package org.springframework.tsf.auth;

import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.tsf.auth.constant.TsfAuthConstant;
import org.springframework.tsf.auth.domain.AuthRule;
import org.springframework.tsf.auth.domain.AuthRuleGroup;
import org.springframework.tsf.auth.domain.AuthTag;
import org.springframework.tsf.auth.sync.TsfAuthClientCache;
import org.springframework.tsf.core.TsfContext;
import org.springframework.tsf.core.TsfContextCore;
import org.springframework.tsf.core.entity.Tag;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:org/springframework/tsf/auth/TsfAuthorizationClient.class */
public class TsfAuthorizationClient {
    private static final Logger LOG = LoggerFactory.getLogger(TsfAuthorizationClient.class);

    public static Boolean authenticate() {
        LOG.debug("[TSF Auth] Start checking request...");
        Boolean checkAuthRuleGroup = checkAuthRuleGroup(TsfAuthClientCache.getAuthRuleGroup());
        if (!checkAuthRuleGroup.booleanValue()) {
            LOG.warn("[TSF Auth] Auth false");
            LOG.debug("[TSF Auth] Auth false, authRuleGroup : {}, T");
        }
        return checkAuthRuleGroup;
    }

    public static Boolean checkAuthRuleGroup(AuthRuleGroup authRuleGroup) {
        if (authRuleGroup == null || CollectionUtils.isEmpty(authRuleGroup.getRules())) {
            return true;
        }
        Boolean bool = false;
        Iterator<AuthRule> it = authRuleGroup.getRules().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (checkAuthRuleHit(it.next()).booleanValue()) {
                bool = true;
                break;
            }
        }
        if (StringUtils.equals(authRuleGroup.getType(), TsfAuthConstant.TYPE.WHITE_LIST)) {
            return bool;
        }
        if (StringUtils.equals(authRuleGroup.getType(), TsfAuthConstant.TYPE.BLACK_LIST)) {
            return Boolean.valueOf(!bool.booleanValue());
        }
        return true;
    }

    public static Boolean checkAuthRuleHit(AuthRule authRule) {
        if (authRule != null && !CollectionUtils.isEmpty(authRule.getTags())) {
            Iterator<AuthTag> it = authRule.getTags().iterator();
            while (it.hasNext()) {
                if (!checkAuthTagHit(it.next()).booleanValue()) {
                    return false;
                }
            }
        }
        return true;
    }

    public static Boolean checkAuthTagHit(AuthTag authTag) {
        return checkAuthTagOperator(authTag.getTagValue(), authTag.getTagOperator(), StringUtils.equals(authTag.getTagType(), "S") ? findSystemTagValue(authTag.getTagField()) : findUserDefinedTagValue(authTag.getTagField()));
    }

    public static String findSystemTagValue(String str) {
        if (StringUtils.equals(str, "source.application.id")) {
            return TsfContext.getUpstreamApplicationId();
        }
        if (StringUtils.equals(str, "source.group.id")) {
            return TsfContext.getUpstreamGroupId();
        }
        if (StringUtils.equals(str, "source.connection.ip")) {
            return TsfContext.getUpstreamLocalIp();
        }
        if (StringUtils.equals(str, "source.application.version")) {
            return TsfContext.getUpstreamApplicationVersion();
        }
        if (StringUtils.equals(str, "source.service.name")) {
            return TsfContext.getUpstreamServiceName();
        }
        if (StringUtils.equals(str, "destination.application.id")) {
            return TsfContext.getApplicationId();
        }
        if (StringUtils.equals(str, "destination.application.version")) {
            return TsfContext.getApplicationVersion();
        }
        if (StringUtils.equals(str, "destination.group.id")) {
            return TsfContext.getGroupId();
        }
        if (StringUtils.equals(str, "destination.interface")) {
            return TsfContextCore.getDownstreamApi();
        }
        if (StringUtils.equals(str, "request.http.method")) {
            return TsfContextCore.getRequestHttpMethod();
        }
        if (StringUtils.equals(str, "source.namespace.service.name")) {
            return TsfContext.getUpstreamNamespaceId() + "/" + TsfContext.getUpstreamServiceName();
        }
        return null;
    }

    public static String findUserDefinedTagValue(String str) {
        List<Tag> upstreamTags = TsfContextCore.getUpstreamTags(Tag.Scene.AUTH);
        if (str == null || CollectionUtils.isEmpty(upstreamTags)) {
            return null;
        }
        for (Tag tag : upstreamTags) {
            if (StringUtils.equals(str, tag.getKey())) {
                return tag.getValue();
            }
        }
        return null;
    }

    public static Boolean checkAuthTagOperator(String str, String str2, String str3) {
        if (StringUtils.equals(str2, "EQUAL")) {
            return Boolean.valueOf(StringUtils.equals(str, str3));
        }
        if (StringUtils.equals(str2, "NOT_EQUAL")) {
            return Boolean.valueOf(!StringUtils.equals(str, str3));
        }
        if (StringUtils.equals(str2, "IN")) {
            return Boolean.valueOf(Arrays.asList(str.split(",")).contains(str3));
        }
        if (StringUtils.equals(str2, "NOT_IN")) {
            return Boolean.valueOf(!Arrays.asList(str.split(",")).contains(str3));
        }
        if (StringUtils.equals(str2, "REGEX")) {
            return Boolean.valueOf(str3 != null ? Pattern.matches(str, str3) : false);
        }
        return false;
    }
}
