package co.pishfa.security.service;

import co.pishfa.accelerate.cache.Cache;
import co.pishfa.accelerate.cache.CacheKey;
import co.pishfa.accelerate.cache.CacheService;
import co.pishfa.accelerate.cache.NamedCached;
import co.pishfa.accelerate.cdi.CdiUtils;
import co.pishfa.accelerate.core.FrameworkExtension;
import co.pishfa.accelerate.portal.service.PageMetadataService;
import co.pishfa.accelerate.service.Service;
import co.pishfa.accelerate.utility.StrUtils;
import co.pishfa.security.entity.authentication.Domain;
import co.pishfa.security.entity.authentication.Identity;
import co.pishfa.security.entity.authentication.Principal;
import co.pishfa.security.entity.authentication.User;
import co.pishfa.security.entity.authorization.Action;
import co.pishfa.security.entity.authorization.Permission;
import co.pishfa.security.entity.authorization.PermissionDef;
import co.pishfa.security.entity.authorization.PermissionScope;
import co.pishfa.security.entity.authorization.Representative;
import co.pishfa.security.entity.authorization.Role;
import co.pishfa.security.entity.authorization.RoleAssignment;
import co.pishfa.security.repo.ActionRepo;
import co.pishfa.security.repo.PermissionDefRepo;
import co.pishfa.security.repo.PermissionRepo;
import co.pishfa.security.repo.RoleAssignmentRepo;
import co.pishfa.security.service.handler.ActionHandler;
import co.pishfa.security.service.handler.BlockScopeHandler;
import co.pishfa.security.service.handler.PermissionScopeHandler;
import co.pishfa.security.service.handler.ScopeHandler;
import java.io.Serializable;
import java.lang.annotation.Annotation;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import org.apache.commons.lang3.Validate;
import org.slf4j.Logger;

@Service
/* loaded from: input_file:co/pishfa/security/service/AuthorizationService.class */
public class AuthorizationService implements Serializable {
    private static final long serialVersionUID = 1;

    @Inject
    private Logger log;

    @Inject
    private PermissionRepo permissionRepo;

    @Inject
    private PermissionDefRepo permissionDefRepo;

    @Inject
    private RoleAssignmentRepo roleAssignmentRepo;

    @Inject
    private ActionRepo actionRepo;

    @Inject
    private CacheService cacheService;
    private Cache<Principal, Map<String, Permission>> principalPermissions;
    private final BlockScopeHandler blockScopeHandler = new BlockScopeHandler();
    private final Map<String, ActionHandler> actionHandlers = new HashMap(51);
    private final Map<String, PermissionScopeHandler<?>> scopeHandlers = new HashMap(51);
    private final Map<String, Action> actionsByName = new HashMap(201);

    public static AuthorizationService getInstance() {
        return (AuthorizationService) CdiUtils.getInstance(AuthorizationService.class, new Annotation[0]);
    }

    @PostConstruct
    public void init() {
        for (Class<?> cls : FrameworkExtension.getScopeHandlers()) {
            try {
                add(((ScopeHandler) cls.getAnnotation(ScopeHandler.class)).value(), (PermissionScopeHandler<?>) cls.newInstance());
            } catch (Exception e) {
                this.log.error("", e);
            }
        }
        this.principalPermissions = this.cacheService.getCache("principalPermissions");
        for (T t : this.actionRepo.findAll()) {
            this.actionsByName.put(t.getName(), t);
        }
    }

    public void add(String str, ActionHandler actionHandler) {
        this.actionHandlers.put(str, actionHandler);
    }

    public void add(String str, PermissionScopeHandler<?> permissionScopeHandler) {
        this.scopeHandlers.put(str, permissionScopeHandler);
    }

    public <E> PermissionScopeHandler<E> getScopeHandler(Permission permission) {
        return permission != null ? getScopeHandler(permission.getDefinition().getScope()) : this.blockScopeHandler;
    }

    public <E> PermissionScopeHandler<E> getScopeHandler(PermissionScope permissionScope) {
        if (permissionScope == null) {
            return null;
        }
        return (PermissionScopeHandler) this.scopeHandlers.get(permissionScope.getName());
    }

    public ActionHandler getActionHandler(String str) {
        return this.actionHandlers.get(str);
    }

    @NamedCached("userImpliedRoles")
    public Map<String, Role> getImpliedRoles(User user) {
        HashMap hashMap = new HashMap();
        addPrincipalRoles(addPrincipals(user), hashMap);
        return hashMap;
    }

    protected List<Long> addPrincipals(User user) {
        ArrayList arrayList = new ArrayList(8);
        Domain domain = user.getDomain();
        while (true) {
            Domain domain2 = domain;
            if (domain2 == null) {
                arrayList.add(user.getId());
                return arrayList;
            }
            arrayList.add(0, domain2.getId());
            domain = domain2.getDomain();
        }
    }

    protected void addPrincipalRoles(List<Long> list, Map<String, Role> map) {
        for (RoleAssignment roleAssignment : this.roleAssignmentRepo.findByPrincipals(list)) {
            if (roleAssignment.isActive()) {
                addRole(map, roleAssignment.getRole());
            }
        }
    }

    protected void addRole(Map<String, Role> map, Role role) {
        map.put(role.getName(), role);
        if (role.getRoles() != null) {
            Iterator<Role> it = role.getRoles().iterator();
            while (it.hasNext()) {
                addRole(map, it.next());
            }
        }
    }

    public Map<String, Permission> computeInheritedPermissions(Principal principal) {
        HashMap hashMap = new HashMap();
        computeInheritedPermissions(principal, hashMap);
        return hashMap;
    }

    private void computeInheritedPermissions(Principal principal, Map<String, Permission> map) {
        if (principal == null) {
            return;
        }
        switch (principal.getType()) {
            case USER:
                computeInheritedPermissions(principal.getDomain(), map);
                addPrincipalPermissions(principal.getDomain(), map);
                Iterator<Role> it = getImpliedRoles((User) principal).values().iterator();
                while (it.hasNext()) {
                    if (it.next().getRepresentative() != null) {
                        addPrincipalPermissions(principal, map);
                    }
                }
                return;
            case DOMAIN:
                computeInheritedPermissions(principal.getDomain(), map);
                return;
            default:
                return;
        }
    }

    @NamedCached("userImpliedPermissions")
    public Map<String, Permission> getImpliedPermissions(User user) {
        HashMap hashMap = new HashMap(1001);
        addDomainPermissions(user.getDomain(), hashMap);
        addPrincipalPermissions(user, hashMap);
        for (Role role : getImpliedRoles(user).values()) {
            if (role.getRepresentative() != null) {
                addPrincipalPermissions(role.getRepresentative(), hashMap);
            }
        }
        HashMap hashMap2 = new HashMap((hashMap.size() * 2) + 1);
        for (Map.Entry<String, Permission> entry : hashMap.entrySet()) {
            if (entry.getValue().getType().isAllow()) {
                hashMap2.put(entry.getKey(), entry.getValue());
            }
        }
        return hashMap2;
    }

    protected void addDomainPermissions(Domain domain, Map<String, Permission> map) {
        if (domain != null) {
            Map<String, Permission> ifPresent = this.principalPermissions.getIfPresent(domain);
            if (ifPresent == null) {
                ifPresent = new HashMap();
                addDomainPermissions(domain.getParent(), ifPresent);
                addPrincipalPermissions(domain, ifPresent);
                this.principalPermissions.put(domain, ifPresent);
            }
            map.putAll(ifPresent);
        }
    }

    protected void addPrincipalPermissions(Principal principal, Map<String, Permission> map) {
        for (Permission permission : this.permissionRepo.findByPrincipal(principal)) {
            if (permission.isActive()) {
                PermissionDef definition = permission.getDefinition();
                Representative representative = definition.getRepresentative();
                if (representative != null) {
                    addPrincipalPermissions(representative, map);
                } else {
                    addPermission(permission, map);
                    addIncludes(permission, definition, map);
                }
            }
        }
    }

    protected void addIncludes(Permission permission, PermissionDef permissionDef, Map<String, Permission> map) {
        if (permissionDef.getInclude() != null) {
            for (PermissionDef permissionDef2 : permissionDef.getInclude()) {
                addPermission(new Permission(permissionDef2, permission.getPrincipal()), map);
                addIncludes(permission, permissionDef2, map);
            }
        }
        List<PermissionDef> findDescentsByActionAndScope = this.permissionDefRepo.findDescentsByActionAndScope(permissionDef.getAction(), permissionDef.getScope());
        if (findDescentsByActionAndScope != null) {
            for (PermissionDef permissionDef3 : findDescentsByActionAndScope) {
                addPermission(new Permission(permissionDef3, permission.getPrincipal()), map);
                addIncludes(permission, permissionDef3, map);
            }
        }
    }

    protected void addPermission(Permission permission, Map<String, Permission> map) {
        String name = permission.getDefinition().getAction().getName();
        if (overrides(permission, map.get(name))) {
            map.put(name, permission);
        }
    }

    protected boolean overrides(Permission permission, Permission permission2) {
        return permission2 == null || !permission2.getType().isVeto();
    }

    public Permission findPermission(Identity identity, String str) {
        Permission permission;
        String generalizeAction;
        Map<String, Permission> impliedPermissions = getInstance().getImpliedPermissions(identity.getUser());
        String str2 = str;
        do {
            permission = impliedPermissions.get(str2);
            if (permission != null) {
                break;
            }
            generalizeAction = generalizeAction(str2);
            str2 = generalizeAction;
        } while (generalizeAction != null);
        return permission;
    }

    public boolean hasPermission(Identity identity, Object obj, String str) {
        Validate.notNull(identity);
        if (StrUtils.isEmpty(str)) {
            return true;
        }
        Permission findPermission = findPermission(identity, str);
        if (findPermission != null) {
            if (obj == null) {
                return true;
            }
            PermissionScopeHandler scopeHandler = getScopeHandler(findPermission.getDefinition().getScope());
            if (scopeHandler != null) {
                return scopeHandler.check(identity, obj, str, findPermission);
            }
            return false;
        }
        ActionHandler actionHandler = getActionHandler(str);
        if (actionHandler != null) {
            return actionHandler.check(identity, obj, str);
        }
        try {
            this.actionRepo.findByName(str);
            return false;
        } catch (Exception e) {
            throw new IllegalArgumentException("Action " + str + " is undefined and no suitable action handler can be found.");
        }
    }

    protected String generalizeAction(String str) {
        if (PageMetadataService.GLOBAL.equals(str)) {
            return null;
        }
        if (str.endsWith(".*")) {
            str = str.substring(0, str.length() - ".*".length());
        }
        int lastIndexOf = str.lastIndexOf(46);
        return lastIndexOf < 0 ? PageMetadataService.GLOBAL : str.substring(0, lastIndexOf) + ".*";
    }

    public Action findAction(String str) {
        Action action;
        String generalizeAction;
        if (str == null) {
            return null;
        }
        do {
            action = this.actionsByName.get(str);
            if (action != null) {
                break;
            }
            generalizeAction = generalizeAction(str);
            str = generalizeAction;
        } while (generalizeAction != null);
        return action;
    }

    public void invalidateUserPermissions(User user) {
        CacheKey cacheKey = new CacheKey(new Object[]{user});
        this.cacheService.getCache("userImpliedPermissions").remove(cacheKey);
        this.cacheService.getCache("userImpliedRoles").remove(cacheKey);
    }

    public void invalidateAllPermissions() {
        this.cacheService.getCache("userImpliedPermissions").removeAll();
        this.cacheService.getCache("userImpliedRoles").removeAll();
        this.principalPermissions.removeAll();
    }
}
