package com.dynfi.security;

import com.dynfi.services.UserService;
import com.dynfi.storage.entities.User;
import java.util.Set;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAccount;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.permission.WildcardPermission;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.mindrot.jbcrypt.BCrypt;

/* loaded from: input_file:com/dynfi/security/MongoRealm.class */
public class MongoRealm extends AuthorizingRealm {
    public static final String REALM_NAME = "MongoRealm";
    private final UserService userService;
    private final int bcryptCost;
    private final CredentialsMatcher matcher;

    @Inject
    public MongoRealm(UserService userService, @Named("bcryptCost") int i) {
        this.userService = userService;
        this.bcryptCost = i;
        this.matcher = new BcryptCredentialsMatcher(userService);
    }

    @Override // org.apache.shiro.realm.AuthenticatingRealm
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String str = null;
        if (authenticationToken instanceof UsernamePasswordToken) {
            str = ((UsernamePasswordToken) authenticationToken).getUsername();
        } else if (authenticationToken instanceof JwtToken) {
            str = ((JwtToken) authenticationToken).getUsername();
        }
        User byLogin = this.userService.getByLogin(str);
        ensureUserExists(byLogin);
        return new SimpleAccount(byLogin.getLogin(), byLogin.getPasswordHash(), REALM_NAME);
    }

    @Override // org.apache.shiro.realm.AuthorizingRealm
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        User byLogin = this.userService.getByLogin(principalCollection.getPrimaryPrincipal().toString());
        ensureUserExists(byLogin);
        return new SimpleAccount(byLogin.getLogin(), byLogin.getPasswordHash(), REALM_NAME, (Set<String>) byLogin.getRoles().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet()), (Set<Permission>) this.userService.getPermissions(byLogin).stream().map(WildcardPermission::new).collect(Collectors.toSet()));
    }

    private void ensureUserExists(User user) {
        if (user == null) {
            performFakePasswordCheckToMakeResponseTimeEqualWithMissingUser();
            throw new UnknownAccountException();
        }
    }

    private void performFakePasswordCheckToMakeResponseTimeEqualWithMissingUser() {
        BCrypt.checkpw("foo", BCrypt.gensalt(this.bcryptCost));
    }

    @Override // org.apache.shiro.realm.AuthenticatingRealm, org.apache.shiro.realm.Realm
    public boolean supports(AuthenticationToken authenticationToken) {
        return (authenticationToken instanceof UsernamePasswordToken) || (authenticationToken instanceof JwtToken);
    }

    @Override // org.apache.shiro.realm.AuthenticatingRealm
    public CredentialsMatcher getCredentialsMatcher() {
        return this.matcher;
    }
}
