.isEmpty(simpleAuthorizationInfo.getRoles()) && CollectionUtils.isEmpty(simpleAuthorizationInfo.getObjectPermissions()) && CollectionUtils.isEmpty(simpleAuthorizationInfo.getStringPermissions())) {
            return null;
        }
        return simpleAuthorizationInfo;
    }

    private Set<Permission> resolvePermissions(Account account) {
        return this.accountPermissionResolver != null ? this.accountPermissionResolver.resolvePermissions(account) : Collections.emptySet();
    }

    private Set<Permission> resolvePermissions(Group group) {
        return this.groupPermissionResolver != null ? this.groupPermissionResolver.resolvePermissions(group) : Collections.emptySet();
    }

    private Set<String> resolveRoles(Group group) {
        return this.groupRoleResolver != null ? this.groupRoleResolver.resolveRoles(group) : Collections.emptySet();
    }

    private Set<String> resolveRoles(Account account) {
        return this.accountRoleResolver != null ? this.accountRoleResolver.resolveRoles(account) : Collections.emptySet();
    }

    protected Object getAuthenticationCacheKey(PrincipalCollection principalCollection) {
        if (CollectionUtils.isEmpty(principalCollection)) {
            return null;
        }
        Collection fromRealm = principalCollection.fromRealm(getName());
        if (CollectionUtils.isEmpty(fromRealm)) {
            return principalCollection.getPrimaryPrincipal();
        }
        Iterator it = fromRealm.iterator();
        it.next();
        Map map = (Map) it.next();
        String str = (String) map.get("email");
        return getAuthenticationCache().get(str) != null ? str : map.get("username");
    }
}
