package com.diboot.iam.util;

import com.diboot.core.exception.InvalidUsageException;
import com.diboot.core.util.ContextHolder;
import com.diboot.core.util.S;
import com.diboot.iam.config.Cons;
import com.diboot.iam.entity.BaseLoginUser;
import com.diboot.iam.entity.IamAccount;
import com.diboot.iam.service.IamLoginTraceService;
import com.diboot.iam.shiro.IamAuthorizingRealm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.lang.util.ByteSource;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/diboot/iam/util/IamSecurityUtils.class */
public class IamSecurityUtils extends SecurityUtils {
    private static final Logger log = LoggerFactory.getLogger(IamSecurityUtils.class);
    private static final String ALGORITHM = "md5";
    private static final int ITERATIONS = 2;

    public static <T> T getCurrentUser() {
        Subject subject = getSubject();
        if (subject != null) {
            return (T) subject.getPrincipal();
        }
        return null;
    }

    public static BaseLoginUser getLoginUserByToken(String str) {
        CacheManager cacheManager = (CacheManager) ContextHolder.getBean(CacheManager.class);
        if (cacheManager == null || cacheManager.getCache(Cons.AUTHENTICATION_CAHCE_NAME) == null) {
            throw new InvalidUsageException("无法获取登录用户缓存，请检查依赖环境！", new Object[0]);
        }
        SimpleAuthenticationInfo simpleAuthenticationInfo = (SimpleAuthenticationInfo) cacheManager.getCache(Cons.AUTHENTICATION_CAHCE_NAME).get(str);
        if (simpleAuthenticationInfo != null) {
            return (BaseLoginUser) simpleAuthenticationInfo.getPrincipals().getPrimaryPrincipal();
        }
        log.warn("缓存中不存在的无效token: {}", str);
        return null;
    }

    public static void logout() {
        BaseLoginUser baseLoginUser = (BaseLoginUser) getCurrentUser();
        if (baseLoginUser != null) {
            try {
                ((IamLoginTraceService) ContextHolder.getBean(IamLoginTraceService.class)).updateLogoutInfo(baseLoginUser.getClass().getSimpleName(), (String) baseLoginUser.getId());
            } catch (Exception e) {
                log.warn("更新用户退出时间异常: {}", e.getMessage());
            }
        }
        Subject subject = getSubject();
        if (subject.isAuthenticated() || subject.getPrincipals() != null) {
            subject.logout();
        }
    }

    public static void logout(String str) {
        CacheManager cacheManager = (CacheManager) ContextHolder.getBean(CacheManager.class);
        if (cacheManager == null || cacheManager.getCache(Cons.AUTHENTICATION_CAHCE_NAME) == null) {
            log.warn("cacheManager 实例异常");
            return;
        }
        for (SimpleAuthenticationInfo simpleAuthenticationInfo : cacheManager.getCache(Cons.AUTHENTICATION_CAHCE_NAME).values()) {
            SimplePrincipalCollection principals = simpleAuthenticationInfo.getPrincipals();
            BaseLoginUser baseLoginUser = (BaseLoginUser) principals.getPrimaryPrincipal();
            if (str.equals(baseLoginUser.getUserTypeAndId())) {
                cacheManager.getCache(Cons.AUTHENTICATION_CAHCE_NAME).remove(simpleAuthenticationInfo.getCredentials());
                TokenUtils.removeAccessTokens(principals.toString());
                log.info("强制退出用户: {}", str);
                try {
                    ((IamLoginTraceService) ContextHolder.getBean(IamLoginTraceService.class)).updateLogoutInfo(baseLoginUser.getClass().getSimpleName(), (String) baseLoginUser.getId());
                } catch (Exception e) {
                    log.warn("更新用户 {} 退出时间异常: {}", str, e.getMessage());
                }
            }
        }
    }

    public static void logoutByToken(String str) {
        logout();
        CacheManager cacheManager = (CacheManager) ContextHolder.getBean(CacheManager.class);
        if (cacheManager != null && cacheManager.getCache(Cons.AUTHENTICATION_CAHCE_NAME) != null) {
            cacheManager.getCache(Cons.AUTHENTICATION_CAHCE_NAME).remove(str);
        }
        TokenUtils.removeAccessTokens(str);
        log.debug("token 已过期注销: {}", str);
    }

    public static String getCurrentUserId() {
        BaseLoginUser baseLoginUser = (BaseLoginUser) getCurrentUser();
        if (baseLoginUser != null) {
            return (String) baseLoginUser.getId();
        }
        return null;
    }

    public static String getCurrentTenantId() {
        try {
            BaseLoginUser baseLoginUser = (BaseLoginUser) getCurrentUser();
            return baseLoginUser != null ? baseLoginUser.getTenantId() : "0";
        } catch (Exception e) {
            log.debug("当前调用链路无登录用户信息：{}", e.getMessage());
            return "0";
        }
    }

    public static String getUserTypeAndId() {
        BaseLoginUser baseLoginUser = (BaseLoginUser) getCurrentUser();
        if (baseLoginUser == null) {
            return null;
        }
        return S.join(new String[]{baseLoginUser.getClass().getSimpleName(), ":", (String) baseLoginUser.getId()});
    }

    public static void clearAuthorizationCache(String str) {
        Cache authorizationCache;
        IamAuthorizingRealm iamAuthorizingRealm = (IamAuthorizingRealm) getSecurityManager().getRealms().iterator().next();
        if (iamAuthorizingRealm == null || (authorizationCache = iamAuthorizingRealm.getAuthorizationCache()) == null) {
            return;
        }
        authorizationCache.remove(str);
        log.debug("已清空账号 {} 的权限缓存，以便新权限生效.", str);
    }

    public static void clearAllAuthorizationCache() {
        Cache authorizationCache;
        IamAuthorizingRealm iamAuthorizingRealm = (IamAuthorizingRealm) getSecurityManager().getRealms().iterator().next();
        if (iamAuthorizingRealm == null || (authorizationCache = iamAuthorizingRealm.getAuthorizationCache()) == null) {
            return;
        }
        authorizationCache.clear();
        log.debug("已清空全部登录用户的权限缓存，以便新权限生效.");
    }

    public static void encryptPwd(IamAccount iamAccount) {
        if (Cons.DICTCODE_AUTH_TYPE.PWD.name().equals(iamAccount.getAuthType())) {
            if (iamAccount.getSecretSalt() == null) {
                iamAccount.setSecretSalt(S.cut(S.newUuid(), 8));
            }
            iamAccount.setAuthSecret(encryptPwd(iamAccount.getAuthSecret(), iamAccount.getSecretSalt()));
        }
    }

    public static String encryptPwd(String str, String str2) {
        return new SimpleHash(ALGORITHM, str, ByteSource.Util.bytes(str2), ITERATIONS).toHex();
    }
}
