package systems.dennis.shared.auth_client.beans;

import jakarta.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import java.lang.reflect.Parameter;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import systems.dennis.shared.annotations.WebFormsSupport;
import systems.dennis.shared.annotations.security.Id;
import systems.dennis.shared.annotations.security.NoCondition;
import systems.dennis.shared.annotations.security.PermissionCheck;
import systems.dennis.shared.annotations.security.Secured;
import systems.dennis.shared.annotations.security.SelfOnlyRole;
import systems.dennis.shared.annotations.security.WithRole;
import systems.dennis.shared.annotations.security.WithRoles;
import systems.dennis.shared.annotations.security.selfchecker.AbstractSelfChecker;
import systems.dennis.shared.annotations.security.selfchecker.NoChecker;
import systems.dennis.shared.auth_client.SecurityUtils;
import systems.dennis.shared.auth_client.exception.RolesNotFoundForTokenException;
import systems.dennis.shared.auth_client.form.UserTokenDTO;
import systems.dennis.shared.config.WebContext;
import systems.dennis.shared.controller.SearchEntityApi;
import systems.dennis.shared.exceptions.AuthorizationFailedException;
import systems.dennis.shared.exceptions.AuthorizationNotFoundException;
import systems.dennis.shared.exceptions.ItemNotUserException;
import systems.dennis.shared.model.AbstractUserAssignableElement;
import systems.dennis.shared.model.IDPresenter;
import systems.dennis.shared.postgres.form.DefaultForm;
import systems.dennis.shared.service.AbstractService;
import systems.dennis.shared.utils.ApplicationContext;

@Aspect
/* loaded from: input_file:systems/dennis/shared/auth_client/beans/BasicAuthAoe.class */
public abstract class BasicAuthAoe extends ApplicationContext {
    private static final Logger log = LoggerFactory.getLogger(BasicAuthAoe.class);
    private static final String ROLE_SIGNED = "ROLE_ANY";

    public BasicAuthAoe(WebContext webContext) {
        super(webContext);
        log.debug("Initializing Basic auth... ");
    }

    @Pointcut("execution(public * *(..))")
    public void anyPublicMethod() {
    }

    @Pointcut("@annotation(systems.dennis.shared.annotations.security.WithRole)")
    public void withRole2() {
    }

    @Before("withRole2()")
    public void beforeAdvice(JoinPoint joinPoint) {
        Method method = joinPoint.getSignature().getMethod();
        if (method.getAnnotation(WithRole.class) == null) {
            return;
        }
        log.debug("In method: " + method.getName());
        Object[] args = joinPoint.getArgs();
        Object target = joinPoint.getTarget();
        if (checkPermission(method, target, args)) {
            return;
        }
        runAllSecurityAnnotations(method, args, target);
        checkSelf(method, target, args);
    }

    private boolean checkPermission(Method method, Object obj, Object[] objArr) {
        Class ignoreOnCondition = method.getAnnotation(WithRole.class).ignoreOnCondition();
        if (ignoreOnCondition == NoCondition.class) {
            return false;
        }
        try {
            PermissionCheck permissionCheck = (PermissionCheck) ignoreOnCondition.getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
            return obj instanceof SearchEntityApi ? permissionCheck.checkIgnorePermission(objArr, (AbstractService) getBean(SearchEntityApi.findServiceByType(String.valueOf(objArr[0]))), getContext()) : permissionCheck.checkIgnorePermission(objArr, obj, getContext());
        } catch (Exception e) {
            log.error("Error during permission check: " + e.getMessage());
            return false;
        }
    }

    private void checkSelf(Method method, Object obj, Object[] objArr) {
        SecurityUtils securityUtils = (SecurityUtils) getContext().getBean(SecurityUtils.class);
        if (method.getAnnotation(SelfOnlyRole.class) == null) {
            return;
        }
        WebFormsSupport annotation = obj.getClass().getAnnotation(WebFormsSupport.class);
        if (annotation == null) {
            throw new IllegalArgumentException("Self check can be applied to object that contains interface RepoService ");
        }
        Parameter[] parameters = method.getParameters();
        if (parameters == null || parameters.length == 0) {
            throw new IllegalArgumentException("Self role without ID detection, very strange....");
        }
        int i = -1;
        if (parameters.length == 1) {
            i = 0;
        }
        Id id = null;
        int i2 = 0;
        int length = parameters.length;
        while (true) {
            if (i2 >= length) {
                break;
            }
            Parameter parameter = parameters[i2];
            if (parameter.getAnnotation(Id.class) != null) {
                i = i2;
                id = (Id) parameter.getAnnotation(Id.class);
                break;
            }
            i2++;
        }
        if (i == -1) {
            throw new IllegalArgumentException("NO @ID for the argument, haven't your forgot to add one? " + String.valueOf(method));
        }
        AbstractService abstractService = (AbstractService) getBean(annotation.value());
        if (objArr[i] instanceof DefaultForm) {
            DefaultForm defaultForm = (DefaultForm) objArr[i];
            try {
                if (!abstractService.getByIdAndUserDataId(defaultForm.getId(), getCurrentUser())) {
                    abstractService.checkMy(abstractService.findByIdOrThrow(defaultForm.getId()));
                }
                return;
            } catch (Exception e) {
                throw new ItemNotUserException();
            }
        }
        IDPresenter findByIdOrThrow = abstractService.findByIdOrThrow((Long) objArr[i]);
        if (findByIdOrThrow instanceof AbstractUserAssignableElement) {
            securityUtils.isMy(findByIdOrThrow);
        } else if (id != null) {
            if (id.checker() == NoChecker.class) {
                log.info("Entity of class: " + String.valueOf(findByIdOrThrow.getClass()) + " is not really instance of LongAssignableEntity");
            } else {
                ((AbstractSelfChecker) id.checker().getConstructor(new Class[0]).newInstance(new Object[0])).check(securityUtils.tokenFromHeader(), findByIdOrThrow, getContext());
            }
        }
    }

    private void runAllSecurityAnnotations(Method method, Object[] objArr, Object obj) {
        HttpServletRequest request = getContext().getRequest();
        if (request == null) {
            log.error("No HttpServletRequest");
            log.error("HttpServletRequest is not existing on " + obj.getClass().getName());
        } else {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(getRolesByAnnotation(method, request));
            arrayList.addAll(additionalRoles(obj));
            validate(request, arrayList, RoleValidationType.ALL);
        }
    }

    private List<String> getRolesByAnnotation(Method method, HttpServletRequest httpServletRequest) {
        WithRole annotation = method.getAnnotation(WithRole.class);
        if (annotation != null) {
            if (annotation.or().equals("")) {
                return Collections.singletonList(annotation.value());
            }
            try {
                validate(httpServletRequest, Collections.singletonList(annotation.value()), RoleValidationType.ALL);
            } catch (Exception e) {
                return Collections.singletonList(annotation.or());
            }
        }
        WithRoles annotation2 = method.getAnnotation(WithRoles.class);
        if (annotation2 == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (WithRole withRole : annotation2.roles()) {
            arrayList.add(withRole.value());
        }
        return arrayList;
    }

    public List<String> additionalRoles(Object obj) {
        return obj.getClass().getAnnotation(Secured.class) != null ? Arrays.asList(obj.getClass().getAnnotation(Secured.class).roles()) : Collections.emptyList();
    }

    public void validate(HttpServletRequest httpServletRequest, List<String> list, RoleValidationType roleValidationType) throws AuthorizationNotFoundException, RolesNotFoundForTokenException {
        log.info("----- auth client started ------");
        UserTokenDTO userTokenDTO = ((SecurityUtils) getBean(SecurityUtils.class)).get();
        if (httpServletRequest.getHeader(SecurityUtils.AUTHORIZATION_HEADER) == null && userTokenDTO == null) {
            throw new AuthorizationNotFoundException("No token, expected to have token");
        }
        if (list == null || !list.isEmpty()) {
            if (userTokenDTO == null) {
                throw new AuthorizationFailedException("Invalid token");
            }
            userTokenDTO.validate(getContext());
            StringBuilder sb = new StringBuilder();
            boolean z = false;
            if (list == null) {
                return;
            }
            for (String str : list) {
                if (!str.equalsIgnoreCase(ROLE_SIGNED)) {
                    boolean z2 = false;
                    Iterator<String> it = userTokenDTO.getRoleList().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        if (str.equalsIgnoreCase(it.next())) {
                            if (roleValidationType == RoleValidationType.ONE) {
                                z = true;
                            }
                            z2 = true;
                        }
                    }
                    if (!z2) {
                        sb.append("Role ").append(str).append(" not assigned to user");
                    }
                }
            }
            if ((sb.length() > 0 && roleValidationType == RoleValidationType.ALL) || (!z && roleValidationType == RoleValidationType.ONE)) {
                throw new RolesNotFoundForTokenException(sb.toString());
            }
        }
    }
}
