package com.freedomotic.security;

import com.freedomotic.api.Plugin;
import com.freedomotic.settings.AppConfig;
import com.freedomotic.settings.Info;
import com.google.inject.Inject;
import java.io.File;
import java.util.ArrayList;
import java.util.Map;
import java.util.UUID;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.SimpleRole;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.realm.text.PropertiesRealm;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.subject.support.SubjectThreadState;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/freedomotic/security/AuthImpl.class */
class AuthImpl implements Auth {
    private static final Logger LOG = LoggerFactory.getLogger(AuthImpl.class.getName());
    private static final String BASE_REALM_NAME = "com.freedomotic.security";
    private static final String PLUGIN_REALM_NAME = "com.freedomotic.plugins.security";
    private boolean realmInited = false;
    private PropertiesRealm baseRealm = new PropertiesRealm();
    private SimpleAccountRealm pluginRealm = new SimpleAccountRealm("com.freedomotic.plugins.security");
    private String DEFAULT_PERMISSION = PluginRealm.DEFAULT_PERMISSION;
    private ArrayList<Realm> realmCollection = new ArrayList<>();

    @Inject
    private AppConfig config;

    AuthImpl() {
    }

    @Override // com.freedomotic.security.Auth
    public boolean isInited() {
        return this.realmInited;
    }

    @Override // com.freedomotic.security.Auth
    public void initBaseRealm() {
        DefaultSecurityManager defaultSecurityManager = null;
        if (!this.realmInited && this.config.getBooleanProperty("KEY_SECURITY_ENABLE", true)) {
            this.baseRealm.setName("com.freedomotic.security");
            this.baseRealm.setResourcePath(new File(Info.PATHS.PATH_WORKDIR + "/config/security.properties").getAbsolutePath());
            this.baseRealm.init();
            this.pluginRealm.init();
            defaultSecurityManager = new DefaultSecurityManager();
            this.realmCollection.add(this.baseRealm);
            this.realmCollection.add(this.pluginRealm);
            defaultSecurityManager.setRealms(this.realmCollection);
            this.realmInited = true;
        }
        SecurityUtils.setSecurityManager(defaultSecurityManager);
    }

    @Override // com.freedomotic.security.Auth
    public boolean login(String str, char[] cArr, boolean z) {
        return login(str, String.copyValueOf(cArr), z);
    }

    @Override // com.freedomotic.security.Auth
    public boolean login(String str, String str2, boolean z) {
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(str, str2);
        usernamePasswordToken.setRememberMe(z);
        Subject subject = SecurityUtils.getSubject();
        try {
            subject.login(usernamePasswordToken);
            subject.getSession().setTimeout(-1L);
            return true;
        } catch (Exception e) {
            LOG.warn(e.getLocalizedMessage());
            return false;
        }
    }

    @Override // com.freedomotic.security.Auth
    public void logout() {
        SecurityUtils.getSubject().logout();
    }

    @Override // com.freedomotic.security.Auth
    public boolean isPermitted(String str) {
        if (this.realmInited) {
            return SecurityUtils.getSubject().isPermitted(str);
        }
        return true;
    }

    @Override // com.freedomotic.security.Auth
    public Subject getSubject() {
        if (isInited()) {
            return SecurityUtils.getSubject();
        }
        return null;
    }

    @Override // com.freedomotic.security.Auth
    public Object getPrincipal() {
        if (isInited()) {
            return SecurityUtils.getSubject().getPrincipal();
        }
        return null;
    }

    @Override // com.freedomotic.security.Auth
    public Runnable pluginBindRunnablePrivileges(Plugin plugin, Runnable runnable) {
        return executePrivileged(plugin.getClassName(), runnable);
    }

    private Runnable executePrivileged(String str, Runnable runnable) {
        if (!isInited()) {
            runnable.run();
            return null;
        }
        Subject buildSubject = new Subject.Builder().principals(new SimplePrincipalCollection(str, this.pluginRealm.getName())).buildSubject();
        buildSubject.getSession().setTimeout(-1L);
        buildSubject.execute(runnable);
        return null;
    }

    @Override // com.freedomotic.security.Auth
    public void setPluginPrivileges(Plugin plugin, String str) {
        if (this.pluginRealm.accountExists(plugin.getClassName())) {
            return;
        }
        if (!plugin.getConfiguration().getStringProperty("permissions", getPluginDefaultPermission()).equals(str)) {
            LOG.error("Plugin {} tried to request incorrect privileges", plugin.getName());
            return;
        }
        LOG.info("Setting permissions for plugin {}: {}", new Object[]{plugin.getClassName(), str});
        String uuid = UUID.randomUUID().toString();
        this.pluginRealm.addAccount(plugin.getClassName(), UUID.randomUUID().toString(), new String[]{uuid});
        this.pluginRealm.addRole(uuid + "=" + str);
    }

    @Override // com.freedomotic.security.Auth
    @Deprecated
    public String getPluginDefaultPermission() {
        return this.DEFAULT_PERMISSION;
    }

    @Override // com.freedomotic.security.Auth
    public void addRealm(Realm realm) {
        if (this.realmCollection.contains(realm)) {
            return;
        }
        this.realmCollection.add(realm);
    }

    public void deleteRealm(Realm realm) {
        if (realm.equals(this.baseRealm) || realm.equals(this.pluginRealm)) {
            return;
        }
        this.realmCollection.remove(realm);
    }

    @Override // com.freedomotic.security.Auth
    public boolean bindFakeUser(String str) {
        if (!this.baseRealm.accountExists(str)) {
            return false;
        }
        new SubjectThreadState(new Subject.Builder().principals(new SimplePrincipalCollection(str, "com.freedomotic.security")).buildSubject()).bind();
        return true;
    }

    @Override // com.freedomotic.security.Auth
    public void load() {
    }

    @Override // com.freedomotic.security.Auth
    public void save() {
    }

    @Override // com.freedomotic.security.Auth
    public boolean addUser(String str, String str2, String str3, String str4) {
        throw new UnsupportedOperationException("Not supported yet.");
    }

    @Override // com.freedomotic.security.Auth
    public boolean addRole(SimpleRole simpleRole) {
        throw new UnsupportedOperationException("Not supported yet.");
    }

    @Override // com.freedomotic.security.Auth
    public User getCurrentUser() {
        throw new UnsupportedOperationException("Not supported yet.");
    }

    @Override // com.freedomotic.security.Auth
    public Map<String, User> getUsers() {
        throw new UnsupportedOperationException("Not supported yet.");
    }

    @Override // com.freedomotic.security.Auth
    public SimpleRole getRole(String str) {
        throw new UnsupportedOperationException("Not supported yet.");
    }

    @Override // com.freedomotic.security.Auth
    public Map<String, SimpleRole> getRoles() {
        throw new UnsupportedOperationException("Not supported yet.");
    }

    @Override // com.freedomotic.security.Auth
    public User getUser(String str) {
        throw new UnsupportedOperationException("Not supported yet.");
    }

    @Override // com.freedomotic.security.Auth
    public boolean deleteUser(String str) {
        throw new UnsupportedOperationException("Not supported yet.");
    }

    @Override // com.freedomotic.security.Auth
    public Realm getUserRealm() {
        return this.baseRealm;
    }

    @Override // com.freedomotic.security.Auth
    public boolean deleteRole(String str) {
        throw new UnsupportedOperationException("Not supported yet.");
    }
}
