package net.ideahut.springboot.admin;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.UUID;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.ideahut.springboot.admin.AdminProperties;
import net.ideahut.springboot.mapper.DataMapper;
import net.ideahut.springboot.mapper.DataMapperImpl;
import net.ideahut.springboot.object.MapStringObject;
import net.ideahut.springboot.object.Result;
import net.ideahut.springboot.security.SecurityAuthorization;
import net.ideahut.springboot.security.SecurityCredential;
import net.ideahut.springboot.security.SecurityUser;
import net.ideahut.springboot.util.RequestUtil;
import net.ideahut.springboot.util.StringUtil;
import net.ideahut.springboot.util.WebUtil;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;

/* loaded from: input_file:net/ideahut/springboot/admin/AdminSecurity.class */
public class AdminSecurity implements SecurityAuthorization, InitializingBean {
    private SecurityCredential credential;
    private AdminProperties properties;
    private DataMapper dataMapper;
    private String headerKey;
    private Boolean enableRemoteHost;
    private Boolean enableUserAgent;

    public AdminSecurity setCredential(SecurityCredential securityCredential) {
        this.credential = securityCredential;
        return this;
    }

    public AdminSecurity setProperties(AdminProperties adminProperties) {
        this.properties = adminProperties;
        return this;
    }

    public AdminSecurity setDataMapper(DataMapper dataMapper) {
        this.dataMapper = dataMapper;
        return this;
    }

    public AdminSecurity setHeaderKey(String str) {
        this.headerKey = str;
        return this;
    }

    public String getHeaderKey() {
        return this.headerKey;
    }

    public AdminSecurity setEnableRemoteHost(Boolean bool) {
        this.enableRemoteHost = bool;
        return this;
    }

    public AdminSecurity setEnableUserAgent(Boolean bool) {
        this.enableUserAgent = bool;
        return this;
    }

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.credential, "credential is required");
        Assert.notNull(this.properties, "properties is required");
        this.headerKey = this.headerKey != null ? this.headerKey.trim() : "";
        if (this.headerKey.isEmpty()) {
            this.headerKey = "Authorization";
        }
        if (this.dataMapper == null) {
            this.dataMapper = new DataMapperImpl();
        }
        if (this.enableRemoteHost == null) {
            this.enableRemoteHost = Boolean.FALSE;
        }
        if (this.enableUserAgent == null) {
            this.enableUserAgent = Boolean.FALSE;
        }
    }

    public boolean isRequestAuthorized(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String requestPath = this.properties.getResource().getRequestPath();
        String servletPath = httpServletRequest.getServletPath();
        if (servletPath.startsWith(requestPath)) {
            return true;
        }
        AdminProperties.Api api = this.properties.getApi();
        if (((Boolean) StringUtil.valueOf(Boolean.TYPE, RequestUtil.getHeader(httpServletRequest, api.getInfoHeader()), false)).booleanValue()) {
            return info(httpServletRequest, httpServletResponse);
        }
        if (servletPath.startsWith(api.getRequestPath() + api.getLoginPath()) && "POST".equalsIgnoreCase(httpServletRequest.getMethod())) {
            return login(httpServletRequest, httpServletResponse);
        }
        String trim = RequestUtil.getHeader(httpServletRequest, this.headerKey, "").trim();
        if (trim.isEmpty()) {
            return notAuthorized(httpServletResponse);
        }
        String remoteHost = RequestUtil.getRemoteHost(httpServletRequest);
        String userAgent = RequestUtil.getUserAgent(httpServletRequest);
        MapStringObject mapStringObject = new MapStringObject();
        mapStringObject.put("authorization", trim);
        mapStringObject.put("host", remoteHost);
        mapStringObject.put("agent", userAgent);
        if (!this.credential.isValidCredential(mapStringObject)) {
            return notAuthorized(httpServletResponse);
        }
        SecurityUser securityUser = this.credential.getSecurityUser(mapStringObject);
        if (Boolean.TRUE.equals(this.enableRemoteHost) && !((String) securityUser.getAttribute(String.class, SecurityUser.Attribute.HOST, "")).equals(remoteHost)) {
            return notAuthorized(httpServletResponse);
        }
        if (Boolean.TRUE.equals(this.enableUserAgent) && !((String) securityUser.getAttribute(String.class, SecurityUser.Attribute.AGENT, "")).equals(userAgent)) {
            return notAuthorized(httpServletResponse);
        }
        if (servletPath.startsWith(api.getRequestPath() + api.getLogoutPath())) {
            return logout(mapStringObject);
        }
        return true;
    }

    private boolean info(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        MapStringObject mapStringObject = new MapStringObject();
        mapStringObject.put("CharacterEncoding", httpServletRequest.getCharacterEncoding());
        mapStringObject.put("ContentType", httpServletRequest.getContentType());
        mapStringObject.put("ContentLength", Long.valueOf(httpServletRequest.getContentLengthLong()));
        mapStringObject.put("ContextPath", httpServletRequest.getContextPath());
        mapStringObject.put("Locale", httpServletRequest.getLocale().toString());
        mapStringObject.put("Method", httpServletRequest.getMethod());
        mapStringObject.put("PathInfo", httpServletRequest.getPathInfo());
        mapStringObject.put("PathTranslated", httpServletRequest.getPathTranslated());
        mapStringObject.put("Protocol", httpServletRequest.getProtocol());
        mapStringObject.put("QueryString", httpServletRequest.getQueryString());
        mapStringObject.put("RemoteAddr", httpServletRequest.getRemoteAddr());
        mapStringObject.put("RemoteHost", httpServletRequest.getRemoteHost());
        mapStringObject.put("RemotePort", Integer.valueOf(httpServletRequest.getRemotePort()));
        mapStringObject.put("RemoteUser", httpServletRequest.getRemoteUser());
        mapStringObject.put("RequestURI", httpServletRequest.getRequestURI());
        mapStringObject.put("RequestedSessionId", httpServletRequest.getRequestedSessionId());
        mapStringObject.put("Scheme", httpServletRequest.getScheme());
        mapStringObject.put("ServletPath", httpServletRequest.getServletPath());
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        if (headerNames != null) {
            MapStringObject mapStringObject2 = new MapStringObject();
            while (headerNames.hasMoreElements()) {
                String str = (String) headerNames.nextElement();
                Enumeration headers = httpServletRequest.getHeaders(str);
                mapStringObject2.put(str, headers != null ? Collections.list(headers) : null);
            }
            mapStringObject.put("Headers", mapStringObject2);
        }
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        if (parameterNames != null) {
            MapStringObject mapStringObject3 = new MapStringObject();
            while (parameterNames.hasMoreElements()) {
                String str2 = (String) parameterNames.nextElement();
                mapStringObject3.put(str2, httpServletRequest.getParameterValues(str2));
            }
            mapStringObject.put("Parameters", mapStringObject3);
        }
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            ArrayList arrayList = new ArrayList();
            for (Cookie cookie : cookies) {
                MapStringObject mapStringObject4 = new MapStringObject();
                mapStringObject4.put("Domain", cookie.getDomain());
                mapStringObject4.put("MaxAge", Integer.valueOf(cookie.getMaxAge()));
                mapStringObject4.put("Name", cookie.getName());
                mapStringObject4.put("Path", cookie.getPath());
                mapStringObject4.put("Secure", Boolean.valueOf(cookie.getSecure()));
                mapStringObject4.put("Value", cookie.getValue());
            }
            mapStringObject.put("Cookies", arrayList);
        }
        return sendResult(httpServletRequest, httpServletResponse, Result.success(mapStringObject));
    }

    private boolean login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String parameter = httpServletRequest.getParameter("username");
        if (parameter == null || parameter.isEmpty()) {
            return sendResult(httpServletRequest, httpServletResponse, Result.error("LOGIN-01", "username is required"));
        }
        String parameter2 = httpServletRequest.getParameter("password");
        if (parameter2 == null || parameter2.isEmpty()) {
            return sendResult(httpServletRequest, httpServletResponse, Result.error("LOGIN-02", "password is required"));
        }
        String uuid = UUID.randomUUID().toString();
        MapStringObject mapStringObject = new MapStringObject();
        mapStringObject.put("username", parameter);
        mapStringObject.put("password", parameter2);
        mapStringObject.put("authorization", uuid);
        mapStringObject.put("host", RequestUtil.getRemoteHost(httpServletRequest));
        mapStringObject.put("agent", RequestUtil.getUserAgent(httpServletRequest));
        return !this.credential.registerUser(mapStringObject) ? sendResult(httpServletRequest, httpServletResponse, Result.error("LOGIN-03", "Invalid user")) : sendResult(httpServletRequest, httpServletResponse, Result.success(uuid));
    }

    private boolean logout(MapStringObject mapStringObject) throws Exception {
        this.credential.invalidate(mapStringObject);
        return false;
    }

    private boolean notAuthorized(HttpServletResponse httpServletResponse) throws Exception {
        httpServletResponse.sendError(401);
        return false;
    }

    private boolean sendResult(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Result result) throws Exception {
        WebUtil.sendToClient(this.dataMapper, httpServletRequest, httpServletResponse, result);
        return false;
    }
}
