package com.el.core.security;

import com.el.core.security.auth.AuthOp;
import com.el.core.security.auth.AuthOpException;
import com.el.core.security.auth.AuthRealm;
import com.el.core.security.auth.AuthRealmsSecurityManager;
import com.el.core.security.auth.AuthToken;
import com.el.core.web.OpResult;
import com.el.core.web.WebUtil;
import java.io.IOException;
import java.util.Base64;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.CredentialsException;
import org.apache.shiro.session.SessionException;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

/* loaded from: input_file:com/el/core/security/SecurityApi.class */
public abstract class SecurityApi {
    private static final Logger log = LoggerFactory.getLogger(SecurityApi.class);

    @Autowired
    private AuthRealmsSecurityManager securityManager;

    @Autowired
    private SecurityProperties securityProperties;

    @RequestMapping(path = {"/xsrf"}, method = {RequestMethod.HEAD})
    public void xsrfToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        SecurityUtil.createXsrfToken(httpServletRequest, httpServletResponse);
    }

    @GetMapping({"/captcha"})
    public String generateCaptcha(HttpServletRequest httpServletRequest) throws IOException {
        return Base64.getEncoder().encodeToString(CaptchaUtil.generate(httpServletRequest));
    }

    @PostMapping({"/login"})
    public ResponseEntity login(HttpServletRequest httpServletRequest) {
        try {
            return WebUtil.toResponseEntity((OpResult) recognizeToken(httpServletRequest).map(this::login).orElse(AuthOp.NG_UNSUPPORTED));
        } catch (AuthOpException e) {
            return WebUtil.toResponseEntity(e.getResult(this.securityProperties.isObscure()));
        } catch (Exception e2) {
            log.info("[CORE-AUTH] UNSUPPORTTED authentication request.", e2);
            return WebUtil.toResponseEntity(AuthOp.NG_UNSUPPORTED);
        }
    }

    private Optional<AuthToken> recognizeToken(HttpServletRequest httpServletRequest) {
        return this.securityManager.getRealms().stream().map(realm -> {
            return (AuthRealm) realm;
        }).map(authRealm -> {
            return authRealm.recognizeToken(httpServletRequest);
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).findAny();
    }

    private OpResult login(AuthToken authToken) throws AuthOpException {
        Subject subject = SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            this.securityManager.logout(subject);
        }
        try {
            this.securityManager.login(subject, authToken);
            return OpResult.OK;
        } catch (CredentialsException e) {
            throw AuthOpException.of(AuthOp.NG_CREDENTIAL);
        } catch (AccountException e2) {
            throw AuthOpException.of(AuthOp.NG_PRINCIPAL);
        }
    }

    protected abstract void onLogout(Object obj);

    @PostMapping({"/logout"})
    public ResponseEntity logout() {
        try {
            Subject subject = SecurityUtils.getSubject();
            if (subject.isAuthenticated()) {
                Object principal = subject.getPrincipal();
                this.securityManager.logout(subject);
                onLogout(principal);
            }
        } catch (SessionException e) {
            log.trace("[CORE-AUTH] Encountered session exception during logout. This can generally safely be ignored.");
        }
        return WebUtil.toResponseEntity();
    }

    @GetMapping({"/principal"})
    public ResponseEntity principal() {
        Subject subject = SecurityUtils.getSubject();
        return subject.isAuthenticated() ? ResponseEntity.ok(subject.getPrincipal()) : ResponseEntity.noContent().build();
    }
}
