package com.infilos.abac.core;

import com.infilos.abac.MatchPolicy;
import com.infilos.abac.api.PolicyEvaluator;
import com.infilos.auth.core.ProfileHolder;
import com.infilos.auth.core.TokenProfile;
import com.infilos.auth.error.AuthorizeException;
import com.infilos.auth.intercept.context.WebContext;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.pac4j.core.exception.http.ForbiddenAction;
import org.pac4j.core.exception.http.HttpAction;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.core.util.InitializableObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.aop.framework.AopProxyUtils;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.util.ClassUtils;

/* loaded from: input_file:com/infilos/abac/core/MethodAbacAuthorityInterceptor.class */
public class MethodAbacAuthorityInterceptor extends InitializableObject implements MethodInterceptor, ApplicationContextAware {
    private ApplicationContext context;
    private PolicyEvaluator policyEvaluator;
    private static final String RETURN = "#return";
    private static final Logger log = LoggerFactory.getLogger(MethodAbacAuthorityInterceptor.class);
    private static final Pattern PARAM_PATTERN = Pattern.compile("#[a-zA-Z][a-zA-Z0-9_]*");

    public void setApplicationContext(@Nonnull ApplicationContext applicationContext) throws BeansException {
        this.context = applicationContext;
    }

    protected void internalInit() {
        if (Objects.isNull(this.policyEvaluator)) {
            this.policyEvaluator = (PolicyEvaluator) this.context.getBean(PolicyEvaluator.class);
        }
    }

    @Nullable
    public Object invoke(@Nonnull MethodInvocation methodInvocation) throws Throwable {
        init();
        Optional<MatchPolicy> findMatchPolicy = findMatchPolicy(methodInvocation);
        if (findMatchPolicy.isPresent() && shouldCheckOnContext(findMatchPolicy.get())) {
            checkPolicyOnContext(findMatchPolicy.get().action()).ifPresent(httpAction -> {
                throw httpAction;
            });
        } else if (findMatchPolicy.isPresent() && shouldCheckOnRequestParam(findMatchPolicy.get())) {
            checkPolicyOnRequestParam(methodInvocation, findMatchPolicy.get().resource(), findMatchPolicy.get().action()).ifPresent(httpAction2 -> {
                throw httpAction2;
            });
        } else if (findMatchPolicy.isPresent() && shouldCheckOnRespondResult(findMatchPolicy.get())) {
            Object proceed = methodInvocation.proceed();
            checkPolicyOnRespondResult(proceed, findMatchPolicy.get().action()).ifPresent(httpAction3 -> {
                throw httpAction3;
            });
            return proceed;
        }
        return methodInvocation.proceed();
    }

    private boolean shouldCheckOnContext(MatchPolicy matchPolicy) {
        return CommonHelper.isBlank(matchPolicy.resource());
    }

    private boolean shouldCheckOnRequestParam(MatchPolicy matchPolicy) {
        return CommonHelper.isNotBlank(matchPolicy.resource()) && !matchPolicy.resource().equals(RETURN) && CommonHelper.isNotBlank(matchPolicy.action());
    }

    private boolean shouldCheckOnRespondResult(MatchPolicy matchPolicy) {
        return CommonHelper.isNotBlank(matchPolicy.resource()) && matchPolicy.resource().equals(RETURN) && CommonHelper.isNotBlank(matchPolicy.action());
    }

    private Optional<HttpAction> checkPolicyOnContext(String str) {
        TokenProfile profile = ProfileHolder.getProfile();
        HttpServletRequest httpServletRequest = WebContext.getHttpServletRequest();
        return this.policyEvaluator.evaluate(profile, httpServletRequest, CommonHelper.isNotBlank(str) ? str : httpServletRequest.getMethod(), EnvironBuilder.create().build()) ? Optional.empty() : Optional.of(ForbiddenAction.INSTANCE);
    }

    private Optional<HttpAction> checkPolicyOnRequestParam(MethodInvocation methodInvocation, String str, String str2) {
        if (!PARAM_PATTERN.matcher(str).matches()) {
            throw new AuthorizeException("Illegal MatchPolicy definition of parameter name " + str);
        }
        List list = (List) Arrays.stream(methodInvocation.getMethod().getParameters()).map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toList());
        List asList = Arrays.asList(methodInvocation.getArguments());
        if (!list.contains(str)) {
            throw new AuthorizeException("Illegal MatchPolicy definition of parameter index -1");
        }
        return this.policyEvaluator.evaluate(ProfileHolder.getProfile(), asList.get(list.indexOf(str)), str2, EnvironBuilder.create().build()) ? Optional.empty() : Optional.of(ForbiddenAction.INSTANCE);
    }

    private Optional<HttpAction> checkPolicyOnRespondResult(Object obj, String str) {
        return this.policyEvaluator.evaluate(ProfileHolder.getProfile(), obj, str, EnvironBuilder.create().build()) ? Optional.empty() : Optional.of(ForbiddenAction.INSTANCE);
    }

    private Optional<MatchPolicy> findMatchPolicy(MethodInvocation methodInvocation) {
        Object obj = methodInvocation.getThis();
        Class<?> cls = null;
        if (Objects.nonNull(obj)) {
            cls = obj instanceof Class ? (Class) obj : AopProxyUtils.ultimateTargetClass(obj);
        }
        return Optional.ofNullable((MatchPolicy) findAnnotation(methodInvocation.getMethod(), cls, MatchPolicy.class));
    }

    protected <A extends Annotation> A findAnnotation(Method method, Class<?> cls, Class<A> cls2) {
        A a;
        Method mostSpecificMethod = ClassUtils.getMostSpecificMethod(method, cls);
        A a2 = (A) AnnotationUtils.findAnnotation(mostSpecificMethod, cls2);
        if (a2 != null) {
            log.debug("Method {} has marked: {}", mostSpecificMethod, a2);
            return a2;
        }
        if (mostSpecificMethod != method && (a = (A) AnnotationUtils.findAnnotation(method, cls2)) != null) {
            log.debug("Method {} has marked: {}", method, a);
            return a;
        }
        A a3 = (A) AnnotationUtils.findAnnotation(mostSpecificMethod.getDeclaringClass(), cls2);
        if (a3 == null) {
            return null;
        }
        log.debug("Method {} has marked: {}", mostSpecificMethod.getDeclaringClass().getName(), a3);
        return a3;
    }
}
