package com.goldgov.kduck.config;

import com.goldgov.kduck.AuthServerConstants;
import com.goldgov.kduck.cache.CacheHelper;
import com.goldgov.kduck.client.ResourceOperate;
import com.goldgov.kduck.client.UserResourceClient;
import com.goldgov.ms.authentication.baseaccount.service.AccountCredentialService;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import net.minidev.json.JSONArray;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.security.web.FilterInvocation;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:com/goldgov/kduck/config/ExpressionVoter.class */
public class ExpressionVoter implements AccessDecisionVoter<FilterInvocation> {
    private Logger log = LoggerFactory.getLogger(getClass());
    private AntPathMatcher matcher = new AntPathMatcher();
    private RestTemplate restTemplate;
    private GatewayProperties gatewayProperties;
    private AccountCredentialService accountCredentialService;
    private UserResourceClient userResourceClient;
    static final /* synthetic */ boolean $assertionsDisabled;

    public ExpressionVoter(UserResourceClient userResourceClient) {
        this.userResourceClient = userResourceClient;
    }

    public ExpressionVoter(RestTemplate restTemplate, GatewayProperties gatewayProperties) {
        this.restTemplate = restTemplate;
        this.gatewayProperties = gatewayProperties;
    }

    public ExpressionVoter(RestTemplate restTemplate, GatewayProperties gatewayProperties, AccountCredentialService accountCredentialService) {
        this.restTemplate = restTemplate;
        this.gatewayProperties = gatewayProperties;
        this.accountCredentialService = accountCredentialService;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v17, types: [java.util.Collection] */
    public int vote(Authentication authentication, FilterInvocation filterInvocation, Collection<ConfigAttribute> collection) {
        if (!$assertionsDisabled && authentication == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && filterInvocation == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && collection == null) {
            throw new AssertionError();
        }
        ExpressionConfigAttribute findConfigAttribute = findConfigAttribute(collection);
        HttpServletRequest httpRequest = filterInvocation.getHttpRequest();
        String requestPath = getRequestPath(httpRequest);
        if (findConfigAttribute == null) {
            return 0;
        }
        ArrayList arrayList = new ArrayList();
        String str = "";
        if (authentication instanceof JwtAuthenticationToken) {
            Jwt jwt = (Jwt) ((JwtAuthenticationToken) authentication).getPrincipal();
            Map claims = jwt.getClaims();
            jwt.getTokenValue();
            str = (String) claims.get("jti");
            arrayList.addAll((JSONArray) claims.get("scope"));
        } else {
            arrayList = authentication.getAuthorities();
            if (authentication.getPrincipal() instanceof OidcUser) {
                OidcUser oidcUser = (OidcUser) authentication.getPrincipal();
                oidcUser.getIdToken().getTokenValue();
                str = ((String) oidcUser.getClaims().get("sub")).split("\\|")[1];
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            String obj = it.next().toString();
            if (obj.contains("api-dagnwu")) {
                this.log.info("ROLE_TRUSTED_CLIENT 【" + requestPath + "】投票结果为：1");
                return 0;
            }
            if ("ROLE_ANONYMOUS".equals(obj)) {
                this.log.info("ROLE_ANONYMOUS 【" + requestPath + "】投票结果为：-1");
                return -1;
            }
        }
        String str2 = "";
        if (requestPath.indexOf("api-") != -1 || requestPath.indexOf("api/") != -1) {
            String[] split = requestPath.split("/");
            for (int i = 0; i < split.length; i++) {
                if (split[i].indexOf("api-") == -1 && !split[i].equals("api")) {
                    str2 = str2 + split[i] + "/";
                }
            }
        }
        String substring = StringUtils.hasLength(str2) ? str2.substring(0, str2.length() - 1) : requestPath;
        List<Map> list = (List) CacheHelper.getByCacheName(AuthServerConstants.CACHE_CODE, str + "." + ResourceOperate.class.getName(), ArrayList.class);
        if (CollectionUtils.isEmpty(list)) {
            list = this.userResourceClient.getResourceOperatesByUserId(str);
            CacheHelper.put(AuthServerConstants.CACHE_CODE, str + "." + ResourceOperate.class.getName(), list, 120L);
        }
        String method = httpRequest.getMethod();
        for (Map map : list) {
            if (this.matcher.match((String) map.get("operatePath"), substring) && method.equals(((String) map.get("method")).toUpperCase())) {
                this.log.info("【" + substring + "】投票结果为：1");
                return 1;
            }
        }
        this.log.info("【" + substring + "】投票结果为：0");
        return 0;
    }

    public String getRequestPath(HttpServletRequest httpServletRequest) {
        String servletPath = httpServletRequest.getServletPath();
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo != null) {
            servletPath = servletPath != null ? servletPath + pathInfo : pathInfo;
        }
        return servletPath;
    }

    private ExpressionConfigAttribute findConfigAttribute(Collection<ConfigAttribute> collection) {
        for (ConfigAttribute configAttribute : collection) {
            if (configAttribute instanceof ExpressionConfigAttribute) {
                return (ExpressionConfigAttribute) configAttribute;
            }
        }
        return null;
    }

    public boolean supports(ConfigAttribute configAttribute) {
        return configAttribute instanceof ExpressionConfigAttribute;
    }

    public boolean supports(Class<?> cls) {
        return FilterInvocation.class.isAssignableFrom(cls);
    }

    public /* bridge */ /* synthetic */ int vote(Authentication authentication, Object obj, Collection collection) {
        return vote(authentication, (FilterInvocation) obj, (Collection<ConfigAttribute>) collection);
    }

    static {
        $assertionsDisabled = !ExpressionVoter.class.desiredAssertionStatus();
    }
}
