package cn.omisheep.authz;

import cn.omisheep.authz.core.AuthzProperties;
import cn.omisheep.authz.core.auth.DefaultPermLibrary;
import cn.omisheep.authz.core.auth.PermLibrary;
import cn.omisheep.authz.core.auth.deviced.UserDevicesDict;
import cn.omisheep.authz.core.auth.deviced.UserDevicesDictByCache;
import cn.omisheep.authz.core.auth.deviced.UserDevicesDictByHashMap;
import cn.omisheep.authz.core.auth.ipf.AuthzHttpFilter;
import cn.omisheep.authz.core.auth.ipf.Httpd;
import cn.omisheep.authz.core.auth.rpd.PermissionDict;
import cn.omisheep.authz.core.cache.Cache;
import cn.omisheep.authz.core.cache.DefaultCache;
import cn.omisheep.authz.core.cache.L2Cache;
import cn.omisheep.authz.core.cache.PermLibraryCache;
import cn.omisheep.authz.core.codec.DecryptHandler;
import cn.omisheep.authz.core.codec.RSADecryptor;
import cn.omisheep.authz.core.config.AuCoreInitialization;
import cn.omisheep.authz.core.config.AuInit;
import cn.omisheep.authz.core.config.AuthzAppVersion;
import cn.omisheep.authz.core.interceptor.AuthzExceptionHandler;
import cn.omisheep.authz.core.interceptor.AuthzFeignRequestInterceptor;
import cn.omisheep.authz.core.interceptor.AuthzMethodPermissionChecker;
import cn.omisheep.authz.core.interceptor.AuthzRestTemplateInterceptor;
import cn.omisheep.authz.core.interceptor.DataFinderSecurityInterceptor;
import cn.omisheep.authz.core.interceptor.DefaultAuthzExceptionHandler;
import cn.omisheep.authz.core.interceptor.DefaultDataSecurityInterceptor;
import cn.omisheep.authz.core.interceptor.mybatis.DataSecurityInterceptorForMybatis;
import cn.omisheep.authz.core.msg.CacheMessage;
import cn.omisheep.authz.core.msg.MessageReceive;
import cn.omisheep.authz.core.msg.RequestMessage;
import cn.omisheep.authz.core.msg.VersionMessage;
import cn.omisheep.authz.core.resolver.AuthzHandlerRegister;
import cn.omisheep.authz.core.resolver.DecryptRequestBodyAdvice;
import cn.omisheep.authz.core.util.LogUtils;
import cn.omisheep.authz.core.util.Utils;
import cn.omisheep.authz.support.http.SupportServlet;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.PropertyAccessor;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.jsontype.impl.LaissezFaireSubTypeValidator;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.HashMap;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.data.redis.RedisProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.listener.PatternTopic;
import org.springframework.data.redis.listener.RedisMessageListenerContainer;
import org.springframework.data.redis.listener.adapter.MessageListenerAdapter;
import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
import org.springframework.data.redis.serializer.StringRedisSerializer;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestTemplate;

@EnableConfigurationProperties({AuthzProperties.class})
@Configuration
@ConditionalOnClass({AuInit.class})
@Import({AuInit.class})
/* loaded from: input_file:cn/omisheep/authz/AuthzAutoConfiguration.class */
public class AuthzAutoConfiguration {

    @Configuration
    /* loaded from: input_file:cn/omisheep/authz/AuthzAutoConfiguration$AuthzCloudAutoConfiguration.class */
    public static class AuthzCloudAutoConfiguration {
        @ConditionalOnClass(name = {"org.springframework.cloud.openfeign.FeignContext"})
        @Bean
        public AuthzFeignRequestInterceptor authzFeignRequestInterceptor() {
            return new AuthzFeignRequestInterceptor();
        }

        @Autowired(required = false)
        @ConditionalOnBean({RestTemplate.class})
        public void authzRestTemplateInterceptor(RestTemplate restTemplate) {
            restTemplate.getInterceptors().add(new AuthzRestTemplateInterceptor());
        }
    }

    @EnableConfigurationProperties({RedisProperties.class})
    @Configuration
    /* loaded from: input_file:cn/omisheep/authz/AuthzAutoConfiguration$CacheAutoConfiguration.class */
    public static class CacheAutoConfiguration {
        public static StringRedisSerializer stringRedisSerializer = new StringRedisSerializer();
        public static Jackson2JsonRedisSerializer jackson2JsonRedisSerializer = new Jackson2JsonRedisSerializer(Object.class);

        @ConditionalOnProperty(name = {"authz.cache.enable-redis-actuator"}, havingValue = "false", matchIfMissing = true)
        @Bean(name = {"redisHealthIndicator"})
        public Object nonRedisActuator() {
            return new Object();
        }

        @ConditionalOnMissingBean(name = {"authzRedisTemplate"})
        @ConditionalOnProperty(prefix = "authz.cache", name = {"enable-redis"}, havingValue = "true")
        @Bean({"authzRedisTemplate"})
        public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory redisConnectionFactory) {
            RedisTemplate<String, Object> redisTemplate = new RedisTemplate<>();
            redisTemplate.setConnectionFactory(redisConnectionFactory);
            redisTemplate.setKeySerializer(stringRedisSerializer);
            redisTemplate.setHashKeySerializer(stringRedisSerializer);
            redisTemplate.setValueSerializer(jackson2JsonRedisSerializer);
            redisTemplate.setHashKeySerializer(jackson2JsonRedisSerializer);
            redisTemplate.afterPropertiesSet();
            return redisTemplate;
        }

        @ConditionalOnProperty(prefix = "authz.cache", name = {"enable-redis"}, havingValue = "true")
        @Bean({"authzCacheMessageReceive"})
        public MessageReceive messageReceive(Cache cache, Httpd httpd) {
            return new MessageReceive(cache, httpd);
        }

        @ConditionalOnBean(value = {MessageReceive.class}, name = {"authzCacheMessageReceive"})
        @Bean({"authzCacheMessageListenerAdapter"})
        public MessageListenerAdapter authzCacheMessageListenerAdapter(@Qualifier("authzCacheMessageReceive") MessageReceive messageReceive) {
            return new MessageListenerAdapter(messageReceive);
        }

        @ConditionalOnBean(value = {MessageReceive.class}, name = {"authzCacheMessageReceive"})
        @Bean({"authzRequestCacheMessageListenerAdapter"})
        public MessageListenerAdapter authzRequestCacheMessageListenerAdapter(@Qualifier("authzCacheMessageReceive") MessageReceive messageReceive) {
            return new MessageListenerAdapter(messageReceive);
        }

        @ConditionalOnBean(value = {MessageReceive.class}, name = {"authzCacheMessageReceive"})
        @Bean({"authzVersionMessageListenerAdapter"})
        public MessageListenerAdapter authzVersionMessageListenerAdapter(@Qualifier("authzCacheMessageReceive") MessageReceive messageReceive) {
            return new MessageListenerAdapter(messageReceive);
        }

        @ConditionalOnBean(value = {MessageReceive.class}, name = {"authzCacheMessageReceive"})
        @Bean({"auCacheRedisMessageListenerContainer"})
        public RedisMessageListenerContainer container(@Qualifier("authzRedisTemplate") RedisTemplate redisTemplate, RedisConnectionFactory redisConnectionFactory, @Qualifier("authzCacheMessageListenerAdapter") MessageListenerAdapter messageListenerAdapter, @Qualifier("authzRequestCacheMessageListenerAdapter") MessageListenerAdapter messageListenerAdapter2, @Qualifier("authzVersionMessageListenerAdapter") MessageListenerAdapter messageListenerAdapter3) {
            try {
                redisTemplate.execute((v0) -> {
                    return v0.ping();
                });
                RedisMessageListenerContainer redisMessageListenerContainer = new RedisMessageListenerContainer();
                redisMessageListenerContainer.setConnectionFactory(redisConnectionFactory);
                redisMessageListenerContainer.addMessageListener(messageListenerAdapter, new PatternTopic(CacheMessage.CHANNEL));
                redisMessageListenerContainer.addMessageListener(messageListenerAdapter2, new PatternTopic(RequestMessage.CHANNEL));
                redisMessageListenerContainer.addMessageListener(messageListenerAdapter3, new PatternTopic(VersionMessage.CHANNEL));
                redisMessageListenerContainer.setTopicSerializer(jackson2JsonRedisSerializer);
                return redisMessageListenerContainer;
            } catch (Exception e) {
                throw new IllegalStateException("redis异常，检查redis配置是否有效");
            }
        }

        static {
            jackson2JsonRedisSerializer.setObjectMapper(new ObjectMapper().setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.ANY).activateDefaultTyping(LaissezFaireSubTypeValidator.instance, ObjectMapper.DefaultTyping.NON_FINAL));
        }
    }

    @Configuration
    @ConditionalOnExpression("T(org.apache.commons.lang.StringUtils).isNotEmpty('${authz.orm}')")
    /* loaded from: input_file:cn/omisheep/authz/AuthzAutoConfiguration$DataFilterAutoConfiguration.class */
    public static class DataFilterAutoConfiguration {
        @ConditionalOnMissingBean
        @ConditionalOnProperty(name = {"authz.orm"}, havingValue = "MYBATIS")
        @Bean
        public DataSecurityInterceptorForMybatis dataSecurityInterceptorForMybatis() {
            return new DataSecurityInterceptorForMybatis();
        }

        @ConditionalOnMissingBean
        @Bean
        public DataFinderSecurityInterceptor dataFinderSecurityInterceptor() {
            return new DefaultDataSecurityInterceptor();
        }
    }

    @Autowired
    private void init(ConfigurableEnvironment configurableEnvironment, AuthzProperties authzProperties) {
        String str;
        LogUtils.setLogLevel(authzProperties.getLog());
        String property = configurableEnvironment.getProperty("spring.application.name");
        String str2 = StringUtils.hasText(property) ? property : "application";
        AuthzAppVersion.APPLICATION_NAME = str2;
        AuthzAppVersion.APP_NAME = authzProperties.getApp();
        VersionMessage.CHANNEL = "AU:" + authzProperties.getApp() + ":MODIFY_ID:" + str2;
        CacheMessage.CHANNEL = "AU:" + authzProperties.getApp() + ":CACHE_DATA_UPDATE";
        RequestMessage.CHANNEL = "AU:" + authzProperties.getApp() + ":CONTEXT_CLOUD_APP_ID:" + str2;
        LogUtils.debug("Version channel: 【 {} 】, Cache channel: 【 {} 】, Request channel: 【 {} 】", VersionMessage.CHANNEL, CacheMessage.CHANNEL, RequestMessage.CHANNEL);
        try {
            str = InetAddress.getLocalHost().getHostAddress();
        } catch (UnknownHostException e) {
            str = "localhost";
        }
        String property2 = configurableEnvironment.getProperty("server.port");
        String property3 = configurableEnvironment.getProperty("server.servlet.context-path");
        if (!StringUtils.hasText(property3)) {
            property3 = "";
        }
        String format = Utils.format("http://{}:{}{}", str, property2, property3);
        AuthzAppVersion.host = str;
        AuthzAppVersion.port = property2;
        AuthzAppVersion.path = property3;
        AuthzAppVersion.prefix = format;
    }

    @Bean({"authzCache"})
    public Cache cache(AuthzProperties authzProperties) {
        return authzProperties.getCache().isEnableRedis() ? new L2Cache(authzProperties) : new DefaultCache(authzProperties.getCache().getCacheMaximumSize(), authzProperties.getCache().getExpireAfterReadOrUpdateTime());
    }

    @Bean
    public DecryptRequestBodyAdvice auDecryptRequestBodyAdvice(DecryptHandler decryptHandler) {
        return new DecryptRequestBodyAdvice(decryptHandler);
    }

    @Bean
    public PermLibraryCache permLibraryCache(Cache cache) {
        return new PermLibraryCache(cache);
    }

    @Bean
    public AuthzMethodPermissionChecker authzMethodPermissionChecker(PermLibrary permLibrary) {
        return new AuthzMethodPermissionChecker(permLibrary);
    }

    @Bean
    public UserDevicesDict userDevicesDict(AuthzProperties authzProperties) {
        return authzProperties.getCache().isEnableRedis() ? new UserDevicesDictByCache(authzProperties) : new UserDevicesDictByHashMap(authzProperties);
    }

    @ConditionalOnMissingBean
    @Bean
    public PermLibrary permLibrary() {
        return new DefaultPermLibrary();
    }

    @ConditionalOnMissingBean
    @Bean
    public AuthzExceptionHandler authzExceptionHandler(AuthzProperties authzProperties) {
        return new DefaultAuthzExceptionHandler(authzProperties.getResponse());
    }

    @ConditionalOnMissingBean
    @Bean
    public RSADecryptor rsaDecryptor() {
        return new RSADecryptor();
    }

    @ConditionalOnMissingBean
    @Bean
    public DecryptHandler decryptHandler(AuthzProperties authzProperties) {
        return new DecryptHandler(authzProperties.getDefaultDecryptor());
    }

    @Bean
    public AuthzHandlerRegister authzHandlerRegister(AuthzExceptionHandler authzExceptionHandler, DecryptHandler decryptHandler) {
        return new AuthzHandlerRegister(authzExceptionHandler, decryptHandler);
    }

    @Bean({"AuthzHttpFilter"})
    public FilterRegistrationBean<AuthzHttpFilter> filterRegistrationBean(Httpd httpd, AuthzProperties authzProperties) {
        FilterRegistrationBean<AuthzHttpFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        filterRegistrationBean.setFilter(new AuthzHttpFilter(httpd, authzProperties.getDashboard().isEnabled(), authzProperties.getDashboard().getMappings()));
        filterRegistrationBean.addUrlPatterns(new String[]{"/*"});
        filterRegistrationBean.setName("authzFilter");
        filterRegistrationBean.setOrder(1);
        return filterRegistrationBean;
    }

    @Bean
    public AuCoreInitialization auCoreInitialization(AuthzProperties authzProperties, Httpd httpd, UserDevicesDict userDevicesDict, PermissionDict permissionDict, PermLibrary permLibrary, Cache cache) {
        return new AuCoreInitialization(authzProperties, httpd, userDevicesDict, permissionDict, permLibrary, cache);
    }

    @ConditionalOnProperty(name = {"authz.dashboard.enabled"}, havingValue = "true")
    @Bean
    public ServletRegistrationBean DashboardServlet(AuthzProperties authzProperties) {
        AuthzProperties.DashboardConfig dashboard = authzProperties.getDashboard();
        ServletRegistrationBean servletRegistrationBean = new ServletRegistrationBean(new SupportServlet("support/http/resources", dashboard.getMappings()), new String[]{dashboard.getMappings()});
        HashMap hashMap = new HashMap();
        hashMap.put(SupportServlet.PARAM_NAME_USERNAME, dashboard.getUsername());
        hashMap.put(SupportServlet.PARAM_NAME_PASSWORD, dashboard.getPassword());
        hashMap.put(SupportServlet.PARAM_NAME_ALLOW, dashboard.getAllow());
        hashMap.put(SupportServlet.PARAM_NAME_DENY, dashboard.getDeny());
        hashMap.put(SupportServlet.PARAM_REMOTE_ADDR, dashboard.getRemoteAddress());
        hashMap.entrySet().removeIf(entry -> {
            return entry.getValue() == null;
        });
        servletRegistrationBean.setInitParameters(hashMap);
        return servletRegistrationBean;
    }
}
