package cn.home1.cloud.config.server.security;

import cn.home1.cloud.config.server.util.Consts;
import java.util.Collection;
import java.util.Optional;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:cn/home1/cloud/config/server/security/ApplicationConfigSecurity.class */
public class ApplicationConfigSecurity {
    private static final Logger log = LoggerFactory.getLogger(ApplicationConfigSecurity.class);
    private static final Pattern PATTERN_COMMA = Pattern.compile(",");

    @Autowired
    private PrivilegedUserProperties privilegedUserProperties;

    public boolean checkAuthentication(String str, String str2) {
        boolean z;
        Collection<String> collection = (Collection) PATTERN_COMMA.splitAsStream(str2).filter(str3 -> {
            return str3.endsWith(Consts.DOT_ENV);
        }).collect(Collectors.toSet());
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        String name = authentication != null ? authentication.getName() : null;
        if (collection.size() > 1) {
            z = false;
            log.info("Illegal to access multiple environment profiles ({}) in one request", collection);
        } else if (!StringUtils.isNotEmpty(name) || !authentication.isAuthenticated()) {
            z = false;
        } else if (this.privilegedUserProperties.getAdminName().equals(name)) {
            z = true;
        } else {
            z = (str != null && str.equals(name)) && isRequestValid(authentication, collection);
        }
        Logger logger = log;
        Object[] objArr = new Object[3];
        objArr[0] = name;
        objArr[1] = z ? "has" : "has no";
        objArr[2] = str;
        logger.debug("'{}' {} privilege to access '{}'", objArr);
        return z;
    }

    boolean isRequestValid(Authentication authentication, Collection<String> collection) {
        boolean booleanValue;
        Optional findFirst = authentication.getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).filter(str -> {
            return str.startsWith(Consts.PRIVILEGE_ENV_PROFILE_);
        }).map(str2 -> {
            return str2.replace(Consts.PRIVILEGE_ENV_PROFILE_, "");
        }).findFirst();
        if (findFirst.isPresent() && ((String) findFirst.get()).equals("*")) {
            booleanValue = true;
        } else {
            Optional map = findFirst.map(str3 -> {
                return Boolean.valueOf(collection.isEmpty() || collection.contains(str3));
            });
            collection.getClass();
            booleanValue = ((Boolean) map.orElseGet(collection::isEmpty)).booleanValue();
        }
        return booleanValue;
    }

    public void setPrivilegedUserProperties(PrivilegedUserProperties privilegedUserProperties) {
        this.privilegedUserProperties = privilegedUserProperties;
    }
}
