package com.baomidou.shaun.core.aop;

import com.baomidou.shaun.core.annotation.HasAuthorization;
import com.baomidou.shaun.core.annotation.HasPermission;
import com.baomidou.shaun.core.annotation.HasRole;
import com.baomidou.shaun.core.annotation.Logical;
import com.baomidou.shaun.core.authority.AuthorityManager;
import com.baomidou.shaun.core.context.ProfileHolder;
import com.baomidou.shaun.core.profile.TokenProfile;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import java.util.function.Function;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.pac4j.core.exception.http.ForbiddenAction;
import org.pac4j.core.exception.http.HttpAction;
import org.pac4j.core.exception.http.UnauthorizedAction;
import org.pac4j.core.util.InitializableObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.aop.framework.AopProxyUtils;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.lang.NonNull;
import org.springframework.util.ClassUtils;

/* loaded from: input_file:com/baomidou/shaun/core/aop/MethodSecurityInterceptor.class */
public class MethodSecurityInterceptor extends InitializableObject implements MethodInterceptor, ApplicationContextAware {
    private static final Logger log = LoggerFactory.getLogger(MethodSecurityInterceptor.class);
    private AuthorityManager authorityManager;
    private ApplicationContext context;

    public Object invoke(MethodInvocation methodInvocation) throws Throwable {
        init();
        HttpAction decide = decide(methodInvocation);
        if (decide != null) {
            throw decide;
        }
        return methodInvocation.proceed();
    }

    private HttpAction decide(MethodInvocation methodInvocation) {
        Object obj = methodInvocation.getThis();
        Class<?> cls = null;
        if (obj != null) {
            cls = obj instanceof Class ? (Class) obj : AopProxyUtils.ultimateTargetClass(obj);
        }
        HasRole hasRole = (HasRole) findAnnotation(methodInvocation.getMethod(), cls, HasRole.class);
        if (hasRole != null) {
            Logical logical = hasRole.logical();
            Set<String> set = toSet(hasRole.value());
            AuthorityManager authorityManager = this.authorityManager;
            Objects.requireNonNull(authorityManager);
            return commonAuthorized(true, logical, set, authorityManager::roles);
        }
        HasPermission hasPermission = (HasPermission) findAnnotation(methodInvocation.getMethod(), cls, HasPermission.class);
        if (hasPermission != null) {
            Logical logical2 = hasPermission.logical();
            Set<String> set2 = toSet(hasPermission.value());
            AuthorityManager authorityManager2 = this.authorityManager;
            Objects.requireNonNull(authorityManager2);
            return commonAuthorized(false, logical2, set2, authorityManager2::permissions);
        }
        HasAuthorization hasAuthorization = (HasAuthorization) findAnnotation(methodInvocation.getMethod(), cls, HasAuthorization.class);
        if (hasAuthorization == null) {
            return null;
        }
        Logical logical3 = hasAuthorization.logical();
        HasRole role = hasAuthorization.role();
        Set<String> set3 = toSet(role.value());
        HasPermission permission = hasAuthorization.permission();
        Set<String> set4 = toSet(permission.value());
        TokenProfile profile = ProfileHolder.getProfile();
        if (profile == null) {
            log.debug("not found TokenProfile, so authorization not success!");
            return UnauthorizedAction.INSTANCE;
        }
        if (this.authorityManager.isSkipAuthentication(profile)) {
            return null;
        }
        Logical logical4 = role.logical();
        AuthorityManager authorityManager3 = this.authorityManager;
        Objects.requireNonNull(authorityManager3);
        HttpAction check = toCheck(profile, true, logical4, set3, authorityManager3::roles);
        if (logical3 == Logical.ANY) {
            if (check == null) {
                return null;
            }
        } else if (check != null) {
            return check;
        }
        Logical logical5 = permission.logical();
        AuthorityManager authorityManager4 = this.authorityManager;
        Objects.requireNonNull(authorityManager4);
        return toCheck(profile, false, logical5, set4, authorityManager4::permissions);
    }

    private HttpAction commonAuthorized(boolean z, Logical logical, Set<String> set, Function<TokenProfile, Set<String>> function) {
        TokenProfile profile = ProfileHolder.getProfile();
        if (profile == null) {
            log.debug("not found TokenProfile, so authorization not success!");
            return UnauthorizedAction.INSTANCE;
        }
        if (this.authorityManager.isSkipAuthentication(profile)) {
            return null;
        }
        return toCheck(profile, z, logical, set, function);
    }

    private HttpAction toCheck(TokenProfile tokenProfile, boolean z, Logical logical, Set<String> set, Function<TokenProfile, Set<String>> function) {
        if ((!z || this.authorityManager.checkRoles(logical, set, function.apply(tokenProfile))) && this.authorityManager.checkPermissions(logical, set, function.apply(tokenProfile))) {
            return null;
        }
        return ForbiddenAction.INSTANCE;
    }

    private <A extends Annotation> A findAnnotation(Method method, Class<?> cls, Class<A> cls2) {
        A a;
        Method mostSpecificMethod = ClassUtils.getMostSpecificMethod(method, cls);
        A a2 = (A) AnnotationUtils.findAnnotation(mostSpecificMethod, cls2);
        if (a2 != null) {
            log.debug(a2 + " found on specific method: " + mostSpecificMethod);
            return a2;
        }
        if (mostSpecificMethod != method && (a = (A) AnnotationUtils.findAnnotation(method, cls2)) != null) {
            log.debug(a + " found on: " + method);
            return a;
        }
        A a3 = (A) AnnotationUtils.findAnnotation(mostSpecificMethod.getDeclaringClass(), cls2);
        if (a3 == null) {
            return null;
        }
        log.debug(a3 + " found on: " + mostSpecificMethod.getDeclaringClass().getName());
        return a3;
    }

    private Set<String> toSet(String[] strArr) {
        return new HashSet(Arrays.asList(strArr));
    }

    public void setApplicationContext(@NonNull ApplicationContext applicationContext) throws BeansException {
        this.context = applicationContext;
    }

    protected void internalInit() {
        if (this.authorityManager == null) {
            this.authorityManager = (AuthorityManager) this.context.getBean(AuthorityManager.class);
        }
    }
}
