package org.apache.shiro.cas;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.util.CollectionUtils;
import org.apache.shiro.util.StringUtils;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.jasig.cas.client.validation.Saml11TicketValidator;
import org.jasig.cas.client.validation.TicketValidationException;
import org.jasig.cas.client.validation.TicketValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/shiro-cas-1.2.3.jar:org/apache/shiro/cas/CasRealm.class */
public class CasRealm extends AuthorizingRealm {
    public static final String DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME = "longTermAuthenticationRequestTokenUsed";
    public static final String DEFAULT_VALIDATION_PROTOCOL = "CAS";
    private static Logger log = LoggerFactory.getLogger(CasRealm.class);
    private String casServerUrlPrefix;
    private String casService;
    private String validationProtocol = DEFAULT_VALIDATION_PROTOCOL;
    private String rememberMeAttributeName = DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME;
    private TicketValidator ticketValidator;
    private String defaultRoles;
    private String defaultPermissions;
    private String roleAttributeNames;
    private String permissionAttributeNames;

    public CasRealm() {
        setAuthenticationTokenClass(CasToken.class);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.realm.AuthorizingRealm, org.apache.shiro.realm.AuthenticatingRealm
    public void onInit() {
        super.onInit();
        ensureTicketValidator();
    }

    protected TicketValidator ensureTicketValidator() {
        if (this.ticketValidator == null) {
            this.ticketValidator = createTicketValidator();
        }
        return this.ticketValidator;
    }

    protected TicketValidator createTicketValidator() {
        String casServerUrlPrefix = getCasServerUrlPrefix();
        return "saml".equalsIgnoreCase(getValidationProtocol()) ? new Saml11TicketValidator(casServerUrlPrefix) : new Cas20ServiceTicketValidator(casServerUrlPrefix);
    }

    @Override // org.apache.shiro.realm.AuthenticatingRealm
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        CasToken casToken = (CasToken) authenticationToken;
        if (authenticationToken == null) {
            return null;
        }
        String str = (String) casToken.getCredentials();
        if (!StringUtils.hasText(str)) {
            return null;
        }
        try {
            AttributePrincipal principal = ensureTicketValidator().validate(str, getCasService()).getPrincipal();
            String name = principal.getName();
            log.debug("Validate ticket : {} in CAS server : {} to retrieve user : {}", str, getCasServerUrlPrefix(), name);
            Map<String, Object> attributes = principal.getAttributes();
            casToken.setUserId(name);
            String str2 = (String) attributes.get(getRememberMeAttributeName());
            if (str2 != null && Boolean.parseBoolean(str2)) {
                casToken.setRememberMe(true);
            }
            return new SimpleAuthenticationInfo(new SimplePrincipalCollection((Collection) CollectionUtils.asList(name, attributes), getName()), str);
        } catch (TicketValidationException e) {
            throw new CasAuthenticationException("Unable to validate ticket [" + str + "]", e);
        }
    }

    @Override // org.apache.shiro.realm.AuthorizingRealm
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        Map map = (Map) ((SimplePrincipalCollection) principalCollection).asList().get(1);
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        addRoles(simpleAuthorizationInfo, split(this.defaultRoles));
        addPermissions(simpleAuthorizationInfo, split(this.defaultPermissions));
        Iterator<String> it = split(this.roleAttributeNames).iterator();
        while (it.hasNext()) {
            addRoles(simpleAuthorizationInfo, split((String) map.get(it.next())));
        }
        Iterator<String> it2 = split(this.permissionAttributeNames).iterator();
        while (it2.hasNext()) {
            addPermissions(simpleAuthorizationInfo, split((String) map.get(it2.next())));
        }
        return simpleAuthorizationInfo;
    }

    private List<String> split(String str) {
        ArrayList arrayList = new ArrayList();
        String[] split = StringUtils.split(str, ',');
        if (split != null && split.length > 0) {
            for (String str2 : split) {
                if (StringUtils.hasText(str2)) {
                    arrayList.add(str2.trim());
                }
            }
        }
        return arrayList;
    }

    private void addRoles(SimpleAuthorizationInfo simpleAuthorizationInfo, List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            simpleAuthorizationInfo.addRole(it.next());
        }
    }

    private void addPermissions(SimpleAuthorizationInfo simpleAuthorizationInfo, List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            simpleAuthorizationInfo.addStringPermission(it.next());
        }
    }

    public String getCasServerUrlPrefix() {
        return this.casServerUrlPrefix;
    }

    public void setCasServerUrlPrefix(String str) {
        this.casServerUrlPrefix = str;
    }

    public String getCasService() {
        return this.casService;
    }

    public void setCasService(String str) {
        this.casService = str;
    }

    public String getValidationProtocol() {
        return this.validationProtocol;
    }

    public void setValidationProtocol(String str) {
        this.validationProtocol = str;
    }

    public String getRememberMeAttributeName() {
        return this.rememberMeAttributeName;
    }

    public void setRememberMeAttributeName(String str) {
        this.rememberMeAttributeName = str;
    }

    public String getDefaultRoles() {
        return this.defaultRoles;
    }

    public void setDefaultRoles(String str) {
        this.defaultRoles = str;
    }

    public String getDefaultPermissions() {
        return this.defaultPermissions;
    }

    public void setDefaultPermissions(String str) {
        this.defaultPermissions = str;
    }

    public String getRoleAttributeNames() {
        return this.roleAttributeNames;
    }

    public void setRoleAttributeNames(String str) {
        this.roleAttributeNames = str;
    }

    public String getPermissionAttributeNames() {
        return this.permissionAttributeNames;
    }

    public void setPermissionAttributeNames(String str) {
        this.permissionAttributeNames = str;
    }
}
