package com.digiwin.athena.auth.service.impl;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.map.MapUtil;
import cn.hutool.http.HttpRequest;
import cn.hutool.http.HttpUtil;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.digiwin.athena.auth.domain.AuthBatchQuery;
import com.digiwin.athena.auth.domain.AuthQueryCondition;
import com.digiwin.athena.auth.domain.AuthSingleQuery;
import com.digiwin.athena.auth.domain.QueryAuthParam;
import com.digiwin.athena.auth.metadata.domain.AuthorityPolicy;
import com.digiwin.athena.auth.metadata.enums.AuthModeEnum;
import com.digiwin.athena.auth.metadata.enums.CombineTypeEnum;
import com.digiwin.athena.auth.service.AuthApiService;
import com.digiwin.athena.auth.service.AuthService;
import com.digiwin.athena.auth.service.UserService;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/digiwin/athena/auth/service/impl/AuthApiServiceImpl.class */
public class AuthApiServiceImpl implements AuthApiService {
    private static final Logger log = LoggerFactory.getLogger(AuthApiServiceImpl.class);

    @Autowired(required = false)
    @Lazy
    private AuthService authService;

    @Autowired
    @Lazy
    private UserService userService;

    @Value("${designer.auth.mode:FORBID}")
    private String authMode;

    @Value("${designer.domain:default}")
    private String designerDomain;

    /* renamed from: com.digiwin.athena.auth.service.impl.AuthApiServiceImpl$1, reason: invalid class name */
    /* loaded from: input_file:com/digiwin/athena/auth/service/impl/AuthApiServiceImpl$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$digiwin$athena$auth$metadata$enums$CombineTypeEnum = new int[CombineTypeEnum.values().length];

        static {
            try {
                $SwitchMap$com$digiwin$athena$auth$metadata$enums$CombineTypeEnum[CombineTypeEnum.AND.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$digiwin$athena$auth$metadata$enums$CombineTypeEnum[CombineTypeEnum.OR.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    @Override // com.digiwin.athena.auth.service.AuthApiService
    public Map<String, Boolean> funcAuthVerifyBatch(AuthBatchQuery authBatchQuery) {
        List<AuthorityPolicy> javaList;
        List<String> resourceIds = authBatchQuery.getResourceIds();
        String[] requiredActions = authBatchQuery.getRequiredActions();
        String resourceType = authBatchQuery.getResourceType();
        HashMap hashMap = new HashMap();
        if (AuthModeEnum.FORBID.name().equals(this.authMode)) {
            return (Map) resourceIds.stream().collect(Collectors.toMap(Function.identity(), str -> {
                return true;
            }));
        }
        if (AuthModeEnum.LOCAL.name().equals(this.authMode)) {
            javaList = this.authService.queryFuncAuthPolicy(new QueryAuthParam().setUserId(this.userService.getCurrentUser()).setResourceType(resourceType).setResourceId(String.join(";", resourceIds)));
        } else {
            if (this.userService == null) {
                throw new RuntimeException("请实现com.digiwin.athena.auth.service.UserService接口");
            }
            String body = ((HttpRequest) HttpUtil.createPost(this.designerDomain + "/athena-designer/auth/queryAuthPolicy").body(JSON.toJSONString(new QueryAuthParam().setUserId(this.userService.getCurrentUser()).setResourceType(resourceType).setResourceId(String.join(";", resourceIds)))).addHeaders(MapUtil.builder("digi-middleware-auth-user", this.userService.getToken()).build())).execute().body();
            JSONObject jSONObject = (JSONObject) JSON.parseObject(body, JSONObject.class);
            if (jSONObject.getInteger("code").intValue() != 0) {
                log.error("查询权限失败：" + body);
                throw new RuntimeException("查询权限失败");
            }
            javaList = jSONObject.getJSONArray("data").toJavaList(AuthorityPolicy.class);
        }
        String tenantId = this.userService.getTenantId();
        List<AuthorityPolicy> list = javaList;
        resourceIds.forEach(str2 -> {
            List<AuthorityPolicy> list2 = (List) list.stream().filter(authorityPolicy -> {
                return authorityPolicy.getResourceId() != null && (authorityPolicy.getResourceId().equals(str2) || authorityPolicy.getResourceId().equals(tenantId));
            }).collect(Collectors.toList());
            if (CollUtil.isNotEmpty(list2)) {
                hashMap.put(str2, verifyAuthByQueryPolicy(list2, requiredActions, resourceType, tenantId));
            } else {
                hashMap.put(str2, false);
            }
        });
        return hashMap;
    }

    @Override // com.digiwin.athena.auth.service.AuthApiService
    public Boolean funcAuthVerifySingle(AuthQueryCondition authQueryCondition) {
        CombineTypeEnum combineType = authQueryCondition.getCombineType();
        List<AuthSingleQuery> authSingleQueryList = authQueryCondition.getAuthSingleQueryList();
        switch (AnonymousClass1.$SwitchMap$com$digiwin$athena$auth$metadata$enums$CombineTypeEnum[combineType.ordinal()]) {
            case 1:
                for (AuthSingleQuery authSingleQuery : authSingleQueryList) {
                    if (!funcAuthVerifyBatch(new AuthBatchQuery().setResourceIds(Arrays.asList(authSingleQuery.getResourceId())).setRequiredActions(authSingleQuery.getRequiredActions()).setResourceType(authSingleQuery.getResourceType())).get(authSingleQuery.getResourceId()).booleanValue()) {
                        return false;
                    }
                }
                return true;
            case 2:
                for (AuthSingleQuery authSingleQuery2 : authSingleQueryList) {
                    if (funcAuthVerifyBatch(new AuthBatchQuery().setResourceIds(Arrays.asList(authSingleQuery2.getResourceId())).setRequiredActions(authSingleQuery2.getRequiredActions()).setResourceType(authSingleQuery2.getResourceType())).get(authSingleQuery2.getResourceId()).booleanValue()) {
                        return true;
                    }
                }
                return false;
            default:
                log.error("权限入参格式不对：" + JSON.toJSONString(authQueryCondition));
                return false;
        }
    }

    @Override // com.digiwin.athena.auth.service.AuthApiService
    public Boolean verifyAuthByQueryPolicy(List<AuthorityPolicy> list, String[] strArr, String str, String str2) {
        if (!generalAuthLogic((List) list.stream().filter(authorityPolicy -> {
            return str2.equals(authorityPolicy.getResourceId());
        }).collect(Collectors.toList()), strArr, str).booleanValue() && !generalAuthLogic((List) list.stream().filter(authorityPolicy2 -> {
            return !str2.equals(authorityPolicy2.getResourceId());
        }).collect(Collectors.toList()), strArr, str).booleanValue()) {
            return false;
        }
        return true;
    }

    private Boolean generalAuthLogic(List<AuthorityPolicy> list, String[] strArr, String str) {
        if (((List) list.stream().filter(authorityPolicy -> {
            return "deny".equals(authorityPolicy.getEffect());
        }).collect(Collectors.toList())).stream().filter(authorityPolicy2 -> {
            return authorityPolicy2.getAction().stream().anyMatch(str2 -> {
                return Arrays.stream(strArr).anyMatch(str2 -> {
                    return (str + str2).equals(str2);
                });
            });
        }).findAny().isPresent()) {
            return false;
        }
        List list2 = (List) list.stream().filter(authorityPolicy3 -> {
            return "allow".equals(authorityPolicy3.getEffect());
        }).collect(Collectors.toList());
        if (list2.stream().filter(authorityPolicy4 -> {
            return authorityPolicy4.getAction().stream().anyMatch(str2 -> {
                return str2.endsWith(":*");
            });
        }).findAny().isPresent()) {
            return true;
        }
        Iterator it = list2.iterator();
        while (it.hasNext()) {
            for (String str2 : ((AuthorityPolicy) it.next()).getAction()) {
                if (Arrays.stream(strArr).anyMatch(str3 -> {
                    return (str + str3).equals(str2);
                })) {
                    return true;
                }
            }
        }
        return false;
    }
}
