package cn.herodotus.engine.oauth2.metadata.processor;

import cn.herodotus.engine.oauth2.core.definition.domain.HerodotusGrantedAuthority;
import cn.herodotus.engine.oauth2.core.definition.domain.HerodotusSecurityConfig;
import cn.herodotus.engine.oauth2.core.definition.domain.SecurityAttribute;
import cn.herodotus.engine.oauth2.core.enums.PermissionExpression;
import cn.herodotus.engine.oauth2.metadata.matcher.HerodotusRequestMatcher;
import cn.herodotus.engine.web.core.domain.RequestMapping;
import cn.hutool.core.util.ReUtil;
import cn.hutool.core.util.ReflectUtil;
import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.expression.ExpressionParser;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;

/* loaded from: input_file:cn/herodotus/engine/oauth2/metadata/processor/ExpressionSecurityMetadataParser.class */
public class ExpressionSecurityMetadataParser {
    private static final Logger log = LoggerFactory.getLogger(ExpressionSecurityMetadataParser.class);
    private final ExpressionParser expressionParser;
    private FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource;

    public ExpressionSecurityMetadataParser(ExpressionParser expressionParser) {
        this.expressionParser = expressionParser;
    }

    public void setFilterInvocationSecurityMetadataSource(FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource) {
        this.filterInvocationSecurityMetadataSource = filterInvocationSecurityMetadataSource;
    }

    private LinkedHashMap<HerodotusRequestMatcher, Collection<ConfigAttribute>> parse(LinkedHashMap<HerodotusRequestMatcher, Collection<ConfigAttribute>> linkedHashMap) {
        Object invoke = ReflectUtil.invoke(this.filterInvocationSecurityMetadataSource, "processMap", new Object[]{new LinkedHashMap(linkedHashMap), this.expressionParser});
        return (ObjectUtils.isNotEmpty(invoke) && (invoke instanceof LinkedHashMap)) ? (LinkedHashMap) invoke : new LinkedHashMap<>();
    }

    public LinkedHashMap<HerodotusRequestMatcher, Collection<ConfigAttribute>> getConfiguredSecurityMetadata() {
        Object fieldValue = ReflectUtil.getFieldValue(this.filterInvocationSecurityMetadataSource, "requestMap");
        if (!ObjectUtils.isNotEmpty(fieldValue) || !(fieldValue instanceof LinkedHashMap)) {
            return new LinkedHashMap<>();
        }
        LinkedHashMap<HerodotusRequestMatcher, Collection<ConfigAttribute>> linkedHashMap = new LinkedHashMap<>();
        ((LinkedHashMap) fieldValue).forEach((requestMatcher, collection) -> {
            HerodotusRequestMatcher convert = convert(requestMatcher);
            if (ObjectUtils.isNotEmpty(convert)) {
                linkedHashMap.put(convert, collection);
            }
        });
        return linkedHashMap;
    }

    private HerodotusRequestMatcher convert(RequestMatcher requestMatcher) {
        if (!(requestMatcher instanceof AntPathRequestMatcher)) {
            return null;
        }
        String antPathRequestMatcher = ((AntPathRequestMatcher) requestMatcher).toString();
        log.debug("[Herodotus] |- Request matcher content is [{}]", antPathRequestMatcher);
        String str = null;
        List allGroups = ReUtil.getAllGroups(Pattern.compile(StringUtils.contains(antPathRequestMatcher, ",") ? "\\w+\\s*=\\s*'(.*?)',\\s*(\\w+)" : "\\w+\\s*=\\s*'(.*?)'"), antPathRequestMatcher, false);
        if (!CollectionUtils.isNotEmpty(allGroups)) {
            return null;
        }
        String str2 = (String) allGroups.get(0);
        if (allGroups.size() >= 2) {
            str = (String) allGroups.get(1);
        }
        log.trace("[Herodotus] |- Parse the request matcher value with regex is pattern: [{}], method: [{}]", str2, str);
        return new HerodotusRequestMatcher(str2, str);
    }

    private static String hasAnyRole(String str, String... strArr) {
        return "hasAnyRole('" + str + org.springframework.util.StringUtils.arrayToDelimitedString(strArr, "','" + str) + "')";
    }

    private static String hasRole(String str, String str2) {
        Assert.notNull(str2, "role cannot be null");
        Assert.isTrue(str.isEmpty() || !str2.startsWith(str), () -> {
            return "role should not start with '" + str + "' since it is automatically inserted. Got '" + str2 + "'";
        });
        return "hasRole('" + str + str2 + "')";
    }

    private static String hasAuthority(String str) {
        return "hasAuthority('" + str + "')";
    }

    private static String hasAnyAuthority(String... strArr) {
        return "hasAnyAuthority('" + org.springframework.util.StringUtils.arrayToDelimitedString(strArr, "','") + "')";
    }

    private static String hasIpAddress(String str) {
        return "hasIpAddress('" + str + "')";
    }

    @NotNull
    private String createExpression(SecurityAttribute securityAttribute, String str) {
        return getExpression(securityAttribute) + "('" + str + "')";
    }

    public LinkedHashMap<HerodotusRequestMatcher, Collection<ConfigAttribute>> postProcess(SecurityAttribute securityAttribute) {
        return parse(convertToSecurityMetadata(securityAttribute.getUrl(), securityAttribute.getRequestMethod(), analysis(securityAttribute)));
    }

    public LinkedHashMap<HerodotusRequestMatcher, Collection<ConfigAttribute>> postProcess(RequestMapping requestMapping) {
        return parse(convertToSecurityMetadata(requestMapping.getUrl(), requestMapping.getRequestMethod(), hasAuthority(requestMapping.getMetadataCode())));
    }

    private Collection<ConfigAttribute> analysis(SecurityAttribute securityAttribute) {
        if (StringUtils.isNotBlank(securityAttribute.getManualSetting())) {
            return HerodotusSecurityConfig.createList(new String[]{securityAttribute.getManualSetting()});
        }
        if (StringUtils.isNotBlank(securityAttribute.getIpAddress())) {
            return HerodotusSecurityConfig.createList(new String[]{hasIpAddress(securityAttribute.getIpAddress())});
        }
        if (!StringUtils.isNotBlank(securityAttribute.getExpression())) {
            return HerodotusSecurityConfig.createList(new String[]{hasAuthority(securityAttribute.getAttributeCode())});
        }
        String expression = getExpression(securityAttribute);
        if (StringUtils.endsWithIgnoreCase(expression, "Role")) {
            String createRoleExpression = createRoleExpression(securityAttribute);
            if (StringUtils.isNotBlank(createRoleExpression)) {
                return HerodotusSecurityConfig.createList(new String[]{createRoleExpression});
            }
        }
        return HerodotusSecurityConfig.createList(new String[]{expression});
    }

    private LinkedHashMap<HerodotusRequestMatcher, Collection<ConfigAttribute>> convertToSecurityMetadata(String str, String str2, String str3) {
        return convertToSecurityMetadata(str, str2, HerodotusSecurityConfig.createList(new String[]{str3}));
    }

    private LinkedHashMap<HerodotusRequestMatcher, Collection<ConfigAttribute>> convertToSecurityMetadata(String str, String str2, Collection<ConfigAttribute> collection) {
        LinkedHashMap<HerodotusRequestMatcher, Collection<ConfigAttribute>> linkedHashMap = new LinkedHashMap<>();
        if (StringUtils.isBlank(str2)) {
            linkedHashMap.put(new HerodotusRequestMatcher(str), collection);
        } else if (StringUtils.contains(str2, ",")) {
            for (String str3 : StringUtils.split(str2, ",")) {
                linkedHashMap.put(new HerodotusRequestMatcher(str, str3), collection);
            }
        } else {
            linkedHashMap.put(new HerodotusRequestMatcher(str, str2), collection);
        }
        return linkedHashMap;
    }

    private String getExpression(SecurityAttribute securityAttribute) {
        return PermissionExpression.valueOf(securityAttribute.getExpression()).getValue();
    }

    private String createRoleExpression(SecurityAttribute securityAttribute) {
        return createExpression(securityAttribute, securityAttribute.getRoles());
    }

    @Nullable
    private String createExpression(SecurityAttribute securityAttribute, Set<HerodotusGrantedAuthority> set) {
        if (!CollectionUtils.isNotEmpty(set)) {
            return null;
        }
        if (StringUtils.containsIgnoreCase(getExpression(securityAttribute), "Any")) {
            return createExpression(securityAttribute, (String) set.stream().map((v0) -> {
                return v0.getAuthority();
            }).collect(Collectors.joining(",")));
        }
        Optional<HerodotusGrantedAuthority> findFirst = set.stream().findFirst();
        if (findFirst.isPresent()) {
            return createExpression(securityAttribute, findFirst.get().getAuthority());
        }
        return null;
    }
}
