package io.higgs.http.server.auth;

import io.higgs.core.HiggsServer;
import io.higgs.http.server.config.HttpConfig;
import java.util.HashSet;
import java.util.Iterator;
import java.util.ServiceConfigurationError;
import java.util.ServiceLoader;
import java.util.Set;
import org.apache.shiro.authc.Authenticator;
import org.apache.shiro.authc.pam.AuthenticationStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.authz.Authorizer;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/higgs/http/server/auth/HiggsSecurityManager.class */
public class HiggsSecurityManager {
    protected static DefaultSecurityManager securityManager;
    protected static HttpConfig config;
    protected static Logger log = LoggerFactory.getLogger(HiggsSecurityManager.class);
    protected static HiggsSessionManager sessionManager = new HiggsSessionManager();

    protected HiggsSecurityManager() {
    }

    public static void configure(HiggsServer higgsServer, DefaultSecurityManager defaultSecurityManager) {
        securityManager = defaultSecurityManager;
        config = (HttpConfig) higgsServer.getConfig();
        setupSessions();
        setupRealms();
        seupAuthenticationStrategy();
        setupAuthorization();
    }

    protected static void setupSessions() {
        sessionManager.setSessionFactory(new HiggsSessionFactory());
        securityManager.setSessionManager(sessionManager);
        Set services = getServices(SessionDAO.class);
        if (services.size() <= 0) {
            sessionManager.setSessionDAO(new DefaultHiggsSessionDAO(config.session_dir));
            return;
        }
        Iterator it = services.iterator();
        SessionDAO sessionDAO = (SessionDAO) it.next();
        sessionManager.setSessionDAO(sessionDAO);
        if (it.hasNext()) {
            log.warn(String.format("Multiple SessionDAO configured, ONLY using %s", sessionDAO.getClass().getName()));
        }
    }

    protected static void setupRealms() {
        Set services = getServices(Realm.class);
        if (services.size() > 0) {
            if (securityManager.getRealms() != null) {
                services.addAll(securityManager.getRealms());
            }
            securityManager.setRealms(services);
        } else if (securityManager.getRealms() == null || securityManager.getRealms().size() == 0) {
            log.info("No Realm services setup on the class path, this means if authorization or authentication is configured they may not work as expected");
        }
    }

    protected static void seupAuthenticationStrategy() {
        Set services = getServices(AuthenticationStrategy.class);
        if (services.size() <= 0) {
            log.info("No authentication service setup on the class path");
            return;
        }
        Authenticator modularRealmAuthenticator = new ModularRealmAuthenticator();
        Authenticator authenticator = securityManager.getAuthenticator();
        if (authenticator instanceof ModularRealmAuthenticator) {
            modularRealmAuthenticator = (ModularRealmAuthenticator) authenticator;
        } else {
            securityManager.setAuthenticator(modularRealmAuthenticator);
        }
        Iterator it = services.iterator();
        AuthenticationStrategy authenticationStrategy = (AuthenticationStrategy) it.next();
        modularRealmAuthenticator.setAuthenticationStrategy(authenticationStrategy);
        if (it.hasNext()) {
            log.warn(String.format("Multiple authentication strategies found, only using the first one which is %s ", authenticationStrategy.getClass().getName()));
        }
    }

    protected static void setupAuthorization() {
        Set services = getServices(Authorizer.class);
        if (services.size() <= 0) {
            if (securityManager.getAuthorizer() == null) {
                log.info("No authorization service setup on the class path");
            }
        } else {
            Iterator it = services.iterator();
            Authorizer authorizer = (Authorizer) it.next();
            securityManager.setAuthorizer(authorizer);
            if (it.hasNext()) {
                log.warn(String.format("Multiple authorizers configured, ONLY %s is being used", authorizer.getClass().getName()));
            }
        }
    }

    protected static <T> Set<T> getServices(Class<T> cls) {
        Iterator it = ServiceLoader.load(cls).iterator();
        HashSet hashSet = new HashSet();
        while (it.hasNext()) {
            try {
                hashSet.add(it.next());
            } catch (ServiceConfigurationError e) {
                log.warn("Unable to register Realm", e);
            }
        }
        return hashSet;
    }
}
