package net.n2oapp.security.auth;

import java.io.IOException;
import java.util.HashMap;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import net.n2oapp.framework.access.data.SecurityProvider;
import net.n2oapp.framework.access.metadata.Security;
import net.n2oapp.framework.access.metadata.accesspoint.model.N2oUrlAccessPoint;
import net.n2oapp.framework.access.metadata.schema.AccessContext;
import net.n2oapp.framework.access.metadata.schema.CompiledAccessSchema;
import net.n2oapp.framework.access.metadata.schema.permission.N2oPermission;
import net.n2oapp.framework.access.metadata.schema.role.N2oRole;
import net.n2oapp.framework.access.metadata.schema.simple.SimpleCompiledAccessSchema;
import net.n2oapp.framework.access.metadata.schema.user.N2oUserAccess;
import net.n2oapp.framework.access.simple.PermissionAndRoleCollector;
import net.n2oapp.framework.api.MetadataEnvironment;
import net.n2oapp.framework.api.metadata.pipeline.ReadCompileBindTerminalPipeline;
import net.n2oapp.framework.api.user.StaticUserContext;
import net.n2oapp.framework.config.compile.pipeline.N2oPipelineSupport;

/* loaded from: input_file:BOOT-INF/lib/security-auth-5.0.11.jar:net/n2oapp/security/auth/N2oUrlFilter.class */
public class N2oUrlFilter implements Filter {
    private final String schemaId;
    private final Boolean defaultUrlAccessDenied;
    private final MetadataEnvironment environment;
    private final SecurityProvider securityProvider;

    public N2oUrlFilter(String str, Boolean bool, MetadataEnvironment metadataEnvironment, SecurityProvider securityProvider) {
        this.schemaId = str;
        this.defaultUrlAccessDenied = bool;
        this.environment = metadataEnvironment;
        this.securityProvider = securityProvider;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        this.securityProvider.checkAccess(collectUrlAccess(httpServletRequest.getServletPath() + (httpServletRequest.getPathInfo() == null ? "" : httpServletRequest.getPathInfo()), (SimpleCompiledAccessSchema) ((CompiledAccessSchema) ((ReadCompileBindTerminalPipeline) this.environment.getReadCompileBindTerminalPipelineFunction().apply(new N2oPipelineSupport(this.environment))).get(new AccessContext(this.schemaId), null))), StaticUserContext.getUserContext());
        filterChain.doFilter(httpServletRequest, servletResponse);
    }

    private Security collectUrlAccess(String str, SimpleCompiledAccessSchema simpleCompiledAccessSchema) {
        Security security = new Security();
        security.setSecurityMap(new HashMap());
        Security.SecurityObject securityObject = new Security.SecurityObject();
        if (simpleCompiledAccessSchema.getPermitAllPoints() != null) {
            simpleCompiledAccessSchema.getPermitAllPoints().stream().filter(accessPoint -> {
                return (accessPoint instanceof N2oUrlAccessPoint) && ((N2oUrlAccessPoint) accessPoint).getMatcher().matches(str);
            }).collect(Collectors.collectingAndThen(Collectors.toList(), list -> {
                if (list.size() == 1) {
                    securityObject.setPermitAll(true);
                }
                return list;
            }));
        }
        if (simpleCompiledAccessSchema.getAuthenticatedPoints() != null) {
            simpleCompiledAccessSchema.getAuthenticatedPoints().stream().filter(accessPoint2 -> {
                return (accessPoint2 instanceof N2oUrlAccessPoint) && ((N2oUrlAccessPoint) accessPoint2).getMatcher().matches(str);
            }).collect(Collectors.collectingAndThen(Collectors.toList(), list2 -> {
                if (list2.size() == 1) {
                    securityObject.setAuthenticated(true);
                }
                return list2;
            }));
        }
        if (simpleCompiledAccessSchema.getAnonymousPoints() != null) {
            simpleCompiledAccessSchema.getAnonymousPoints().stream().filter(accessPoint3 -> {
                return (accessPoint3 instanceof N2oUrlAccessPoint) && ((N2oUrlAccessPoint) accessPoint3).getMatcher().matches(str);
            }).collect(Collectors.collectingAndThen(Collectors.toList(), list3 -> {
                if (list3.size() == 1) {
                    securityObject.setAnonymous(true);
                }
                return list3;
            }));
        }
        List<N2oRole> collectRoles = PermissionAndRoleCollector.collectRoles(N2oUrlAccessPoint.class, PermissionAndRoleCollector.URL_ACCESS.apply(str), simpleCompiledAccessSchema);
        if (collectRoles != null && collectRoles.size() > 0) {
            securityObject.setRoles((Set) collectRoles.stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet()));
        }
        List<N2oPermission> collectPermission = PermissionAndRoleCollector.collectPermission(N2oUrlAccessPoint.class, PermissionAndRoleCollector.URL_ACCESS.apply(str), simpleCompiledAccessSchema);
        if (collectPermission != null && collectPermission.size() > 0) {
            securityObject.setPermissions((Set) collectPermission.stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet()));
        }
        List<N2oUserAccess> collectUsers = PermissionAndRoleCollector.collectUsers(N2oUrlAccessPoint.class, PermissionAndRoleCollector.URL_ACCESS.apply(str), simpleCompiledAccessSchema);
        if (collectUsers != null && collectUsers.size() > 0) {
            securityObject.setUsernames((Set) collectUsers.stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet()));
        }
        if (securityObject.isEmpty()) {
            securityObject.setPermitAll(Boolean.valueOf(!this.defaultUrlAccessDenied.booleanValue()));
            securityObject.setDenied(this.defaultUrlAccessDenied);
        }
        security.getSecurityMap().put("url", securityObject);
        return security;
    }
}
