package com.huawei.es.security.author.parsers.customized;

import com.huawei.es.security.auth.common.HttpHelper;
import com.huawei.es.security.author.tool.AuthorityConstants;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpResponseStatus;
import java.io.File;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLClassLoader;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.io.PathUtils;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;

/* loaded from: input_file:com/huawei/es/security/author/parsers/customized/CustomizedAuthorizeTool.class */
public class CustomizedAuthorizeTool {
    private static final String CUSTOMIZED_AUTHORIZED_PATTERN2IMPLEMENTCLASSNAME_MAPPING = "customized.authorize.pattern2implementClassName.mapping";
    private static final int CUSTOMIZED_AUTHORIZED_VALUE_LENGTH_SHORT_TYPE = 1;
    private static final int CUSTOMIZED_AUTHORIZED_VALUE_LENGTH_LONG_TYPE = 3;
    private static final Logger LOG = Loggers.getLogger(CustomizedAuthorizeTool.class, new String[]{"CustomizedAuthorizeTool"});
    private static Map<String, Class> pattern2ClassMap = new HashMap();

    public static void initCustomizedAuthorizeSettings(Settings settings) {
        String str = settings.get(CUSTOMIZED_AUTHORIZED_PATTERN2IMPLEMENTCLASSNAME_MAPPING);
        if (null == str || str.isEmpty()) {
            LOG.info(" The value of the customized authorize configuration item is empty.");
            return;
        }
        for (String str2 : str.split(",")) {
            putEachPattern2Class(str2);
        }
    }

    private static void putEachPattern2Class(String str) {
        String[] split = str.split(AuthorityConstants.SEPARATOR_FOR_SECURITY_INDEX_DOC_ID);
        int length = split.length;
        String str2 = split[0];
        if (str2.isEmpty()) {
            LOG.error("CustomizedAuthorizeTool failed. The value of pattern is empty, the setting is : {}.", str);
            return;
        }
        if (length == 1) {
            pattern2ClassMap.put(str2, null);
            LOG.info("Only configured the pattern of the plugin, the setting is :{}", str);
            return;
        }
        String str3 = split[1];
        if (str3.isEmpty()) {
            pattern2ClassMap.put(str2, null);
            LOG.error("CustomizedAuthorizeTool failed. The location of the plugin is not specified, the setting is : {}.", str);
            return;
        }
        String[] split2 = str3.split("/");
        if (split2.length < CUSTOMIZED_AUTHORIZED_VALUE_LENGTH_LONG_TYPE) {
            pattern2ClassMap.put(str2, null);
            LOG.error("CustomizedAuthorizeTool failed. Wrong parameter configuration:{}.", str);
        } else {
            pattern2ClassMap.put(str2, getClassByClassLoader(split2[0], split2[1], split2[2]));
        }
    }

    private static Class getClassByClassLoader(String str, String str2, String str3) {
        if (str.isEmpty() || str2.isEmpty() || str3.isEmpty()) {
            LOG.error("CustomizedAuthorizeTool failed. Wrong parameter configuration pluginName:{}, jarName:{}, className:{}.", str, str2, str3);
            return null;
        }
        String str4 = "file:" + (PathUtils.get(new File(CustomizedAuthorizeTool.class.getProtectionDomain().getCodeSource().getLocation().getPath()).getParent(), new String[0]).getParent().getParent().toString() + File.separator + "plugins" + File.separator + str) + File.separator + str2;
        Class<?> cls = null;
        try {
            ClassLoader classLoader = CustomizedAuthorizeTool.class.getClassLoader();
            Method declaredMethod = URLClassLoader.class.getDeclaredMethod("addURL", URL.class);
            declaredMethod.setAccessible(true);
            declaredMethod.invoke(classLoader, new URL(str4));
            cls = classLoader.loadClass(str3);
        } catch (ClassNotFoundException | IllegalAccessException | NoSuchMethodException | InvocationTargetException | MalformedURLException e) {
            LOG.error("Customized failed, get customized authorize implement class by reflect occur exception", e);
        }
        return cls;
    }

    public static boolean isDoAuthorizeByUserOrDefault(FullHttpRequest fullHttpRequest) {
        return (pattern2ClassMap == null || pattern2ClassMap.isEmpty() || getPatternFromRequest(fullHttpRequest).isEmpty()) ? false : true;
    }

    private static String getPatternFromRequest(FullHttpRequest fullHttpRequest) {
        Set<String> keySet = pattern2ClassMap.keySet();
        if (pattern2ClassMap.isEmpty()) {
            return AuthorityConstants.EMPYT_STRING;
        }
        for (String str : keySet) {
            String uri = fullHttpRequest.uri();
            if (uri == null || uri.isEmpty()) {
                return AuthorityConstants.EMPYT_STRING;
            }
            if (uri.contains(str)) {
                return str;
            }
        }
        return AuthorityConstants.EMPYT_STRING;
    }

    public static boolean doAuthorize(FullHttpRequest fullHttpRequest, FullHttpResponse fullHttpResponse) {
        String str = fullHttpResponse.headers().get(AuthorityConstants.CUSTOMISED_HTTP_RESPONSE_HEAD_NAME_FOR_USERNAME);
        String patternFromRequest = getPatternFromRequest(fullHttpRequest);
        if (patternFromRequest.isEmpty() || str == null || str.isEmpty()) {
            return false;
        }
        boolean z = false;
        try {
            Class cls = pattern2ClassMap.get(patternFromRequest);
            z = null == cls ? new CustomizedAuthorizeImpl().doAuthorize(fullHttpRequest, str) : ((Boolean) cls.getMethod("doAuthorize", FullHttpRequest.class, String.class).invoke(cls.getConstructor(new Class[0]).newInstance(new Object[0]), fullHttpRequest, str)).booleanValue();
            if (!z) {
                HttpHelper.reBuildResponse(fullHttpResponse, HttpResponseStatus.FORBIDDEN, "Customized authorize failed.");
            }
        } catch (IllegalAccessException | InstantiationException | NoSuchMethodException | InvocationTargetException e) {
            LOG.error("CustomizedAuthorizeTool failed , doAuthorize occur exception : ", e);
            HttpHelper.reBuildResponse(fullHttpResponse, HttpResponseStatus.FORBIDDEN, "Customized authorize occur exception.");
        }
        return z;
    }
}
