package info.elexis.server.core.connector.elexis.security;

import ch.rgw.tools.PasswordEncryptionService;
import info.elexis.server.core.common.security.ESAuthorizingRealm;
import info.elexis.server.core.connector.elexis.jpa.model.annotated.User;
import info.elexis.server.core.connector.elexis.services.UserService;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.codec.DecoderException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.SimpleByteSource;
import org.osgi.service.component.annotations.Component;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {ESAuthorizingRealm.class})
/* loaded from: input_file:info/elexis/server/core/connector/elexis/security/ElexisConnectorAuthorizingRealm.class */
public class ElexisConnectorAuthorizingRealm extends AuthorizingRealm implements ESAuthorizingRealm {
    public static final String REALM_NAME = "elexis-connector";
    private static Logger log = LoggerFactory.getLogger(ElexisConnectorAuthorizingRealm.class);
    private static final CredentialsMatcher credentialsMatcher = new CredentialsMatcher() { // from class: info.elexis.server.core.connector.elexis.security.ElexisConnectorAuthorizingRealm.1
        private final PasswordEncryptionService pes = new PasswordEncryptionService();

        public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {
            SimpleAuthenticationInfo simpleAuthenticationInfo = (SimpleAuthenticationInfo) authenticationInfo;
            if (!(authenticationToken instanceof UsernamePasswordToken)) {
                return false;
            }
            try {
                return this.pes.authenticate(new String(((UsernamePasswordToken) authenticationToken).getPassword()), simpleAuthenticationInfo.getCredentials().toString(), new String(simpleAuthenticationInfo.getCredentialsSalt().getBytes()));
            } catch (NoSuchAlgorithmException | InvalidKeySpecException | DecoderException e) {
                ElexisConnectorAuthorizingRealm.log.warn("Error verifying password for user [{}].", e);
                return false;
            }
        }
    };

    public ElexisConnectorAuthorizingRealm() {
        super(credentialsMatcher);
        setName(REALM_NAME);
    }

    public AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        Optional<User> empty = Optional.empty();
        if (authenticationToken instanceof UsernamePasswordToken) {
            String username = ((UsernamePasswordToken) authenticationToken).getUsername();
            if (username == null || username.length() == 0) {
                return null;
            }
            empty = UserService.load(username);
            if (empty.isPresent() && !username.equals(empty.get().getId())) {
                log.info("userid does not match [{}] : [{}]", username, empty.get().getId());
            }
        }
        if (!empty.isPresent()) {
            return null;
        }
        User user = empty.get();
        String hashedPassword = user.getHashedPassword();
        String salt = user.getSalt();
        SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(user.getId(), hashedPassword, REALM_NAME);
        simpleAuthenticationInfo.setCredentialsSalt(new SimpleByteSource(salt));
        return simpleAuthenticationInfo;
    }

    public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        String str = (String) getAvailablePrincipal(principalCollection);
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        Optional<User> load = UserService.load(str);
        if (load.isPresent()) {
            simpleAuthorizationInfo.setRoles((Set) load.get().getRoles().stream().map(role -> {
                return role.getId();
            }).collect(Collectors.toSet()));
        }
        return simpleAuthorizationInfo;
    }

    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof UsernamePasswordToken;
    }
}
