package cn.omisheep.authz.core.slot;

import cn.omisheep.authz.core.ExceptionStatus;
import cn.omisheep.authz.core.auth.deviced.UserDevicesDict;
import cn.omisheep.authz.core.auth.ipf.HttpMeta;
import cn.omisheep.authz.core.auth.rpd.AuthzDefender;
import cn.omisheep.authz.core.auth.rpd.PermRolesMeta;
import cn.omisheep.authz.core.auth.rpd.PermissionDict;
import cn.omisheep.authz.core.tk.Token;
import org.springframework.web.method.HandlerMethod;

@Order(10)
/* loaded from: input_file:cn/omisheep/authz/core/slot/DeviceSlot.class */
public class DeviceSlot implements Slot {
    private final PermissionDict permissionDict;
    private final UserDevicesDict userDevicesDict;

    /* renamed from: cn.omisheep.authz.core.slot.DeviceSlot$1, reason: invalid class name */
    /* loaded from: input_file:cn/omisheep/authz/core/slot/DeviceSlot$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$cn$omisheep$authz$core$auth$ipf$HttpMeta$TokenException = new int[HttpMeta.TokenException.values().length];

        static {
            try {
                $SwitchMap$cn$omisheep$authz$core$auth$ipf$HttpMeta$TokenException[HttpMeta.TokenException.ExpiredJwtException.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$cn$omisheep$authz$core$auth$ipf$HttpMeta$TokenException[HttpMeta.TokenException.MalformedJwtException.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$cn$omisheep$authz$core$auth$ipf$HttpMeta$TokenException[HttpMeta.TokenException.SignatureException.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public DeviceSlot(PermissionDict permissionDict, UserDevicesDict userDevicesDict) {
        this.permissionDict = permissionDict;
        this.userDevicesDict = userDevicesDict;
    }

    @Override // cn.omisheep.authz.core.slot.Slot
    public boolean chain(HttpMeta httpMeta, HandlerMethod handlerMethod) {
        PermRolesMeta permRolesMeta = this.permissionDict.getRolePermission().get(httpMeta.getMethod()).get(httpMeta.getApi());
        if (permRolesMeta.nonAll()) {
            return true;
        }
        if (!httpMeta.isHasToken()) {
            AuthzDefender.logs("Require Login", httpMeta, permRolesMeta);
            httpMeta.error(ExceptionStatus.REQUIRE_LOGIN);
            return false;
        }
        if (httpMeta.getTokenException() != null) {
            switch (AnonymousClass1.$SwitchMap$cn$omisheep$authz$core$auth$ipf$HttpMeta$TokenException[httpMeta.getTokenException().ordinal()]) {
                case UserDevicesDict.ACCESS_TOKEN_OVERDUE /* 1 */:
                    AuthzDefender.logs("Forbid : expired token exception", httpMeta, permRolesMeta);
                    httpMeta.error(ExceptionStatus.ACCESS_TOKEN_OVERDUE);
                    return false;
                case UserDevicesDict.REQUIRE_LOGIN /* 2 */:
                    AuthzDefender.logs("Forbid : malformed token exception", httpMeta, permRolesMeta);
                    httpMeta.error(ExceptionStatus.TOKEN_EXCEPTION);
                    return false;
                case UserDevicesDict.LOGIN_EXCEPTION /* 3 */:
                    AuthzDefender.logs("Forbid : signature exception", httpMeta, permRolesMeta);
                    httpMeta.error(ExceptionStatus.TOKEN_EXCEPTION);
                    return false;
            }
        }
        Token token = httpMeta.getToken();
        switch (this.userDevicesDict.userStatus(token.getUserId(), token.getDeviceType(), token.getDeviceId(), token.getTokenId())) {
            case UserDevicesDict.ACCESS_TOKEN_OVERDUE /* 1 */:
                AuthzDefender.logs("Forbid : expired token exception", httpMeta, permRolesMeta);
                httpMeta.error(ExceptionStatus.ACCESS_TOKEN_OVERDUE);
                return false;
            case UserDevicesDict.REQUIRE_LOGIN /* 2 */:
                AuthzDefender.logs("Require Login", httpMeta, permRolesMeta);
                httpMeta.error(ExceptionStatus.REQUIRE_LOGIN);
                return false;
            case UserDevicesDict.LOGIN_EXCEPTION /* 3 */:
                AuthzDefender.logs("forbid : may have logged in elsewhere", httpMeta, permRolesMeta);
                httpMeta.error(ExceptionStatus.LOGIN_EXCEPTION);
                return false;
            default:
                return true;
        }
    }
}
