package com.digiwin.dap.middleware.iam.support.ram.impl;

import com.digiwin.dap.middle.ram.domain.PatternVO;
import com.digiwin.dap.middle.ram.domain.enums.PolicyType;
import com.digiwin.dap.middle.ram.domain.function.Function;
import com.digiwin.dap.middle.ram.service.core.RamCoreService;
import com.digiwin.dap.middle.ram.util.MatcherUtils;
import com.digiwin.dap.middleware.cache.RedisUtils;
import com.digiwin.dap.middleware.domain.CommonErrorCode;
import com.digiwin.dap.middleware.exception.UnauthorizedException;
import com.digiwin.dap.middleware.iam.constant.enums.ConditionValueEnum;
import com.digiwin.dap.middleware.iam.domain.auth.AccessTenant;
import com.digiwin.dap.middleware.iam.domain.auth.AccessUser;
import com.digiwin.dap.middleware.iam.domain.permission.CalcUser;
import com.digiwin.dap.middleware.iam.domain.permission.PermissionPolicy;
import com.digiwin.dap.middleware.iam.domain.permission.UserPermissionResult;
import com.digiwin.dap.middleware.iam.domain.permission.UserPermissionResultVO;
import com.digiwin.dap.middleware.iam.domain.permission.UserPermissionVO;
import com.digiwin.dap.middleware.iam.entity.DevSys;
import com.digiwin.dap.middleware.iam.service.dev.sys.DevSysCrudService;
import com.digiwin.dap.middleware.iam.service.permission.AuthService;
import com.digiwin.dap.middleware.iam.service.service.permission.SpTenantTrustRelationService;
import com.digiwin.dap.middleware.iam.support.cache.CommonCacheService;
import com.digiwin.dap.middleware.iam.support.ram.AccessSecurityService;
import com.digiwin.dap.middleware.iam.support.remote.CacService;
import com.digiwin.dap.middleware.iam.support.remote.domain.AuthorizationResultVO;
import java.time.Duration;
import java.time.LocalDateTime;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/classes/com/digiwin/dap/middleware/iam/support/ram/impl/AccessSecurityServiceImpl.class */
public class AccessSecurityServiceImpl implements AccessSecurityService {

    @Autowired
    private CacService cacService;

    @Autowired
    private AuthService authService;

    @Autowired(required = false)
    private RamCoreService ramCoreService;

    @Autowired
    private CommonCacheService commonCacheService;

    @Autowired
    private DevSysCrudService devSysCrudService;

    @Autowired
    private SpTenantTrustRelationService spTenantTrustRelationService;

    @Override // com.digiwin.dap.middleware.iam.support.ram.AccessSecurityService
    public boolean noneCheck(String str, String str2, String str3) {
        return MatcherUtils.matches(str2, str3, this.ramCoreService.getPattern(str, PolicyType.None.name())) != null ? Boolean.TRUE.booleanValue() : Boolean.FALSE.booleanValue();
    }

    @Override // com.digiwin.dap.middleware.iam.support.ram.AccessSecurityService
    public void serviceCheck(AccessUser accessUser) {
        PatternVO matches = MatcherUtils.matches(accessUser.getMethod(), accessUser.path(), this.ramCoreService.getPattern(accessUser.getAppId()));
        if (matches != null) {
            List<String> findPolicyIdByRoute = this.ramCoreService.findPolicyIdByRoute(accessUser.getSysId(), PolicyType.Function.name(), matches.getMethod(), matches.path());
            Stream<String> stream = getPolicyIds(accessUser).stream();
            findPolicyIdByRoute.getClass();
            if (stream.anyMatch((v1) -> {
                return r1.contains(v1);
            })) {
                return;
            }
        }
        throw new UnauthorizedException(CommonErrorCode.USER_TOKEN_INVALID, String.format("用户[%s]没有访问应用[%s]接口[%s-%s](%s)权限", accessUser.getUserId(), accessUser.getAppId(), accessUser.getMethod(), accessUser.getPath(), accessUser.getTableName()));
    }

    @Override // com.digiwin.dap.middleware.iam.support.ram.AccessSecurityService
    public boolean trustChainCheck(AccessTenant accessTenant) {
        DevSys findById = this.devSysCrudService.findById(accessTenant.getSysId());
        DevSys findById2 = this.devSysCrudService.findById(accessTenant.getAppId());
        if (findById2 == null) {
            throw new UnauthorizedException(CommonErrorCode.USER_TOKEN_INVALID);
        }
        return (findById != null && Objects.equals(findById.getTenantSid(), findById2.getTenantSid())) || accessTenant.getTenantSid() == findById2.getTenantSid().longValue() || this.spTenantTrustRelationService.findByOwnerSidAndTargetId(findById2.getTenantSid().longValue(), accessTenant.getTenantSid()) != null;
    }

    @Override // com.digiwin.dap.middleware.iam.support.ram.AccessSecurityService
    public void authCheck(AccessTenant accessTenant) {
        PatternVO matches;
        List<String> policyIds = getPolicyIds(accessTenant);
        if (!policyIds.isEmpty() && (matches = MatcherUtils.matches(accessTenant.getMethod(), accessTenant.getPath(), this.ramCoreService.getPattern(accessTenant.getAppId()))) != null) {
            List<String> findPolicyIdByRoute = this.ramCoreService.findPolicyIdByRoute(accessTenant.getSysId(), PolicyType.Function.name(), matches.getMethod(), matches.getPath());
            Stream<String> stream = policyIds.stream();
            findPolicyIdByRoute.getClass();
            if (stream.anyMatch((v1) -> {
                return r1.contains(v1);
            })) {
                return;
            }
        }
        throw new UnauthorizedException(CommonErrorCode.USER_TOKEN_INVALID, String.format("租户[%s]没有访问应用[%s]接口[%s-%s]权限", accessTenant.getTenantId(), accessTenant.getAppId(), accessTenant.getMethod(), accessTenant.getPath()));
    }

    private List<String> getPolicyIds(AccessTenant accessTenant) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(UserPermissionVO.PREFIX + accessTenant.getAppId());
        AuthorizationResultVO queryAllAuthorization = this.cacService.queryAllAuthorization(accessTenant.getTenantId(), accessTenant.getAppId());
        if (queryAllAuthorization != null) {
            arrayList.addAll((List) queryAllAuthorization.getEnabledModules().stream().filter(authorizationModuleVO -> {
                return LocalDateTime.now().isBefore(authorizationModuleVO.getExpiredTime());
            }).map(authorizationModuleVO2 -> {
                return UserPermissionVO.PREFIX + accessTenant.getAppId() + ":" + authorizationModuleVO2.getId();
            }).collect(Collectors.toList()));
        }
        return arrayList;
    }

    private List<String> getPolicyIds(AccessUser accessUser) {
        String format = String.format(Function.REDIS_PERMISSION_KEY, accessUser.getUserId(), accessUser.getTenantId(), accessUser.getSysId());
        UserPermissionResultVO userPermissionResultVO = (UserPermissionResultVO) RedisUtils.get(format, UserPermissionResultVO.class);
        return userPermissionResultVO == null ? getPolicyIdsDb(accessUser, format) : getPolicyIds(userPermissionResultVO.getResult(), accessUser.getSysId());
    }

    private List<String> getPolicyIdsDb(AccessUser accessUser, String str) {
        accessUser.flushInfo(this.commonCacheService);
        CalcUser calcUser = new CalcUser();
        calcUser.setTenantSid(accessUser.getTenantSid());
        calcUser.setTenantId(accessUser.getTenantId());
        calcUser.setUserSid(accessUser.getUserSid());
        calcUser.setUserId(accessUser.getUserId());
        calcUser.setAppSid(accessUser.getSysSid());
        calcUser.setAppId(accessUser.getSysId());
        calcUser.setInside(accessUser.isInside());
        UserPermissionResult userPermission = this.authService.getUserPermission(calcUser);
        UserPermissionVO userPermissionVO = new UserPermissionVO();
        userPermissionVO.setUserId(calcUser.getUserId());
        userPermissionVO.setTarget(UserPermissionVO.PREFIX + calcUser.getAppId());
        RedisUtils.set(str, new UserPermissionResultVO(userPermissionVO, userPermission), Duration.ofDays(7L));
        return getPolicyIds(userPermission, accessUser.getSysId());
    }

    private List<String> getPolicyIds(UserPermissionResult userPermissionResult, String str) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(UserPermissionVO.PREFIX + str);
        arrayList.addAll((List) userPermissionResult.getPermissions().stream().map(permissionPolicy -> {
            return UserPermissionVO.PREFIX + str + ":" + permissionPolicy.getModuleId();
        }).distinct().collect(Collectors.toList()));
        for (PermissionPolicy permissionPolicy2 : userPermissionResult.getPermissions()) {
            arrayList.add(permissionPolicy2.getTarget());
            for (Map.Entry<String, Map<String, String>> entry : permissionPolicy2.getConditions().entrySet()) {
                for (Map.Entry<String, String> entry2 : entry.getValue().entrySet()) {
                    if (ConditionValueEnum.isAllow(entry2.getValue())) {
                        arrayList.add(entry.getKey() + ":" + entry2.getKey());
                    }
                }
            }
        }
        return arrayList;
    }
}
