package waffle.shiro;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashingPasswordService;
import org.apache.shiro.authc.credential.PasswordMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.crypto.hash.Hash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import waffle.windows.auth.IWindowsAuthProvider;
import waffle.windows.auth.IWindowsIdentity;
import waffle.windows.auth.impl.WindowsAuthProviderImpl;

/* loaded from: input_file:waffle/shiro/AbstractWaffleRealm.class */
public abstract class AbstractWaffleRealm extends AuthorizingRealm {
    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractWaffleRealm.class);
    private static final String REALM_NAME = "WAFFLE";
    private IWindowsAuthProvider provider = new WindowsAuthProviderImpl();

    protected final AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) {
        AuthenticationInfo authenticationInfo = null;
        if (authenticationToken instanceof UsernamePasswordToken) {
            UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
            String username = usernamePasswordToken.getUsername();
            IWindowsIdentity iWindowsIdentity = null;
            try {
                try {
                    LOGGER.debug("Attempting login for user {}", username);
                    IWindowsIdentity logonUser = this.provider.logonUser(username, new String(usernamePasswordToken.getPassword()));
                    if (logonUser.isGuest()) {
                        LOGGER.debug("Guest identity for user {}; denying access", username);
                        throw new AuthenticationException("Guest identities are not allowed access");
                    }
                    authenticationInfo = buildAuthenticationInfo(usernamePasswordToken, new WaffleFqnPrincipal(logonUser));
                    LOGGER.debug("Successful login for user {}", username);
                    if (logonUser != null) {
                        logonUser.dispose();
                    }
                } catch (RuntimeException e) {
                    LOGGER.debug("Failed login for user {}", username);
                    throw new AuthenticationException("Login failed", e);
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    iWindowsIdentity.dispose();
                }
                throw th;
            }
        }
        return authenticationInfo;
    }

    private AuthenticationInfo buildAuthenticationInfo(UsernamePasswordToken usernamePasswordToken, Object obj) {
        SimpleAuthenticationInfo simpleAuthenticationInfo;
        HashingPasswordService hashService = getHashService();
        if (hashService != null) {
            Hash hashPassword = hashService.hashPassword(usernamePasswordToken.getPassword());
            simpleAuthenticationInfo = new SimpleAuthenticationInfo(obj, hashPassword, hashPassword.getSalt(), REALM_NAME);
        } else {
            simpleAuthenticationInfo = new SimpleAuthenticationInfo(obj, usernamePasswordToken.getCredentials(), REALM_NAME);
        }
        return simpleAuthenticationInfo;
    }

    protected final AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        WaffleFqnPrincipal waffleFqnPrincipal = (WaffleFqnPrincipal) principalCollection.oneByType(WaffleFqnPrincipal.class);
        if (waffleFqnPrincipal == null) {
            return null;
        }
        return buildAuthorizationInfo(waffleFqnPrincipal);
    }

    protected abstract AuthorizationInfo buildAuthorizationInfo(WaffleFqnPrincipal waffleFqnPrincipal);

    void setProvider(IWindowsAuthProvider iWindowsAuthProvider) {
        this.provider = iWindowsAuthProvider;
    }

    private HashingPasswordService getHashService() {
        PasswordMatcher credentialsMatcher = getCredentialsMatcher();
        if (!(credentialsMatcher instanceof PasswordMatcher)) {
            return null;
        }
        HashingPasswordService passwordService = credentialsMatcher.getPasswordService();
        if (passwordService instanceof HashingPasswordService) {
            return passwordService;
        }
        return null;
    }
}
