package cn.gtmap.gtc.starter.gscas.expression;

import cn.gtmap.gtc.starter.gcas.domain.SecurityMetaDataSource;
import cn.gtmap.gtc.starter.gcas.util.ClientIpUtils;
import cn.gtmap.gtc.starter.gcas.util.HttpUtils;
import cn.gtmap.realestate.common.util.CommonConstantUtils;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.google.common.collect.Maps;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Random;
import javax.servlet.http.HttpServletRequest;
import org.dozer.util.DozerConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cloud.client.ServiceInstance;
import org.springframework.cloud.client.discovery.DiscoveryClient;
import org.springframework.http.HttpMethod;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.expression.ExpressionUtils;
import org.springframework.security.access.expression.SecurityExpressionHandler;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/gtmap-security-cloud-app-starter-1.2.21.jar:cn/gtmap/gtc/starter/gscas/expression/GtWebExpressionVoter.class */
public class GtWebExpressionVoter implements AccessDecisionVoter<FilterInvocation> {
    private static final Logger logger;
    private DiscoveryClient discoveryClient;
    private SecurityExpressionHandler<FilterInvocation> expressionHandler = new DefaultWebSecurityExpressionHandler();
    static final /* synthetic */ boolean $assertionsDisabled;

    public void setDiscoveryClient(DiscoveryClient discoveryClient) {
        this.discoveryClient = discoveryClient;
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public boolean supports(Class<?> cls) {
        return FilterInvocation.class.isAssignableFrom(cls);
    }

    /* renamed from: vote, reason: avoid collision after fix types in other method */
    public int vote2(Authentication authentication, FilterInvocation filterInvocation, Collection<ConfigAttribute> collection) {
        if (!$assertionsDisabled && authentication == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && filterInvocation == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && collection == null) {
            throw new AssertionError();
        }
        if (ExpressionUtils.evaluateAsBoolean(this.expressionHandler.getExpressionParser().parseExpression(((ConfigAttribute[]) collection.toArray(new ConfigAttribute[1]))[0].getAttribute()), this.expressionHandler.createEvaluationContext(authentication, filterInvocation))) {
            return dataAccess(authentication, collection, filterInvocation.getHttpRequest());
        }
        return -1;
    }

    private int dataAccess(Authentication authentication, Collection<ConfigAttribute> collection, HttpServletRequest httpServletRequest) {
        ConfigAttribute configAttribute = ((ConfigAttribute[]) collection.toArray(new ConfigAttribute[1]))[0];
        if (!(configAttribute instanceof SecurityUrlConfig)) {
            return 1;
        }
        List<SecurityMetaDataSource> datas = ((SecurityUrlConfig) configAttribute).getDatas();
        if (CollectionUtils.isEmpty(datas)) {
            return 1;
        }
        Iterator<SecurityMetaDataSource> it = datas.iterator();
        while (it.hasNext()) {
            if (!verifyData(authentication, it.next(), httpServletRequest)) {
                return -1;
            }
        }
        return 1;
    }

    private boolean verifyData(Authentication authentication, SecurityMetaDataSource securityMetaDataSource, HttpServletRequest httpServletRequest) {
        try {
            if (logger.isDebugEnabled()) {
                logger.debug(securityMetaDataSource.toString());
            }
            String dataId = getDataId(securityMetaDataSource, httpServletRequest);
            if (!StringUtils.isEmpty(dataId)) {
                String remoteHost = ClientIpUtils.getRemoteHost(httpServletRequest);
                return "local".equals(securityMetaDataSource.getAccessType()) ? localDataAccess(authentication.getName(), securityMetaDataSource.getAuthorities(), securityMetaDataSource.getDataType(), dataId, remoteHost) : remoteDataAccess(authentication.getName(), securityMetaDataSource, dataId, remoteHost);
            }
            if (!logger.isDebugEnabled()) {
                return false;
            }
            logger.debug("getDataId is null !");
            return false;
        } catch (Exception e) {
            logger.error("verifyData", (Throwable) e);
            return false;
        }
    }

    private boolean remoteDataAccess(String str, SecurityMetaDataSource securityMetaDataSource, String str2, String str3) {
        String accessUrl = securityMetaDataSource.getAccessUrl();
        if (!StringUtils.isEmpty(securityMetaDataSource.getAppName())) {
            List<ServiceInstance> instances = this.discoveryClient.getInstances(securityMetaDataSource.getAppName());
            if (CollectionUtils.isEmpty(instances)) {
                return false;
            }
            ServiceInstance serviceInstance = instances.get(new Random().nextInt(instances.size()));
            accessUrl = accessUrl.replace("${appName}", serviceInstance.getHost().concat(":").concat(serviceInstance.getPort() + ""));
        }
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("username", str);
        newHashMap.put("code", str2);
        newHashMap.put(CommonConstantUtils.CLIENT_IP, str3);
        String str4 = null;
        if (HttpMethod.GET.name().equals(securityMetaDataSource.getMethod())) {
            str4 = HttpUtils.get(accessUrl, newHashMap, null);
        } else if (HttpMethod.POST.name().equals(securityMetaDataSource.getMethod())) {
            str4 = HttpUtils.post(accessUrl, null, newHashMap, null);
        } else if (HttpMethod.PUT.name().equals(securityMetaDataSource.getMethod())) {
            str4 = HttpUtils.put(accessUrl, null, newHashMap, null);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("remoteDataAccess url:{} res:{}", accessUrl, str4);
        }
        return conventResult(str4, securityMetaDataSource.getAuthorities());
    }

    private boolean localDataAccess(String str, String str2, String str3, String str4, String str5) {
        String str6 = null;
        List<ServiceInstance> instances = this.discoveryClient.getInstances("account");
        if (!CollectionUtils.isEmpty(instances)) {
            ServiceInstance serviceInstance = instances.get(new Random().nextInt(instances.size()));
            String concat = "http://".concat(serviceInstance.getHost().concat(":").concat(serviceInstance.getPort() + "")).concat("/account/auth/data/authority");
            HashMap newHashMap = Maps.newHashMap();
            newHashMap.put("username", str);
            newHashMap.put("dataType", str3);
            newHashMap.put("code", str4);
            newHashMap.put(CommonConstantUtils.CLIENT_IP, str5);
            str6 = HttpUtils.get(concat, newHashMap, null);
            if (logger.isDebugEnabled()) {
                logger.debug("localDataAccess url:{} res:{}", concat, str6);
            }
        }
        return conventResult(str6, str2);
    }

    private boolean conventResult(String str, String str2) {
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        JSONObject parseObject = JSON.parseObject(str);
        if (!parseObject.containsKey("code") || parseObject.getInteger("code").intValue() != 0) {
            return false;
        }
        if (StringUtils.isEmpty(str2)) {
            return true;
        }
        return StringUtils.commaDelimitedListToSet(parseObject.getString("authorities")).containsAll(StringUtils.commaDelimitedListToSet(str2));
    }

    private String getDataId(SecurityMetaDataSource securityMetaDataSource, HttpServletRequest httpServletRequest) throws Exception {
        if (StringUtils.isEmpty(securityMetaDataSource.getParams())) {
            return null;
        }
        if ("param".equals(securityMetaDataSource.getParamFrom())) {
            return ClientIpUtils.getRequestParam(httpServletRequest, securityMetaDataSource.getParams());
        }
        if ("body".equals(securityMetaDataSource.getParamFrom()) && (httpServletRequest instanceof RequestReaderHttpServletRequestWrapper)) {
            String body = ((RequestReaderHttpServletRequestWrapper) httpServletRequest).getBody();
            if (!StringUtils.isEmpty(body)) {
                JSONObject parseObject = JSON.parseObject(body);
                String[] split = securityMetaDataSource.getParams().split(DozerConstants.DEEP_FIELD_DELIMITER_REGEXP);
                if (split.length != 1) {
                    for (int i = 0; i < split.length; i++) {
                        String str = split[i];
                        if (parseObject.containsKey(str)) {
                            if (i == split.length - 1) {
                                return parseObject.getString(str);
                            }
                            parseObject = parseObject.getJSONObject(str);
                        }
                    }
                } else if (parseObject.containsKey(securityMetaDataSource.getParams())) {
                    return parseObject.getString(securityMetaDataSource.getParams());
                }
            }
        }
        if ("url".equals(securityMetaDataSource.getParamFrom())) {
            return new AntPathMatcher().extractUriTemplateVariables(securityMetaDataSource.getParams(), httpServletRequest.getServletPath()).get("code");
        }
        return null;
    }

    public void setExpressionHandler(SecurityExpressionHandler<FilterInvocation> securityExpressionHandler) {
        this.expressionHandler = securityExpressionHandler;
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public /* bridge */ /* synthetic */ int vote(Authentication authentication, FilterInvocation filterInvocation, Collection collection) {
        return vote2(authentication, filterInvocation, (Collection<ConfigAttribute>) collection);
    }

    static {
        $assertionsDisabled = !GtWebExpressionVoter.class.desiredAssertionStatus();
        logger = LoggerFactory.getLogger((Class<?>) GtWebExpressionVoter.class);
    }
}
