package com.el.edp.iam.spi.java.realm;

import com.el.edp.iam.support.repository.account.EdpIamAccount;
import com.el.edp.iam.support.shiro.EdpIamUserPrincipal;
import com.el.edp.util.EdpOpException;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.credential.AllowAllCredentialsMatcher;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/el/edp/iam/spi/java/realm/EdpIamRealm.class */
public abstract class EdpIamRealm extends AuthenticatingRealm {
    private static final Logger log = LoggerFactory.getLogger(EdpIamRealm.class);
    private static final CredentialsMatcher ALLOW_ALL = new AllowAllCredentialsMatcher();

    public EdpIamRealm(Class<? extends EdpIamToken> cls) {
        super(ALLOW_ALL);
        setAuthenticationTokenClass(cls);
    }

    public final Optional<EdpIamToken> recognizeToken(HttpServletRequest httpServletRequest) {
        Class authenticationTokenClass = getAuthenticationTokenClass();
        try {
            EdpIamToken edpIamToken = (EdpIamToken) authenticationTokenClass.newInstance();
            return edpIamToken.parse(httpServletRequest) ? Optional.of(checkToken(httpServletRequest, edpIamToken)) : Optional.empty();
        } catch (IllegalAccessException | InstantiationException e) {
            throw new AssertionError("[EDP-DEV] Create token instance FAILED: " + authenticationTokenClass);
        }
    }

    protected EdpIamToken checkToken(HttpServletRequest httpServletRequest, EdpIamToken edpIamToken) throws EdpOpException {
        return edpIamToken;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        EdpIamAccount orElseThrow = fetchAccount((EdpIamToken) authenticationToken).orElseThrow(UnknownAccountException::new);
        log.debug("[EDP-IAM] account: {}", orElseThrow);
        return orElseThrow;
    }

    protected abstract Optional<? extends EdpIamAccount> fetchAccount(EdpIamToken edpIamToken);

    public void onSuccessfulAuthenticated(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {
        EdpIamToken edpIamToken = (EdpIamToken) authenticationToken;
        EdpIamUserPrincipal edpIamUserPrincipal = (EdpIamUserPrincipal) authenticationInfo.getPrincipals().getPrimaryPrincipal();
        initAuthorization(edpIamToken, edpIamUserPrincipal);
        onAuthorizationInited(edpIamToken, edpIamUserPrincipal);
    }

    protected abstract void initAuthorization(EdpIamToken edpIamToken, EdpIamUserPrincipal edpIamUserPrincipal);

    protected void onAuthorizationInited(EdpIamToken edpIamToken, EdpIamUserPrincipal edpIamUserPrincipal) {
    }
}
