package cn.flood.jwtp.util;

import cn.flood.Func;
import cn.flood.UserToken;
import cn.flood.json.JsonUtils;
import cn.flood.jwtp.annotation.Ignore;
import cn.flood.jwtp.annotation.Logical;
import cn.flood.jwtp.annotation.RequiresPermissions;
import cn.flood.jwtp.annotation.RequiresRoles;
import cn.flood.jwtp.annotation.RequiresToken;
import cn.flood.jwtp.perm.UrlPerm;
import cn.flood.jwtp.perm.UrlPermResult;
import cn.flood.jwtp.requestWrapper.RequestWrapper;
import java.lang.reflect.Method;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.method.HandlerMethod;

/* loaded from: input_file:cn/flood/jwtp/util/CheckPermissionUtil.class */
public class CheckPermissionUtil {
    public static boolean checkIgnore(Method method) {
        return (((Ignore) method.getAnnotation(Ignore.class)) == null && ((Ignore) method.getDeclaringClass().getAnnotation(Ignore.class)) == null) ? false : true;
    }

    public static boolean checkToken(Method method) {
        return (((RequiresToken) method.getAnnotation(RequiresToken.class)) == null && ((RequiresToken) method.getDeclaringClass().getAnnotation(RequiresToken.class)) == null) ? false : true;
    }

    public static boolean checkPermission(UserToken userToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, UrlPerm urlPerm) {
        String[] values;
        Logical logical;
        Method method = ((HandlerMethod) obj).getMethod();
        RequiresPermissions requiresPermissions = (RequiresPermissions) method.getAnnotation(RequiresPermissions.class);
        if (requiresPermissions == null) {
            requiresPermissions = (RequiresPermissions) method.getDeclaringClass().getAnnotation(RequiresPermissions.class);
        }
        if (requiresPermissions != null) {
            values = requiresPermissions.value();
            logical = requiresPermissions.logical();
        } else {
            if (urlPerm == null) {
                return true;
            }
            UrlPermResult permission = urlPerm.getPermission(httpServletRequest, httpServletResponse, (HandlerMethod) obj);
            values = permission.getValues();
            logical = permission.getLogical();
        }
        return SecureUtil.hasPermission(userToken, values, logical);
    }

    public static boolean checkRole(UserToken userToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, UrlPerm urlPerm) {
        String[] values;
        Logical logical;
        Method method = ((HandlerMethod) obj).getMethod();
        RequiresRoles requiresRoles = (RequiresRoles) method.getAnnotation(RequiresRoles.class);
        if (requiresRoles == null) {
            requiresRoles = (RequiresRoles) method.getDeclaringClass().getAnnotation(RequiresRoles.class);
        }
        if (requiresRoles != null) {
            values = requiresRoles.value();
            logical = requiresRoles.logical();
        } else {
            if (urlPerm == null) {
                return true;
            }
            UrlPermResult roles = urlPerm.getRoles(httpServletRequest, httpServletResponse, (HandlerMethod) obj);
            values = roles.getValues();
            logical = roles.getLogical();
        }
        return SecureUtil.hasRole(userToken, values, logical);
    }

    public static boolean isNoPermission(UserToken userToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, UrlPerm urlPerm) {
        return (checkPermission(userToken, httpServletRequest, httpServletResponse, obj, urlPerm) && checkRole(userToken, httpServletRequest, httpServletResponse, obj, urlPerm)) ? false : true;
    }

    public static void passOptions(HttpServletResponse httpServletResponse) {
        httpServletResponse.setStatus(200);
        httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
        httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", "Content-Type, x-requested-with, X-Custom-Header, Authorization");
    }

    public static String takeToken(HttpServletRequest httpServletRequest) {
        String parameter;
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || header.length() < 7) {
            parameter = httpServletRequest.getParameter("access_token");
            if (parameter == null || parameter.trim().isEmpty()) {
                String bodyString = new RequestWrapper(httpServletRequest).getBodyString(httpServletRequest);
                if (!Func.isEmpty(bodyString)) {
                    parameter = (String) JsonUtils.toMap(bodyString).get("access_token");
                }
            }
        } else {
            parameter = header.substring(7);
        }
        return parameter;
    }
}
