package com.alibaba.nacos.plugin.auth.impl.roles;

import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.common.utils.CollectionUtils;
import com.alibaba.nacos.common.utils.ConcurrentHashSet;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.core.utils.Loggers;
import com.alibaba.nacos.persistence.model.Page;
import com.alibaba.nacos.plugin.auth.api.Permission;
import com.alibaba.nacos.plugin.auth.api.Resource;
import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants;
import com.alibaba.nacos.plugin.auth.impl.persistence.PermissionInfo;
import com.alibaba.nacos.plugin.auth.impl.persistence.PermissionPersistService;
import com.alibaba.nacos.plugin.auth.impl.persistence.RoleInfo;
import com.alibaba.nacos.plugin.auth.impl.persistence.RolePersistService;
import com.alibaba.nacos.plugin.auth.impl.users.NacosUser;
import com.alibaba.nacos.plugin.auth.impl.users.NacosUserDetailsServiceImpl;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceImpl.class */
public class NacosRoleServiceImpl {
    private static final int DEFAULT_PAGE_NO = 1;

    @Autowired
    private AuthConfigs authConfigs;

    @Autowired
    private RolePersistService rolePersistService;

    @Autowired
    private NacosUserDetailsServiceImpl userDetailsService;

    @Autowired
    private PermissionPersistService permissionPersistService;
    private volatile Set<String> roleSet = new ConcurrentHashSet();
    private volatile Map<String, List<RoleInfo>> roleInfoMap = new ConcurrentHashMap();
    private volatile Map<String, List<PermissionInfo>> permissionInfoMap = new ConcurrentHashMap();

    @Scheduled(initialDelay = 5000, fixedDelay = 15000)
    private void reload() {
        try {
            Page<RoleInfo> rolesByUserNameAndRoleName = this.rolePersistService.getRolesByUserNameAndRoleName(AuthConstants.DEFAULT_TOKEN_SECRET_KEY, AuthConstants.DEFAULT_TOKEN_SECRET_KEY, DEFAULT_PAGE_NO, Integer.MAX_VALUE);
            if (rolesByUserNameAndRoleName == null) {
                return;
            }
            HashSet<String> hashSet = new HashSet(16);
            ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap(16);
            for (RoleInfo roleInfo : rolesByUserNameAndRoleName.getPageItems()) {
                if (!concurrentHashMap.containsKey(roleInfo.getUsername())) {
                    concurrentHashMap.put(roleInfo.getUsername(), new ArrayList());
                }
                ((List) concurrentHashMap.get(roleInfo.getUsername())).add(roleInfo);
                hashSet.add(roleInfo.getRole());
            }
            ConcurrentHashMap concurrentHashMap2 = new ConcurrentHashMap(16);
            for (String str : hashSet) {
                concurrentHashMap2.put(str, this.permissionPersistService.getPermissions(str, DEFAULT_PAGE_NO, Integer.MAX_VALUE).getPageItems());
            }
            this.roleSet = hashSet;
            this.roleInfoMap = concurrentHashMap;
            this.permissionInfoMap = concurrentHashMap2;
        } catch (Exception e) {
            Loggers.AUTH.warn("[LOAD-ROLES] load failed", e);
        }
    }

    public boolean hasPermission(NacosUser nacosUser, Permission permission) {
        if (AuthConstants.UPDATE_PASSWORD_ENTRY_POINT.equals(permission.getResource().getName())) {
            return true;
        }
        List<RoleInfo> roles = getRoles(nacosUser.getUserName());
        if (CollectionUtils.isEmpty(roles)) {
            return false;
        }
        Iterator<RoleInfo> it = roles.iterator();
        while (it.hasNext()) {
            if (AuthConstants.GLOBAL_ADMIN_ROLE.equals(it.next().getRole())) {
                nacosUser.setGlobalAdmin(true);
                return true;
            }
        }
        if (permission.getResource().getName().startsWith(AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX)) {
            return false;
        }
        Iterator<RoleInfo> it2 = roles.iterator();
        while (it2.hasNext()) {
            List<PermissionInfo> permissions = getPermissions(it2.next().getRole());
            if (!CollectionUtils.isEmpty(permissions)) {
                for (PermissionInfo permissionInfo : permissions) {
                    String replaceAll = permissionInfo.getResource().replaceAll("\\*", ".*");
                    if (permissionInfo.getAction().contains(permission.getAction()) && Pattern.matches(replaceAll, joinResource(permission.getResource()))) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    public List<RoleInfo> getRoles(String str) {
        Page<RoleInfo> rolesFromDatabase;
        List<RoleInfo> list = this.roleInfoMap.get(str);
        if ((!this.authConfigs.isCachingEnabled() || list == null) && (rolesFromDatabase = getRolesFromDatabase(str, AuthConstants.DEFAULT_TOKEN_SECRET_KEY, DEFAULT_PAGE_NO, Integer.MAX_VALUE)) != null) {
            list = rolesFromDatabase.getPageItems();
            if (!CollectionUtils.isEmpty(list)) {
                this.roleInfoMap.put(str, list);
            }
        }
        return list;
    }

    public List<RoleInfo> getAllRoles() {
        Page<RoleInfo> rolesByUserNameAndRoleName = this.rolePersistService.getRolesByUserNameAndRoleName(AuthConstants.DEFAULT_TOKEN_SECRET_KEY, AuthConstants.DEFAULT_TOKEN_SECRET_KEY, DEFAULT_PAGE_NO, Integer.MAX_VALUE);
        if (rolesByUserNameAndRoleName == null) {
            return null;
        }
        return rolesByUserNameAndRoleName.getPageItems();
    }

    public Page<RoleInfo> getRolesFromDatabase(String str, String str2, int i, int i2) {
        Page<RoleInfo> rolesByUserNameAndRoleName = this.rolePersistService.getRolesByUserNameAndRoleName(str, str2, i, i2);
        return rolesByUserNameAndRoleName == null ? new Page<>() : rolesByUserNameAndRoleName;
    }

    public List<PermissionInfo> getPermissions(String str) {
        Page<PermissionInfo> permissionsFromDatabase;
        List<PermissionInfo> list = this.permissionInfoMap.get(str);
        if ((!this.authConfigs.isCachingEnabled() || list == null) && (permissionsFromDatabase = getPermissionsFromDatabase(str, DEFAULT_PAGE_NO, Integer.MAX_VALUE)) != null) {
            list = permissionsFromDatabase.getPageItems();
            if (!CollectionUtils.isEmpty(list)) {
                this.permissionInfoMap.put(str, list);
            }
        }
        return list;
    }

    public Page<PermissionInfo> getPermissionsByRoleFromDatabase(String str, int i, int i2) {
        return this.permissionPersistService.getPermissions(str, i, i2);
    }

    public void addRole(String str, String str2) {
        if (this.userDetailsService.getUserFromDatabase(str2) == null) {
            throw new IllegalArgumentException("user '" + str2 + "' not found!");
        }
        if (AuthConstants.GLOBAL_ADMIN_ROLE.equals(str)) {
            throw new IllegalArgumentException("role 'ROLE_ADMIN' is not permitted to create!");
        }
        this.rolePersistService.addRole(str, str2);
        this.roleSet.add(str);
    }

    public void addAdminRole(String str) {
        if (this.userDetailsService.getUserFromDatabase(str) == null) {
            throw new IllegalArgumentException("user '" + str + "' not found!");
        }
        if (hasGlobalAdminRole()) {
            throw new IllegalArgumentException("role 'ROLE_ADMIN' already exist !");
        }
        this.rolePersistService.addRole(AuthConstants.GLOBAL_ADMIN_ROLE, str);
        this.roleSet.add(AuthConstants.GLOBAL_ADMIN_ROLE);
        this.authConfigs.setHasGlobalAdminRole(true);
    }

    public void deleteRole(String str, String str2) {
        this.rolePersistService.deleteRole(str, str2);
    }

    public void deleteRole(String str) {
        this.rolePersistService.deleteRole(str);
        this.roleSet.remove(str);
    }

    public Page<PermissionInfo> getPermissionsFromDatabase(String str, int i, int i2) {
        Page<PermissionInfo> permissions = this.permissionPersistService.getPermissions(str, i, i2);
        return permissions == null ? new Page<>() : permissions;
    }

    public void addPermission(String str, String str2, String str3) {
        if (!this.roleSet.contains(str)) {
            throw new IllegalArgumentException("role " + str + " not found!");
        }
        this.permissionPersistService.addPermission(str, str2, str3);
    }

    public void deletePermission(String str, String str2, String str3) {
        this.permissionPersistService.deletePermission(str, str2, str3);
    }

    public List<String> findRolesLikeRoleName(String str) {
        return this.rolePersistService.findRolesLikeRoleName(str);
    }

    private String joinResource(Resource resource) {
        if ("specified".equals(resource.getType())) {
            return resource.getName();
        }
        StringBuilder sb = new StringBuilder();
        String namespaceId = resource.getNamespaceId();
        if (StringUtils.isNotBlank(namespaceId) && !"public".equals(namespaceId)) {
            sb.append(namespaceId);
        }
        String group = resource.getGroup();
        if (StringUtils.isBlank(group)) {
            sb.append(":").append('*');
        } else {
            sb.append(":").append(group);
        }
        String name = resource.getName();
        if (StringUtils.isBlank(name)) {
            sb.append(":").append(resource.getType().toLowerCase()).append("/*");
        } else {
            sb.append(":").append(resource.getType().toLowerCase()).append('/').append(name);
        }
        return sb.toString();
    }

    public Page<RoleInfo> findRolesLike4Page(String str, String str2, int i, int i2) {
        return this.rolePersistService.findRolesLike4Page(str, str2, i, i2);
    }

    public Page<PermissionInfo> findPermissionsLike4Page(String str, int i, int i2) {
        return this.permissionPersistService.findPermissionsLike4Page(str, i, i2);
    }

    public boolean hasGlobalAdminRole(String str) {
        return getRoles(str).stream().anyMatch(roleInfo -> {
            return AuthConstants.GLOBAL_ADMIN_ROLE.equals(roleInfo.getRole());
        });
    }

    public boolean hasGlobalAdminRole() {
        if (this.authConfigs.isHasGlobalAdminRole()) {
            return true;
        }
        List<RoleInfo> allRoles = getAllRoles();
        boolean z = CollectionUtils.isNotEmpty(allRoles) && allRoles.stream().anyMatch(roleInfo -> {
            return AuthConstants.GLOBAL_ADMIN_ROLE.equals(roleInfo.getRole());
        });
        this.authConfigs.setHasGlobalAdminRole(z);
        return z;
    }
}
