package cn.gtmap.gtc.sso.service.impl;

import cn.gtmap.gtc.sso.config.GtmapSessionRegistryImpl;
import cn.gtmap.gtc.sso.dao.spec.AuthoritySpecification;
import cn.gtmap.gtc.sso.domain.dto.AuthUserDetails;
import cn.gtmap.gtc.sso.domain.dto.BaseResultDto;
import cn.gtmap.gtc.sso.domain.dto.UrlAuthAccessDto;
import cn.gtmap.gtc.sso.domain.dto.UserDto;
import cn.gtmap.gtc.sso.domain.enums.EnableStatusEnum;
import cn.gtmap.gtc.sso.domain.enums.UrlAccessEnum;
import cn.gtmap.gtc.sso.domain.mem.UrlAccessCache;
import cn.gtmap.gtc.sso.domain.mem.UserModuleAuthorityCache;
import cn.gtmap.gtc.sso.manager.AuthorityManager;
import cn.gtmap.gtc.sso.manager.ClientManager;
import cn.gtmap.gtc.sso.manager.ModuleManager;
import cn.gtmap.gtc.sso.manager.OperationManager;
import cn.gtmap.gtc.sso.manager.OrganizationManager;
import cn.gtmap.gtc.sso.manager.RoleManager;
import cn.gtmap.gtc.sso.manager.ScopeManager;
import cn.gtmap.gtc.sso.manager.UrlAccessConfigManager;
import cn.gtmap.gtc.sso.manager.UserManager;
import cn.gtmap.gtc.sso.model.entity.Authority;
import cn.gtmap.gtc.sso.model.entity.Client;
import cn.gtmap.gtc.sso.model.entity.UrlAccessConfig;
import cn.gtmap.gtc.sso.model.entity.User;
import cn.gtmap.gtc.sso.service.ClientService;
import cn.gtmap.gtc.sso.service.OauthService;
import cn.gtmap.gtc.sso.service.UserService;
import cn.gtmap.gtc.sso.util.Constant;
import cn.gtmap.gtc.sso.util.Object2FieldUtils;
import cn.gtmap.gtc.sso.util.UrlAccessCacheUtils;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentMap;
import org.apache.axis2.Constants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.session.SessionInformation;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

@Service
/* loaded from: input_file:BOOT-INF/classes/cn/gtmap/gtc/sso/service/impl/OauthServiceImpl.class */
public class OauthServiceImpl implements OauthService {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ClientService.class);

    @Autowired
    private SessionRegistry sessionRegistry;

    @Autowired
    private UserManager userManager;

    @Autowired
    private UrlAccessConfigManager urlAccessConfigManager;

    @Autowired
    private RoleManager roleManager;

    @Autowired
    private ModuleManager moduleManager;

    @Autowired
    private OrganizationManager organizationManager;

    @Autowired
    private OperationManager operationManager;

    @Autowired
    private ScopeManager scopeManager;

    @Autowired
    private UrlAccessCacheUtils urlAccessCacheUtils;

    @Autowired
    private UserService userService;

    @Autowired
    private AuthorityManager authorityManager;

    @Autowired
    private ClientManager clientManager;

    @Override // cn.gtmap.gtc.sso.service.OauthService
    public void cleanSession(String str) {
        AuthUserDetails authUserDetails = new AuthUserDetails();
        authUserDetails.setUsername(str);
        List<SessionInformation> allSessions = ((GtmapSessionRegistryImpl) this.sessionRegistry).getAllSessions(authUserDetails, false);
        if (!CollectionUtils.isEmpty(allSessions)) {
            allSessions.stream().forEach(sessionInformation -> {
                sessionInformation.expireNow();
                ((GtmapSessionRegistryImpl) this.sessionRegistry).addSessionInfo(sessionInformation.getSessionId(), sessionInformation);
            });
        }
        List<SessionInformation> allSessions2 = ((GtmapSessionRegistryImpl) this.sessionRegistry).getAllSessions(str, false);
        if (CollectionUtils.isEmpty(allSessions2)) {
            return;
        }
        allSessions2.stream().forEach(sessionInformation2 -> {
            sessionInformation2.expireNow();
            ((GtmapSessionRegistryImpl) this.sessionRegistry).addSessionInfo(sessionInformation2.getSessionId(), sessionInformation2);
        });
    }

    @Override // cn.gtmap.gtc.sso.service.OauthService
    public Map<String, Object> casSessionAuth(String str) {
        HashMap newHashMap = Maps.newHashMap();
        SessionInformation sessionInformation = ((GtmapSessionRegistryImpl) this.sessionRegistry).getSessionInformation(str);
        if (null == sessionInformation) {
            newHashMap.put("code", 1);
            newHashMap.put("msg", "error, token invalid!");
            return newHashMap;
        }
        String str2 = "";
        Object principal = sessionInformation.getPrincipal();
        if (principal instanceof String) {
            str2 = (String) principal;
        } else if (principal instanceof UserDetails) {
            str2 = ((UserDetails) principal).getUsername();
        }
        User findByUsername = this.userManager.findByUsername(str2);
        if (null == findByUsername) {
            newHashMap.put("code", 1);
            newHashMap.put("msg", "error, token invalid not found user!");
            return newHashMap;
        }
        HashMap newHashMap2 = Maps.newHashMap();
        newHashMap2.put("loginName", findByUsername.getUsername());
        newHashMap2.put(Constants.USER_NAME, findByUsername.getAlias());
        newHashMap.put("code", 0);
        newHashMap.put(Constant.MODULE_DATA_RESOURCE, newHashMap2);
        newHashMap.put("msg", "success!");
        return newHashMap;
    }

    @Override // cn.gtmap.gtc.sso.service.OauthService
    public BaseResultDto urlAccess(UrlAuthAccessDto urlAuthAccessDto) {
        UrlAccessCache cache;
        BaseResultDto baseResultDto = new BaseResultDto();
        baseResultDto.setCode(BaseResultDto.BaseResultCode.FAILURE.intValue());
        try {
            cache = this.urlAccessConfigManager.getCache(urlAuthAccessDto.getClientId());
        } catch (Exception e) {
            logger.warn("urlAccess", (Throwable) e);
            baseResultDto.setCode(BaseResultDto.BaseResultCode.FAILURE.intValue()).setMsg(e.getMessage());
        }
        if (cache == null || (CollectionUtils.isEmpty(cache.getUnlimits()) && CollectionUtils.isEmpty(cache.getLimits()))) {
            baseResultDto.setMsg("未配置权限，默认全部拦截");
            return baseResultDto;
        }
        AntPathMatcher antPathMatcher = new AntPathMatcher();
        if (!CollectionUtils.isEmpty(cache.getUnlimits())) {
            Iterator<String> descendingIterator = cache.getUnlimits().descendingIterator();
            while (descendingIterator.hasNext()) {
                if (antPathMatcher.match(descendingIterator.next(), urlAuthAccessDto.getUrl())) {
                    baseResultDto.setCode(BaseResultDto.BaseResultCode.SECUCCESS.intValue());
                    return baseResultDto;
                }
            }
        }
        if ("anonymousUser".equals(urlAuthAccessDto.getUsername())) {
            return baseResultDto;
        }
        for (Map.Entry<String, List<String>> entry : cache.getLimits().descendingMap().entrySet()) {
            if (antPathMatcher.match(entry.getKey(), urlAuthAccessDto.getUrl())) {
                return limitUrlAccess(entry.getValue(), urlAuthAccessDto);
            }
        }
        return baseResultDto;
    }

    private BaseResultDto limitUrlAccess(List<String> list, UrlAuthAccessDto urlAuthAccessDto) {
        BaseResultDto baseResultDto = new BaseResultDto();
        if (CollectionUtils.isEmpty(list)) {
            baseResultDto.setCode(BaseResultDto.BaseResultCode.FAILURE.intValue());
            return baseResultDto;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            UrlAccessConfig findById = this.urlAccessConfigManager.findById(it.next());
            if (UrlAccessEnum.AccessType.HAS_SCOPE.getValue().equals(findById.getAccessType())) {
                if (hasScope(urlAuthAccessDto, findById)) {
                    return baseResultDto;
                }
            } else if (UrlAccessEnum.AccessType.HAS_ORG.getValue().equals(findById.getAccessType())) {
                if (hasOrg(urlAuthAccessDto, findById)) {
                    return baseResultDto;
                }
            } else if (UrlAccessEnum.AccessType.HAS_ROLE.getValue().equals(findById.getAccessType())) {
                if (hasRole(urlAuthAccessDto, findById)) {
                    return baseResultDto;
                }
            } else if (UrlAccessEnum.AccessType.HAS_MODULE.getValue().equals(findById.getAccessType()) && hasModule(urlAuthAccessDto, findById)) {
                return baseResultDto;
            }
        }
        baseResultDto.setCode(BaseResultDto.BaseResultCode.FAILURE.intValue());
        return baseResultDto;
    }

    private boolean hasModule(UrlAuthAccessDto urlAuthAccessDto, UrlAccessConfig urlAccessConfig) {
        UserDto userDetailByName = this.userService.getUserDetailByName(urlAuthAccessDto.getUsername());
        if (null == userDetailByName) {
            return false;
        }
        if (userDetailByName.getAdmin() == EnableStatusEnum.ENABLED.intValue()) {
            return true;
        }
        UserModuleAuthorityCache authorityCache = getAuthorityCache(urlAuthAccessDto.getUsername());
        if (CollectionUtils.isEmpty(authorityCache.getModuleAuthority())) {
            return false;
        }
        Set<String> set = authorityCache.getModuleAuthority().get(urlAccessConfig.getAccessIds());
        Set<String> commaDelimitedListToSet = StringUtils.commaDelimitedListToSet(urlAccessConfig.getOptCodes());
        if (CollectionUtils.isEmpty(set)) {
            return false;
        }
        if (!UrlAccessEnum.Ref.OR.getValue().equals(urlAccessConfig.getOptRef())) {
            return commaDelimitedListToSet.containsAll(set);
        }
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            if (commaDelimitedListToSet.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    private UserModuleAuthorityCache getAuthorityCache(String str) {
        UserModuleAuthorityCache userAuthorityCache = this.urlAccessCacheUtils.getUserAuthorityCache(str);
        return (userAuthorityCache == null || userAuthorityCache.getUpdateTime() < this.urlAccessCacheUtils.getModuleAuthorityInitTime()) ? initAuthorityCache(str) : userAuthorityCache;
    }

    private UserModuleAuthorityCache initAuthorityCache(String str) {
        List<Authority> listByUserAuthorities = this.authorityManager.listByUserAuthorities(this.userManager.findByUsername(str), new AuthoritySpecification());
        UserModuleAuthorityCache userModuleAuthorityCache = new UserModuleAuthorityCache();
        userModuleAuthorityCache.setUpdateTime(System.currentTimeMillis());
        if (!CollectionUtils.isEmpty(listByUserAuthorities)) {
            ConcurrentMap newConcurrentMap = Maps.newConcurrentMap();
            listByUserAuthorities.stream().forEach(authority -> {
                if (authority.getModule() != null) {
                    String code = authority.getModule().getCode();
                    List fields = Object2FieldUtils.toFields(authority.getOperations(), "code", String.class);
                    if (newConcurrentMap.get(code) != null) {
                        ((Set) newConcurrentMap.get(code)).addAll(fields);
                        return;
                    }
                    HashSet newHashSet = Sets.newHashSet();
                    newHashSet.addAll(fields);
                    newConcurrentMap.put(code, newHashSet);
                }
            });
            userModuleAuthorityCache.setModuleAuthority(newConcurrentMap);
        }
        this.urlAccessCacheUtils.addUserAuthorityCache(str, userModuleAuthorityCache);
        return userModuleAuthorityCache;
    }

    private boolean hasRole(UrlAuthAccessDto urlAuthAccessDto, UrlAccessConfig urlAccessConfig) {
        UserDto userDetailByName = this.userService.getUserDetailByName(urlAuthAccessDto.getUsername());
        if (null == userDetailByName) {
            return false;
        }
        Set<String> commaDelimitedListToSet = StringUtils.commaDelimitedListToSet(urlAccessConfig.getAccessIds());
        if (CollectionUtils.isEmpty(commaDelimitedListToSet)) {
            return true;
        }
        List fields = Object2FieldUtils.toFields(userDetailByName.getRoleRecordList(), "id", String.class);
        if (CollectionUtils.isEmpty(fields)) {
            return false;
        }
        if (!UrlAccessEnum.Ref.OR.getValue().equals(urlAccessConfig.getOptRef())) {
            return urlAuthAccessDto.getScopes() != null && urlAuthAccessDto.getScopes().containsAll(fields);
        }
        Iterator it = fields.iterator();
        while (it.hasNext()) {
            if (commaDelimitedListToSet.contains((String) it.next())) {
                return true;
            }
        }
        return false;
    }

    private boolean hasOrg(UrlAuthAccessDto urlAuthAccessDto, UrlAccessConfig urlAccessConfig) {
        UserDto userDetailByName = this.userService.getUserDetailByName(urlAuthAccessDto.getUsername());
        if (null == userDetailByName) {
            return false;
        }
        Set<String> commaDelimitedListToSet = StringUtils.commaDelimitedListToSet(urlAccessConfig.getAccessIds());
        if (CollectionUtils.isEmpty(commaDelimitedListToSet)) {
            return true;
        }
        List fields = Object2FieldUtils.toFields(userDetailByName.getOrgRecordList(), "id", String.class);
        if (CollectionUtils.isEmpty(fields)) {
            return false;
        }
        if (!UrlAccessEnum.Ref.OR.getValue().equals(urlAccessConfig.getOptRef())) {
            return urlAuthAccessDto.getScopes() != null && urlAuthAccessDto.getScopes().containsAll(fields);
        }
        Iterator it = fields.iterator();
        while (it.hasNext()) {
            if (commaDelimitedListToSet.contains((String) it.next())) {
                return true;
            }
        }
        return false;
    }

    private boolean hasScope(UrlAuthAccessDto urlAuthAccessDto, UrlAccessConfig urlAccessConfig) {
        Set<String> commaDelimitedListToSet = StringUtils.commaDelimitedListToSet(urlAccessConfig.getAccessIds());
        if (CollectionUtils.isEmpty(commaDelimitedListToSet)) {
            return true;
        }
        Client findByClientId = this.clientManager.findByClientId(urlAuthAccessDto.getClientId());
        if (null == findByClientId) {
            return false;
        }
        List fields = Object2FieldUtils.toFields(findByClientId.getScopes(), "name", String.class);
        if (!UrlAccessEnum.Ref.OR.getValue().equals(urlAccessConfig.getOptRef())) {
            return urlAuthAccessDto.getScopes() != null && fields.containsAll(commaDelimitedListToSet);
        }
        for (String str : commaDelimitedListToSet) {
            if (urlAuthAccessDto.getScopes() != null && fields.contains(str)) {
                return true;
            }
        }
        return false;
    }
}
