package com.alibaba.citrus.turbine.auth.impl;

import com.alibaba.citrus.service.AbstractService;
import com.alibaba.citrus.turbine.auth.PageAuthorizationService;
import com.alibaba.citrus.util.ArrayUtil;
import com.alibaba.citrus.util.BasicConstant;
import com.alibaba.citrus.util.CollectionUtil;
import com.alibaba.citrus.util.ObjectUtil;
import com.alibaba.citrus.util.StringUtil;
import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.ListIterator;
import java.util.regex.Matcher;

/* loaded from: input_file:WEB-INF/lib/citrus-webx-all-3.0.8.jar:com/alibaba/citrus/turbine/auth/impl/PageAuthorizationServiceImpl.class */
public class PageAuthorizationServiceImpl extends AbstractService<PageAuthorizationService> implements PageAuthorizationService {
    private final List<AuthMatch> matches = CollectionUtil.createLinkedList();
    private boolean allowByDefault = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/citrus-webx-all-3.0.8.jar:com/alibaba/citrus/turbine/auth/impl/PageAuthorizationServiceImpl$MatchResult.class */
    public static class MatchResult implements Comparable<MatchResult> {
        private int matchLength;
        private AuthMatch match;
        private String target;

        private MatchResult() {
            this.matchLength = -1;
        }

        @Override // java.lang.Comparable
        public int compareTo(MatchResult matchResult) {
            return matchResult.matchLength - this.matchLength;
        }

        public String toString() {
            return "Match length=" + this.matchLength + ", target=" + this.target + ", " + this.match;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/citrus-webx-all-3.0.8.jar:com/alibaba/citrus/turbine/auth/impl/PageAuthorizationServiceImpl$PageAuthorizationResult.class */
    public enum PageAuthorizationResult {
        ALLOWED,
        DENIED,
        TARGET_NOT_MATCH,
        GRANT_NOT_MATCH
    }

    public void setMatches(AuthMatch[] authMatchArr) {
        this.matches.clear();
        if (authMatchArr != null) {
            for (AuthMatch authMatch : authMatchArr) {
                this.matches.add(authMatch);
            }
        }
    }

    public boolean isAllowByDefault() {
        return this.allowByDefault;
    }

    public void setAllowByDefault(boolean z) {
        this.allowByDefault = z;
    }

    @Override // com.alibaba.citrus.turbine.auth.PageAuthorizationService
    public boolean isAllow(String str, String str2, String[] strArr, String... strArr2) {
        switch (authorize(str, str2, strArr, strArr2)) {
            case ALLOWED:
                return true;
            case DENIED:
                return false;
            default:
                return this.allowByDefault;
        }
    }

    public PageAuthorizationResult authorize(String str, String str2, String[] strArr, String... strArr2) {
        PageAuthorizationResult pageAuthorizationResult;
        String trimToNull = StringUtil.trimToNull(str2);
        if (strArr2 == null) {
            strArr2 = new String[]{""};
        }
        if (strArr == null) {
            strArr = BasicConstant.EMPTY_STRING_ARRAY;
        }
        MatchResult[] matchResults = getMatchResults(str);
        if (ArrayUtil.isEmptyArray(matchResults)) {
            pageAuthorizationResult = PageAuthorizationResult.TARGET_NOT_MATCH;
        } else {
            boolean z = false;
            for (int i = 0; i < strArr2.length; i++) {
                strArr2[i] = StringUtil.trimToEmpty(strArr2[i]);
                Boolean isActionAllowed = isActionAllowed(matchResults, str, trimToNull, strArr, strArr2[i]);
                if (isActionAllowed == null) {
                    z = true;
                } else if (!isActionAllowed.booleanValue()) {
                    return PageAuthorizationResult.DENIED;
                }
            }
            if (!z) {
                if (getLogger().isDebugEnabled()) {
                    getLogger().debug("Access Permitted: target=\"{}\", user=\"{}\", roles={}, action={}", new Object[]{str, trimToNull, ObjectUtil.toString(strArr), ObjectUtil.toString(strArr2)});
                }
                return PageAuthorizationResult.ALLOWED;
            }
            pageAuthorizationResult = PageAuthorizationResult.GRANT_NOT_MATCH;
        }
        if (this.allowByDefault) {
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("Access Permitted.  No matches found for request: target=\"{}\", user=\"{}\", roles={}, action={}", new Object[]{str, trimToNull, ObjectUtil.toString(strArr), ObjectUtil.toString(strArr2)});
            }
        } else if (getLogger().isWarnEnabled()) {
            getLogger().warn("Access Denied.  No matches found for request: target=\"{}\", user=\"{}\", roles={}, action={}", new Object[]{str, trimToNull, ObjectUtil.toString(strArr), ObjectUtil.toString(strArr2)});
        }
        return pageAuthorizationResult;
    }

    private Boolean isActionAllowed(MatchResult[] matchResultArr, String str, String str2, String[] strArr, String str3) {
        for (MatchResult matchResult : matchResultArr) {
            AuthMatch authMatch = matchResult.match;
            for (int length = authMatch.getGrants().length - 1; length >= 0; length--) {
                AuthGrant authGrant = authMatch.getGrants()[length];
                boolean isUserMatched = authGrant.isUserMatched(str2);
                boolean areRolesMatched = authGrant.areRolesMatched(strArr);
                if (isUserMatched || areRolesMatched) {
                    boolean isActionAllowed = authGrant.isActionAllowed(str3);
                    boolean isActionDenied = authGrant.isActionDenied(str3);
                    if (isActionAllowed || isActionDenied) {
                        if (!isActionDenied) {
                            if (getLogger().isTraceEnabled()) {
                                getLogger().trace("Access Partially Permitted: target=\"{}\", user=\"{}\", roles={}, action=\"{}\"\n{}", new Object[]{str, str2, ObjectUtil.toString(strArr), str3, authMatch.toString(length)});
                            }
                            return Boolean.TRUE;
                        }
                        if (getLogger().isWarnEnabled()) {
                            getLogger().warn("Access Denied: target=\"{}\", user=\"{}\", roles={}, action=\"{}\"\n{}", new Object[]{str, str2, ObjectUtil.toString(strArr), str3, authMatch.toString(length)});
                        }
                        return Boolean.FALSE;
                    }
                }
            }
        }
        return null;
    }

    private MatchResult[] getMatchResults(String str) {
        ArrayList<MatchResult> createArrayList = CollectionUtil.createArrayList(this.matches.size());
        ListIterator<AuthMatch> listIterator = this.matches.listIterator(this.matches.size());
        while (listIterator.hasPrevious()) {
            AuthMatch previous = listIterator.previous();
            Matcher matcher = previous.getPattern().matcher(str);
            if (matcher.find()) {
                MatchResult matchResult = new MatchResult();
                matchResult.matchLength = matcher.end() - matcher.start();
                matchResult.match = previous;
                matchResult.target = str;
                createArrayList.add(matchResult);
            }
        }
        Collections.sort(createArrayList);
        LinkedHashMap createLinkedHashMap = CollectionUtil.createLinkedHashMap();
        for (MatchResult matchResult2 : createArrayList) {
            AuthGrant[] grants = matchResult2.match.getGrants();
            if (!createLinkedHashMap.containsKey(grants)) {
                createLinkedHashMap.put(grants, matchResult2);
            }
        }
        return (MatchResult[]) createLinkedHashMap.values().toArray(new MatchResult[createLinkedHashMap.size()]);
    }
}
