package com.huaweicloud.governance.authentication.whiteBlack;

import com.huaweicloud.common.configration.dynamic.BlackWhiteListProperties;
import com.huaweicloud.governance.authentication.AccessController;
import com.huaweicloud.governance.authentication.AuthRequestExtractor;
import com.huaweicloud.governance.authentication.AuthenticationAdapter;
import com.huaweicloud.governance.authentication.MatcherUtils;
import com.huaweicloud.governance.authentication.UnAuthorizedException;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huaweicloud/governance/authentication/whiteBlack/WhiteBlackAccessController.class */
public class WhiteBlackAccessController implements AccessController {
    private static final Logger LOGGER = LoggerFactory.getLogger(WhiteBlackAccessController.class);
    BlackWhiteListProperties blackWhiteListProperties;
    private final AuthenticationAdapter authenticationAdapter;

    public WhiteBlackAccessController(AuthenticationAdapter authenticationAdapter, BlackWhiteListProperties blackWhiteListProperties) {
        this.authenticationAdapter = authenticationAdapter;
        this.blackWhiteListProperties = blackWhiteListProperties;
    }

    @Override // com.huaweicloud.governance.authentication.AccessController
    public boolean isAllowed(AuthRequestExtractor authRequestExtractor) throws Exception {
        if ((this.blackWhiteListProperties.getBlack().size() <= 0 && this.blackWhiteListProperties.getWhite().size() <= 0) || (!StringUtils.isEmpty(authRequestExtractor.serviceId()) && !StringUtils.isEmpty(authRequestExtractor.instanceId()))) {
            return whiteAllowed(authRequestExtractor.serviceId(), authRequestExtractor.instanceId()) && !blackDenied(authRequestExtractor.serviceId(), authRequestExtractor.instanceId());
        }
        LOGGER.info("please set spring.cloud.servicecomb.webmvc.tokenCheckEnabled config true.");
        throw new UnAuthorizedException("UNAUTHORIZED.");
    }

    @Override // com.huaweicloud.governance.authentication.AccessController
    public String interceptMessage() {
        return "UNAUTHORIZED BY WHITE BLACK";
    }

    private boolean whiteAllowed(String str, String str2) {
        if (this.blackWhiteListProperties == null || this.blackWhiteListProperties.getWhite().isEmpty()) {
            return true;
        }
        return matchFound(str, str2, this.blackWhiteListProperties.getWhite());
    }

    private boolean blackDenied(String str, String str2) {
        if (this.blackWhiteListProperties == null || this.blackWhiteListProperties.getBlack().isEmpty()) {
            return false;
        }
        return matchFound(str, str2, this.blackWhiteListProperties.getBlack());
    }

    private boolean matchFound(String str, String str2, List<BlackWhiteListProperties.ConfigurationItem> list) {
        for (BlackWhiteListProperties.ConfigurationItem configurationItem : list) {
            if ("property".equals(configurationItem.getCategory()) && matchMicroserviceProperties(str, str2, configurationItem)) {
                return true;
            }
        }
        return false;
    }

    private boolean matchMicroserviceProperties(String str, String str2, BlackWhiteListProperties.ConfigurationItem configurationItem) {
        String propertyValue = this.authenticationAdapter.getPropertyValue(str, str2, configurationItem.getPropertyName());
        if (StringUtils.isEmpty(propertyValue)) {
            return false;
        }
        return MatcherUtils.isPatternMatch(propertyValue, configurationItem.getRule());
    }
}
