package com.tencent.tsf.femas.governance.auth;

import com.tencent.tsf.femas.common.context.Context;
import com.tencent.tsf.femas.common.context.factory.ContextFactory;
import com.tencent.tsf.femas.common.entity.Service;
import com.tencent.tsf.femas.common.exception.FemasRuntimeException;
import com.tencent.tsf.femas.common.tag.TagRule;
import com.tencent.tsf.femas.common.tag.engine.TagEngine;
import com.tencent.tsf.femas.common.util.CollectionUtil;
import com.tencent.tsf.femas.governance.auth.constant.AuthConstant;
import com.tencent.tsf.femas.governance.auth.entity.AuthRuleConfig;
import com.tencent.tsf.femas.governance.auth.entity.AuthRuleGroup;
import com.tencent.tsf.femas.governance.config.impl.AuthenticateConfigImpl;
import com.tencent.tsf.femas.governance.event.AuthEventCollector;
import com.tencent.tsf.femas.governance.plugin.context.ConfigContext;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/tencent/tsf/femas/governance/auth/Authentication.class */
public class Authentication implements IAuthentication<AuthRuleGroup> {
    private static final Logger LOGGER = LoggerFactory.getLogger(Authentication.class);
    private static Map<Service, AuthRuleGroup> authRuleGroupMap = new ConcurrentHashMap();
    private volatile Context commonContext = ContextFactory.getContextInstance();

    public Boolean authenticate(Service service) {
        LOGGER.debug("[FEMAS Auth] Start checking request...");
        if (service == null) {
            return true;
        }
        AuthRuleGroup authRuleGroup = authRuleGroupMap.get(service);
        Boolean checkAuthRuleGroup = checkAuthRuleGroup(authRuleGroup);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("[FEMAS Auth] authResult:{} , authRuleGroup : {}, sys tag:{}, user tag:{}", new Object[]{checkAuthRuleGroup, authRuleGroup, Context.getRpcInfo().getAll(), this.commonContext.getUpstreamTags()});
        }
        return checkAuthRuleGroup;
    }

    public void refreshAuthRuleGroup(Service service, AuthRuleGroup authRuleGroup) {
        authRuleGroupMap.put(service, authRuleGroup);
        buildAuthApiTrieTree(authRuleGroup);
        LOGGER.info("Refresh auth rule group. Service : " + service + ", authRuleGroup : " + authRuleGroup);
    }

    public static void buildAuthApiTrieTree(AuthRuleGroup authRuleGroup) {
        if (authRuleGroup == null || CollectionUtil.isEmpty(authRuleGroup.getRules())) {
            return;
        }
        Iterator<TagRule> it = authRuleGroup.getRules().iterator();
        while (it.hasNext()) {
            TagEngine.buildApiTrieTree(it.next().getTags());
        }
    }

    public void disableAuthRuleGroup(Service service) {
        if (service == null) {
            return;
        }
        authRuleGroupMap.remove(service);
        LOGGER.info("Disable auth rule group. Service : " + service);
    }

    public Boolean checkAuthRuleGroup(AuthRuleGroup authRuleGroup) {
        Boolean valueOf;
        if (authRuleGroup == null || CollectionUtil.isEmpty(authRuleGroup.getRules())) {
            return true;
        }
        Boolean bool = false;
        Iterator<TagRule> it = authRuleGroup.getRules().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (TagEngine.checkRuleHitByUpstreamTags(it.next()).booleanValue()) {
                bool = true;
                break;
            }
        }
        if (StringUtils.equals(authRuleGroup.getType(), AuthConstant.WHITE_LIST)) {
            valueOf = bool;
        } else {
            if (!StringUtils.equals(authRuleGroup.getType(), AuthConstant.BLACK_LIST)) {
                return true;
            }
            valueOf = Boolean.valueOf(!bool.booleanValue());
        }
        if (!valueOf.booleanValue()) {
            AuthEventCollector.addAuthEvent(authRuleGroup, Context.getRpcInfo().getAll());
        }
        return valueOf;
    }

    public String getType() {
        return null;
    }

    public String getName() {
        return "femasAuthenticate";
    }

    public void init(ConfigContext configContext) throws FemasRuntimeException {
        AuthenticateConfigImpl authenticateConfigImpl = (AuthenticateConfigImpl) configContext.getConfig().getAuthenticate();
        if (authenticateConfigImpl == null || CollectionUtil.isEmpty(authenticateConfigImpl.getAuthRule())) {
            return;
        }
        String property = System.getProperty("femas_namespace_id");
        try {
            for (AuthRuleConfig authRuleConfig : authenticateConfigImpl.getAuthRule()) {
                Service service = new Service();
                service.setNamespace(property);
                service.setName(authRuleConfig.getServiceName());
                refreshAuthRuleGroup(service, authRuleConfig.getAuthRuleGroup());
            }
            LOGGER.info("init auth rule: {}", authenticateConfigImpl.getAuthRule().toString());
        } catch (Exception e) {
            throw new FemasRuntimeException("auth rule refresh error");
        }
    }

    public void destroy() {
    }
}
