package com.bizunited.nebula.security.local.voter;

import com.bizunited.nebula.security.sdk.config.SimpleSecurityProperties;
import com.bizunited.nebula.security.sdk.event.AuthenticationCompetenceEventListener;
import com.bizunited.nebula.security.sdk.login.UserIdentity;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.CollectionUtils;
import org.springframework.web.servlet.mvc.condition.PathPatternsRequestCondition;
import org.springframework.web.servlet.mvc.condition.PatternsRequestCondition;
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;

/* loaded from: input_file:com/bizunited/nebula/security/local/voter/NebulaSecurityAccessDecisionVoter.class */
public class NebulaSecurityAccessDecisionVoter implements AccessDecisionVoter<FilterInvocation> {

    @Autowired
    private SimpleSecurityProperties simpleSecurityProperties;

    @Autowired
    private RequestMappingHandlerMapping frameworkEndpointHandler;

    @Autowired(required = false)
    private AuthenticationCompetenceEventListener authenticationCompetenceEventListener;
    private static final String ANONYMOUS = "ROLE_ANONYMOUS";
    private static final Logger LOGGER = LoggerFactory.getLogger(NebulaSecurityAccessDecisionVoter.class);

    public int vote(Authentication authentication, FilterInvocation filterInvocation, Collection<ConfigAttribute> collection) {
        HttpServletRequest httpRequest = filterInvocation.getHttpRequest();
        String requestUrl = filterInvocation.getRequestUrl();
        ArrayList arrayList = new ArrayList();
        String[] ignoreUrls = this.simpleSecurityProperties.getIgnoreUrls();
        if (ignoreUrls != null && ignoreUrls.length > 0) {
            arrayList.addAll(Lists.newArrayList(ignoreUrls));
        }
        arrayList.addAll(Lists.newArrayList(SimpleSecurityProperties.DEFAULT_IGNOREURLS));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            if (new AntPathRequestMatcher((String) it.next()).matches(httpRequest)) {
                return 1;
            }
        }
        if (this.authenticationCompetenceEventListener == null) {
            throw new AccessDeniedException("not author（no authenticationCompetenceEventListener）!");
        }
        Set onRequestIgnoreMethodCheckRoles = this.authenticationCompetenceEventListener.onRequestIgnoreMethodCheckRoles();
        Collection authorities = authentication.getAuthorities();
        if (CollectionUtils.isEmpty(authorities)) {
            throw new AccessDeniedException("not found any author from this single in user!");
        }
        if (!this.simpleSecurityProperties.getAllowAnonymous().booleanValue() && authorities.size() == 1 && StringUtils.equalsIgnoreCase(((GrantedAuthority) authorities.iterator().next()).getAuthority(), ANONYMOUS)) {
            throw new AccessDeniedException("not found any author from this single in user(ROLE_ANONYMOUS)!");
        }
        Set set = (Set) authorities.stream().map((v0) -> {
            return v0.toString();
        }).collect(Collectors.toSet());
        if (!CollectionUtils.isEmpty(onRequestIgnoreMethodCheckRoles)) {
            String[] strArr = (String[]) onRequestIgnoreMethodCheckRoles.toArray(new String[0]);
            Iterator it2 = set.iterator();
            while (it2.hasNext()) {
                if (StringUtils.equalsAnyIgnoreCase((String) it2.next(), strArr)) {
                    return 1;
                }
            }
        }
        ArrayList newArrayList = Lists.newArrayList();
        for (RequestMappingInfo requestMappingInfo : this.frameworkEndpointHandler.getHandlerMethods().keySet()) {
            try {
                PathPatternsRequestCondition pathPatternsCondition = requestMappingInfo.getPathPatternsCondition();
                if (pathPatternsCondition != null) {
                    if (new AntPathMatcher().match(pathPatternsCondition.getFirstPattern().getPatternString(), requestUrl)) {
                        newArrayList.add(requestMappingInfo);
                    }
                } else {
                    PatternsRequestCondition patternsCondition = requestMappingInfo.getPatternsCondition();
                    if (patternsCondition != null && !patternsCondition.getMatchingPatterns(requestUrl).isEmpty()) {
                        newArrayList.add(requestMappingInfo);
                    }
                }
            } catch (RuntimeException e) {
                LOGGER.warn(e.getMessage());
            }
        }
        if (newArrayList.isEmpty()) {
            return 1;
        }
        Object details = authentication.getDetails();
        if (!(details instanceof UserIdentity)) {
            throw new AccessDeniedException("not author（no login）!");
        }
        Set<String> onRequestRoleCodes = this.authenticationCompetenceEventListener.onRequestRoleCodes(newArrayList, ((UserIdentity) details).getTenantCode(), httpRequest);
        if (CollectionUtils.isEmpty(onRequestRoleCodes)) {
            return 1;
        }
        for (String str : onRequestRoleCodes) {
            Iterator it3 = set.iterator();
            while (it3.hasNext()) {
                if (StringUtils.equalsIgnoreCase((String) it3.next(), str)) {
                    return 1;
                }
            }
        }
        return -1;
    }

    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    public boolean supports(Class<?> cls) {
        return true;
    }

    public /* bridge */ /* synthetic */ int vote(Authentication authentication, Object obj, Collection collection) {
        return vote(authentication, (FilterInvocation) obj, (Collection<ConfigAttribute>) collection);
    }
}
