package org.coodex.concrete.core.intercept.atoms;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.aopalliance.intercept.MethodInvocation;
import org.coodex.concrete.api.AccessAllow;
import org.coodex.concrete.api.Domain;
import org.coodex.concrete.common.Account;
import org.coodex.concrete.common.Assert;
import org.coodex.concrete.common.ErrorCodes;
import org.coodex.concrete.common.RuntimeContext;
import org.coodex.concrete.common.Token;
import org.coodex.concrete.core.token.TokenWrapper;
import org.coodex.util.Common;
import org.coodex.util.Profile;

/* loaded from: input_file:org/coodex/concrete/core/intercept/atoms/RBAC.class */
public abstract class RBAC {
    private static Token token = TokenWrapper.getInstance();

    public static void before(RuntimeContext runtimeContext, MethodInvocation methodInvocation) {
        AccessAllow annotation;
        Domain declaringAnnotation;
        if (runtimeContext.getDeclaringMethod() != null) {
            Profile profile = Profile.getProfile(runtimeContext.getModuleName() + ".properties");
            String[] strList = profile.getStrList(runtimeContext.getMethodName());
            String string = profile.getString("domain");
            if (string == null && (declaringAnnotation = runtimeContext.getDeclaringAnnotation(Domain.class)) != null && !Common.isBlank(declaringAnnotation.value().trim())) {
                string = declaringAnnotation.value();
            }
            if (strList == null && (annotation = runtimeContext.getDeclaringMethod().getAnnotation(AccessAllow.class)) != null) {
                strList = annotation.roles();
                if (strList.length == 0) {
                    strList = new String[]{"EVERYBODY"};
                }
            }
            rbac(strList, string);
        }
    }

    public static void rbac(String[] strArr, String str) {
        if (strArr != null) {
            Account currentAccount = getCurrentAccount();
            Assert.isNull(currentAccount, ErrorCodes.NONE_ACCOUNT, token);
            Assert.is(!currentAccount.isValid(), ErrorCodes.ACCOUNT_INVALIDATE, new Object[0]);
            Assert.is(!token.isAccountCredible(), ErrorCodes.UNTRUSTED_ACCOUNT, new Object[0]);
            Set<String> accountDomainRoles = getAccountDomainRoles(str, currentAccount);
            if (accountDomainRoles.contains("*")) {
                return;
            }
            Assert.is(accountDomainRoles.size() == 0 || Common.intersection(Common.arrayToSet(strArr), accountDomainRoles).size() == 0, ErrorCodes.NO_AUTHORIZATION, new Object[0]);
        }
    }

    private static Set<String> getAccountDomainRoles(String str, Account account) {
        HashSet hashSet = new HashSet();
        Set roles = account.getRoles();
        if (roles != null) {
            if (!Common.isBlank(str)) {
                int length = str.length() + 1;
                Iterator it = roles.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String str2 = (String) it.next();
                    if (!Common.isBlank(str2)) {
                        if (str2.equals("*")) {
                            hashSet.add("*");
                            break;
                        }
                        if (str2.startsWith("*.") && str2.length() > 2) {
                            hashSet.add(str2.substring(2));
                        } else if (str2.startsWith(str + ".") && str2.length() > length) {
                            hashSet.add(str2.substring(length));
                        }
                    }
                }
            } else {
                hashSet.addAll(roles);
            }
        }
        if (Common.isBlank(str)) {
            hashSet.add("EVERYBODY");
        } else if (hashSet.size() > 0) {
            hashSet.add("EVERYBODY");
        }
        return hashSet;
    }

    private static Account getCurrentAccount() {
        return token.currentAccount();
    }
}
