package com.fr.decision.webservice.interceptor.handler;

import com.fr.data.NetworkHelper;
import com.fr.decision.authority.AuthorityContext;
import com.fr.decision.authority.base.constant.AuthorityValue;
import com.fr.decision.authority.controller.TemplateAuthorityController;
import com.fr.decision.authority.data.AuthorityRecord;
import com.fr.decision.authority.type.PreviewAuthorityType;
import com.fr.decision.authority.type.TempAuthAuthorityType;
import com.fr.decision.authority.type.WriteAuthorityType;
import com.fr.decision.webservice.annotation.TemplateAuth;
import com.fr.decision.webservice.bean.authentication.LoginClientBean;
import com.fr.decision.webservice.bean.template.TemplateAuthConfigBean;
import com.fr.decision.webservice.bean.template.TemplateProductType;
import com.fr.decision.webservice.exception.general.NoPrivilegeException;
import com.fr.decision.webservice.impl.template.DigitalSignTemplateAuthType;
import com.fr.decision.webservice.impl.template.TemplateAuthType;
import com.fr.decision.webservice.interceptor.op.OperationManager;
import com.fr.decision.webservice.v10.backup.ReportletsBackup;
import com.fr.decision.webservice.v10.entry.ReportEntryService;
import com.fr.decision.webservice.v10.login.LoginStatusValidator;
import com.fr.decision.webservice.v10.system.SystemService;
import com.fr.decision.webservice.v10.template.TempAuthValidatorStatus;
import com.fr.decision.webservice.v10.template.TemplateService;
import com.fr.decision.webservice.v10.user.UserService;
import com.fr.general.ComparatorUtils;
import com.fr.log.FineLoggerFactory;
import com.fr.report.util.RemoteDesignAuthHelper;
import com.fr.security.JwtUtils;
import com.fr.stable.StringUtils;
import com.fr.store.StateHubManager;
import com.fr.third.org.apache.commons.io.FilenameUtils;
import com.fr.third.springframework.web.method.HandlerMethod;
import com.fr.util.TemplateHelper;
import com.fr.web.service.RemoteDesignAuthorityDataService;
import com.fr.workspace.server.config.RemoteDesignConfig;
import java.net.URLDecoder;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/fr/decision/webservice/interceptor/handler/ReportTemplateRequestChecker.class */
public class ReportTemplateRequestChecker extends TemplateRequestChecker {
    private static final long serialVersionUID = 5066533466666128876L;
    public static final ReportTemplateRequestChecker KEY = new ReportTemplateRequestChecker();

    public boolean acceptRequest(HttpServletRequest httpServletRequest, HandlerMethod handlerMethod) {
        TemplateAuth annotation = handlerMethod.getMethod().getAnnotation(TemplateAuth.class);
        return annotation != null && annotation.product() == TemplateProductType.FINE_REPORT && StringUtils.isNotEmpty(getTemplateId(httpServletRequest, handlerMethod));
    }

    public boolean checkRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HandlerMethod handlerMethod) throws Exception {
        TempAuthValidatorStatus tempAuthValidatorStatus;
        LoginStatusValidator loginStatusValidator = getLoginStatusValidator(handlerMethod);
        if (!loginStatusValidator.isNeedCheck()) {
            return true;
        }
        TemplateAuthConfigBean templateAuthConfig = TemplateService.getInstance().getTemplateAuthConfig();
        if (!templateAuthConfig.isTempAuthOpen()) {
            return true;
        }
        String templateId = getTemplateId(httpServletRequest, handlerMethod);
        if (StringUtils.isEmpty(templateId) || checkHyperlinkValid(httpServletRequest, handlerMethod)) {
            return true;
        }
        if ((RemoteDesignConfig.getInstance().isAvoidTempAuthValid() && isFromRemotePreview(httpServletRequest) && isDigitalSignTemplateAuth(templateAuthConfig.getTempAuthType())) || (tempAuthValidatorStatus = getTempAuthValidatorStatus(httpServletRequest, templateId, templateAuthConfig.getTempAuthType())) == null || tempAuthValidatorStatus.isDirectAccessTemp()) {
            return true;
        }
        if (!SystemService.getInstance().checkSystemInit()) {
            PreHandlerFactory.getInstance().getRequestInterceptorAction(httpServletRequest).dealServerInitStatus(httpServletResponse);
            return false;
        }
        LoginClientBean checkLogin = checkLogin(httpServletRequest, httpServletResponse, handlerMethod, loginStatusValidator);
        if (checkLogin == null) {
            return false;
        }
        if (!isRemotePreview(httpServletRequest, loginStatusValidator) && tempAuthValidatorStatus.isNeedRoleAuthorityCheck() && detectTemplateRoleAuthority(httpServletRequest, checkLogin.getUserId(), templateId)) {
            throw new NoPrivilegeException();
        }
        return true;
    }

    private boolean isRemotePreview(HttpServletRequest httpServletRequest, LoginStatusValidator loginStatusValidator) {
        if (isFromRemotePreview(httpServletRequest)) {
            return hasTempAuth(httpServletRequest, loginStatusValidator);
        }
        return false;
    }

    private boolean isFromRemotePreview(HttpServletRequest httpServletRequest) {
        try {
            Set keysOfSameAlias = StateHubManager.applyForService("locked_file_table").keysOfSameAlias("locked_file_table_alias");
            String parameter = httpServletRequest.getParameter("ref_t");
            String parameter2 = httpServletRequest.getParameter("ref_c");
            if (parameter == null || parameter2 == null || !keysOfSameAlias.contains(parameter2)) {
                return false;
            }
            return keysOfSameAlias.contains(parameter2);
        } catch (Exception e) {
            FineLoggerFactory.getLogger().error(e.getMessage(), e);
            return false;
        }
    }

    private boolean hasTempAuth(HttpServletRequest httpServletRequest, LoginStatusValidator loginStatusValidator) {
        try {
            String parameter = httpServletRequest.getParameter("viewlet");
            String decode = parameter != null ? URLDecoder.decode(parameter, "UTF-8") : null;
            if (decode == null) {
                return false;
            }
            String subject = JwtUtils.parseJWT(loginStatusValidator.getTokenResource().getToken(httpServletRequest)).getSubject();
            if (RemoteDesignAuthHelper.isRootByName(subject)) {
                return true;
            }
            return RemoteDesignAuthorityDataService.getInstance().hasAuthority(UserService.getInstance().getCurrentUserId(subject), decode);
        } catch (Exception e) {
            FineLoggerFactory.getLogger().error(e.getMessage(), e);
            return false;
        }
    }

    private boolean isDigitalSignTemplateAuth(int i) {
        return ComparatorUtils.equals(TemplateAuthType.parse(i), DigitalSignTemplateAuthType.TYPE);
    }

    public int toInteger() {
        return TemplateProductType.FINE_REPORT.toInteger();
    }

    public String getTemplateId(HttpServletRequest httpServletRequest, HandlerMethod handlerMethod) {
        return TemplateHelper.analyzeTemplateID(httpServletRequest);
    }

    public boolean detectTemplateNeedAuthenticate(HttpServletRequest httpServletRequest, String str) {
        if (isUniqueTemplatePath(str)) {
            return detectTemplateSetNeedAuthenticate(httpServletRequest, str);
        }
        String normalizeTemplatePath = getNormalizeTemplatePath(str);
        String[] split = normalizeTemplatePath.split("/");
        try {
            return checkTemplateAuthority(normalizeTemplatePath, split, split.length);
        } catch (Exception e) {
            FineLoggerFactory.getLogger().error(e.getMessage(), e);
            return false;
        }
    }

    private String getParentPath(String[] strArr, int i) {
        StringBuilder sb = new StringBuilder();
        for (int i2 = 0; i2 < i; i2++) {
            sb.append(strArr[i2]).append("/");
        }
        String sb2 = sb.toString();
        return sb2.endsWith("/") ? sb2.substring(0, sb2.length() - 1) : sb2;
    }

    private boolean checkTemplateAuthority(String str, String[] strArr, int i) throws Exception {
        AuthorityValue templateAuthorityValue = getTemplateAuthorityValue(str);
        if (templateAuthorityValue != null) {
            if (templateAuthorityValue == AuthorityValue.ACCEPT) {
                return true;
            }
            return templateAuthorityValue == AuthorityValue.REJECT ? false : false;
        }
        if (i > 1) {
            return checkTemplateAuthority(getParentPath(strArr, i - 1), strArr, i - 1);
        }
        if (i == 1) {
            return checkTemplateAuthority(ReportletsBackup.MODULE_NAME, strArr, i - 1);
        }
        return false;
    }

    public boolean detectTemplateRoleAuthority(HttpServletRequest httpServletRequest, String str, String str2) {
        if (isUniqueTemplatePath(str2)) {
            return detectTemplateSetRoleAuthority(httpServletRequest, str, str2);
        }
        try {
            return !ReportEntryService.getInstance().doesUserHasAuthority(str, getNormalizeTemplatePath(str2), OperationManager.getInstance().authorityType(NetworkHelper.getHTTPRequestParameter(httpServletRequest, "op")));
        } catch (Exception e) {
            FineLoggerFactory.getLogger().error(e.getMessage(), e);
            return true;
        }
    }

    public boolean doesUserHaveAnyHyperlinkTempAuth(String str, String str2) throws Exception {
        String normalizeTemplatePath = getNormalizeTemplatePath(str2);
        return ReportEntryService.getInstance().doesUserHasAuthority(str, normalizeTemplatePath, PreviewAuthorityType.TYPE) || ReportEntryService.getInstance().doesUserHasAuthority(str, normalizeTemplatePath, WriteAuthorityType.TYPE);
    }

    private String getNormalizeTemplatePath(String str) {
        try {
            return FilenameUtils.normalizeNoEndSeparator("reportlets/" + str, true).substring("reportlets/".length());
        } catch (Exception e) {
            FineLoggerFactory.getLogger().error(e.getMessage());
            return str;
        }
    }

    private AuthorityValue getTemplateAuthorityValue(String str) throws Exception {
        List<AuthorityRecord> findAuthorityRecord = ((TemplateAuthorityController) AuthorityContext.getInstance().getAuthorityController(TemplateAuthorityController.class)).findAuthorityRecord(str);
        if (findAuthorityRecord == null || findAuthorityRecord.isEmpty()) {
            return null;
        }
        for (AuthorityRecord authorityRecord : findAuthorityRecord) {
            if (authorityRecord.getAuthorityType() == TempAuthAuthorityType.TYPE) {
                return authorityRecord.getAuthority();
            }
        }
        return null;
    }

    public boolean detectTemplateSetNeedAuthenticate(HttpServletRequest httpServletRequest, String str) {
        boolean z = false;
        Iterator it = TemplateHelper.getReportletsFromBookPath(str).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (detectTemplateNeedAuthenticate(httpServletRequest, (String) it.next())) {
                z = true;
                break;
            }
        }
        return z;
    }

    public boolean detectTemplateSetRoleAuthority(HttpServletRequest httpServletRequest, String str, String str2) {
        boolean z = false;
        Iterator it = TemplateHelper.getReportletsFromBookPath(str2).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (detectTemplateRoleAuthority(httpServletRequest, str, (String) it.next())) {
                z = true;
                break;
            }
        }
        return z;
    }

    public boolean isUniqueTemplatePath(String str) {
        return str.startsWith("[") && str.endsWith("]");
    }
}
