package com.jk.project.security.config;

import com.jk.project.security.model.SecurityUser;
import com.jk.project.security.properties.AuthProperties;
import java.net.URL;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.FilterInvocation;
import org.springframework.util.AntPathMatcher;

/* loaded from: input_file:com/jk/project/security/config/DynamicAccessDecisionManager.class */
public class DynamicAccessDecisionManager implements AccessDecisionManager {
    private AuthProperties authProperties;
    private static final Logger log = LoggerFactory.getLogger(DynamicAccessDecisionManager.class);

    public void decide(Authentication authentication, Object obj, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
        if (null == collection || collection.isEmpty()) {
            return;
        }
        Iterator<ConfigAttribute> it = collection.iterator();
        String requestUrl = ((FilterInvocation) obj).getRequestUrl();
        if (null != requestUrl && requestUrl.trim().isEmpty()) {
            try {
                requestUrl = new URL(requestUrl).toURI().getPath();
            } catch (Exception e) {
                log.warn(e.getMessage(), e);
            }
        }
        if (needLogin(requestUrl)) {
            Long l = null;
            if (authentication.isAuthenticated() && null != authentication.getPrincipal() && (authentication.getPrincipal() instanceof SecurityUser)) {
                l = ((SecurityUser) authentication.getPrincipal()).getCurrentUserId();
            }
            if (null == l) {
                throw new AccessDeniedException("暂未登录或token已经过期");
            }
            if (it.hasNext()) {
                String attribute = it.next().getAttribute();
                if (needAccess(attribute) && !((List) authentication.getAuthorities().stream().map((v0) -> {
                    return v0.getAuthority();
                }).collect(Collectors.toList())).contains(attribute)) {
                    throw new AccessDeniedException("没有相关权限");
                }
            }
        }
    }

    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    public boolean supports(Class<?> cls) {
        return true;
    }

    private boolean needAccess(String str) {
        AntPathMatcher antPathMatcher = new AntPathMatcher();
        AuthProperties.FunctionFilter functionAuth = this.authProperties.getFunctionAuth();
        List<String> includeUrl = functionAuth.getIncludeUrl();
        List<String> excludeUrl = functionAuth.getExcludeUrl();
        boolean z = false;
        String str2 = "";
        Iterator<String> it = includeUrl.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            if (antPathMatcher.match(next, str)) {
                z = true;
                str2 = next;
                break;
            }
        }
        if (!z) {
            return z;
        }
        if (log.isDebugEnabled()) {
            log.debug("request path {} need checking resource access right, it is matched by {} ", str, str2);
        }
        Iterator<String> it2 = excludeUrl.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            String next2 = it2.next();
            if (antPathMatcher.match(next2, str)) {
                z = false;
                str2 = next2;
                break;
            }
        }
        if (!z && log.isDebugEnabled()) {
            log.debug("request path {} needn't checking resource access right, it is matched by {} ", str, str2);
        }
        return z;
    }

    private boolean needLogin(String str) {
        AntPathMatcher antPathMatcher = new AntPathMatcher();
        AuthProperties.LoginFilter loginAuth = this.authProperties.getLoginAuth();
        List<String> includeUrl = loginAuth.getIncludeUrl();
        List<String> excludeUrl = loginAuth.getExcludeUrl();
        boolean z = false;
        String str2 = "";
        Iterator<String> it = includeUrl.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            if (antPathMatcher.match(next, str)) {
                z = true;
                str2 = next;
                break;
            }
        }
        if (!z) {
            return z;
        }
        if (log.isDebugEnabled()) {
            log.debug("request path {} need checking login state, it is matched by {} ", str, str2);
        }
        Iterator<String> it2 = excludeUrl.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            String next2 = it2.next();
            if (antPathMatcher.match(next2, str)) {
                z = false;
                str2 = next2;
                break;
            }
        }
        if (!z && log.isDebugEnabled()) {
            log.debug("request path {} needn't checking login state, it is matched by {} ", str, str2);
        }
        return z;
    }

    public AuthProperties getAuthProperties() {
        return this.authProperties;
    }

    public void setAuthProperties(AuthProperties authProperties) {
        this.authProperties = authProperties;
    }
}
