package org.openurp.app.security;

import org.beangle.cache.Cache;
import org.beangle.cache.CacheManager;
import org.beangle.commons.collection.Collections$;
import org.beangle.commons.lang.Strings$;
import org.beangle.security.authz.Authorizer;
import org.beangle.security.context.SecurityContext;
import org.beangle.security.session.Session;
import scala.MatchError;
import scala.None$;
import scala.Predef$;
import scala.Some;
import scala.collection.immutable.List;
import scala.collection.immutable.List$;
import scala.collection.mutable.ArrayOps;
import scala.collection.mutable.Set;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: RemoteAuthorizer.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005ea\u0001B\u0001\u0003\u0001-\u0011\u0001CU3n_R,\u0017)\u001e;i_JL'0\u001a:\u000b\u0005\r!\u0011\u0001C:fGV\u0014\u0018\u000e^=\u000b\u0005\u00151\u0011aA1qa*\u0011q\u0001C\u0001\b_B,g.\u001e:q\u0015\u0005I\u0011aA8sO\u000e\u00011c\u0001\u0001\r%A\u0011Q\u0002E\u0007\u0002\u001d)\tq\"A\u0003tG\u0006d\u0017-\u0003\u0002\u0012\u001d\t1\u0011I\\=SK\u001a\u0004\"aE\r\u000e\u0003QQ!!\u0006\f\u0002\u000b\u0005,H\u000f\u001b>\u000b\u0005\r9\"B\u0001\r\t\u0003\u001d\u0011W-\u00198hY\u0016L!A\u0007\u000b\u0003\u0015\u0005+H\u000f[8sSj,'\u000f\u0003\u0005\u001d\u0001\t\u0005\t\u0015!\u0003\u001e\u00031\u0019\u0017m\u00195f\u001b\u0006t\u0017mZ3s!\tq\u0012%D\u0001 \u0015\t\u0001s#A\u0003dC\u000eDW-\u0003\u0002#?\ta1)Y2iK6\u000bg.Y4fe\")A\u0005\u0001C\u0001K\u00051A(\u001b8jiz\"\"A\n\u0015\u0011\u0005\u001d\u0002Q\"\u0001\u0002\t\u000bq\u0019\u0003\u0019A\u000f\t\u000f)\u0002\u0001\u0019!C\u0001W\u0005\u0011RO\\6o_^t\u0017j\u001d)s_R,7\r^3e+\u0005a\u0003CA\u0007.\u0013\tqcBA\u0004C_>dW-\u00198\t\u000fA\u0002\u0001\u0019!C\u0001c\u00051RO\\6o_^t\u0017j\u001d)s_R,7\r^3e?\u0012*\u0017\u000f\u0006\u00023kA\u0011QbM\u0005\u0003i9\u0011A!\u00168ji\"9agLA\u0001\u0002\u0004a\u0013a\u0001=%c!1\u0001\b\u0001Q!\n1\n1#\u001e8l]><h.S:Qe>$Xm\u0019;fI\u0002BqA\u000f\u0001C\u0002\u0013\u00051(A\u0005sKN|WO]2fgV\tA\b\u0005\u0003\u001f{}R\u0015B\u0001  \u0005\u0015\u0019\u0015m\u00195f!\t\u0001uI\u0004\u0002B\u000bB\u0011!ID\u0007\u0002\u0007*\u0011AIC\u0001\u0007yI|w\u000e\u001e \n\u0005\u0019s\u0011A\u0002)sK\u0012,g-\u0003\u0002I\u0013\n11\u000b\u001e:j]\u001eT!A\u0012\b\u0011\u0005\u001dZ\u0015B\u0001'\u0003\u0005!\u0011Vm]8ve\u000e,\u0007B\u0002(\u0001A\u0003%A(\u0001\u0006sKN|WO]2fg\u0002Bq\u0001\u0015\u0001C\u0002\u0013\u0005\u0011+A\u0006bkRDwN]5uS\u0016\u001cX#\u0001*\u0011\tyith\u0015\t\u0004)f[V\"A+\u000b\u0005Y;\u0016aB7vi\u0006\u0014G.\u001a\u0006\u00031:\t!bY8mY\u0016\u001cG/[8o\u0013\tQVKA\u0002TKR\u0004\"!\u0004/\n\u0005us!aA%oi\"1q\f\u0001Q\u0001\nI\u000bA\"Y;uQ>\u0014\u0018\u000e^5fg\u0002Bq!\u0019\u0001C\u0002\u0013\u0005!-A\u0003s_>$8/F\u0001d!\u0011qRh\u00103\u0011\u0007\u0001+w(\u0003\u0002[\u0013\"1q\r\u0001Q\u0001\n\r\faA]8piN\u0004\u0003bB5\u0001\u0001\u0004%\tA[\u0001\baV\u0014G.[2t+\u0005Y\u0007c\u00017p\u007f5\tQN\u0003\u0002o/\u0006I\u0011.\\7vi\u0006\u0014G.Z\u0005\u0003a6\u0014A\u0001T5ti\"9!\u000f\u0001a\u0001\n\u0003\u0019\u0018a\u00039vE2L7m]0%KF$\"A\r;\t\u000fY\n\u0018\u0011!a\u0001W\"1a\u000f\u0001Q!\n-\f\u0001\u0002];cY&\u001c7\u000f\t\u0005\u0006q\u0002!\t%_\u0001\fSN\u0004VM]7jiR,G\r\u0006\u0002-u\")1p\u001ea\u0001y\u000691m\u001c8uKb$\bCA?��\u001b\u0005q(BA>\u0017\u0013\r\t\tA \u0002\u0010'\u0016\u001cWO]5us\u000e{g\u000e^3yi\"9\u0011Q\u0001\u0001\u0005\n\u0005\u001d\u0011\u0001D5t\u0003V$\bn\u001c:ju\u0016$G#\u0002\u0017\u0002\n\u0005-\u0001BB>\u0002\u0004\u0001\u0007A\u0010C\u0004\u0002\u000e\u0005\r\u0001\u0019\u0001&\u0002\u0007I,7\u000fC\u0004\u0002\u0012\u0001!\t!a\u0005\u0002\r%\u001c(k\\8u)\ra\u0013Q\u0003\u0005\b\u0003/\ty\u00011\u0001@\u0003\u0011)8/\u001a:")
/* loaded from: input_file:org/openurp/app/security/RemoteAuthorizer.class */
public class RemoteAuthorizer implements Authorizer {
    private final Cache<String, Resource> resources;
    private final Cache<String, Set<Object>> authorities;
    private final Cache<String, scala.collection.immutable.Set<String>> roots;
    private boolean unknownIsProtected = true;
    private List<String> publics = List$.MODULE$.empty();

    public boolean unknownIsProtected() {
        return this.unknownIsProtected;
    }

    public void unknownIsProtected_$eq(boolean z) {
        this.unknownIsProtected = z;
    }

    public Cache<String, Resource> resources() {
        return this.resources;
    }

    public Cache<String, Set<Object>> authorities() {
        return this.authorities;
    }

    public Cache<String, scala.collection.immutable.Set<String>> roots() {
        return this.roots;
    }

    public List<String> publics() {
        return this.publics;
    }

    public void publics_$eq(List<String> list) {
        this.publics = list;
    }

    public boolean isPermitted(SecurityContext securityContext) {
        boolean isAuthorized;
        boolean isAuthorized2;
        String obj = securityContext.request().resource().toString();
        if (publics().exists(str -> {
            return BoxesRunTime.boxToBoolean(obj.startsWith(str));
        })) {
            return true;
        }
        if (obj.startsWith("/admin/")) {
            return securityContext.root();
        }
        Some some = resources().get(obj);
        if (None$.MODULE$.equals(some)) {
            Some resource = RemoteService$.MODULE$.getResource(obj);
            if (None$.MODULE$.equals(resource)) {
                isAuthorized2 = unknownIsProtected() ? securityContext.isValid() : false;
            } else {
                if (!(resource instanceof Some)) {
                    throw new MatchError(resource);
                }
                Resource resource2 = (Resource) resource.value();
                resources().put(obj, resource2);
                isAuthorized2 = isAuthorized(securityContext, resource2);
            }
            isAuthorized = isAuthorized2;
        } else {
            if (!(some instanceof Some)) {
                throw new MatchError(some);
            }
            isAuthorized = isAuthorized(securityContext, (Resource) some.value());
        }
        return isAuthorized;
    }

    private boolean isAuthorized(SecurityContext securityContext, Resource resource) {
        boolean z;
        Set set;
        boolean z2;
        switch (resource.scope()) {
            case 0:
                return true;
            case 1:
                return securityContext.isValid();
            default:
                Some session = securityContext.session();
                if (session instanceof Some) {
                    Session session2 = (Session) session.value();
                    if (securityContext.root()) {
                        z2 = true;
                    } else {
                        Some some = authorities().get(session2.id());
                        if (some instanceof Some) {
                            set = (Set) some.value();
                        } else {
                            if (!None$.MODULE$.equals(some)) {
                                throw new MatchError(some);
                            }
                            Set newSet = Collections$.MODULE$.newSet();
                            authorities().put(session2.id(), newSet);
                            set = newSet;
                        }
                        Set set2 = set;
                        if (set2.contains(BoxesRunTime.boxToInteger(resource.id()))) {
                            z2 = true;
                        } else {
                            boolean matches = resource.matches(new ArrayOps.ofInt(Predef$.MODULE$.intArrayOps(Strings$.MODULE$.splitToInt(session2.principal().authorities()))).toSet());
                            if (matches) {
                                BoxesRunTime.boxToBoolean(set2.add(BoxesRunTime.boxToInteger(resource.id())));
                            } else {
                                BoxedUnit boxedUnit = BoxedUnit.UNIT;
                            }
                            z2 = matches;
                        }
                    }
                    z = z2;
                } else {
                    if (!None$.MODULE$.equals(session)) {
                        throw new MatchError(session);
                    }
                    z = false;
                }
                return z;
        }
    }

    public boolean isRoot(String str) {
        boolean z;
        boolean z2;
        Some some = roots().get("roots");
        if (some instanceof Some) {
            z2 = ((scala.collection.immutable.Set) some.value()).contains(str);
        } else {
            if (!None$.MODULE$.equals(some)) {
                throw new MatchError(some);
            }
            Some roots = RemoteService$.MODULE$.roots();
            if (roots instanceof Some) {
                scala.collection.immutable.Set set = (scala.collection.immutable.Set) roots.value();
                roots().put("roots", set);
                z = set.contains(str);
            } else {
                if (!None$.MODULE$.equals(roots)) {
                    throw new MatchError(roots);
                }
                z = false;
            }
            z2 = z;
        }
        return z2;
    }

    public RemoteAuthorizer(CacheManager cacheManager) {
        this.resources = cacheManager.getCache("security-resources", String.class, Resource.class);
        this.authorities = cacheManager.getCache("security-authorities", String.class, Set.class);
        this.roots = cacheManager.getCache("security-roots", String.class, scala.collection.immutable.Set.class);
    }
}
