package com.elitesland.yst.core.security.config;

import cn.hutool.core.util.StrUtil;
import com.elitesland.yst.common.property.OAuth2Properties;
import com.elitesland.yst.common.property.SpecialAccountProperties;
import com.elitesland.yst.common.util.RedisUtils;
import com.elitesland.yst.core.security.component.PermissionWithRoleCacheService;
import com.elitesland.yst.core.security.util.RequestMatcherCreator;
import com.elitesland.yst.oauth.service.OAuthClientDetailsRpcService;
import com.elitesland.yst.oauth.vo.OAuthClientDetailsVO;
import com.elitesland.yst.security.common.PermissionWhiteListEnum;
import com.elitesland.yst.system.service.SysPermissionService;
import com.elitesland.yst.system.service.SysRoleService;
import com.elitesland.yst.system.vo.SysPermissionWithRoleVO;
import io.vavr.Tuple;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.dubbo.config.annotation.DubboReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpMethod;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:com/elitesland/yst/core/security/config/PermissionBasedFilterSecurityMetadataSource.class */
public class PermissionBasedFilterSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
    private static final Integer a = 1;
    private static final String b = "DENIED";
    private boolean d;
    private String e;

    @Autowired
    private RequestMatcherCreator g;

    @Autowired
    private RedisUtils h;
    private SpecialAccountProperties i;
    private OAuth2Properties j;
    private PermissionWithRoleCacheService k;

    @DubboReference(version = "${provider.service.version}", check = false)
    private SysRoleService l;

    @DubboReference(version = "${provider.service.version}", check = false)
    private SysPermissionService m;

    @DubboReference(version = "${provider.service.version}", check = false)
    private OAuthClientDetailsRpcService n;
    private final List<RequestMatcher> c = (List) Arrays.stream(PermissionWhiteListEnum.values()).map(permissionWhiteListEnum -> {
        return new AntPathRequestMatcher(permissionWhiteListEnum.getPath(), permissionWhiteListEnum.getMethod() == null ? null : permissionWhiteListEnum.getMethod().toString());
    }).collect(Collectors.toList());
    private Logger f = LoggerFactory.getLogger(PermissionBasedFilterSecurityMetadataSource.class);

    @Autowired
    public void setoAuth2Properties(OAuth2Properties oAuth2Properties) {
        this.j = oAuth2Properties;
    }

    @Autowired
    public void setSpecialAccountProperties(SpecialAccountProperties specialAccountProperties) {
        this.i = specialAccountProperties;
    }

    @Autowired
    public void setPermissionWithRoleCacheService(PermissionWithRoleCacheService permissionWithRoleCacheService) {
        this.k = permissionWithRoleCacheService;
    }

    public PermissionBasedFilterSecurityMetadataSource(boolean z, String str, WhitelistProperties whitelistProperties) {
        this.d = true;
        this.e = "";
        this.d = z;
        this.e = str;
        if (CollectionUtils.isNotEmpty(whitelistProperties.getIgnoreUrls())) {
            this.c.addAll((Collection) whitelistProperties.getIgnoreUrls().stream().map(whiteUrl -> {
                return new AntPathRequestMatcher(whiteUrl.getUrl(), whiteUrl.getMethod());
            }).collect(Collectors.toList()));
        }
    }

    public Collection<ConfigAttribute> getAttributes(Object obj) throws IllegalArgumentException {
        if (!this.d) {
            return org.springframework.security.access.SecurityConfig.createList(new String[0]);
        }
        HttpServletRequest request = ((FilterInvocation) obj).getRequest();
        List<ConfigAttribute> a2 = a(request);
        if (a2 != null) {
            return a2;
        }
        if (this.c.stream().filter(requestMatcher -> {
            return requestMatcher.matches(request);
        }).findAny().isPresent()) {
            return org.springframework.security.access.SecurityConfig.createList(new String[0]);
        }
        List<SysPermissionWithRoleVO> permissionWithRole = this.k.getPermissionWithRole();
        return CollectionUtils.isEmpty(permissionWithRole) ? org.springframework.security.access.SecurityConfig.createList(new String[0]) : org.springframework.security.access.SecurityConfig.createList((String[]) ((List) permissionWithRole.stream().filter(sysPermissionWithRoleVO -> {
            return a.equals(sysPermissionWithRoleVO.getPermType()) && StringUtils.isNotBlank(sysPermissionWithRoleVO.getPattern());
        }).map(sysPermissionWithRoleVO2 -> {
            return StrUtil.isBlank(sysPermissionWithRoleVO2.getRoleCode()) ? StrUtil.isNotBlank(sysPermissionWithRoleVO2.getHttpMethod()) ? Tuple.of(this.e + "DENIED", new AntPathRequestMatcher(sysPermissionWithRoleVO2.getPattern(), sysPermissionWithRoleVO2.getHttpMethod().toUpperCase())) : Tuple.of(this.e + "DENIED", new AntPathRequestMatcher(sysPermissionWithRoleVO2.getPattern())) : StrUtil.isNotBlank(sysPermissionWithRoleVO2.getHttpMethod()) ? Tuple.of(this.e + sysPermissionWithRoleVO2.getRoleCode(), new AntPathRequestMatcher(sysPermissionWithRoleVO2.getPattern(), sysPermissionWithRoleVO2.getHttpMethod().toUpperCase())) : Tuple.of(this.e + sysPermissionWithRoleVO2.getRoleCode(), new AntPathRequestMatcher(sysPermissionWithRoleVO2.getPattern()));
        }).filter(tuple2 -> {
            return ((AntPathRequestMatcher) tuple2._2).matches(request);
        }).collect(Collectors.toList())).stream().map(tuple22 -> {
            return (String) tuple22._1;
        }).toArray(i -> {
            return new String[i];
        }));
    }

    private List<ConfigAttribute> a(HttpServletRequest httpServletRequest) throws Exception {
        String[] split;
        String header = httpServletRequest.getHeader("client_id");
        String header2 = httpServletRequest.getHeader("client_secret");
        if (header == null || header2 == null || !this.i.getAccountSet().parallelStream().filter(str -> {
            return str.equalsIgnoreCase(header);
        }).findFirst().isPresent()) {
            return null;
        }
        try {
            OAuthClientDetailsVO selectDeatils = this.n.selectDeatils(header, header2);
            if (selectDeatils == null || (split = selectDeatils.getResourceIds().split(",")) == null || this.j.getResourceId() == null) {
                return null;
            }
            return Arrays.stream(split).filter(str2 -> {
                return str2.equalsIgnoreCase(this.j.getResourceId());
            }).findFirst().isPresent() ? org.springframework.security.access.SecurityConfig.createList(new String[0]) : org.springframework.security.access.SecurityConfig.createList(new String[]{"NO_PERMISSION"});
        } catch (Exception e) {
            this.f.info("认证服务异常：" + e.getMessage());
            throw new Exception("认证服务异常：" + e.getMessage());
        }
    }

    public Collection<ConfigAttribute> getAllConfigAttributes() {
        List list = (List) this.h.get("sys_all_roles");
        if (list.isEmpty()) {
            list = this.l.listAll();
        }
        return org.springframework.security.access.SecurityConfig.createList((String[]) list.stream().map((v0) -> {
            return v0.getCode();
        }).toArray(i -> {
            return new String[i];
        }));
    }

    public boolean supports(Class<?> cls) {
        return this.d && FilterInvocation.class.isAssignableFrom(cls);
    }

    private boolean a(String str) {
        return (str == null || HttpMethod.resolve(str.toUpperCase()) == null) ? false : true;
    }
}
