package com.bizunited.nebula.security.local.service;

import com.bizunited.nebula.security.sdk.config.SimpleSecurityProperties;
import com.bizunited.nebula.security.sdk.event.AuthenticationCompetenceEventListener;
import com.bizunited.nebula.security.sdk.vo.LoginDetails;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.CollectionUtils;
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;

/* loaded from: input_file:com/bizunited/nebula/security/local/service/CustomFilterInvocationSecurityMetadataSource.class */
public class CustomFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
    private static final SecurityConfig ANONYMOUS_CONFIG = new SecurityConfig("ANONYMOUS");

    @Autowired
    private SimpleSecurityProperties securityProperties;

    @Autowired
    private RequestMappingHandlerMapping frameworkEndpointHandler;

    @Autowired(required = false)
    private AuthenticationCompetenceEventListener authenticationCompetenceEventListener;

    public Collection<ConfigAttribute> getAttributes(Object obj) throws IllegalArgumentException {
        HttpServletRequest httpRequest = ((FilterInvocation) obj).getHttpRequest();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        String[] ignoreUrls = this.securityProperties.getIgnoreUrls();
        if (ignoreUrls != null && ignoreUrls.length > 0) {
            arrayList2.addAll(Lists.newArrayList(ignoreUrls));
        }
        arrayList2.addAll(Lists.newArrayList(SimpleSecurityProperties.DEFAULT_IGNOREURLS));
        Iterator it = arrayList2.iterator();
        while (it.hasNext()) {
            if (new AntPathRequestMatcher((String) it.next()).matches(httpRequest)) {
                arrayList.add(ANONYMOUS_CONFIG);
                return arrayList;
            }
        }
        if (this.authenticationCompetenceEventListener == null) {
            throw new AccessDeniedException("not author（no authenticationCompetenceEventListener）!");
        }
        Set onRequestIgnoreMethodCheckRoles = this.authenticationCompetenceEventListener.onRequestIgnoreMethodCheckRoles();
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            throw new AccessDeniedException("not author（no authentication）!");
        }
        Collection authorities = authentication.getAuthorities();
        Set<String> set = (Set) authorities.stream().map((v0) -> {
            return v0.toString();
        }).collect(Collectors.toSet());
        if (!CollectionUtils.isEmpty(onRequestIgnoreMethodCheckRoles) && !CollectionUtils.isEmpty(authorities)) {
            String[] strArr = (String[]) onRequestIgnoreMethodCheckRoles.toArray(new String[0]);
            for (String str : set) {
                if (StringUtils.equalsAnyIgnoreCase(str, strArr)) {
                    arrayList.add(new SecurityConfig(str));
                    return arrayList;
                }
            }
        }
        Object details = authentication.getDetails();
        if (!(details instanceof LoginDetails)) {
            throw new AccessDeniedException("not author（no login）!");
        }
        String tenantCode = ((LoginDetails) details).getTenantCode();
        Set keySet = this.frameworkEndpointHandler.getHandlerMethods().keySet();
        ArrayList newArrayList = Lists.newArrayList();
        Iterator it2 = keySet.iterator();
        while (it2.hasNext()) {
            RequestMappingInfo matchingCondition = ((RequestMappingInfo) it2.next()).getMatchingCondition(httpRequest);
            if (matchingCondition != null) {
                newArrayList.add(matchingCondition);
            }
        }
        if (newArrayList.isEmpty()) {
            arrayList.add(ANONYMOUS_CONFIG);
            return arrayList;
        }
        Set onRequestRoleCodes = this.authenticationCompetenceEventListener.onRequestRoleCodes(newArrayList, tenantCode, httpRequest);
        if (CollectionUtils.isEmpty(onRequestRoleCodes)) {
            throw new AccessDeniedException("not author( no competence mapping role)!");
        }
        Iterator it3 = onRequestRoleCodes.iterator();
        while (it3.hasNext()) {
            arrayList.add(new SecurityConfig((String) it3.next()));
        }
        return arrayList;
    }

    public Collection<ConfigAttribute> getAllConfigAttributes() {
        return Collections.emptyList();
    }

    public boolean supports(Class<?> cls) {
        return true;
    }
}
