package digital.nedra.commons.starter.security.engine.core;

import com.google.common.collect.ImmutableList;
import digital.nedra.commons.starter.security.engine.config.SecurityEngineProperties;
import digital.nedra.commons.starter.security.engine.core.Fields;
import digital.nedra.commons.starter.security.engine.core.dto.AuthorityDto;
import digital.nedra.commons.starter.security.engine.core.dto.RoleAuthoritiesDto;
import digital.nedra.commons.starter.security.engine.utils.SecurityUtils;
import java.lang.reflect.Method;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Predicate;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import javax.annotation.PostConstruct;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Controller;
import org.springframework.util.CollectionUtils;
import org.springframework.web.bind.annotation.RestController;

@Component
/* loaded from: input_file:digital/nedra/commons/starter/security/engine/core/SecurityEngine.class */
public class SecurityEngine {
    private static final Logger log = LoggerFactory.getLogger(SecurityEngine.class);
    private final List<ContextBuilder<? extends AuthorityContext>> builders;
    private final List<RoleHandler> handlers;
    private final RoleResolver roleResolver;
    private final SecurityEngineProperties securityEngineProperties;
    private ImmutableList<AuthorityWithContextHandler> authorityWithContextHandlers;

    @PostConstruct
    public void init() {
        checkIfAuthorityAssignedToAllUsersRoles();
    }

    public void checkPermission(String str, String str2, Class<? extends ContextBuilder<AuthorityContext>> cls, AuthorityContextPayload authorityContextPayload) {
        List<String> roles = this.roleResolver.getRoles();
        List<RoleHandler> permissionHandlers = getPermissionHandlers(str, roles);
        if (CollectionUtils.isEmpty(permissionHandlers)) {
            throwAuthorityException(str, str2, roles);
        }
        if (isAllowed(str, permissionHandlers, createContext(cls, authorityContextPayload, roles))) {
            return;
        }
        throwAuthorityException(str, str2, roles);
    }

    public boolean hasPermission(String str, Class<? extends ContextBuilder<AuthorityContext>> cls, AuthorityContextPayload authorityContextPayload) {
        List<String> roles = this.roleResolver.getRoles();
        List<RoleHandler> permissionHandlers = getPermissionHandlers(str, roles);
        if (CollectionUtils.isEmpty(permissionHandlers)) {
            return false;
        }
        return isAllowed(str, permissionHandlers, createContext(cls, authorityContextPayload, roles));
    }

    public boolean isCalledFromRestController() {
        return Stream.of((Object[]) Thread.currentThread().getStackTrace()).map((v0) -> {
            return v0.getClassName();
        }).filter(Pattern.compile(this.securityEngineProperties.getRestControllerPackageFilter()).asMatchPredicate()).map(str -> {
            try {
                return Class.forName(str);
            } catch (ClassNotFoundException e) {
                return null;
            }
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).anyMatch(cls -> {
            return Objects.nonNull(cls.getAnnotation(RestController.class)) || Objects.nonNull(cls.getAnnotation(Controller.class));
        });
    }

    public Set<String> getAllRoles() {
        return SecurityUtils.getAllRoles(this.handlers);
    }

    public List<String> getAllPermissions() {
        return (List) SecurityUtils.getAllAuthorities(this.handlers).stream().sorted().collect(Collectors.toList());
    }

    public List<String> getRolePermissions() {
        return (List) SecurityUtils.getRoleAuthorities(this.roleResolver.getRoles(), this.handlers).stream().sorted().collect(Collectors.toList());
    }

    public List<RoleAuthoritiesDto> getAllRoleAuthorities() {
        return (List) this.handlers.stream().map(roleHandler -> {
            return RoleAuthoritiesDto.builder().role(roleHandler.getRole()).authorities(ImmutableList.copyOf((List) roleHandler.getAuthorities().stream().map(this::newRoleAuthorityDto).collect(Collectors.toList()))).build();
        }).collect(Collectors.toList());
    }

    public List<AuthorityDto> getAllAuthoritiesAndRoles() {
        return (List) SecurityUtils.getAllAuthorities(this.handlers).stream().distinct().map(this::newAuthorities).collect(Collectors.toList());
    }

    public void initAuthorityHandlerList(ApplicationContext applicationContext) throws BeansException {
        String str = "securityEngineInitializer";
        Stream filter = Stream.of((Object[]) applicationContext.getBeanDefinitionNames()).filter(Predicate.not((v1) -> {
            return r1.equals(v1);
        }));
        Objects.requireNonNull(applicationContext);
        this.authorityWithContextHandlers = ImmutableList.copyOf((List) filter.map(applicationContext::getBean).map(this::findMethodsWithAuthorityCheckAnnotation).flatMap((v0) -> {
            return v0.stream();
        }).map(this::createAuthorityHandlerItem).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList()));
    }

    public List<String> calculateUserAuthoritiesForContextParameters(@Nullable Map<String, Object> map) {
        Objects.requireNonNull(this.authorityWithContextHandlers);
        List<String> rolePermissions = getRolePermissions();
        rolePermissions.removeAll((List) ((List) this.authorityWithContextHandlers.stream().filter(authorityWithContextHandler -> {
            return rolePermissions.contains(authorityWithContextHandler.getName());
        }).collect(Collectors.toList())).stream().filter(authorityWithContextHandler2 -> {
            return !isCurrentUserHasPermissionForAuthority(map, authorityWithContextHandler2);
        }).map((v0) -> {
            return v0.getName();
        }).distinct().collect(Collectors.toList()));
        return rolePermissions;
    }

    private AuthorityContext createContext(Class<? extends ContextBuilder<AuthorityContext>> cls, AuthorityContextPayload authorityContextPayload, List<String> list) {
        if (isBuilderNotSet(cls)) {
            return SecurityUtils.createDefaultContext(list);
        }
        Stream<ContextBuilder<? extends AuthorityContext>> stream = this.builders.stream();
        Objects.requireNonNull(cls);
        Stream<ContextBuilder<? extends AuthorityContext>> filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Objects.requireNonNull(cls);
        return (AuthorityContext) filter.map((v1) -> {
            return r1.cast(v1);
        }).map(contextBuilder -> {
            return contextBuilder.build(list, authorityContextPayload);
        }).findFirst().orElseGet(() -> {
            return SecurityUtils.createDefaultContext(list);
        });
    }

    private boolean isBuilderNotSet(Class<? extends ContextBuilder<AuthorityContext>> cls) {
        return ContextBuilder.class.equals(cls);
    }

    private List<RoleHandler> getPermissionHandlers(String str, List<String> list) {
        return (List) this.handlers.stream().filter(roleHandler -> {
            return hasRole(list, roleHandler) && includeAuthority(str, roleHandler);
        }).collect(Collectors.toList());
    }

    private boolean isAllowed(String str, List<RoleHandler> list, AuthorityContext authorityContext) {
        return list.stream().anyMatch(roleHandler -> {
            return roleHandler.handle(str, authorityContext);
        });
    }

    private void throwAuthorityException(String str, String str2, List<String> list) {
        throw new AuthorityException(String.format("Нет authority [%s] у роли [%s] для доступа к api %s.", str, list, str2));
    }

    private boolean hasRole(List<String> list, RoleHandler roleHandler) {
        return ((Boolean) Optional.ofNullable(roleHandler.getRole()).map(str -> {
            Stream stream = list.stream();
            Objects.requireNonNull(str);
            return Boolean.valueOf(stream.anyMatch(str::equalsIgnoreCase));
        }).orElse(false)).booleanValue();
    }

    private boolean includeAuthority(String str, RoleHandler roleHandler) {
        Stream<R> map = roleHandler.getAuthorities().stream().map((v0) -> {
            return v0.getName();
        });
        Objects.requireNonNull(str);
        return map.anyMatch(str::equalsIgnoreCase);
    }

    private void checkIfAuthorityAssignedToAllUsersRoles() {
        Map<String, Set<String>> roleAuthorityMap = SecurityUtils.getRoleAuthorityMap(this.handlers);
        Set<String> allUsedAuthorities = SecurityUtils.getAllUsedAuthorities(this.handlers);
        SecurityEngineProperties.StartMode startMode = this.securityEngineProperties.getStartMode();
        roleAuthorityMap.entrySet().stream().filter(entry -> {
            return ((Set) entry.getValue()).size() < allUsedAuthorities.size();
        }).forEach(entry2 -> {
            String str = (String) entry2.getKey();
            Set set = (Set) entry2.getValue();
            HashSet hashSet = new HashSet(allUsedAuthorities);
            hashSet.removeAll(set);
            String format = String.format("Для роли [%s] не установлены права на [%s].", str, String.join(",", hashSet));
            switch (startMode) {
                case STRICT:
                    throw new AuthorityException(String.format("Can't start security engine. %s", format));
                case RELAXED:
                    log.warn(format);
                    return;
                default:
                    log.warn("Security engine start mode=[{}] is not supported", startMode);
                    return;
            }
        });
    }

    private RoleAuthoritiesDto.RoleAuthorityDto newRoleAuthorityDto(Authority authority) {
        Optional ofNullable = Optional.ofNullable(authority.getContext());
        return RoleAuthoritiesDto.RoleAuthorityDto.builder().name(authority.getName()).fields((ImmutableList) ofNullable.map((v0) -> {
            return v0.getValue();
        }).orElse(null)).available(authority.isAvailable()).type((Fields.Type) ofNullable.map((v0) -> {
            return v0.getType();
        }).orElse(null)).build();
    }

    private AuthorityDto newAuthorities(String str) {
        return AuthorityDto.builder().name(str).roles(ImmutableList.copyOf((List) this.handlers.stream().map(roleHandler -> {
            return (AuthorityDto.RoleDto) roleHandler.getAuthorities().stream().filter(authority -> {
                return str.equalsIgnoreCase(authority.getName());
            }).findFirst().map(authority2 -> {
                return newRole(roleHandler, authority2);
            }).orElse(null);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList()))).build();
    }

    private AuthorityDto.RoleDto newRole(RoleHandler roleHandler, Authority authority) {
        Optional ofNullable = Optional.ofNullable(authority.getContext());
        return AuthorityDto.RoleDto.builder().name(roleHandler.getRole()).available(authority.isAvailable()).fields((ImmutableList) ofNullable.map((v0) -> {
            return v0.getValue();
        }).orElse(null)).type((Fields.Type) ofNullable.map((v0) -> {
            return v0.getType();
        }).orElse(null)).build();
    }

    private boolean isCurrentUserHasPermissionForAuthority(Map<String, Object> map, AuthorityWithContextHandler authorityWithContextHandler) {
        DefaultContextPayload defaultContextPayload = new DefaultContextPayload();
        if (Objects.nonNull(map)) {
            map.entrySet().forEach(entry -> {
                defaultContextPayload.set((String) entry.getKey(), entry.getValue());
            });
        }
        return hasPermission(authorityWithContextHandler.getName(), authorityWithContextHandler.getContextBuilder(), defaultContextPayload);
    }

    private List<Method> findMethodsWithAuthorityCheckAnnotation(Object obj) {
        Class<? super Object> superclass = obj.getClass().getSuperclass();
        return superclass == null ? Collections.emptyList() : (List) Stream.of((Object[]) superclass.getDeclaredMethods()).filter(method -> {
            AuthorityCheck authorityCheck = (AuthorityCheck) method.getAnnotation(AuthorityCheck.class);
            return (authorityCheck == null || ContextBuilder.class.equals(authorityCheck.handler())) ? false : true;
        }).collect(Collectors.toList());
    }

    private AuthorityWithContextHandler createAuthorityHandlerItem(Method method) {
        AuthorityCheck authorityCheck = (AuthorityCheck) method.getAnnotation(AuthorityCheck.class);
        Stream filter = Stream.of((Object[]) method.getParameterAnnotations()).flatMap((v0) -> {
            return Stream.of(v0);
        }).filter(annotation -> {
            return AuthParam.class.equals(annotation.annotationType());
        });
        Class<AuthParam> cls = AuthParam.class;
        Objects.requireNonNull(AuthParam.class);
        return AuthorityWithContextHandler.builder().contextBuilder(authorityCheck.handler()).name(authorityCheck.value()).parameters(ImmutableList.copyOf((List) filter.map((v1) -> {
            return r1.cast(v1);
        }).map((v0) -> {
            return v0.value();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList()))).build();
    }

    public SecurityEngine(List<ContextBuilder<? extends AuthorityContext>> list, List<RoleHandler> list2, RoleResolver roleResolver, SecurityEngineProperties securityEngineProperties) {
        this.builders = list;
        this.handlers = list2;
        this.roleResolver = roleResolver;
        this.securityEngineProperties = securityEngineProperties;
    }
}
