package com.alibaba.nacos.console.security.nacos.roles;

import com.alibaba.nacos.config.server.auth.PermissionInfo;
import com.alibaba.nacos.config.server.auth.PermissionPersistService;
import com.alibaba.nacos.config.server.auth.RoleInfo;
import com.alibaba.nacos.config.server.auth.RolePersistService;
import com.alibaba.nacos.config.server.model.Page;
import com.alibaba.nacos.console.security.nacos.NacosAuthConfig;
import com.alibaba.nacos.console.security.nacos.users.NacosUserDetailsServiceImpl;
import com.alibaba.nacos.core.auth.AuthConfigs;
import com.alibaba.nacos.core.auth.Permission;
import com.alibaba.nacos.core.utils.Loggers;
import io.jsonwebtoken.lang.Collections;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import org.apache.mina.util.ConcurrentHashSet;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/alibaba/nacos/console/security/nacos/roles/NacosRoleServiceImpl.class */
public class NacosRoleServiceImpl {
    public static final String GLOBAL_ADMIN_ROLE = "ROLE_ADMIN";

    @Autowired
    private AuthConfigs authConfigs;

    @Autowired
    private RolePersistService rolePersistService;

    @Autowired
    private NacosUserDetailsServiceImpl userDetailsService;

    @Autowired
    private PermissionPersistService permissionPersistService;
    private Set<String> roleSet = new ConcurrentHashSet();
    private Map<String, List<RoleInfo>> roleInfoMap = new ConcurrentHashMap();
    private Map<String, List<PermissionInfo>> permissionInfoMap = new ConcurrentHashMap();

    @Scheduled(initialDelay = 5000, fixedDelay = 15000)
    private void reload() {
        try {
            Page rolesByUserName = this.rolePersistService.getRolesByUserName("", 1, Integer.MAX_VALUE);
            if (rolesByUserName == null) {
                return;
            }
            HashSet<String> hashSet = new HashSet(16);
            ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap(16);
            for (RoleInfo roleInfo : rolesByUserName.getPageItems()) {
                if (!concurrentHashMap.containsKey(roleInfo.getUsername())) {
                    concurrentHashMap.put(roleInfo.getUsername(), new ArrayList());
                }
                ((List) concurrentHashMap.get(roleInfo.getUsername())).add(roleInfo);
                hashSet.add(roleInfo.getRole());
            }
            ConcurrentHashMap concurrentHashMap2 = new ConcurrentHashMap(16);
            for (String str : hashSet) {
                concurrentHashMap2.put(str, this.permissionPersistService.getPermissions(str, 1, Integer.MAX_VALUE).getPageItems());
            }
            this.roleSet = hashSet;
            this.roleInfoMap = concurrentHashMap;
            this.permissionInfoMap = concurrentHashMap2;
        } catch (Exception e) {
            Loggers.AUTH.warn("[LOAD-ROLES] load failed", e);
        }
    }

    public boolean hasPermission(String str, Permission permission) {
        List<RoleInfo> roles = getRoles(str);
        if (Collections.isEmpty(roles)) {
            return false;
        }
        Iterator<RoleInfo> it = roles.iterator();
        while (it.hasNext()) {
            if (GLOBAL_ADMIN_ROLE.equals(it.next().getRole())) {
                return true;
            }
        }
        if (permission.getResource().startsWith(NacosAuthConfig.CONSOLE_RESOURCE_NAME_PREFIX)) {
            return false;
        }
        Iterator<RoleInfo> it2 = roles.iterator();
        while (it2.hasNext()) {
            List<PermissionInfo> permissions = getPermissions(it2.next().getRole());
            if (!Collections.isEmpty(permissions)) {
                for (PermissionInfo permissionInfo : permissions) {
                    String replaceAll = permissionInfo.getResource().replaceAll("\\*", ".*");
                    if (permissionInfo.getAction().contains(permission.getAction()) && Pattern.matches(replaceAll, permission.getResource())) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    public List<RoleInfo> getRoles(String str) {
        Page<RoleInfo> rolesFromDatabase;
        List<RoleInfo> list = this.roleInfoMap.get(str);
        if (!this.authConfigs.isCachingEnabled() && (rolesFromDatabase = getRolesFromDatabase(str, 1, Integer.MAX_VALUE)) != null) {
            list = rolesFromDatabase.getPageItems();
        }
        return list;
    }

    public Page<RoleInfo> getRolesFromDatabase(String str, int i, int i2) {
        Page<RoleInfo> rolesByUserName = this.rolePersistService.getRolesByUserName(str, i, i2);
        return rolesByUserName == null ? new Page<>() : rolesByUserName;
    }

    public List<PermissionInfo> getPermissions(String str) {
        Page<PermissionInfo> permissionsFromDatabase;
        List<PermissionInfo> list = this.permissionInfoMap.get(str);
        if (!this.authConfigs.isCachingEnabled() && (permissionsFromDatabase = getPermissionsFromDatabase(str, 1, Integer.MAX_VALUE)) != null) {
            list = permissionsFromDatabase.getPageItems();
        }
        return list;
    }

    public Page<PermissionInfo> getPermissionsByRoleFromDatabase(String str, int i, int i2) {
        return this.permissionPersistService.getPermissions(str, i, i2);
    }

    public void addRole(String str, String str2) {
        if (this.userDetailsService.getUser(str2) == null) {
            throw new IllegalArgumentException("user '" + str2 + "' not found!");
        }
        if (GLOBAL_ADMIN_ROLE.equals(str)) {
            throw new IllegalArgumentException("role 'ROLE_ADMIN' is not permitted to create!");
        }
        this.rolePersistService.addRole(str, str2);
        this.roleSet.add(str);
    }

    public void deleteRole(String str, String str2) {
        this.rolePersistService.deleteRole(str, str2);
    }

    public void deleteRole(String str) {
        this.rolePersistService.deleteRole(str);
        this.roleSet.remove(str);
    }

    public Page<PermissionInfo> getPermissionsFromDatabase(String str, int i, int i2) {
        Page<PermissionInfo> permissions = this.permissionPersistService.getPermissions(str, i, i2);
        return permissions == null ? new Page<>() : permissions;
    }

    public void addPermission(String str, String str2, String str3) {
        if (!this.roleSet.contains(str)) {
            throw new IllegalArgumentException("role " + str + " not found!");
        }
        this.permissionPersistService.addPermission(str, str2, str3);
    }

    public void deletePermission(String str, String str2, String str3) {
        this.permissionPersistService.deletePermission(str, str2, str3);
    }
}
