package com.xforceplus.tenant.data.auth.aop.aspect;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.xforceplus.tenant.data.auth.aop.client.ObjectRuleCheckServiceClient;
import com.xforceplus.tenant.data.domain.authorization.Authorization;
import com.xforceplus.tenant.data.domain.authorization.AuthorizedUser;
import com.xforceplus.tenant.data.domain.context.DataAuth;
import com.xforceplus.tenant.data.domain.context.DataAuthContextHolder;
import com.xforceplus.tenant.data.domain.result.CheckResult;
import com.xforceplus.tenant.data.domain.result.CheckStatus;
import com.xforceplus.tenant.data.rule.object.context.ObjectAgreement;
import com.xforceplus.tenant.security.autoscan.annotation.AuthorizedDefinition;
import com.xforceplus.tenant.security.core.context.UserInfoHolder;
import com.xforceplus.tenant.security.core.domain.IAuthorizedUser;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Resource;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.stereotype.Component;

@Aspect
@ConditionalOnProperty(name = {"uc.data.auth.enabled"}, havingValue = "true")
@Component
/* loaded from: input_file:com/xforceplus/tenant/data/auth/aop/aspect/AuthorizedDefinitionAspect.class */
public class AuthorizedDefinitionAspect {

    @Resource
    ObjectRuleCheckServiceClient objectRuleCheckServiceClient;

    @Value("${uc.data.auth.appId:0}")
    private Long appId;
    private static final Logger log = LoggerFactory.getLogger(AuthorizedDefinitionAspect.class);
    private static ObjectMapper objectMapper = new ObjectMapper();

    @Around("@annotation(authorizedDefinition)")
    public Object around(ProceedingJoinPoint proceedingJoinPoint, AuthorizedDefinition authorizedDefinition) {
        Object[] args;
        try {
            try {
                if ((authorizedDefinition.authentication() || authorizedDefinition.authorization()) ? false : true) {
                    Object proceed = proceedingJoinPoint.proceed();
                    DataAuthContextHolder.clean();
                    return proceed;
                }
                String[] resources = authorizedDefinition.resources();
                if (ArrayUtils.isEmpty(resources)) {
                    throw new RuntimeException("resource code must be specified!");
                }
                IAuthorizedUser iAuthorizedUser = UserInfoHolder.get();
                if (null == iAuthorizedUser) {
                    throw new RuntimeException("login required, can not retrieve user info!");
                }
                AuthorizedUser authorizedUser = new AuthorizedUser(iAuthorizedUser.getId(), iAuthorizedUser.getUsername(), (Set) iAuthorizedUser.getRoles().stream().map((v0) -> {
                    return v0.getId();
                }).collect(Collectors.toSet()));
                authorizedUser.setAppId(this.appId);
                authorizedUser.setTenantId(iAuthorizedUser.getTenantId());
                authorizedUser.setTaxNums(iAuthorizedUser.getTaxNums());
                authorizedUser.setCompanyIds(iAuthorizedUser.getCompanies());
                Authorization authorization = new Authorization(authorizedUser);
                if (authorizedDefinition.dataPreAuth() && StringUtils.isNotBlank(authorizedDefinition.dataEntityCode()) && (args = proceedingJoinPoint.getArgs()) != null && args.length > 0) {
                    CheckResult check = this.objectRuleCheckServiceClient.check(ObjectAgreement.builder().content(objectMapper.writeValueAsString(convertMethodParam(proceedingJoinPoint))).authorization(authorization).resourceCode(resources[0]).entityCode(authorizedDefinition.dataEntityCode()).build());
                    log.info("objectAgreement  checkResult status:{},message:{}", check.getStatus(), check.getMessage());
                    if (!CheckStatus.PASS.equals(check)) {
                        throw new RuntimeException(check.getMessage());
                    }
                }
                if (authorizedDefinition.dataScopeAuth()) {
                    DataAuth dataAuth = new DataAuth();
                    dataAuth.setRequired(true);
                    authorization.setResourceCode(resources[0]);
                    dataAuth.setAuthorization(authorization);
                    DataAuthContextHolder.setDataAuth(dataAuth);
                }
                Object proceed2 = proceedingJoinPoint.proceed();
                DataAuthContextHolder.clean();
                return proceed2;
            } catch (Throwable th) {
                throw new RuntimeException(th.getMessage());
            }
        } catch (Throwable th2) {
            DataAuthContextHolder.clean();
            throw th2;
        }
    }

    protected Map<String, Object> convertMethodParam(ProceedingJoinPoint proceedingJoinPoint) {
        MethodSignature signature = proceedingJoinPoint.getSignature();
        signature.getParameterNames();
        String[] parameterNames = signature.getParameterNames();
        Class[] parameterTypes = signature.getParameterTypes();
        Object[] args = proceedingJoinPoint.getArgs();
        HashMap hashMap = new HashMap(parameterNames.length);
        for (int i = 0; i < parameterNames.length; i++) {
            Class cls = parameterTypes[i];
            Object obj = args[i];
            if (cls.isInstance(obj)) {
                hashMap.put(parameterNames[i], obj);
            }
        }
        return hashMap;
    }
}
