package com.axelor.auth;

import com.axelor.auth.db.Group;
import com.axelor.auth.db.User;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.PasswordMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/axelor/auth/AuthRealm.class */
public class AuthRealm extends AuthorizingRealm {
    private static Logger log = LoggerFactory.getLogger(AuthRealm.class);
    private CredentialsMatcher credentialsMatcher = new AuthMatcher();

    /* loaded from: input_file:com/axelor/auth/AuthRealm$AuthMatcher.class */
    public static class AuthMatcher extends PasswordMatcher {
        public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {
            Object submittedPassword = getSubmittedPassword(authenticationToken);
            Object storedPassword = getStoredPassword(authenticationInfo);
            AuthService authService = AuthService.getInstance();
            if (submittedPassword instanceof char[]) {
                submittedPassword = new String((char[]) submittedPassword);
            }
            try {
                return authService.ldapLogin((String) authenticationToken.getPrincipal(), (String) submittedPassword);
            } catch (AuthenticationException e) {
                AuthRealm.log.error("Password authentication failed for user: {}", authenticationToken.getPrincipal());
                return false;
            } catch (IllegalStateException e2) {
                if (authService.match((String) submittedPassword, (String) storedPassword) || super.doCredentialsMatch(authenticationToken, authenticationInfo)) {
                    return true;
                }
                AuthRealm.log.error("Password authentication failed for user: {}", authenticationToken.getPrincipal());
                return false;
            }
        }
    }

    public CredentialsMatcher getCredentialsMatcher() {
        return this.credentialsMatcher;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String username = ((UsernamePasswordToken) authenticationToken).getUsername();
        String str = new String(((UsernamePasswordToken) authenticationToken).getPassword());
        AuthService authService = AuthService.getInstance();
        if (authService.ldapEnabled()) {
            try {
                authService.ldapLogin(username, str);
            } catch (IllegalStateException e) {
            } catch (AuthenticationException e2) {
                log.error("LDAP authentication failed for user: {}", username);
            }
        }
        User user = AuthUtils.getUser(username);
        if (user == null || !AuthUtils.isActive(user)) {
            return null;
        }
        return new SimpleAuthenticationInfo(username, user.getPassword(), getName());
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        User user = AuthUtils.getUser((String) principalCollection.fromRealm(getName()).iterator().next());
        if (user == null) {
            return null;
        }
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        Group group = user.getGroup();
        if (group != null) {
            simpleAuthorizationInfo.addRole(group.getCode());
        }
        return simpleAuthorizationInfo;
    }
}
