package cn.omisheep.authz.core.auth.rpd;

import cn.omisheep.authz.core.Constants;
import cn.omisheep.authz.core.ExceptionStatus;
import cn.omisheep.authz.core.auth.PermLibrary;
import cn.omisheep.authz.core.auth.deviced.UserDevicesDict;
import cn.omisheep.authz.core.auth.ipf.HttpMeta;
import cn.omisheep.authz.core.init.AuInit;
import cn.omisheep.authz.core.tk.Token;
import cn.omisheep.authz.core.tk.TokenHelper;
import cn.omisheep.authz.core.tk.TokenPair;
import cn.omisheep.authz.core.util.LogUtils;
import cn.omisheep.commons.util.CollectionUtils;
import cn.omisheep.commons.util.TimeUtils;
import cn.omisheep.web.utils.HttpUtils;
import io.jsonwebtoken.ExpiredJwtException;
import java.util.HashSet;
import java.util.Optional;
import java.util.Set;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:cn/omisheep/authz/core/auth/rpd/AuthzDefender.class */
public class AuthzDefender {
    private static AuthzDefender SELF;
    private final UserDevicesDict userDevicesDict;
    private final PermissionDict permissionDict;
    private final PermLibrary permLibrary;

    public static AuthzDefender self() {
        return SELF;
    }

    public AuthzDefender(UserDevicesDict userDevicesDict, PermissionDict permissionDict, PermLibrary permLibrary) {
        this.userDevicesDict = userDevicesDict;
        this.permissionDict = permissionDict;
        this.permLibrary = permLibrary;
    }

    public static void init(AuthzDefender authzDefender) {
        if (SELF != null) {
            AuInit.log.error("authzDefender 已经初始化");
        } else {
            SELF = authzDefender;
        }
    }

    public TokenPair grant(Object obj, String str, String str2) {
        TokenPair createTokenPair = TokenHelper.createTokenPair(obj, str, str2);
        HttpServletResponse currentResponse = HttpUtils.getCurrentResponse();
        HttpMeta httpMeta = (HttpMeta) HttpUtils.getCurrentRequest().getAttribute(Constants.HTTP_META);
        if (currentResponse != null) {
            currentResponse.addCookie(TokenHelper.generateCookie(createTokenPair.getAccessToken()));
        }
        try {
            if (this.userDevicesDict.addUser(obj, createTokenPair, str, str2, httpMeta)) {
                return createTokenPair;
            }
            return null;
        } catch (Exception e) {
            return null;
        }
    }

    public TokenPair refreshToken(String str) {
        try {
            TokenPair refreshToken = TokenHelper.refreshToken(str);
            if (!this.userDevicesDict.refreshUser(refreshToken)) {
                return null;
            }
            HttpServletResponse currentResponse = HttpUtils.getCurrentResponse();
            if (currentResponse != null) {
                currentResponse.addCookie(TokenHelper.generateCookie(refreshToken.getAccessToken()));
            }
            return refreshToken;
        } catch (ExpiredJwtException e) {
            return null;
        }
    }

    public ExceptionStatus verify(HttpMeta httpMeta) {
        PermRolesMeta permRolesMeta = this.permissionDict.getRolePermission().get(httpMeta.getMethod()).get(httpMeta.getApi());
        Token token = httpMeta.getToken();
        Set<String> set = null;
        boolean isEmpty = CollectionUtils.isEmpty(permRolesMeta.getRequireRoles());
        boolean isEmpty2 = CollectionUtils.isEmpty(permRolesMeta.getExcludeRoles());
        if (!isEmpty || !isEmpty2) {
            long nowTime = TimeUtils.nowTime();
            set = this.permLibrary.getRolesByUserId(token.getUserId());
            LogUtils.logDebug("permLibrary.getRolesByUserId({})  {}", token.getUserId(), Long.valueOf(TimeUtils.diff(nowTime)));
            if ((!isEmpty && !CollectionUtils.containsSub(permRolesMeta.getRequireRoles(), set)) || (!isEmpty2 && CollectionUtils.containsSub(permRolesMeta.getExcludeRoles(), set))) {
                logs("Forbid : permissions exception", httpMeta, permRolesMeta);
                return ExceptionStatus.PERM_EXCEPTION;
            }
        }
        boolean isEmpty3 = CollectionUtils.isEmpty(permRolesMeta.getRequirePermissions());
        boolean isEmpty4 = CollectionUtils.isEmpty(permRolesMeta.getExcludePermissions());
        if (!isEmpty3 || !isEmpty4) {
            if (isEmpty && isEmpty2) {
                long nowTime2 = TimeUtils.nowTime();
                set = this.permLibrary.getRolesByUserId(token.getUserId());
                LogUtils.logDebug("e1 && e2 permLibrary.getRolesByUserId({})  {}", token.getUserId(), Long.valueOf(TimeUtils.diff(nowTime2)));
            }
            HashSet hashSet = new HashSet();
            for (String str : (Set) Optional.of(set).orElse(new HashSet())) {
                long nowTime3 = TimeUtils.nowTime();
                Set<String> permissionsByRole = this.permLibrary.getPermissionsByRole(str);
                LogUtils.logDebug("permLibrary.getPermissionsByRole({}) {}", str, Long.valueOf(TimeUtils.diff(nowTime3)));
                if (permissionsByRole != null) {
                    hashSet.addAll(permissionsByRole);
                }
                if (!isEmpty4 && CollectionUtils.containsSub(permRolesMeta.getExcludePermissions(), permissionsByRole)) {
                    logs("Forbid : permissions exception", httpMeta, permRolesMeta);
                    return ExceptionStatus.PERM_EXCEPTION;
                }
            }
            if (!isEmpty3 && !CollectionUtils.containsSub(permRolesMeta.getRequirePermissions(), hashSet)) {
                logs("Forbid : permissions exception", httpMeta, permRolesMeta);
                return ExceptionStatus.PERM_EXCEPTION;
            }
        }
        logs("Success", httpMeta, permRolesMeta);
        return null;
    }

    public static void logs(String str, HttpMeta httpMeta, PermRolesMeta permRolesMeta) {
        Token token = httpMeta.getToken();
        if (token == null) {
            LogUtils.pushLogToRequest("「{}」\t{}", str, permRolesMeta);
        } else {
            LogUtils.pushLogToRequest("「{}」\t\t{}\t, userId: [{}]\t, deviceType&deviceId [ {} , {} ]", str, permRolesMeta, token.getUserId(), token.getDeviceType(), token.getDeviceId());
        }
    }
}
