package pl.matsuo.core.service.permission;

import com.google.gson.Gson;
import java.io.InputStreamReader;
import java.io.Reader;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ResourceLoaderAware;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
import org.springframework.stereotype.Service;
import org.springframework.util.backoff.ExponentialBackOff;
import pl.matsuo.core.model.user.GroupEnum;
import pl.matsuo.core.service.permission.IPermissionService;
import pl.matsuo.core.service.permission.model.Permissions;
import pl.matsuo.core.service.session.SessionState;

@Service
/* loaded from: input_file:WEB-INF/lib/matsuo-core-0.1.2.jar:pl/matsuo/core/service/permission/PermissionService.class */
public class PermissionService implements IPermissionService, ResourceLoaderAware {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) PermissionService.class);

    @Autowired
    protected SessionState sessionState;
    private ResourceLoader resourceLoader;
    protected Permissions permissions;
    protected long lastReadTime;
    protected long lastCheckTime;
    protected String permissionFilePath = "/permissions.json";
    protected long interval = ExponentialBackOff.DEFAULT_INITIAL_INTERVAL;
    protected long authorizationLength = 30;

    protected Permissions getPermissions() {
        try {
            Resource resource = this.resourceLoader.getResource(this.permissionFilePath);
            if (this.permissions == null || (this.lastCheckTime + this.interval < System.currentTimeMillis() && this.lastReadTime < resource.getFile().lastModified())) {
                logger.info("reading new permissions from: " + resource.getFile().getAbsolutePath());
                this.permissions = (Permissions) new Gson().fromJson((Reader) new InputStreamReader(resource.getInputStream()), Permissions.class);
                this.lastReadTime = resource.getFile().lastModified();
                this.lastCheckTime = System.currentTimeMillis();
            }
            return this.permissions;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // pl.matsuo.core.service.permission.IPermissionService
    public boolean isPermitted(String str) {
        return isPermitted(str, IPermissionService.RequestType.GET);
    }

    @Override // pl.matsuo.core.service.permission.IPermissionService
    public boolean isPermitted(String str, IPermissionService.RequestType requestType) {
        if (this.authorizationLength > 0 && this.sessionState.getUser() != null && this.sessionState.getLastRequestTime() + (this.authorizationLength * 60 * 1000) < System.currentTimeMillis()) {
            logoff();
        }
        this.sessionState.setLastRequestTime(System.currentTimeMillis());
        if (this.sessionState.isInGroup(GroupEnum.ADMIN.name()) || requestType.equals(IPermissionService.RequestType.OPTIONS)) {
            return true;
        }
        Set<String> functionSets = functionSets(functionDefinitions(str, requestType), requestType);
        if (functionSets.isEmpty()) {
            return false;
        }
        return findPermission(functionSets);
    }

    @Override // pl.matsuo.core.service.permission.IPermissionService
    public void logoff() {
        this.sessionState.setUser(null);
    }

    protected boolean findPermission(Set<String> set) {
        for (String str : getPermissions().getPermissions().keySet()) {
            if (this.sessionState.isInGroup(str)) {
                Iterator<String> it = getPermissions().getPermissions().get(str).iterator();
                while (it.hasNext()) {
                    if (set.contains(it.next())) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    protected Set<String> functionSets(Set<String> set, IPermissionService.RequestType requestType) {
        HashSet hashSet = new HashSet();
        for (String str : getPermissions().getFunctionSets().keySet()) {
            Map<String, List<String>> map = getPermissions().getFunctionSets().get(str);
            for (String str2 : map.keySet()) {
                if (set.contains(str2) && map.get(str2).contains(requestType.name())) {
                    hashSet.add(str);
                }
            }
        }
        return hashSet;
    }

    protected boolean matches(String str, String str2) {
        if (str2.equals(str)) {
            return true;
        }
        if (!str2.endsWith("*") || str.indexOf(str2.substring(0, str2.length() - 2)) != 0) {
            return false;
        }
        if (str2.length() <= 4) {
            throw new RuntimeException("Wildcard definition must be longer than 4 characters: " + str2);
        }
        return true;
    }

    protected Set<String> functionDefinitions(String str, IPermissionService.RequestType requestType) {
        HashSet hashSet = new HashSet();
        for (String str2 : getPermissions().getFunctions().keySet()) {
            if (matches(str, str2) && getPermissions().getFunctions().get(str2).contains(requestType.name())) {
                hashSet.add(str2);
            }
        }
        return hashSet;
    }

    @Override // org.springframework.context.ResourceLoaderAware
    public void setResourceLoader(ResourceLoader resourceLoader) {
        this.resourceLoader = resourceLoader;
    }
}
