package org.dinospring.auth.support;

import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.dinospring.auth.Permission;
import org.dinospring.auth.annotation.CheckIgnore;
import org.dinospring.auth.annotation.CheckPermission;
import org.dinospring.auth.annotation.CheckResource;
import org.dinospring.auth.annotation.Logic;
import org.dinospring.auth.session.AuthSession;
import org.dinospring.commons.function.Predicates;
import org.springframework.core.annotation.AnnotatedElementUtils;

/* loaded from: input_file:org/dinospring/auth/support/AuthzCheckerPermission.class */
public class AuthzCheckerPermission extends AbstractAuthzChecker<CheckPermission, List<Predicate<AuthSession>>> {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/dinospring/auth/support/AuthzCheckerPermission$PermissionAnnoPredicate.class */
    public static class PermissionAnnoPredicate implements Predicate<AuthSession> {
        private final Predicate<Collection<Permission>> permission;
        private final Set<String> subjectTypes;
        private final Set<String> exclueSubjectTypes;
        private final Set<String> exclueRoles;

        public PermissionAnnoPredicate(Predicate<Collection<Permission>> predicate, String[] strArr, String[] strArr2, String[] strArr3) {
            this.permission = predicate;
            this.subjectTypes = new HashSet(Arrays.asList(strArr));
            this.exclueSubjectTypes = new HashSet(Arrays.asList(strArr2));
            this.exclueRoles = new HashSet(Arrays.asList(strArr3));
        }

        @Override // java.util.function.Predicate
        public boolean test(AuthSession authSession) {
            String subjectType = authSession.getSubjectType();
            if (this.exclueSubjectTypes.contains(subjectType)) {
                return true;
            }
            Collection<String> subjectRoles = authSession.getSubjectRoles();
            if (CollectionUtils.isNotEmpty(subjectRoles)) {
                Stream<String> stream = this.exclueRoles.stream();
                Objects.requireNonNull(subjectRoles);
                if (stream.anyMatch((v1) -> {
                    return r1.contains(v1);
                })) {
                    return true;
                }
            }
            if (Objects.isNull(subjectType) || !this.subjectTypes.contains(subjectType)) {
                return false;
            }
            return this.permission.test(authSession.getSubjectPermissions());
        }
    }

    /* loaded from: input_file:org/dinospring/auth/support/AuthzCheckerPermission$PermissionPredicate.class */
    public static class PermissionPredicate implements Predicate<Collection<Permission>> {
        private final WildcardPermission permission;

        public PermissionPredicate(String str) {
            this.permission = WildcardPermission.of(str);
        }

        @Override // java.util.function.Predicate
        public boolean test(Collection<Permission> collection) {
            if (CollectionUtils.isEmpty(collection)) {
                return false;
            }
            return collection.stream().anyMatch(permission -> {
                return permission.implies(this.permission);
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/dinospring/auth/support/AuthzCheckerPermission$ResourceConfig.class */
    public static class ResourceConfig {
        private String resourceName;
        private String[] exclueRoles;
        private String[] exclueSubjectTypes;
        private String[] subjectTypes;

        public static ResourceConfig of(CheckResource checkResource) {
            ResourceConfig resourceConfig = new ResourceConfig();
            if (Objects.nonNull(checkResource)) {
                resourceConfig.setResourceName(checkResource.name());
                resourceConfig.setExclueRoles(checkResource.exclueRoles());
                resourceConfig.setExclueSubjectTypes(checkResource.exclueSubjectTypes());
                resourceConfig.setSubjectTypes(checkResource.subjectType());
            }
            return resourceConfig;
        }

        public String getResourceName() {
            return this.resourceName;
        }

        public String[] getExclueRoles() {
            return this.exclueRoles;
        }

        public String[] getExclueSubjectTypes() {
            return this.exclueSubjectTypes;
        }

        public String[] getSubjectTypes() {
            return this.subjectTypes;
        }

        public void setResourceName(String str) {
            this.resourceName = str;
        }

        public void setExclueRoles(String[] strArr) {
            this.exclueRoles = strArr;
        }

        public void setExclueSubjectTypes(String[] strArr) {
            this.exclueSubjectTypes = strArr;
        }

        public void setSubjectTypes(String[] strArr) {
            this.subjectTypes = strArr;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof ResourceConfig)) {
                return false;
            }
            ResourceConfig resourceConfig = (ResourceConfig) obj;
            if (!resourceConfig.canEqual(this)) {
                return false;
            }
            String resourceName = getResourceName();
            String resourceName2 = resourceConfig.getResourceName();
            if (resourceName == null) {
                if (resourceName2 != null) {
                    return false;
                }
            } else if (!resourceName.equals(resourceName2)) {
                return false;
            }
            return Arrays.deepEquals(getExclueRoles(), resourceConfig.getExclueRoles()) && Arrays.deepEquals(getExclueSubjectTypes(), resourceConfig.getExclueSubjectTypes()) && Arrays.deepEquals(getSubjectTypes(), resourceConfig.getSubjectTypes());
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof ResourceConfig;
        }

        public int hashCode() {
            String resourceName = getResourceName();
            return (((((((1 * 59) + (resourceName == null ? 43 : resourceName.hashCode())) * 59) + Arrays.deepHashCode(getExclueRoles())) * 59) + Arrays.deepHashCode(getExclueSubjectTypes())) * 59) + Arrays.deepHashCode(getSubjectTypes());
        }

        public String toString() {
            return "AuthzCheckerPermission.ResourceConfig(resourceName=" + getResourceName() + ", exclueRoles=" + Arrays.deepToString(getExclueRoles()) + ", exclueSubjectTypes=" + Arrays.deepToString(getExclueSubjectTypes()) + ", subjectTypes=" + Arrays.deepToString(getSubjectTypes()) + ")";
        }
    }

    public AuthzCheckerPermission() {
        super(CheckPermission.class, CheckIgnore.Type.PERMISSION);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.dinospring.auth.support.AbstractAuthzChecker
    public List<Predicate<AuthSession>> getMethodInvocationMeta(MethodInvocation methodInvocation, Collection<CheckPermission> collection, Collection<CheckPermission> collection2) {
        ResourceConfig of = ResourceConfig.of((CheckResource) AnnotatedElementUtils.getMergedAnnotation(methodInvocation.getThis().getClass(), CheckResource.class));
        return (List) Stream.concat(collection.stream(), collection2.stream()).map(checkPermission -> {
            return makeAnnoPredicate(checkPermission, of);
        }).collect(Collectors.toList());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dinospring.auth.support.AbstractAuthzChecker
    public boolean isPermmited(AuthSession authSession, MethodInvocation methodInvocation, List<Predicate<AuthSession>> list) {
        Iterator<Predicate<AuthSession>> it = list.iterator();
        while (it.hasNext()) {
            if (!it.next().test(authSession)) {
                return false;
            }
        }
        return true;
    }

    private Predicate<AuthSession> makeAnnoPredicate(CheckPermission checkPermission, ResourceConfig resourceConfig) {
        List list = (List) Arrays.asList(checkPermission.value()).stream().filter((v0) -> {
            return StringUtils.isNotBlank(v0);
        }).collect(Collectors.toList());
        if (list.isEmpty()) {
            throw new IllegalArgumentException("@CheckPermission.value must have at least one rule");
        }
        List list2 = (List) list.stream().map(str -> {
            return makePermissionPredicate(str, resourceConfig.getResourceName());
        }).collect(Collectors.toList());
        String[] subjectType = checkPermission.subjectType().length > 0 ? checkPermission.subjectType() : resourceConfig.getSubjectTypes();
        String[] exclueSubjectTypes = checkPermission.exclueSubjectTypes().length > 0 ? checkPermission.exclueSubjectTypes() : resourceConfig.getExclueSubjectTypes();
        String[] exclueRoles = checkPermission.exclueRoles().length > 0 ? checkPermission.exclueRoles() : resourceConfig.getExclueRoles();
        return list2.size() == 1 ? new PermissionAnnoPredicate((Predicate) list2.get(0), subjectType, exclueSubjectTypes, exclueRoles) : Logic.ALL.equals(checkPermission.logic()) ? new PermissionAnnoPredicate(Predicates.and(list2), subjectType, exclueSubjectTypes, exclueRoles) : new PermissionAnnoPredicate(Predicates.or(list2), subjectType, exclueSubjectTypes, exclueRoles);
    }

    public static Predicate<Collection<Permission>> makePermissionPredicate(String str, String str2) {
        boolean contains = StringUtils.contains(str, 124);
        boolean contains2 = StringUtils.contains(str, 38);
        if (contains && contains2) {
            throw new IllegalArgumentException("CheckPermission can't contain both '|' and '&'");
        }
        return contains ? Predicates.or((Collection) Arrays.stream(StringUtils.split(str, '|')).filter((v0) -> {
            return StringUtils.isNotBlank(v0);
        }).map(str3 -> {
            return makeSinglePredicate(str3, str2);
        }).collect(Collectors.toList())) : contains2 ? Predicates.and((Collection) Arrays.stream(StringUtils.split(str, '&')).filter((v0) -> {
            return StringUtils.isNotBlank(v0);
        }).map(str4 -> {
            return makeSinglePredicate(str4, str2);
        }).collect(Collectors.toList())) : makeSinglePredicate(str, str2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Predicate<Collection<Permission>> makeSinglePredicate(String str, String str2) {
        String trim = StringUtils.trim(str);
        if (StringUtils.startsWith(trim, ":")) {
            if (StringUtils.isBlank(str2)) {
                throw new IllegalArgumentException("@CheckPermission(" + trim + ") can't start with ':' without @CheckResource specified.");
            }
            trim = str2 + trim;
        }
        return new PermissionPredicate(trim);
    }
}
