package pl.fhframework.core.security;

import java.lang.reflect.AnnotatedElement;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ConcurrentSkipListSet;
import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Scope;
import org.springframework.data.util.Pair;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;
import pl.fhframework.SessionManager;
import pl.fhframework.core.logging.FhLogger;
import pl.fhframework.core.rules.BusinessRule;
import pl.fhframework.core.rules.meta.RuleMetadataRegistry;
import pl.fhframework.core.security.AuthorizationManager;
import pl.fhframework.core.security.annotations.SystemFunction;
import pl.fhframework.core.security.annotations.SystemRole;
import pl.fhframework.core.security.model.IBusinessRole;
import pl.fhframework.core.security.model.IPermission;
import pl.fhframework.core.services.FhService;
import pl.fhframework.core.services.meta.ServiceMetadataRegistry;
import pl.fhframework.core.uc.UseCase;
import pl.fhframework.core.uc.meta.UseCaseInfo;
import pl.fhframework.core.uc.meta.UseCaseMetadataRegistry;
import pl.fhframework.core.util.StringUtils;
import pl.fhframework.model.security.SystemUser;
import pl.fhframework.subsystems.ModuleRegistry;
import pl.fhframework.subsystems.Subsystem;

@Scope("singleton")
@ConditionalOnProperty({"fhframework.security.manager.default"})
@Service
/* loaded from: input_file:pl/fhframework/core/security/CoreAuthorizationManager.class */
public class CoreAuthorizationManager implements AuthorizationManager {
    static final Set<AuthorizationManager.Function> ALL_FUNCTIONS_CACHE = new ConcurrentSkipListSet();

    @Autowired
    ApplicationPrivilegesCache applicationPrivilegesCache;

    @Autowired
    ApplicationPermissionsCache permissionsCache;

    @Autowired(required = false)
    IBusinessRoleLoader businessRoleLoader;

    @Autowired(required = false)
    List<PermissionModificationListener> modificationListenerList = new ArrayList();

    @PostConstruct
    protected void init() {
        for (Subsystem subsystem : ModuleRegistry.getLoadedModules()) {
            ISystemFunctionsMapper systemFunctionsMapper = subsystem.getSystemFunctionsMapper();
            if (systemFunctionsMapper != null) {
                for (ISystemFunctionId iSystemFunctionId : systemFunctionsMapper.getAllSubsystemFunctions()) {
                    registerSystemFunction(subsystem, iSystemFunctionId.getName());
                }
            }
            RuleMetadataRegistry.INSTANCE.getBusinessRules(subsystem).forEach(cls -> {
                registerSystemFunction(subsystem, cls);
            });
            ServiceMetadataRegistry.INSTANCE.getStaticServices(subsystem).forEach(cls2 -> {
                registerSystemFunction(subsystem, cls2);
                for (Method method : cls2.getMethods()) {
                    if (!method.isSynthetic()) {
                        registerSystemFunction(subsystem, method);
                    }
                }
            });
        }
        UseCaseMetadataRegistry.INSTANCE.getAll().forEach(useCaseInfo -> {
            registerSystemFunction(useCaseInfo.getSubsystem(), useCaseInfo.getClazz());
            useCaseInfo.getEventsCallback().forEach(useCaseActionInfo -> {
                registerSystemFunction(useCaseInfo.getSubsystem(), useCaseActionInfo.getActionMethodHandler());
            });
        });
    }

    private void readClassInformation(Class cls) {
        if (cls.isAnnotationPresent(UseCase.class)) {
            Optional<UseCaseInfo> optional = UseCaseMetadataRegistry.INSTANCE.get(cls.getName());
            if (optional.isPresent()) {
                Subsystem subsystem = optional.get().getSubsystem();
                processClassDefinition(cls, subsystem);
                processClassMethods(cls, subsystem);
                return;
            }
            return;
        }
        if (cls.isAnnotationPresent(BusinessRule.class)) {
            Subsystem subsystem2 = RuleMetadataRegistry.INSTANCE.getSubsystem(cls.getName());
            processClassDefinition(cls, subsystem2);
            processClassMethods(cls, subsystem2);
        } else if (cls.isAnnotationPresent(FhService.class)) {
            Subsystem subsystem3 = ServiceMetadataRegistry.INSTANCE.getSubsystem(cls.getName());
            processClassDefinition(cls, subsystem3);
            processClassMethods(cls, subsystem3);
        }
    }

    private void processClassDefinition(Class cls, Subsystem subsystem) {
        ConcurrentSkipListSet concurrentSkipListSet = new ConcurrentSkipListSet();
        getDeclaredFunctions(cls).forEach(str -> {
            concurrentSkipListSet.add(AuthorizationManager.Function.of(str, subsystem.getProductUUID()));
        });
        this.permissionsCache.putFunctionsForClass(cls, concurrentSkipListSet);
        this.permissionsCache.putRolesForClass(cls, getDeclaredRoles(cls));
    }

    private void processClassMethods(Class cls, Subsystem subsystem) {
        for (Method method : cls.getDeclaredMethods()) {
            if (!method.isSynthetic()) {
                ConcurrentSkipListSet concurrentSkipListSet = new ConcurrentSkipListSet();
                getDeclaredFunctions(method).forEach(str -> {
                    concurrentSkipListSet.add(AuthorizationManager.Function.of(str, subsystem.getProductUUID()));
                });
                this.permissionsCache.putFunctionsForMethod(method, concurrentSkipListSet);
                this.permissionsCache.putRolesForMethod(method, getDeclaredRoles(method));
            }
        }
    }

    @Override // pl.fhframework.core.security.AuthorizationManager
    public boolean hasPermission(Collection<IBusinessRole> collection, Class cls) {
        Iterator<IBusinessRole> it = collection.iterator();
        while (it.hasNext()) {
            if (hasPermission(it.next(), cls)) {
                return true;
            }
        }
        return false;
    }

    @Override // pl.fhframework.core.security.AuthorizationManager
    public boolean hasPermission(Collection<IBusinessRole> collection, Method method) {
        Iterator<IBusinessRole> it = collection.iterator();
        while (it.hasNext()) {
            if (hasPermission(it.next(), method)) {
                return true;
            }
        }
        return false;
    }

    @Override // pl.fhframework.core.security.AuthorizationManager
    @Deprecated
    public boolean hasFunction(Collection<IBusinessRole> collection, String str) {
        return hasFunction(collection, str, null);
    }

    @Override // pl.fhframework.core.security.AuthorizationManager
    public boolean hasFunction(Collection<IBusinessRole> collection, String str, String str2) {
        Optional<AuthorizationManager.Function> findSystemFunctionByName = findSystemFunctionByName(str, str2);
        if (!findSystemFunctionByName.isPresent()) {
            FhLogger.warn("Cannot find system function by name: {} and module UUID:{}", str, str2);
            return false;
        }
        String format = String.format("%s:%s", str, str2);
        for (IBusinessRole iBusinessRole : collection) {
            Map<String, Boolean> permissionsForFunction = this.permissionsCache.getPermissionsForFunction(iBusinessRole);
            if (!permissionsForFunction.containsKey(format)) {
                boolean isValidSystemFunctionForRole = isValidSystemFunctionForRole(iBusinessRole, Collections.singletonList(findSystemFunctionByName.get()));
                permissionsForFunction.put(format, Boolean.valueOf(isValidSystemFunctionForRole));
                this.permissionsCache.putPermissionsForFunction(iBusinessRole, permissionsForFunction);
                if (isValidSystemFunctionForRole) {
                    return true;
                }
            } else if (permissionsForFunction.get(format).booleanValue()) {
                return true;
            }
        }
        return false;
    }

    @Override // pl.fhframework.core.security.AuthorizationManager
    @Deprecated
    public boolean hasAnyFunction(Collection<IBusinessRole> collection, Collection<String> collection2) {
        return collection2.stream().anyMatch(str -> {
            return hasFunction(collection, str, null);
        });
    }

    @Override // pl.fhframework.core.security.AuthorizationManager
    public boolean hasAnyFunction(Collection<IBusinessRole> collection, Collection<String> collection2, String str) {
        return collection2.stream().anyMatch(str2 -> {
            return hasFunction(collection, str2, str);
        });
    }

    @Override // pl.fhframework.core.security.AuthorizationManager
    public boolean isRoleBasedAuthorization() {
        return this.businessRoleLoader != null;
    }

    @Override // pl.fhframework.core.security.AuthorizationManager
    public synchronized void clearPermissions(Collection<IBusinessRole> collection) {
        for (IBusinessRole iBusinessRole : collection) {
            this.permissionsCache.evictPermissionsForAction(iBusinessRole);
            this.permissionsCache.evictPermissionsForFunction(iBusinessRole);
        }
    }

    @Override // pl.fhframework.core.security.AuthorizationManager
    public void invalidatePermissionCacheForRole(IBusinessRole iBusinessRole) {
        clearPermissions(Collections.singletonList(iBusinessRole));
        this.modificationListenerList.forEach(permissionModificationListener -> {
            permissionModificationListener.onRoleChange(iBusinessRole.getRoleName());
        });
    }

    @Override // pl.fhframework.core.security.AuthorizationManager
    public Set<String> mapSystemFunctionsToBusinessRoles(Set<String> set, String str) {
        HashSet hashSet = new HashSet();
        if (isRoleBasedAuthorization()) {
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                hashSet.addAll((Collection) this.businessRoleLoader.getBusinessRolesForFunction(str, it.next()).stream().map((v0) -> {
                    return v0.getRoleName();
                }).collect(Collectors.toList()));
            }
            if (!set.isEmpty() && hashSet.isEmpty()) {
                hashSet = new HashSet(Arrays.asList(IBusinessRole.NONE));
            }
        }
        return hashSet;
    }

    private Set<Pair<IBusinessRole, String>> getCachedPairOfBusinessRoles(Map<Pair<IBusinessRole, String>, Boolean> map, Collection<IBusinessRole> collection) {
        return (Set) map.keySet().stream().filter(pair -> {
            return collection.contains(pair.getFirst());
        }).collect(Collectors.toSet());
    }

    protected boolean hasPermission(IBusinessRole iBusinessRole, Method method) {
        Map<String, Boolean> permissionsForAction = this.permissionsCache.getPermissionsForAction(iBusinessRole);
        String genericString = method.toGenericString();
        if (!permissionsForAction.containsKey(genericString)) {
            permissionsForAction.put(genericString, Boolean.valueOf(calculatePermission(iBusinessRole, method)));
            permissionsForAction = this.permissionsCache.putPermissionsForAction(iBusinessRole, permissionsForAction);
        }
        return permissionsForAction.get(genericString).booleanValue();
    }

    protected boolean hasPermission(IBusinessRole iBusinessRole, Class cls) {
        Map<String, Boolean> permissionsForAction = this.permissionsCache.getPermissionsForAction(iBusinessRole);
        String name = cls.getName();
        if (!permissionsForAction.containsKey(name)) {
            permissionsForAction.put(name, Boolean.valueOf(calculatePermission(iBusinessRole, cls)));
            permissionsForAction = this.permissionsCache.putPermissionsForAction(iBusinessRole, permissionsForAction);
        }
        return permissionsForAction.get(name).booleanValue();
    }

    protected boolean calculatePermission(IBusinessRole iBusinessRole, Class cls) {
        Set<AuthorizationManager.Function> allFunctionsBasedOnClass = getAllFunctionsBasedOnClass(cls);
        if (allFunctionsBasedOnClass != null && isValidSystemFunctionForRole(iBusinessRole, allFunctionsBasedOnClass)) {
            return true;
        }
        Set<String> allRolesBasedOnClass = getAllRolesBasedOnClass(cls);
        if (allRolesBasedOnClass != null) {
            Iterator<String> it = allRolesBasedOnClass.iterator();
            while (it.hasNext()) {
                if (StringUtils.equals(iBusinessRole.getRoleName(), it.next())) {
                    return true;
                }
            }
        }
        return CollectionUtils.isEmpty(allFunctionsBasedOnClass) && CollectionUtils.isEmpty(allRolesBasedOnClass);
    }

    protected boolean calculatePermission(IBusinessRole iBusinessRole, Method method) {
        Set<AuthorizationManager.Function> allFunctionsBasedOnMethod = getAllFunctionsBasedOnMethod(method);
        if (allFunctionsBasedOnMethod != null && isValidSystemFunctionForRole(iBusinessRole, allFunctionsBasedOnMethod)) {
            return true;
        }
        Set<String> allRolesBasedOnMethod = getAllRolesBasedOnMethod(method);
        if (allRolesBasedOnMethod != null) {
            Iterator<String> it = allRolesBasedOnMethod.iterator();
            while (it.hasNext()) {
                if (StringUtils.equals(iBusinessRole.getRoleName(), it.next())) {
                    return true;
                }
            }
        }
        if (CollectionUtils.isEmpty(allFunctionsBasedOnMethod) && CollectionUtils.isEmpty(allRolesBasedOnMethod)) {
            return hasPermission(iBusinessRole, method.getDeclaringClass());
        }
        return false;
    }

    private Optional<AuthorizationManager.Function> findSystemFunctionByName(String str, String str2) {
        return ALL_FUNCTIONS_CACHE.stream().filter(function -> {
            return StringUtils.equals(function.getName(), str) && (StringUtils.isNullOrEmpty(str2) || StringUtils.equals(function.getModuleUUID(), str2));
        }).findAny();
    }

    private Set<AuthorizationManager.Function> getAllFunctionsBasedOnMethod(Method method) {
        Set<AuthorizationManager.Function> functionsForMethod = this.permissionsCache.getFunctionsForMethod(method);
        if (functionsForMethod == null) {
            readClassInformation(method.getDeclaringClass());
            functionsForMethod = this.permissionsCache.getFunctionsForMethod(method);
        }
        return functionsForMethod;
    }

    private Set<AuthorizationManager.Function> getAllFunctionsBasedOnClass(Class cls) {
        Set<AuthorizationManager.Function> functionsForClass = this.permissionsCache.getFunctionsForClass(cls);
        if (functionsForClass == null) {
            readClassInformation(cls);
            functionsForClass = this.permissionsCache.getFunctionsForClass(cls);
        }
        return functionsForClass;
    }

    private Set<String> getAllRolesBasedOnMethod(Method method) {
        Set<String> rolesForMethod = this.permissionsCache.getRolesForMethod(method);
        if (rolesForMethod == null) {
            readClassInformation(method.getDeclaringClass());
            rolesForMethod = this.permissionsCache.getRolesForMethod(method);
        }
        return rolesForMethod;
    }

    private Set<String> getAllRolesBasedOnClass(Class cls) {
        Set<String> rolesForClass = this.permissionsCache.getRolesForClass(cls);
        if (rolesForClass == null) {
            readClassInformation(cls);
            rolesForClass = this.permissionsCache.getRolesForClass(cls);
        }
        return rolesForClass;
    }

    @Override // pl.fhframework.core.security.AuthorizationManager
    public void registerSystemFunction(Subsystem subsystem, String str) {
        AuthorizationManager.Function of = AuthorizationManager.Function.of(str, subsystem.getProductUUID());
        if (this.applicationPrivilegesCache.isValidFunctionForApplication(of)) {
            ALL_FUNCTIONS_CACHE.add(of);
        }
    }

    private void registerSystemFunction(Subsystem subsystem, AnnotatedElement annotatedElement) {
        getDeclaredFunctions(annotatedElement).forEach(str -> {
            registerSystemFunction(subsystem, str);
        });
    }

    @Override // pl.fhframework.core.security.AuthorizationManager
    public Set<AuthorizationManager.Function> getAllSystemFunctions() {
        return Collections.unmodifiableSet(ALL_FUNCTIONS_CACHE);
    }

    @Override // pl.fhframework.core.security.AuthorizationManager
    public Set<String> getSystemFunctionForSubsystem(Subsystem subsystem) {
        return (Set) ALL_FUNCTIONS_CACHE.stream().filter(function -> {
            return function.getModuleUUID().equals(subsystem.getProductUUID());
        }).map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet());
    }

    @Override // pl.fhframework.core.security.AuthorizationManager
    public List<AuthorizationManager.Module> getAllModules() {
        return (List) ModuleRegistry.getLoadedModules().stream().map(subsystem -> {
            return AuthorizationManager.Module.of(subsystem.getProductLabel(), subsystem.getProductUUID());
        }).distinct().sorted().collect(Collectors.toList());
    }

    private boolean isValidSystemFunctionForRole(IBusinessRole iBusinessRole, Collection<AuthorizationManager.Function> collection) {
        Collection<IPermission> permissionsForRole = this.businessRoleLoader.getPermissionsForRole(iBusinessRole);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        permissionsForRole.forEach(iPermission -> {
            if (iPermission.isDenied()) {
                arrayList2.add(iPermission);
            } else {
                arrayList.add(iPermission);
            }
        });
        Iterator<AuthorizationManager.Function> it = collection.iterator();
        while (it.hasNext()) {
            if (isValidSystemFunctionForRole(it.next(), arrayList, arrayList2)) {
                return true;
            }
        }
        return false;
    }

    private boolean isValidSystemFunctionForRole(AuthorizationManager.Function function, Collection<IPermission> collection, Collection<IPermission> collection2) {
        if (!this.applicationPrivilegesCache.isValidFunctionForApplication(function)) {
            return false;
        }
        Iterator<IPermission> it = collection2.iterator();
        while (it.hasNext()) {
            if (isMatching(it.next(), function)) {
                return false;
            }
        }
        Iterator<IPermission> it2 = collection.iterator();
        while (it2.hasNext()) {
            if (isMatching(it2.next(), function)) {
                return true;
            }
        }
        return false;
    }

    private boolean isMatching(IPermission iPermission, AuthorizationManager.Function function) {
        return Objects.equals(iPermission.getModuleUUID(), function.getModuleUUID()) && (function.getName().equals(iPermission.getFunctionName()) || function.getName().startsWith(new StringBuilder().append(iPermission.getFunctionName()).append(ISystemFunctionId.SEPARATOR).toString()));
    }

    private boolean isGuestRole(IBusinessRole iBusinessRole) {
        return IBusinessRole.GUEST.equals(iBusinessRole.getRoleName());
    }

    public boolean hasPermission(Method method) {
        SystemUser systemUser = SessionManager.getSystemUser();
        if (systemUser != null) {
            return hasPermission(systemUser.getBusinessRoles(), method);
        }
        return false;
    }

    public boolean hasPermission(Class cls) {
        SystemUser systemUser = SessionManager.getSystemUser();
        if (systemUser != null) {
            return hasPermission(systemUser.getBusinessRoles(), cls);
        }
        return false;
    }

    public Set<String> getDeclaredFunctions(AnnotatedElement annotatedElement) {
        return (Set) Arrays.stream((SystemFunction[]) annotatedElement.getAnnotationsByType(SystemFunction.class)).map((v0) -> {
            return v0.value();
        }).collect(Collectors.toSet());
    }

    public Set<String> getDeclaredRoles(AnnotatedElement annotatedElement) {
        return (Set) Arrays.stream((SystemRole[]) annotatedElement.getAnnotationsByType(SystemRole.class)).map((v0) -> {
            return v0.value();
        }).collect(Collectors.toSet());
    }
}
