package com.digiwin.dap.middleware.iam.support.ram.impl;

import com.digiwin.dap.middle.autoconfigure.properties.RamProperties;
import com.digiwin.dap.middle.ram.constant.CacheConstant;
import com.digiwin.dap.middle.ram.domain.GrantVO;
import com.digiwin.dap.middle.ram.domain.PolicyVO;
import com.digiwin.dap.middle.ram.domain.RouteVO;
import com.digiwin.dap.middle.ram.domain.enums.PolicyCategory;
import com.digiwin.dap.middle.ram.domain.enums.PolicyType;
import com.digiwin.dap.middle.ram.domain.page.Page;
import com.digiwin.dap.middle.ram.entity.Grant;
import com.digiwin.dap.middle.ram.entity.GrantPolicy;
import com.digiwin.dap.middle.ram.entity.Policy;
import com.digiwin.dap.middle.ram.entity.PolicyRoute;
import com.digiwin.dap.middle.ram.entity.Route;
import com.digiwin.dap.middle.ram.mapper.RamGrantMapper;
import com.digiwin.dap.middle.ram.mapper.RamGrantPolicyMapper;
import com.digiwin.dap.middle.ram.mapper.RamPolicyMapper;
import com.digiwin.dap.middle.ram.mapper.RamRouteMapper;
import com.digiwin.dap.middle.ram.service.authentication.AuthCheckHandler;
import com.digiwin.dap.middle.ram.service.base.RamGrantCrudService;
import com.digiwin.dap.middle.ram.service.base.RamGrantPolicyCrudService;
import com.digiwin.dap.middle.ram.service.base.RamPolicyCrudService;
import com.digiwin.dap.middle.ram.service.base.RamPolicyRouteCrudService;
import com.digiwin.dap.middle.ram.service.base.RamRouteCrudService;
import com.digiwin.dap.middle.ram.service.core.RamCacheService;
import com.digiwin.dap.middle.ram.service.core.RamCoreService;
import com.digiwin.dap.middleware.auth.AuthoredSys;
import com.digiwin.dap.middleware.auth.AuthoredUser;
import com.digiwin.dap.middleware.auth.domain.AuthResult;
import com.digiwin.dap.middleware.cache.RedisUtils;
import com.digiwin.dap.middleware.domain.CommonCode;
import com.digiwin.dap.middleware.domain.DeployAreaEnum;
import com.digiwin.dap.middleware.domain.PageData;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.IamConstants;
import com.digiwin.dap.middleware.iam.domain.EnvProperties;
import com.digiwin.dap.middleware.iam.domain.ram.RamUpgradePolicyDTO;
import com.digiwin.dap.middleware.iam.domain.service.permission.MetadataApiVO;
import com.digiwin.dap.middleware.iam.domain.tenant.GroundNoAuthUserVO;
import com.digiwin.dap.middleware.iam.mapper.RamMapper;
import com.digiwin.dap.middleware.iam.support.auth.RamService;
import com.digiwin.dap.middleware.iam.support.remote.RemoteRamUpgradeService;
import com.digiwin.dap.middleware.util.EnvUtils;
import com.digiwin.dap.middleware.util.UserUtils;
import com.github.pagehelper.PageSerializable;
import java.time.LocalDateTime;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import org.pac4j.core.authorization.generator.SpringSecurityPropertiesAuthorizationGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Primary;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.StringUtils;

@ConditionalOnProperty(prefix = RamProperties.DAP_RAM_PREFIX, value = {SpringSecurityPropertiesAuthorizationGenerator.ENABLED}, havingValue = "true")
@Primary
@Service
/* loaded from: input_file:WEB-INF/classes/com/digiwin/dap/middleware/iam/support/ram/impl/RamJarServiceImpl.class */
public class RamJarServiceImpl implements RamService {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) RamJarServiceImpl.class);
    public static final String IAM_RAM_POLICY = "iam:ram:*";
    public static final long MILLIS = 3000;

    @Autowired
    private EnvProperties envProperties;

    @Autowired
    private RamMapper ramMapper;

    @Autowired(required = false)
    private AuthCheckHandler authCheckHandler;

    @Autowired(required = false)
    private RamCacheService ramCacheService;

    @Autowired(required = false)
    private RamCoreService ramCoreService;

    @Autowired(required = false)
    private RamGrantMapper ramGrantMapper;

    @Autowired(required = false)
    private RamGrantCrudService ramGrantCrudService;

    @Autowired(required = false)
    private RamGrantPolicyCrudService ramGrantPolicyCrudService;

    @Autowired(required = false)
    private RamPolicyCrudService ramPolicyCrudService;

    @Autowired(required = false)
    private RamPolicyRouteCrudService ramPolicyRouteCrudService;

    @Autowired(required = false)
    private RamRouteCrudService ramRouteCrudService;

    @Autowired
    private RemoteRamUpgradeService remoteRamUpgradeService;

    @Autowired(required = false)
    private RamRouteMapper ramRouteMapper;

    @Autowired(required = false)
    private RamPolicyMapper ramPolicyMapper;

    @Autowired(required = false)
    private RamGrantPolicyMapper ramGrantPolicyMapper;

    @Override // com.digiwin.dap.middleware.iam.support.auth.RamService
    public boolean targetCanAccessPath(String str, String str2, String str3, String str4) {
        return this.ramCoreService.findTargetIdByRoute("middleware", PolicyType.AcrossTenant.toString(), str, str3, str4).contains(str2);
    }

    @Override // com.digiwin.dap.middleware.iam.support.auth.RamService
    public AuthResult processAuth(AuthResult authResult, AuthoredUser authoredUser, AuthoredSys authoredSys) {
        return this.authCheckHandler.processAuth(authResult, authoredUser, authoredSys);
    }

    @Override // com.digiwin.dap.middleware.iam.support.auth.RamService
    public Map<String, Boolean> processAuth(String str, List<String> list, AuthoredSys authoredSys) {
        AuthoredUser authoredUser = new AuthoredUser();
        authoredUser.setUserId(str);
        HashMap hashMap = new HashMap();
        list.forEach(str2 -> {
            authoredUser.setTenantId(str2);
            hashMap.put(str2, Boolean.valueOf(this.authCheckHandler.processAuth(AuthResult.of(), authoredUser, authoredSys).ok()));
        });
        return hashMap;
    }

    private Policy savePolicyNone(String str) {
        Policy policy = new Policy();
        policy.setApp(str);
        policy.setCategory(Integer.valueOf(PolicyCategory.Standard.ordinal()));
        policy.setType(PolicyType.None.name());
        policy.setId(String.format("NonePolicy:%s", str));
        policy.setName(str);
        this.ramPolicyCrudService.insert(policy);
        return policy;
    }

    private Policy savePolicyFunction(String str, String str2, String str3) {
        Policy policy = new Policy();
        policy.setApp(str);
        policy.setCategory(Integer.valueOf(PolicyCategory.Function.ordinal()));
        policy.setType(PolicyType.Function.name());
        policy.setId(str2);
        policy.setName(str3);
        this.ramPolicyCrudService.insert(policy);
        return policy;
    }

    private void savePolicyRoute(long j, long j2) {
        PolicyRoute policyRoute = new PolicyRoute();
        policyRoute.setPolicySid(j);
        policyRoute.setRouteSid(j2);
        policyRoute.setEffect(true);
        this.ramPolicyRouteCrudService.insert(policyRoute);
    }

    private long saveRoute(MetadataApiVO metadataApiVO) {
        Route route = new Route();
        route.setApp(metadataApiVO.getApp());
        route.setMethod(metadataApiVO.getMethod());
        route.setPath(StringUtils.isEmpty(metadataApiVO.getTableName()) ? metadataApiVO.getPath() : metadataApiVO.getPath() + "/" + metadataApiVO.getTableName());
        route.setName(metadataApiVO.getDisplayName());
        route.setRemark(metadataApiVO.getRemark());
        route.setTableName(metadataApiVO.getTableName());
        return this.ramRouteCrudService.insert(route);
    }

    @Override // com.digiwin.dap.middleware.iam.support.auth.RamService
    public void createRouteWithPolicy(String str, String str2, String str3, List<MetadataApiVO> list) {
        if (list.isEmpty()) {
            return;
        }
        Policy findPolicyById = this.ramMapper.findPolicyById(str2);
        if (findPolicyById == null) {
            findPolicyById = savePolicyFunction(str, str2, str3);
        }
        for (Map.Entry entry : ((Map) list.stream().collect(Collectors.groupingBy((v0) -> {
            return v0.getApp();
        }))).entrySet()) {
            String str4 = (String) entry.getKey();
            List<Route> findRoutesByAppId = this.ramMapper.findRoutesByAppId(str4);
            savePolicyRoute(str, findPolicyById.getSid().longValue(), (List) ((List) entry.getValue()).stream().filter(metadataApiVO -> {
                return !metadataApiVO.getAnonymous().booleanValue();
            }).collect(Collectors.toList()), findRoutesByAppId);
            List<MetadataApiVO> list2 = (List) ((List) entry.getValue()).stream().filter((v0) -> {
                return v0.getAnonymous();
            }).collect(Collectors.toList());
            if (!list2.isEmpty()) {
                Policy findPolicyByType = this.ramMapper.findPolicyByType(str4, PolicyType.None.name());
                if (findPolicyByType == null) {
                    findPolicyByType = savePolicyNone(str4);
                }
                savePolicyRoute(str, findPolicyByType.getSid().longValue(), list2, findRoutesByAppId);
                RedisUtils.delete(CacheConstant.getPolicyType("iam", str4, PolicyType.None.name()));
            }
            RedisUtils.delete(CacheConstant.getRouteApp("iam", str4));
        }
    }

    private void savePolicyRoute(String str, long j, List<MetadataApiVO> list, List<Route> list2) {
        List<PolicyRoute> findPolicyRoutesByPolicy = this.ramMapper.findPolicyRoutesByPolicy(Long.valueOf(j));
        for (MetadataApiVO metadataApiVO : list) {
            Optional<Route> findFirst = list2.stream().filter(route -> {
                return route.getApp().equalsIgnoreCase(metadataApiVO.getApp()) && route.getMethod().equalsIgnoreCase(metadataApiVO.getMethod()) && route.getPath().equals(metadataApiVO.getPath());
            }).findFirst();
            if (findFirst.isPresent()) {
                long longValue = findFirst.get().getSid().longValue();
                if (findPolicyRoutesByPolicy.removeIf(policyRoute -> {
                    return policyRoute.getRouteSid() == longValue;
                })) {
                    this.ramMapper.updateDeteted(Long.valueOf(j), Long.valueOf(longValue), false);
                } else {
                    savePolicyRoute(j, longValue);
                }
            } else {
                savePolicyRoute(j, saveRoute(metadataApiVO));
            }
            RedisUtils.delete(CacheConstant.getPolicyPath("iam", str, metadataApiVO.getMethod(), metadataApiVO.getPath()));
        }
        Iterator<PolicyRoute> it = findPolicyRoutesByPolicy.iterator();
        while (it.hasNext()) {
            this.ramMapper.updateDeteted(Long.valueOf(j), Long.valueOf(it.next().getRouteSid()), true);
        }
    }

    @Override // com.digiwin.dap.middleware.iam.support.auth.RamService
    public PageData<?> getGoodsRelatedApis(String str, Boolean bool, Integer num, Integer num2) {
        PageSerializable pageSerializable = new PageSerializable(bool.booleanValue() ? this.ramMapper.findByPolicyId(str, str, num, num2) : this.ramMapper.findByPolicyId(str, null, num, num2));
        return PageData.data(pageSerializable.getTotal(), pageSerializable.getList());
    }

    @Override // com.digiwin.dap.middleware.iam.support.auth.RamService
    @Transactional(rollbackFor = {Exception.class})
    public void configureNoAuthUser(GroundNoAuthUserVO groundNoAuthUserVO) {
        if (this.envProperties.isCloud()) {
            return;
        }
        String str = groundNoAuthUserVO.getTenantId() + "-" + groundNoAuthUserVO.getGoodsCode();
        Grant grant = new Grant();
        grant.setTargetId(str);
        Long sid = this.ramGrantMapper.findByCond(grant).stream().filter(grant2 -> {
            return grant2.getTargetId().equals(str);
        }).findFirst().orElseGet(() -> {
            Grant grant3 = new Grant();
            grant3.setTargetId(str);
            grant3.setApp("middleware");
            grant3.setType(IamConstants.TENANTSYS);
            grant3.setSid(Long.valueOf(this.ramGrantCrudService.insert(grant3)));
            return grant3;
        }).getSid();
        Optional<PolicyVO> findFirst = this.ramGrantPolicyCrudService.findByGrantSid(sid.longValue()).stream().filter(policyVO -> {
            return policyVO.getId().equals(IamConstants.NOAUTHUSER);
        }).findFirst();
        if (!Boolean.TRUE.equals(groundNoAuthUserVO.getChecked())) {
            findFirst.ifPresent(policyVO2 -> {
                this.ramGrantPolicyCrudService.deleteBySid(policyVO2.getSid().longValue());
            });
        } else if (!findFirst.isPresent()) {
            Policy policy = new Policy();
            policy.setId(IamConstants.NOAUTHUSER);
            Policy orElseThrow = this.ramPolicyCrudService.findByCond(policy).stream().findFirst().orElseThrow(() -> {
                return new BusinessException(I18nError.IAM_DATA_NOT_EXIST);
            });
            GrantPolicy grantPolicy = new GrantPolicy();
            grantPolicy.setGrantSid(sid.longValue());
            grantPolicy.setPolicySid(orElseThrow.getSid().longValue());
            this.ramGrantPolicyCrudService.insert(grantPolicy);
        }
        this.ramCacheService.grantPolicyChange(sid.longValue());
    }

    @Override // com.digiwin.dap.middleware.iam.support.auth.RamService
    public boolean findNoAuthUser(GroundNoAuthUserVO groundNoAuthUserVO) {
        String str = groundNoAuthUserVO.getTenantId() + "-" + groundNoAuthUserVO.getGoodsCode();
        Grant grant = new Grant();
        grant.setTargetId(str);
        Optional<Grant> findFirst = this.ramGrantMapper.findByCond(grant).stream().filter(grant2 -> {
            return grant2.getTargetId().equals(str);
        }).findFirst();
        if (!findFirst.isPresent()) {
            return false;
        }
        return this.ramGrantPolicyCrudService.findByGrantSid(findFirst.get().getSid().longValue()).stream().filter(policyVO -> {
            return policyVO.getId().equals(IamConstants.NOAUTHUSER);
        }).findFirst().isPresent();
    }

    @Override // com.digiwin.dap.middleware.iam.support.auth.RamService
    public void upgradeCloudAreaPolicy(RamUpgradePolicyDTO ramUpgradePolicyDTO) {
        DeployAreaEnum deployAreaEnum = DeployAreaEnum.get(ramUpgradePolicyDTO.getSourceCloudArea());
        if (deployAreaEnum == null) {
            throw new BusinessException(String.format("获取云区[%s]失败", ramUpgradePolicyDTO.getSourceCloudArea()));
        }
        String uri = EnvUtils.getUri(CommonCode.RAM, deployAreaEnum);
        LOGGER.info("升级iam-ram策略权限：来源 = {}， ramUri= {}", deployAreaEnum, uri);
        syncRoute(ramUpgradePolicyDTO, uri);
        sleepMillis();
        syncGrant(ramUpgradePolicyDTO, uri);
        sleepMillis();
        syncPolicy(ramUpgradePolicyDTO, uri);
        sleepMillis();
        syncGrantPolicy(ramUpgradePolicyDTO, uri);
        sleepMillis();
        syncPolicyRoute(ramUpgradePolicyDTO, uri);
        sleepMillis();
        LOGGER.info("6.清除策略权限缓存 {} ...", IAM_RAM_POLICY);
        RedisUtils.delete(IAM_RAM_POLICY);
        LOGGER.info("6.清除策略权限缓存 完成");
    }

    private void syncPolicyRoute(RamUpgradePolicyDTO ramUpgradePolicyDTO, String str) {
        LOGGER.info("5.同步路由与策略关系...");
        PageData<RouteVO> searchPolicyRoute = this.remoteRamUpgradeService.searchPolicyRoute(ramUpgradePolicyDTO, str);
        LOGGER.info("5.同步路由与策略关系 size() = {}", searchPolicyRoute.getTotal());
        long j = 0;
        if (searchPolicyRoute.getTotal().longValue() > 0) {
            Page<RouteVO> page = new Page<>();
            page.setPageNum(1);
            page.setPageSize(99999);
            com.digiwin.dap.middle.ram.domain.page.PageData<RouteVO> findByPage = this.ramPolicyRouteCrudService.findByPage(page);
            for (RouteVO routeVO : searchPolicyRoute.getList()) {
                if (!findByPage.getList().stream().anyMatch(routeVO2 -> {
                    return Objects.equals(routeVO2.getPolicyId(), routeVO.getPolicyId()) && Objects.equals(routeVO2.getApp(), routeVO.getApp()) && Objects.equals(routeVO2.getMethod(), routeVO.getMethod()) && Objects.equals(routeVO2.getPath(), routeVO.getPath());
                })) {
                    Route route = new Route();
                    route.setApp(routeVO.getApp());
                    route.setMethod(routeVO.getMethod());
                    route.setPath(routeVO.getPath());
                    List<Route> findByCond = this.ramRouteCrudService.findByCond(route);
                    Policy policy = new Policy();
                    policy.setId(routeVO.getPolicyId());
                    List<Policy> findByCond2 = this.ramPolicyCrudService.findByCond(policy);
                    if (!findByCond.isEmpty() && !findByCond2.isEmpty()) {
                        PolicyRoute policyRoute = new PolicyRoute();
                        policyRoute.setSid(routeVO.getPolicyRouteSid());
                        policyRoute.setRouteSid(findByCond.get(0).getSid().longValue());
                        policyRoute.setPolicySid(findByCond2.get(0).getSid().longValue());
                        policyRoute.setEffect(routeVO.getEffect().booleanValue());
                        policyRoute.setCreateDate(routeVO.getAttachDate());
                        policyRoute.setCreateById(UserUtils.getUserId());
                        policyRoute.setModifyDate(LocalDateTime.now());
                        this.ramPolicyRouteCrudService.insert(policyRoute);
                        j++;
                    }
                }
            }
        }
        LOGGER.info("5.同步对象与策略关系 完成 插入{}条", Long.valueOf(j));
    }

    private void syncGrantPolicy(RamUpgradePolicyDTO ramUpgradePolicyDTO, String str) {
        LOGGER.info("4.同步对象与策略关系...");
        PageData<GrantVO> searchGrantPolicy = this.remoteRamUpgradeService.searchGrantPolicy(ramUpgradePolicyDTO, str);
        LOGGER.info("4.同步对象与策略关系 size() = {}", searchGrantPolicy.getTotal());
        long j = 0;
        if (searchGrantPolicy.getTotal().longValue() > 0) {
            Page<GrantVO> page = new Page<>();
            page.setPageNum(1);
            page.setPageSize(99999);
            com.digiwin.dap.middle.ram.domain.page.PageData<GrantVO> findByPage = this.ramGrantPolicyCrudService.findByPage(page);
            for (GrantVO grantVO : searchGrantPolicy.getList()) {
                if (!findByPage.getList().stream().anyMatch(grantVO2 -> {
                    return Objects.equals(grantVO2.getPolicyId(), grantVO.getPolicyId()) && Objects.equals(grantVO2.getType(), grantVO.getType()) && Objects.equals(grantVO2.getTargetId(), grantVO.getTargetId());
                })) {
                    Grant grant = new Grant();
                    grant.setType(grantVO.getType());
                    grant.setTargetId(grantVO.getTargetId());
                    List<Grant> findByCond = this.ramGrantCrudService.findByCond(grant);
                    Policy policy = new Policy();
                    policy.setId(grantVO.getPolicyId());
                    List<Policy> findByCond2 = this.ramPolicyCrudService.findByCond(policy);
                    if (!findByCond.isEmpty() && !findByCond2.isEmpty()) {
                        GrantPolicy grantPolicy = new GrantPolicy();
                        grantPolicy.setSid(grantVO.getSid());
                        grantPolicy.setGrantSid(findByCond.get(0).getSid().longValue());
                        grantPolicy.setPolicySid(findByCond2.get(0).getSid().longValue());
                        grantPolicy.setCreateDate(grantVO.getAttachDate());
                        grantPolicy.setModifyDate(LocalDateTime.now());
                        grantPolicy.setCreateById(UserUtils.getUserId());
                        this.ramGrantPolicyMapper.insert(grantPolicy);
                        j++;
                    }
                }
            }
        }
        LOGGER.info("4.同步对象与策略关系 完成 插入{}条", Long.valueOf(j));
    }

    private void syncPolicy(RamUpgradePolicyDTO ramUpgradePolicyDTO, String str) {
        LOGGER.info("3.同步策略...");
        List<Policy> findPolicy = this.remoteRamUpgradeService.findPolicy(ramUpgradePolicyDTO, str);
        LOGGER.info("3.同步策略 size() = {}", Integer.valueOf(findPolicy.size()));
        long j = 0;
        for (Policy policy : findPolicy) {
            Policy policy2 = new Policy();
            policy2.setId(policy.getId());
            if (this.ramPolicyCrudService.findByCond(policy2).isEmpty()) {
                policy.setCreateById((String) Optional.ofNullable(policy.getCreateById()).orElse(UserUtils.getUserId()));
                policy.setModifyDate(LocalDateTime.now());
                this.ramPolicyMapper.insert(policy);
                j++;
            }
        }
        LOGGER.info("3.同步策略 完成 插入{}条", Long.valueOf(j));
    }

    private void syncGrant(RamUpgradePolicyDTO ramUpgradePolicyDTO, String str) {
        LOGGER.info("2.同步对象...");
        List<Grant> findGrant = this.remoteRamUpgradeService.findGrant(ramUpgradePolicyDTO, str);
        LOGGER.info("2.同步对象 size() = {}", Integer.valueOf(findGrant.size()));
        long j = 0;
        for (Grant grant : findGrant) {
            Grant grant2 = new Grant();
            grant2.setType(grant.getType());
            grant2.setTargetId(grant.getTargetId());
            if (this.ramGrantCrudService.findByCond(grant2).isEmpty()) {
                grant.setCreateById((String) Optional.ofNullable(grant.getCreateById()).orElse(UserUtils.getUserId()));
                grant.setModifyDate(LocalDateTime.now());
                this.ramGrantMapper.insert(grant);
                j++;
            }
        }
        LOGGER.info("2.同步对象 完成 插入{}条", Long.valueOf(j));
    }

    private void syncRoute(RamUpgradePolicyDTO ramUpgradePolicyDTO, String str) {
        LOGGER.info("1.同步路由...");
        List<Route> findRoute = this.remoteRamUpgradeService.findRoute(ramUpgradePolicyDTO, str);
        LOGGER.info("1.同步路由 size() = {}", Integer.valueOf(findRoute.size()));
        long j = 0;
        for (Route route : findRoute) {
            Route route2 = new Route();
            route2.setApp(route.getApp());
            route2.setMethod(route.getMethod());
            route2.setPath(route.getPath());
            if (this.ramRouteCrudService.findByCond(route2).isEmpty()) {
                route.setCreateById((String) Optional.ofNullable(route.getCreateById()).orElse(UserUtils.getUserId()));
                route.setModifyDate(LocalDateTime.now());
                this.ramRouteMapper.insert(route);
                j++;
            }
        }
        LOGGER.info("1.同步路由 完成 插入{}条", Long.valueOf(j));
    }

    private void sleepMillis() {
        try {
            Thread.sleep(MILLIS);
        } catch (InterruptedException e) {
            LOGGER.warn("Interrupted!", (Throwable) e);
            Thread.currentThread().interrupt();
        }
    }
}
