package com.codingapi.security.app.rpc;

import com.codingapi.security.app.ExpressionFunctionHolder;
import com.codingapi.security.app.expression.RequestContext;
import com.codingapi.security.component.common.util.Jsons;
import com.codingapi.security.component.common.util.Strings;
import com.codingapi.security.consensus.SecurityResource;
import com.codingapi.security.consensus.message.ApplicationInfo;
import com.codingapi.security.consensus.message.SecurityInfo;
import com.codingapi.security.consensus.message.SsoUserInfo;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.expression.EvaluationContext;
import org.springframework.expression.ExpressionParser;
import org.springframework.expression.spel.SpelEvaluationException;
import org.springframework.expression.spel.support.StandardEvaluationContext;
import org.springframework.web.servlet.HandlerInterceptor;

/* loaded from: input_file:com/codingapi/security/app/rpc/SecurityInfoHandlerInterceptor.class */
public class SecurityInfoHandlerInterceptor implements HandlerInterceptor {
    private static final Logger LOG;

    @Autowired
    private ExpressionFunctionHolder expressionFunctionHolder;

    @Autowired
    private ExpressionParser expressionParser;
    static final /* synthetic */ boolean $assertionsDisabled;

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) {
        SecurityInfo securityInfo;
        SsoUserInfo ssoUserInfo = null;
        ApplicationInfo applicationInfo = null;
        String header = httpServletRequest.getHeader("X-Application-Info");
        if (Objects.nonNull(header)) {
            applicationInfo = (ApplicationInfo) Jsons.parse(header, ApplicationInfo.class);
            LOG.debug("ApplicationInfo: {}", header);
        }
        String header2 = httpServletRequest.getHeader("X-SSO-User-Info");
        if (Objects.nonNull(header2)) {
            ssoUserInfo = (SsoUserInfo) Jsons.parseFromJsonBase64Code(header2, SsoUserInfo.class);
            LOG.debug("SSOUserInfo: {}", ssoUserInfo);
        }
        if (Objects.nonNull(ssoUserInfo)) {
            RequestContext requestContext = new RequestContext();
            requestContext.setUser(ssoUserInfo);
            requestContext.setFunc(this.expressionFunctionHolder.getFunc());
            String header3 = httpServletRequest.getHeader("X-Security-Info");
            if (Objects.nonNull(header3)) {
                securityInfo = (SecurityInfo) Jsons.parse(Strings.urlDecodeUTF8(header3), SecurityInfo.class);
                LOG.debug("SecurityInfo：{}", securityInfo);
                if (!$assertionsDisabled && !Objects.nonNull(securityInfo)) {
                    throw new AssertionError();
                }
                if (securityInfo.getSecurityResource() == null) {
                    LOG.warn("Non perm control for this application.");
                    securityInfo.setSecurityResource(new SecurityResource(false));
                }
                if (Objects.nonNull(securityInfo.getExpression())) {
                    LOG.debug("SecurityResource expression：{}", securityInfo.getExpression());
                    securityInfo.setExpression(parseExpression(securityInfo.getExpression(), new StandardEvaluationContext(requestContext)));
                }
            } else {
                LOG.debug("不存在安全信息");
                securityInfo = new SecurityInfo();
                securityInfo.setSecurityResource(new SecurityResource(false));
            }
        } else {
            securityInfo = new SecurityInfo();
            securityInfo.setSecurityResource(new SecurityResource(false));
        }
        SecurityContext.init(ssoUserInfo, securityInfo, applicationInfo);
        SecurityHeaderLocal securityHeaderLocal = new SecurityHeaderLocal();
        securityHeaderLocal.setAppInfo(header);
        securityHeaderLocal.setSecurity(Jsons.toJsonString(securityInfo));
        securityHeaderLocal.setSsoInfo(header2);
        SecurityHeaderLocal.init(securityHeaderLocal);
        return true;
    }

    private String parseExpression(String str, EvaluationContext evaluationContext) {
        int i = 0;
        StringBuilder sb = new StringBuilder();
        StringBuilder sb2 = new StringBuilder();
        StringBuilder sb3 = new StringBuilder();
        for (int i2 = 0; i2 < str.length(); i2++) {
            char charAt = str.charAt(i2);
            if (charAt == '$' || (charAt == '{' && i > 0)) {
                i++;
                sb.append(charAt);
            } else {
                if (i >= 100) {
                    sb3.append(sb.toString());
                    i = 0;
                    sb2.delete(0, sb2.length());
                    sb.delete(0, sb.length());
                }
                if (i == 0) {
                    sb3.append(charAt);
                }
                if (charAt == '}' && i > 0) {
                    LOG.info("SPE is {}", sb2);
                    try {
                        sb3.append(this.expressionParser.parseExpression(sb2.toString()).getValue(evaluationContext));
                    } catch (SpelEvaluationException e) {
                        LOG.warn("SPE Error in Expression.", e);
                        sb3.append(sb2.toString());
                    }
                    i = 0;
                    sb2.delete(0, sb2.length());
                    sb.delete(0, sb.length());
                }
                if (i > 0) {
                    i++;
                    sb.append(charAt);
                    sb2.append(charAt);
                }
            }
        }
        return sb3.toString();
    }

    static {
        $assertionsDisabled = !SecurityInfoHandlerInterceptor.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(SecurityInfoHandlerInterceptor.class);
    }
}
