package ru.infotech24.apk23main.security.aop;

import com.google.common.base.Strings;
import java.beans.ConstructorProperties;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import net.sf.jasperreports.engine.util.JRColorUtil;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import ru.infotech24.apk23main.AppCacheControl;
import ru.infotech24.apk23main.auxServices.TelemetryService;
import ru.infotech24.apk23main.security.AppSecurityException;
import ru.infotech24.apk23main.security.aop.AppSecuredContextData;
import ru.infotech24.apk23main.security.dao.SecurityRoleRightsDao;
import ru.infotech24.apk23main.security.domain.SecurityFunction;
import ru.infotech24.apk23main.security.domain.SecurityRoleRights;
import ru.infotech24.apk23main.security.domain.User;
import ru.infotech24.apk23main.security.logic.ManageSecurityService;
import ru.infotech24.apk23main.security.oauth.infrastructure.TokenAuthentication;
import ru.infotech24.apk23main.security.user.UserService;
import ru.infotech24.common.telemetry.TelemetryServiceCore;
import ru.infotech24.common.types.Tuple2;

@Aspect
@Component
/* loaded from: input_file:BOOT-INF/classes/ru/infotech24/apk23main/security/aop/AppSecuredAspect.class */
public class AppSecuredAspect {
    private final SecurityRoleRightsDao securityRoleRightsDao;
    private final ManageSecurityService manageSecurityService;
    private final AppCacheControl cacheControl;
    private final TelemetryService telemetryService;
    private final UserService userService;

    /* loaded from: input_file:BOOT-INF/classes/ru/infotech24/apk23main/security/aop/AppSecuredAspect$ScopeMetaValues.class */
    public static class ScopeMetaValues {
        private Integer scope;
        private Integer metaKind;
        private List<Integer> metaValues;

        /* loaded from: input_file:BOOT-INF/classes/ru/infotech24/apk23main/security/aop/AppSecuredAspect$ScopeMetaValues$ScopeMetaValuesBuilder.class */
        public static class ScopeMetaValuesBuilder {
            private Integer scope;
            private Integer metaKind;
            private List<Integer> metaValues;

            ScopeMetaValuesBuilder() {
            }

            public ScopeMetaValuesBuilder scope(Integer num) {
                this.scope = num;
                return this;
            }

            public ScopeMetaValuesBuilder metaKind(Integer num) {
                this.metaKind = num;
                return this;
            }

            public ScopeMetaValuesBuilder metaValues(List<Integer> list) {
                this.metaValues = list;
                return this;
            }

            public ScopeMetaValues build() {
                return new ScopeMetaValues(this.scope, this.metaKind, this.metaValues);
            }

            public String toString() {
                return "AppSecuredAspect.ScopeMetaValues.ScopeMetaValuesBuilder(scope=" + this.scope + ", metaKind=" + this.metaKind + ", metaValues=" + this.metaValues + JRColorUtil.RGBA_SUFFIX;
            }
        }

        @ConstructorProperties({"scope", "metaKind", "metaValues"})
        ScopeMetaValues(Integer num, Integer num2, List<Integer> list) {
            this.scope = num;
            this.metaKind = num2;
            this.metaValues = list;
        }

        public static ScopeMetaValuesBuilder builder() {
            return new ScopeMetaValuesBuilder();
        }

        public Integer getScope() {
            return this.scope;
        }

        public Integer getMetaKind() {
            return this.metaKind;
        }

        public List<Integer> getMetaValues() {
            return this.metaValues;
        }

        public void setScope(Integer num) {
            this.scope = num;
        }

        public void setMetaKind(Integer num) {
            this.metaKind = num;
        }

        public void setMetaValues(List<Integer> list) {
            this.metaValues = list;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof ScopeMetaValues)) {
                return false;
            }
            ScopeMetaValues scopeMetaValues = (ScopeMetaValues) obj;
            if (!scopeMetaValues.canEqual(this)) {
                return false;
            }
            Integer scope = getScope();
            Integer scope2 = scopeMetaValues.getScope();
            if (scope == null) {
                if (scope2 != null) {
                    return false;
                }
            } else if (!scope.equals(scope2)) {
                return false;
            }
            Integer metaKind = getMetaKind();
            Integer metaKind2 = scopeMetaValues.getMetaKind();
            if (metaKind == null) {
                if (metaKind2 != null) {
                    return false;
                }
            } else if (!metaKind.equals(metaKind2)) {
                return false;
            }
            List<Integer> metaValues = getMetaValues();
            List<Integer> metaValues2 = scopeMetaValues.getMetaValues();
            return metaValues == null ? metaValues2 == null : metaValues.equals(metaValues2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof ScopeMetaValues;
        }

        public int hashCode() {
            Integer scope = getScope();
            int hashCode = (1 * 59) + (scope == null ? 43 : scope.hashCode());
            Integer metaKind = getMetaKind();
            int hashCode2 = (hashCode * 59) + (metaKind == null ? 43 : metaKind.hashCode());
            List<Integer> metaValues = getMetaValues();
            return (hashCode2 * 59) + (metaValues == null ? 43 : metaValues.hashCode());
        }

        public String toString() {
            return "AppSecuredAspect.ScopeMetaValues(scope=" + getScope() + ", metaKind=" + getMetaKind() + ", metaValues=" + getMetaValues() + JRColorUtil.RGBA_SUFFIX;
        }
    }

    @Autowired
    public AppSecuredAspect(SecurityRoleRightsDao securityRoleRightsDao, ManageSecurityService manageSecurityService, AppCacheControl appCacheControl, TelemetryService telemetryService, UserService userService) {
        this.securityRoleRightsDao = securityRoleRightsDao;
        this.manageSecurityService = manageSecurityService;
        this.cacheControl = appCacheControl;
        this.telemetryService = telemetryService;
        this.userService = userService;
    }

    @Around("@annotation(AppSecured)")
    public Object secureInvoke(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        try {
            TokenAuthentication tokenAuthentication = (TokenAuthentication) SecurityContextHolder.getContext().getAuthentication();
            Method method = ((MethodSignature) proceedingJoinPoint.getSignature()).getMethod();
            AppSecured appSecured = (AppSecured) method.getAnnotation(AppSecured.class);
            TelemetryServiceCore.TelemetryOperationToken enterOperation = this.telemetryService.enterOperation("@Rest::" + method.getDeclaringClass().getSimpleName() + "::" + method.getName(), this.userService.getCurrentUserId());
            try {
                ensureAllowed(appSecured, tokenAuthentication.getUserRoleIds());
                Object proceed = proceedingJoinPoint.proceed();
                this.telemetryService.exitOperation(enterOperation);
                AppSecuredContextManager.writeContext(null);
                this.cacheControl.cleanupRepositoryStashes();
                return proceed;
            } catch (Throwable th) {
                this.telemetryService.exitOperation(enterOperation);
                throw th;
            }
        } catch (Throwable th2) {
            AppSecuredContextManager.writeContext(null);
            this.cacheControl.cleanupRepositoryStashes();
            throw th2;
        }
    }

    private void ensureAllowed(AppSecured appSecured, Set<Integer> set) {
        SecurityFunction securityFunction = null;
        if (!Strings.isNullOrEmpty(appSecured.parentMethodId())) {
            HashMap<String, SecurityFunction> securityFunctions = this.manageSecurityService.getSecurityFunctions();
            if (!securityFunctions.containsKey(appSecured.parentMethodId())) {
                throw new AppSecurityException(String.format("Не удалось найти базовую функцию с ид %s", appSecured.parentMethodId()));
            }
            securityFunction = securityFunctions.get(appSecured.parentMethodId());
        }
        ensureAllowed(set, this.securityRoleRightsDao, securityFunction == null ? appSecured.allowAnyAuthenticated() : securityFunction.isAllowAnyAuthenticated(), securityFunction == null ? appSecured.metaName1() : securityFunction.getMetaName1(), securityFunction == null ? appSecured.metaName2() : securityFunction.getMetaName2(), securityFunction == null ? appSecured.metaName3() : securityFunction.getMetaName3(), securityFunction == null ? appSecured.methodId() : securityFunction.getId());
    }

    public static Optional<Integer> getUserRolesFunctionMaxObjectScope(Set<Integer> set, SecurityRoleRightsDao securityRoleRightsDao, String str) {
        if (User.isAdministrator(set)) {
            return Optional.of(10);
        }
        Boolean bool = false;
        Integer num = 50;
        Iterator<Integer> it = set.iterator();
        while (it.hasNext()) {
            SecurityRoleRights securityRoleRights = securityRoleRightsDao.prepareUserRoleFunctions(it.next()).get(str);
            if (securityRoleRights != null) {
                bool = true;
                num = Integer.valueOf(Integer.min(num.intValue(), securityRoleRights.getObjectsScope().intValue()));
            }
        }
        return !bool.booleanValue() ? Optional.empty() : Optional.of(num);
    }

    public static Optional<ScopeMetaValues> getUserRolesFunctionMetaValues(Set<Integer> set, SecurityRoleRightsDao securityRoleRightsDao, String str, byte b) {
        if (User.isAdministrator(set)) {
            return Optional.of(ScopeMetaValues.builder().scope(10).metaKind(2).metaValues(new ArrayList()).build());
        }
        Boolean bool = false;
        Integer num = 50;
        Integer num2 = 2;
        List<Integer> list = null;
        Iterator<Integer> it = set.iterator();
        while (it.hasNext()) {
            SecurityRoleRights securityRoleRights = securityRoleRightsDao.prepareUserRoleFunctions(it.next()).get(str);
            if (securityRoleRights != null) {
                bool = true;
                num = Integer.valueOf(Integer.min(num.intValue(), securityRoleRights.getObjectsScope().intValue()));
                if (num.equals(securityRoleRights.getObjectsScope())) {
                    Tuple2<Integer, List<Integer>> findMetaValues = findMetaValues(securityRoleRights, Byte.valueOf(b));
                    num2 = findMetaValues.getA();
                    list = findMetaValues.getA().equals(3) ? null : findMetaValues.getB();
                }
            }
        }
        return !bool.booleanValue() ? Optional.empty() : Optional.of(ScopeMetaValues.builder().scope(num).metaKind(num2).metaValues(list).build());
    }

    private static Tuple2<Integer, List<Integer>> findMetaValues(SecurityRoleRights securityRoleRights, Byte b) {
        switch (b.byteValue()) {
            case 1:
                return new Tuple2<>(securityRoleRights.getObjectsMeta1Kind(), securityRoleRights.getObjectsMeta1());
            case 2:
                return new Tuple2<>(securityRoleRights.getObjectsMeta2Kind(), securityRoleRights.getObjectsMeta2());
            case 3:
                return new Tuple2<>(securityRoleRights.getObjectsMeta3Kind(), securityRoleRights.getObjectsMeta3());
            default:
                throw new IllegalArgumentException("Указанный номер meta для настройки выходит за допустимые границы");
        }
    }

    public static void ensureAllowed(Set<Integer> set, SecurityRoleRightsDao securityRoleRightsDao, boolean z, String str, String str2, String str3, String str4) {
        boolean z2 = z || User.isAdministrator(set);
        AppSecuredContextData appSecuredContextData = new AppSecuredContextData(new HashMap(), (Strings.isNullOrEmpty(str) && Strings.isNullOrEmpty(str2) && Strings.isNullOrEmpty(str3)) ? false : true, z2, new HashMap());
        boolean z3 = false;
        if (!z2) {
            for (Integer num : set) {
                SecurityRoleRights securityRoleRights = securityRoleRightsDao.prepareUserRoleFunctions(num).get(str4);
                if (securityRoleRights != null) {
                    z3 = true;
                    Map<String, AppSecuredContextData.ScopeInfo> computeIfAbsent = appSecuredContextData.getScopes().computeIfAbsent(securityRoleRights.getObjectsScope(), num2 -> {
                        return new HashMap();
                    }).computeIfAbsent(num, num3 -> {
                        return new HashMap();
                    });
                    putMetaObjects(computeIfAbsent, str, securityRoleRights.getObjectsMeta1(), securityRoleRights.getObjectsMeta1Kind());
                    putMetaObjects(computeIfAbsent, str2, securityRoleRights.getObjectsMeta2(), securityRoleRights.getObjectsMeta2Kind());
                    putMetaObjects(computeIfAbsent, str3, securityRoleRights.getObjectsMeta3(), securityRoleRights.getObjectsMeta3Kind());
                }
            }
        }
        if (!z2 && !z3) {
            throw new AppSecurityException("Доступ запрещен в соответствии с настройками прав доступа");
        }
        AppSecuredContextManager.writeContext(appSecuredContextData);
    }

    private static void putMetaObjects(Map<String, AppSecuredContextData.ScopeInfo> map, String str, List<Integer> list, Integer num) {
        if (str == null || str.trim().isEmpty()) {
            return;
        }
        if (map.get(str) == null) {
            map.put(str, new AppSecuredContextData.ScopeInfo(new HashSet(), new HashSet(), false, false, false));
        }
        AppSecuredContextData.ScopeInfo scopeInfo = map.get(str);
        if (scopeInfo.isAllMetasAllowed()) {
            return;
        }
        switch (num.intValue()) {
            case 1:
                scopeInfo.setHasAllowedObjects(true);
                scopeInfo.getAllowedObjects().addAll(list);
                return;
            case 2:
                scopeInfo.setHasDisallowedObjects(true);
                scopeInfo.getDisallowedObjects().addAll(list);
                return;
            case 3:
                scopeInfo.setAllMetasAllowed(true);
                return;
            default:
                return;
        }
    }
}
