package io.nerv.security.provider;

import cn.hutool.core.util.StrUtil;
import io.nerv.core.enums.BizCodeEnum;
import io.nerv.properties.EvaConfig;
import java.util.Collection;
import java.util.Iterator;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/nerv/security/provider/UrlAccessDecisionManager.class */
public class UrlAccessDecisionManager implements AccessDecisionManager {
    private static final Logger log = LoggerFactory.getLogger(UrlAccessDecisionManager.class);

    @Value("${eva.security.permit}")
    private String[] permit;

    @Autowired
    private EvaConfig evaConfig;

    public void decide(Authentication authentication, Object obj, Collection<ConfigAttribute> collection) throws AccessDeniedException {
        log.info("collection=" + collection);
        HttpServletRequest httpRequest = ((FilterInvocation) obj).getHttpRequest();
        String requestUrl = ((FilterInvocation) obj).getRequestUrl();
        log.info("requestUrl ： " + requestUrl);
        for (String str : this.permit) {
            if (new AntPathRequestMatcher(str).matches(httpRequest) || StrUtil.equals(requestUrl, str)) {
                return;
            }
        }
        if (this.evaConfig.getResourcePermission().isEnable()) {
            if (this.evaConfig.getResourcePermission().isStrict()) {
                Iterator<ConfigAttribute> it = collection.iterator();
                while (it.hasNext()) {
                    String attribute = it.next().getAttribute();
                    if (new AntPathRequestMatcher(attribute).matches(httpRequest) || StrUtil.equals(requestUrl, attribute)) {
                        return;
                    }
                }
            } else {
                Collection authorities = authentication.getAuthorities();
                Iterator<ConfigAttribute> it2 = collection.iterator();
                while (it2.hasNext()) {
                    String attribute2 = it2.next().getAttribute();
                    Iterator it3 = authorities.iterator();
                    while (it3.hasNext()) {
                        if (((GrantedAuthority) it3.next()).getAuthority().equals(attribute2)) {
                            return;
                        }
                    }
                }
            }
            throw new AccessDeniedException(BizCodeEnum.PERMISSION_DENY.getName());
        }
    }

    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    public boolean supports(Class<?> cls) {
        return true;
    }
}
