package com.alilitech.security.authorization;

import com.alilitech.security.ExtensibleSecurity;
import com.alilitech.security.SecurityBizMessageSource;
import com.alilitech.security.SecurityBizProperties;
import com.alilitech.security.authentication.SecurityUser;
import com.alilitech.security.domain.BizResource;
import com.alilitech.security.domain.BizUser;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.lang.Nullable;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.CollectionUtils;
import org.springframework.web.servlet.LocaleResolver;
import org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver;

/* loaded from: input_file:com/alilitech/security/authorization/CustomSecurityMetadataSource.class */
public class CustomSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
    private final ExtensibleSecurity extensibleSecurity;
    private final SecurityBizProperties securityBizProperties;
    private final LocaleResolver localeResolver;
    protected MessageSourceAccessor messages = SecurityBizMessageSource.getAccessor();
    private final Map<RequestMatcher, Collection<ConfigAttribute>> requestMatchersPermitAllMap = new HashMap();

    public CustomSecurityMetadataSource(ExtensibleSecurity extensibleSecurity, SecurityBizProperties securityBizProperties, @Nullable LocaleResolver localeResolver) {
        this.extensibleSecurity = extensibleSecurity;
        this.securityBizProperties = securityBizProperties;
        if (localeResolver == null) {
            this.localeResolver = new AcceptHeaderLocaleResolver();
        } else {
            this.localeResolver = localeResolver;
        }
    }

    public Collection<ConfigAttribute> getAttributes(Object obj) throws IllegalArgumentException {
        FilterInvocation filterInvocation = (FilterInvocation) obj;
        for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : getMetadataSource(filterInvocation.getHttpRequest()).entrySet()) {
            if (entry.getKey().matches(filterInvocation.getHttpRequest())) {
                return entry.getValue();
            }
        }
        return null;
    }

    public Collection<ConfigAttribute> getAllConfigAttributes() {
        return null;
    }

    public boolean supports(Class<?> cls) {
        return FilterInvocation.class.isAssignableFrom(cls);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Map<RequestMatcher, Collection<ConfigAttribute>> getMetadataSource(HttpServletRequest httpServletRequest) {
        BizUser bizUser = ((SecurityUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getBizUser();
        Collection arrayList = new ArrayList();
        RequestMatcher antPathRequestMatcher = new AntPathRequestMatcher(httpServletRequest.getRequestURI(), httpServletRequest.getMethod());
        if (this.securityBizProperties.getPermitAllUserNames().contains(bizUser.getUsername())) {
            arrayList.add("ROLE_ALL");
        } else {
            if (isMatchRequest(httpServletRequest)) {
                return this.requestMatchersPermitAllMap;
            }
            BizResource obtainResource = this.extensibleSecurity.obtainResource(httpServletRequest);
            if (obtainResource == null) {
                throw new AccessDeniedException(this.messages.getMessage("Authorization.Failure", new Object[]{httpServletRequest.getRequestURI()}, "Authorization failure, make sure you can get roles for resource of {0}!", this.localeResolver.resolveLocale(httpServletRequest)));
            }
            arrayList = obtainResource.getRoles();
            antPathRequestMatcher = obtainResource.getRequestMatcher();
        }
        if (arrayList.isEmpty()) {
            arrayList.add(UUID.randomUUID().toString());
        }
        ArrayList arrayList2 = new ArrayList();
        arrayList.forEach(str -> {
            arrayList2.add(new SecurityConfig(str));
        });
        HashMap hashMap = new HashMap();
        hashMap.put(antPathRequestMatcher, arrayList2);
        return hashMap;
    }

    public Map<RequestMatcher, Collection<ConfigAttribute>> getRequestMatchersPermitAllMap() {
        if (CollectionUtils.isEmpty(this.requestMatchersPermitAllMap)) {
            Iterator it = ((List) this.securityBizProperties.getPermitAllPatterns().stream().map(requestMatcher -> {
                return new AntPathRequestMatcher(requestMatcher.getPattern(), requestMatcher.getMethod().toString());
            }).collect(Collectors.toList())).iterator();
            while (it.hasNext()) {
                this.requestMatchersPermitAllMap.put((RequestMatcher) it.next(), Collections.singletonList(new SecurityConfig("ROLE_PUBLIC")));
            }
        }
        return this.requestMatchersPermitAllMap;
    }

    private boolean isMatchRequest(HttpServletRequest httpServletRequest) {
        Map<RequestMatcher, Collection<ConfigAttribute>> requestMatchersPermitAllMap = getRequestMatchersPermitAllMap();
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        requestMatchersPermitAllMap.forEach((requestMatcher, collection) -> {
            if (requestMatcher.matches(httpServletRequest)) {
                atomicBoolean.set(true);
            }
        });
        return atomicBoolean.get();
    }
}
