package org.apache.camel.component.shiro.security;

import java.io.ByteArrayInputStream;
import java.io.Closeable;
import java.io.ObjectInputStream;
import java.util.Iterator;
import org.apache.camel.AsyncCallback;
import org.apache.camel.CamelAuthorizationException;
import org.apache.camel.CamelExchangeException;
import org.apache.camel.Exchange;
import org.apache.camel.Processor;
import org.apache.camel.processor.DelegateAsyncProcessor;
import org.apache.camel.util.ExchangeHelper;
import org.apache.camel.util.IOHelper;
import org.apache.camel.util.ObjectHelper;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/camel/component/shiro/security/ShiroSecurityProcessor.class */
public class ShiroSecurityProcessor extends DelegateAsyncProcessor {
    private static final Logger LOG = LoggerFactory.getLogger(ShiroSecurityProcessor.class);
    private final ShiroSecurityPolicy policy;

    public ShiroSecurityProcessor(Processor processor, ShiroSecurityPolicy shiroSecurityPolicy) {
        super(processor);
        this.policy = shiroSecurityPolicy;
    }

    public boolean process(Exchange exchange, AsyncCallback asyncCallback) {
        try {
            applySecurityPolicy(exchange);
            return super.process(exchange, asyncCallback);
        } catch (Exception e) {
            exchange.setException(e);
            asyncCallback.done(true);
            return true;
        }
    }

    private void applySecurityPolicy(Exchange exchange) throws Exception {
        ByteSource byteSource;
        String str = (String) exchange.getIn().getHeader(ShiroSecurityConstants.SHIRO_SECURITY_USERNAME, String.class);
        String str2 = (String) exchange.getIn().getHeader(ShiroSecurityConstants.SHIRO_SECURITY_PASSWORD, String.class);
        if (str != null && str2 != null) {
            ShiroSecurityToken shiroSecurityToken = new ShiroSecurityToken(str, str2);
            if (this.policy.isBase64()) {
                exchange.getIn().setHeader(ShiroSecurityConstants.SHIRO_SECURITY_TOKEN, ShiroSecurityHelper.encrypt(shiroSecurityToken, this.policy.getPassPhrase(), this.policy.getCipherService()).toBase64());
            } else {
                exchange.getIn().setHeader(ShiroSecurityConstants.SHIRO_SECURITY_TOKEN, shiroSecurityToken);
            }
            exchange.getIn().removeHeader(ShiroSecurityConstants.SHIRO_SECURITY_USERNAME);
            exchange.getIn().removeHeader(ShiroSecurityConstants.SHIRO_SECURITY_PASSWORD);
        }
        Object mandatoryHeader = ExchangeHelper.getMandatoryHeader(exchange, ShiroSecurityConstants.SHIRO_SECURITY_TOKEN, Object.class);
        if (mandatoryHeader instanceof ShiroSecurityToken) {
            byteSource = ShiroSecurityHelper.encrypt((ShiroSecurityToken) mandatoryHeader, this.policy.getPassPhrase(), this.policy.getCipherService());
            exchange.getIn().removeHeader(ShiroSecurityConstants.SHIRO_SECURITY_TOKEN);
            exchange.getIn().setHeader(ShiroSecurityConstants.SHIRO_SECURITY_TOKEN, byteSource);
        } else if (mandatoryHeader instanceof String) {
            String str3 = (String) mandatoryHeader;
            byteSource = this.policy.isBase64() ? ByteSource.Util.bytes(Base64.decode(str3)) : ByteSource.Util.bytes(str3);
        } else {
            if (!(mandatoryHeader instanceof ByteSource)) {
                throw new CamelExchangeException("Shiro security header SHIRO_SECURITY_TOKEN is unsupported type: " + ObjectHelper.classCanonicalName(mandatoryHeader), exchange);
            }
            byteSource = (ByteSource) mandatoryHeader;
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.policy.getCipherService().decrypt(byteSource.getBytes(), this.policy.getPassPhrase()).getBytes());
        ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream);
        try {
            ShiroSecurityToken shiroSecurityToken2 = (ShiroSecurityToken) objectInputStream.readObject();
            IOHelper.close(new Closeable[]{objectInputStream, byteArrayInputStream});
            Subject subject = SecurityUtils.getSubject();
            try {
                authenticateUser(subject, shiroSecurityToken2);
                authorizeUser(subject, exchange);
                if (this.policy.isAlwaysReauthenticate()) {
                    subject.logout();
                }
            } catch (Throwable th) {
                if (this.policy.isAlwaysReauthenticate()) {
                    subject.logout();
                }
                throw th;
            }
        } catch (Throwable th2) {
            IOHelper.close(new Closeable[]{objectInputStream, byteArrayInputStream});
            throw th2;
        }
    }

    private void authenticateUser(Subject subject, ShiroSecurityToken shiroSecurityToken) {
        boolean isAuthenticated = subject.isAuthenticated();
        boolean equals = shiroSecurityToken.getUsername().equals(subject.getPrincipal());
        LOG.trace("Authenticated: {}, same Username: {}", Boolean.valueOf(isAuthenticated), Boolean.valueOf(equals));
        if (isAuthenticated && equals) {
            return;
        }
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(shiroSecurityToken.getUsername(), shiroSecurityToken.getPassword());
        if (this.policy.isAlwaysReauthenticate()) {
            usernamePasswordToken.setRememberMe(false);
        } else {
            usernamePasswordToken.setRememberMe(true);
        }
        try {
            subject.login(usernamePasswordToken);
            LOG.debug("Current user {} successfully authenticated", subject.getPrincipal());
        } catch (IncorrectCredentialsException e) {
            throw new IncorrectCredentialsException("Authentication Failed. Password for account " + usernamePasswordToken.getPrincipal() + " was incorrect!", e.getCause());
        } catch (LockedAccountException e2) {
            throw new LockedAccountException("Authentication Failed. The account for username " + usernamePasswordToken.getPrincipal() + " is locked.Please contact your administrator to unlock it.", e2.getCause());
        } catch (UnknownAccountException e3) {
            throw new UnknownAccountException("Authentication Failed. There is no user with username of " + usernamePasswordToken.getPrincipal(), e3.getCause());
        } catch (AuthenticationException e4) {
            throw new AuthenticationException("Authentication Failed.", e4.getCause());
        }
    }

    private void authorizeUser(Subject subject, Exchange exchange) throws CamelAuthorizationException {
        boolean z = false;
        if (this.policy.getPermissionsList().isEmpty()) {
            LOG.trace("Valid Permissions List not specified for ShiroSecurityPolicy. No authorization checks will be performed for current user.");
            z = true;
        } else {
            Iterator<Permission> it = this.policy.getPermissionsList().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                } else if (subject.isPermitted(it.next())) {
                    z = true;
                    break;
                }
            }
        }
        if (!z) {
            throw new CamelAuthorizationException("Authorization Failed. Subject's role set does not have the necessary permissions to perform further processing.", exchange);
        }
        LOG.debug("Current user {} is successfully authorized.", subject.getPrincipal());
    }
}
