package org.apache.camel.component.shiro.security;

import java.io.ByteArrayInputStream;
import java.io.Closeable;
import java.io.ObjectInputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.camel.AsyncCallback;
import org.apache.camel.AsyncProcessor;
import org.apache.camel.CamelAuthorizationException;
import org.apache.camel.Exchange;
import org.apache.camel.Processor;
import org.apache.camel.model.ProcessorDefinition;
import org.apache.camel.spi.AuthorizationPolicy;
import org.apache.camel.spi.RouteContext;
import org.apache.camel.util.AsyncProcessorConverterHelper;
import org.apache.camel.util.AsyncProcessorHelper;
import org.apache.camel.util.ExchangeHelper;
import org.apache.camel.util.IOHelper;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.config.Ini;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.crypto.AesCipherService;
import org.apache.shiro.crypto.CipherService;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/camel/component/shiro/security/ShiroSecurityPolicy.class */
public class ShiroSecurityPolicy implements AuthorizationPolicy {
    private static final transient Logger LOG = LoggerFactory.getLogger(ShiroSecurityPolicy.class);
    private final byte[] bits128;
    private CipherService cipherService;
    private byte[] passPhrase;
    private SecurityManager securityManager;
    private List<Permission> permissionsList;
    private boolean alwaysReauthenticate;

    public ShiroSecurityPolicy() {
        this.bits128 = new byte[]{8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23};
        this.passPhrase = this.bits128;
        this.cipherService = new AesCipherService();
        this.permissionsList = new ArrayList();
        this.alwaysReauthenticate = true;
    }

    public ShiroSecurityPolicy(String str) {
        this();
        this.securityManager = (SecurityManager) new IniSecurityManagerFactory(str).getInstance();
        SecurityUtils.setSecurityManager(this.securityManager);
    }

    public ShiroSecurityPolicy(Ini ini) {
        this();
        this.securityManager = (SecurityManager) new IniSecurityManagerFactory(ini).getInstance();
        SecurityUtils.setSecurityManager(this.securityManager);
    }

    public ShiroSecurityPolicy(String str, byte[] bArr) {
        this(str);
        setPassPhrase(bArr);
    }

    public ShiroSecurityPolicy(Ini ini, byte[] bArr) {
        this(ini);
        setPassPhrase(bArr);
    }

    public ShiroSecurityPolicy(String str, byte[] bArr, boolean z) {
        this(str, bArr);
        setAlwaysReauthenticate(z);
    }

    public ShiroSecurityPolicy(Ini ini, byte[] bArr, boolean z) {
        this(ini, bArr);
        setAlwaysReauthenticate(z);
    }

    public ShiroSecurityPolicy(String str, byte[] bArr, boolean z, List<Permission> list) {
        this(str, bArr, z);
        setPermissionsList(list);
    }

    public ShiroSecurityPolicy(Ini ini, byte[] bArr, boolean z, List<Permission> list) {
        this(ini, bArr, z);
        setPermissionsList(list);
    }

    public void beforeWrap(RouteContext routeContext, ProcessorDefinition<?> processorDefinition) {
    }

    public Processor wrap(RouteContext routeContext, final Processor processor) {
        return new AsyncProcessor() { // from class: org.apache.camel.component.shiro.security.ShiroSecurityPolicy.1
            public boolean process(Exchange exchange, final AsyncCallback asyncCallback) {
                try {
                    applySecurityPolicy(exchange);
                    if (!AsyncProcessorHelper.process(AsyncProcessorConverterHelper.convert(processor), exchange, new AsyncCallback() { // from class: org.apache.camel.component.shiro.security.ShiroSecurityPolicy.1.1
                        public void done(boolean z) {
                            if (z) {
                                return;
                            }
                            asyncCallback.done(false);
                        }
                    })) {
                        return false;
                    }
                    asyncCallback.done(true);
                    return true;
                } catch (Exception e) {
                    exchange.setException(e);
                    asyncCallback.done(true);
                    return true;
                }
            }

            public void process(Exchange exchange) throws Exception {
                applySecurityPolicy(exchange);
                processor.process(exchange);
            }

            private void applySecurityPolicy(Exchange exchange) throws Exception {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(ShiroSecurityPolicy.this.getCipherService().decrypt(((ByteSource) ExchangeHelper.getMandatoryHeader(exchange, "SHIRO_SECURITY_TOKEN", ByteSource.class)).getBytes(), ShiroSecurityPolicy.this.getPassPhrase()).getBytes());
                ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream);
                try {
                    ShiroSecurityToken shiroSecurityToken = (ShiroSecurityToken) objectInputStream.readObject();
                    IOHelper.close(new Closeable[]{objectInputStream, byteArrayInputStream});
                    Subject subject = SecurityUtils.getSubject();
                    try {
                        ShiroSecurityPolicy.this.authenticateUser(subject, shiroSecurityToken);
                        ShiroSecurityPolicy.this.authorizeUser(subject, exchange);
                        if (ShiroSecurityPolicy.this.alwaysReauthenticate) {
                            subject.logout();
                        }
                    } catch (Throwable th) {
                        if (ShiroSecurityPolicy.this.alwaysReauthenticate) {
                            subject.logout();
                        }
                        throw th;
                    }
                } catch (Throwable th2) {
                    IOHelper.close(new Closeable[]{objectInputStream, byteArrayInputStream});
                    throw th2;
                }
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void authenticateUser(Subject subject, ShiroSecurityToken shiroSecurityToken) {
        if (subject.isAuthenticated()) {
            return;
        }
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(shiroSecurityToken.getUsername(), shiroSecurityToken.getPassword());
        if (this.alwaysReauthenticate) {
            usernamePasswordToken.setRememberMe(false);
        } else {
            usernamePasswordToken.setRememberMe(true);
        }
        try {
            subject.login(usernamePasswordToken);
            LOG.debug("Current User {} successfully authenticated", subject.getPrincipal());
        } catch (AuthenticationException e) {
            throw new AuthenticationException("Authentication Failed.", e.getCause());
        } catch (UnknownAccountException e2) {
            throw new UnknownAccountException("Authentication Failed. There is no user with username of " + usernamePasswordToken.getPrincipal(), e2.getCause());
        } catch (LockedAccountException e3) {
            throw new LockedAccountException("Authentication Failed. The account for username " + usernamePasswordToken.getPrincipal() + " is locked.Please contact your administrator to unlock it.", e3.getCause());
        } catch (IncorrectCredentialsException e4) {
            throw new IncorrectCredentialsException("Authentication Failed. Password for account " + usernamePasswordToken.getPrincipal() + " was incorrect!", e4.getCause());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void authorizeUser(Subject subject, Exchange exchange) throws CamelAuthorizationException {
        boolean z = false;
        if (this.permissionsList.isEmpty()) {
            LOG.debug("Valid Permissions List not specified for ShiroSecurityPolicy. No authorization checks will be performed for current user");
            z = true;
        } else {
            Iterator<Permission> it = this.permissionsList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                } else if (subject.isPermitted(it.next())) {
                    z = true;
                    break;
                }
            }
        }
        if (!z) {
            throw new CamelAuthorizationException("Authorization Failed. Subject's role set does not have the necessary permissions to perform further processing", exchange);
        }
        LOG.debug("Current User {} is successfully authorized. The exchange will be allowed to proceed", subject.getPrincipal());
    }

    public CipherService getCipherService() {
        return this.cipherService;
    }

    public void setCipherService(CipherService cipherService) {
        this.cipherService = cipherService;
    }

    public SecurityManager getSecurityManager() {
        return this.securityManager;
    }

    public void setSecurityManager(SecurityManager securityManager) {
        this.securityManager = securityManager;
    }

    public byte[] getPassPhrase() {
        return this.passPhrase;
    }

    public void setPassPhrase(byte[] bArr) {
        this.passPhrase = bArr;
    }

    public List<Permission> getPermissionsList() {
        return this.permissionsList;
    }

    public void setPermissionsList(List<Permission> list) {
        this.permissionsList = list;
    }

    public boolean isAlwaysReauthenticate() {
        return this.alwaysReauthenticate;
    }

    public void setAlwaysReauthenticate(boolean z) {
        this.alwaysReauthenticate = z;
    }
}
