import com.sinochem.erp.common.entity.Permissions;
import com.sinochem.erp.common.entity.Role;
import com.sinochem.erp.common.entity.User;
import com.sinochem.erp.common.exception.MoreUsersException;
import com.sinochem.erp.service.UserService;
import com.sinochem.erp.service.impmain.PermissionsServcie;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import javax.annotation.PostConstruct;
import java.util.ArrayList;
import java.util.List;

@Service
public class SystemAuthorizingRealm extends AuthorizingRealm {

    @Autowired
    private UserService userService;
    @Autowired
    private PermissionsServcie permissionsServcie;

    public SystemAuthorizingRealm(CacheManager ehCacheManager) {
        this.setCacheManager(ehCacheManager);
    }
/**
*認證
*/
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        CaptchaFormAuthenticationFilter.CaptchaUsernamePasswordToken t = (CaptchaFormAuthenticationFilter.CaptchaUsernamePasswordToken) token;
        List<User> users = userService.findAllByLoginName(t.getUsername());
        if (users.size() > 1) {
            throw new MoreUsersException("");
        }
        if (users.size() == 0) {
            return null;
        }
        User user = users.get(0);
        if (null != user) {
            user.setPlatforms(t.getPlatforms());
            List<Role> roles=permissionsServcie.getRolesByUser(user.getId());
            user.setRoles(roles);
            SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, user.getPwd(), getName());
            info.setCredentialsSalt(ByteSource.Util.bytes(user.getSalt()));
            return info;
        }
        return null;
    }

    /**
     * 獲取授權資訊
     *
     * @param principals principals
     * @return 授權資訊
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        User user = (User) principals.getPrimaryPrincipal();
        List<Permissions> permissions = permissionsServcie.getPermissionsByuser(user.getId());
        for (Permissions permission : permissions) {
            info.addStringPermission(permission.getCode());
        }
        return info;
    }

    @PostConstruct
    public void initCredentialsMatcher() {
        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher("SHA-256");
        matcher.setHashIterations(1024);
        matcher.setStoredCredentialsHexEncoded(false);
        setCredentialsMatcher(matcher);
    }
}