package cn.omisheep.authz.core.interceptor;

import cn.omisheep.authz.AuHelper;
import cn.omisheep.authz.annotation.Auth;
import cn.omisheep.authz.annotation.OAuthScope;
import cn.omisheep.authz.annotation.OAuthScopeBasic;
import cn.omisheep.authz.core.AuthzException;
import cn.omisheep.authz.core.AuthzProperties;
import cn.omisheep.authz.core.ExceptionStatus;
import cn.omisheep.authz.core.NotLoginException;
import cn.omisheep.authz.core.PermissionException;
import cn.omisheep.authz.core.auth.PermLibrary;
import cn.omisheep.authz.core.auth.ipf.HttpMeta;
import cn.omisheep.authz.core.auth.rpd.PermRolesMeta;
import cn.omisheep.authz.core.config.Constants;
import cn.omisheep.authz.core.oauth.OpenAuthDict;
import cn.omisheep.authz.core.util.MetaUtils;
import cn.omisheep.commons.util.CollectionUtils;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.core.annotation.AnnotatedElementUtils;

@Aspect
/* loaded from: input_file:cn/omisheep/authz/core/interceptor/AuthzMethodPermissionChecker.class */
public class AuthzMethodPermissionChecker {
    private final PermLibrary permLibrary;
    private final HashMap<String, PermRolesMeta> prClassMeta = new HashMap<>();
    private final HashMap<String, PermRolesMeta> prMethodMeta = new HashMap<>();
    private final HashMap<String, OpenAuthDict.OAuthInfo> oauthInfoList = new HashMap<>();
    private final AuthzProperties properties;

    public AuthzMethodPermissionChecker(PermLibrary permLibrary, AuthzProperties authzProperties) {
        this.permLibrary = permLibrary;
        this.properties = authzProperties;
    }

    @Pointcut("@annotation(cn.omisheep.authz.annotation.Roles)")
    public void hasRoles() {
    }

    @Pointcut("@within(cn.omisheep.authz.annotation.Roles)")
    public void hasRolesInType() {
    }

    @Pointcut("@annotation(cn.omisheep.authz.annotation.Perms)")
    public void hasPerms() {
    }

    @Pointcut("@within(cn.omisheep.authz.annotation.Perms)")
    public void hasPermsInType() {
    }

    @Pointcut("@annotation(cn.omisheep.authz.annotation.Certificated)")
    public void hasCertificated() {
    }

    @Pointcut("@within(cn.omisheep.authz.annotation.Certificated)")
    public void hasCertificatedInType() {
    }

    @Pointcut("@within(org.springframework.web.bind.annotation.RequestMapping)")
    public void hasRequestMapping() {
    }

    @Before("!hasRequestMapping()&&(hasCertificated()||hasPerms()||hasRoles()||hasRolesInType()||hasPermsInType()||hasCertificatedInType())")
    public void checkPermissionAndRole(JoinPoint joinPoint) {
        if (!AuHelper.isLogin()) {
            throw new NotLoginException();
        }
        try {
            Class declaringType = joinPoint.getSignature().getDeclaringType();
            Method method = declaringType.getMethod(joinPoint.getSignature().getName(), joinPoint.getSignature().getParameterTypes());
            check(this.prClassMeta.computeIfAbsent(declaringType.getTypeName(), str -> {
                PermRolesMeta generatePermRolesMeta = MetaUtils.generatePermRolesMeta((Set<Auth>) AnnotatedElementUtils.getAllMergedAnnotations(declaringType, Auth.class));
                return generatePermRolesMeta == null ? new PermRolesMeta() : generatePermRolesMeta;
            }));
            check(this.prMethodMeta.computeIfAbsent(joinPoint.getSignature().toString(), str2 -> {
                PermRolesMeta generatePermRolesMeta = MetaUtils.generatePermRolesMeta((Set<Auth>) AnnotatedElementUtils.getAllMergedAnnotations(method, Auth.class));
                return generatePermRolesMeta == null ? new PermRolesMeta() : generatePermRolesMeta;
            }));
        } catch (NoSuchMethodException e) {
        }
    }

    private void check(PermRolesMeta permRolesMeta) {
        HttpMeta httpMeta = AuHelper.getHttpMeta();
        Set<String> roles = httpMeta.getRoles();
        if (permRolesMeta.getRoles() != null && (!CollectionUtils.containsSub(permRolesMeta.getRequireRoles(), roles) || CollectionUtils.containsSub(permRolesMeta.getExcludeRoles(), roles))) {
            throw new PermissionException();
        }
        if (permRolesMeta.getPermissions() != null) {
            Set<String> permissions = httpMeta.getPermissions();
            if (!CollectionUtils.containsSub(permRolesMeta.getRequirePermissions(), permissions) || CollectionUtils.containsSub(permRolesMeta.getExcludePermissions(), permissions)) {
                throw new PermissionException();
            }
        }
    }

    @Pointcut("@annotation(cn.omisheep.authz.annotation.OAuthScope)")
    public void hasOAuthScope() {
    }

    @Pointcut("@within(cn.omisheep.authz.annotation.OAuthScope)")
    public void hasOAuthScopeInType() {
    }

    @Pointcut("@annotation(cn.omisheep.authz.annotation.OAuthScopeBasic)")
    public void hasOAuthScopeBasic() {
    }

    @Pointcut("@within(cn.omisheep.authz.annotation.OAuthScopeBasic)")
    public void hasOAuthScopeBasicInType() {
    }

    @Before("!hasRequestMapping()&&(hasOAuthScope()||hasOAuthScopeInType()||hasOAuthScopeBasic()||hasOAuthScopeBasicInType())")
    public void checkScope(JoinPoint joinPoint) {
        if (!AuHelper.isLogin()) {
            throw new NotLoginException();
        }
        if (AuHelper.getToken().getClientId() == null) {
            return;
        }
        if (AuHelper.getHttpMeta().getScope().isEmpty() || AuHelper.getHttpMeta().getToken().getGrantType() == null) {
            throw new AuthzException(ExceptionStatus.SCOPE_EXCEPTION_OR_TYPE_ERROR);
        }
        try {
            Class declaringType = joinPoint.getSignature().getDeclaringType();
            Method method = declaringType.getMethod(joinPoint.getSignature().getName(), joinPoint.getSignature().getParameterTypes());
            OAuthScope oAuthScope = (OAuthScope) AnnotatedElementUtils.getMergedAnnotation(method, OAuthScope.class);
            OAuthScope oAuthScope2 = (OAuthScope) AnnotatedElementUtils.getMergedAnnotation(declaringType, OAuthScope.class);
            OAuthScopeBasic oAuthScopeBasic = (OAuthScopeBasic) AnnotatedElementUtils.getMergedAnnotation(method, OAuthScopeBasic.class);
            OpenAuthDict.OAuthInfo computeIfAbsent = this.oauthInfoList.computeIfAbsent(joinPoint.getSignature().toLongString(), str -> {
                return merge(oAuthScope, oAuthScope2, oAuthScopeBasic, oAuthScopeBasic);
            });
            if (computeIfAbsent.non()) {
                return;
            }
            if (!computeIfAbsent.getType().contains(AuHelper.getToken().getGrantType())) {
                throw new AuthzException(ExceptionStatus.SCOPE_EXCEPTION_OR_TYPE_ERROR);
            }
            if (!AuHelper.getHttpMeta().getScope().containsAll(computeIfAbsent.getScope())) {
                throw new AuthzException(ExceptionStatus.SCOPE_EXCEPTION_OR_TYPE_ERROR);
            }
        } catch (NoSuchMethodException e) {
        }
    }

    private OpenAuthDict.OAuthInfo merge(OAuthScope oAuthScope, OAuthScope oAuthScope2, OAuthScopeBasic oAuthScopeBasic, OAuthScopeBasic oAuthScopeBasic2) {
        String defaultBasicScope;
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        if ((oAuthScopeBasic != null || oAuthScopeBasic2 != null) && (defaultBasicScope = this.properties.getOauth().getDefaultBasicScope()) != null) {
            hashSet.addAll(Arrays.asList(defaultBasicScope.split(Constants.BLANK)));
        }
        if (oAuthScope != null) {
            hashSet.addAll(Arrays.asList(oAuthScope.scope()));
            hashSet2.addAll(Arrays.asList(oAuthScope.type()));
        }
        if (oAuthScope2 != null) {
            hashSet.addAll(Arrays.asList(oAuthScope2.scope()));
            hashSet2.addAll(Arrays.asList(oAuthScope2.type()));
        }
        if (oAuthScopeBasic != null) {
            hashSet.addAll(Arrays.asList(oAuthScopeBasic.scope()));
            hashSet2.addAll(Arrays.asList(oAuthScopeBasic.type()));
        }
        if (oAuthScopeBasic2 != null) {
            hashSet.addAll(Arrays.asList(oAuthScopeBasic2.scope()));
            hashSet2.addAll(Arrays.asList(oAuthScopeBasic2.type()));
        }
        return (hashSet.isEmpty() || hashSet2.isEmpty()) ? new OpenAuthDict.OAuthInfo() : new OpenAuthDict.OAuthInfo().setScope(hashSet).setType(hashSet2);
    }
}
