package com.alibaba.nacos.plugin.auth.impl.roles;

import com.alibaba.nacos.api.exception.NacosException;
import com.alibaba.nacos.api.exception.runtime.NacosRuntimeException;
import com.alibaba.nacos.api.model.Page;
import com.alibaba.nacos.api.model.v2.Result;
import com.alibaba.nacos.common.http.DefaultHttpClientFactory;
import com.alibaba.nacos.common.http.HttpRestResult;
import com.alibaba.nacos.common.http.client.NacosRestTemplate;
import com.alibaba.nacos.common.http.param.Query;
import com.alibaba.nacos.common.utils.JacksonUtils;
import com.alibaba.nacos.plugin.auth.impl.configuration.AuthConfigs;
import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants;
import com.alibaba.nacos.plugin.auth.impl.persistence.PermissionInfo;
import com.alibaba.nacos.plugin.auth.impl.persistence.RoleInfo;
import com.alibaba.nacos.plugin.auth.impl.utils.RemoteServerUtil;
import com.fasterxml.jackson.core.type.TypeReference;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceRemoteImpl.class */
public class NacosRoleServiceRemoteImpl extends AbstractCheckedRoleService implements NacosRoleService {
    private static final Logger LOGGER = LoggerFactory.getLogger(NacosRoleServiceRemoteImpl.class);
    private final NacosRestTemplate nacosRestTemplate;
    private final AuthConfigs authConfigs;

    public NacosRoleServiceRemoteImpl(AuthConfigs authConfigs) {
        super(authConfigs);
        this.authConfigs = authConfigs;
        this.nacosRestTemplate = new DefaultHttpClientFactory(LOGGER).createNacosRestTemplate();
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public void addPermission(String str, String str2, String str3) {
        try {
            RemoteServerUtil.singleCheckResult(this.nacosRestTemplate.postForm(buildRemotePermissionUrlPath(AuthConstants.PERMISSION_PATH), RemoteServerUtil.buildServerRemoteHeader(this.authConfigs), (Query) null, Map.of("role", str, "resource", str2, "action", str3), String.class));
        } catch (NacosException e) {
            throw new NacosRuntimeException(e.getErrCode(), e.getErrMsg());
        } catch (Exception e2) {
            throw new NacosRuntimeException(500, e2.getMessage());
        }
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public void deletePermission(String str, String str2, String str3) {
        try {
            RemoteServerUtil.singleCheckResult(this.nacosRestTemplate.delete(buildRemotePermissionUrlPath(AuthConstants.PERMISSION_PATH), RemoteServerUtil.buildServerRemoteHeader(this.authConfigs), Query.newInstance().addParam("role", str).addParam("resource", str2).addParam("action", str3), String.class));
        } catch (Exception e) {
            throw new NacosRuntimeException(500, e.getMessage());
        } catch (NacosException e2) {
            throw new NacosRuntimeException(e2.getErrCode(), e2.getErrMsg());
        }
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public List<PermissionInfo> getPermissions(String str) {
        if (getCachedPermissionInfoMap().containsKey(str)) {
            return getCachedPermissionInfoMap().get(str);
        }
        reload();
        return getCachedPermissionInfoMap().get(str);
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public Page<PermissionInfo> getPermissions(String str, int i, int i2) {
        return getPermissionInfoPageFromRemote(Query.newInstance().addParam("role", str).addParam("pageNo", Integer.valueOf(i)).addParam("pageSize", Integer.valueOf(i2)).addParam("search", "accurate"));
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public Page<PermissionInfo> findPermissions(String str, int i, int i2) {
        return getPermissionInfoPageFromRemote(Query.newInstance().addParam("role", str).addParam("pageNo", Integer.valueOf(i)).addParam("pageSize", Integer.valueOf(i2)).addParam("search", "blur"));
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public List<RoleInfo> getRoles(String str) {
        if (getCachedRoleInfoMap().containsKey(str)) {
            return getCachedRoleInfoMap().get(str);
        }
        reload();
        return getCachedRoleInfoMap().get(str);
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public Page<RoleInfo> getRoles(String str, String str2, int i, int i2) {
        return getRoleInfoPageFromRemote(Query.newInstance().addParam(AuthConstants.PARAM_USERNAME, str).addParam("role", str2).addParam("pageNo", Integer.valueOf(i)).addParam("pageSize", Integer.valueOf(i2)).addParam("search", "accurate"));
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public Page<RoleInfo> findRoles(String str, String str2, int i, int i2) {
        return getRoleInfoPageFromRemote(Query.newInstance().addParam(AuthConstants.PARAM_USERNAME, str).addParam("role", str2).addParam("pageNo", Integer.valueOf(i)).addParam("pageSize", Integer.valueOf(i2)).addParam("search", "blur"));
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public List<String> findRoleNames(String str) {
        try {
            HttpRestResult httpRestResult = this.nacosRestTemplate.get(buildRemoteRoleUrlPath("/v3/auth/role/search"), RemoteServerUtil.buildServerRemoteHeader(this.authConfigs), Query.newInstance().addParam("role", str), String.class);
            RemoteServerUtil.singleCheckResult(httpRestResult);
            return (List) ((Result) JacksonUtils.toObj((String) httpRestResult.getData(), new TypeReference<Result<List<String>>>() { // from class: com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleServiceRemoteImpl.1
            })).getData();
        } catch (Exception e) {
            throw new NacosRuntimeException(500, e.getMessage());
        } catch (NacosException e2) {
            throw new NacosRuntimeException(e2.getErrCode(), e2.getErrMsg());
        }
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public List<RoleInfo> getAllRoles() {
        return getRoles(AuthConstants.DEFAULT_TOKEN_SECRET_KEY, AuthConstants.DEFAULT_TOKEN_SECRET_KEY, 1, Integer.MAX_VALUE).getPageItems();
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public void addRole(String str, String str2) {
        if (AuthConstants.GLOBAL_ADMIN_ROLE.equals(str)) {
            throw new IllegalArgumentException("role 'ROLE_ADMIN' is not permitted to create!");
        }
        try {
            RemoteServerUtil.singleCheckResult(this.nacosRestTemplate.postForm(buildRemoteRoleUrlPath(AuthConstants.ROLE_PATH), RemoteServerUtil.buildServerRemoteHeader(this.authConfigs), Map.of("role", str, AuthConstants.PARAM_USERNAME, str2), String.class));
            getCachedRoleSet().add(str);
        } catch (Exception e) {
            throw new NacosRuntimeException(500, e.getMessage());
        } catch (NacosException e2) {
            throw new NacosRuntimeException(e2.getErrCode(), e2.getErrMsg());
        }
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public void deleteRole(String str, String str2) {
        try {
            RemoteServerUtil.singleCheckResult(this.nacosRestTemplate.delete(buildRemoteRoleUrlPath(AuthConstants.ROLE_PATH), RemoteServerUtil.buildServerRemoteHeader(this.authConfigs), Query.newInstance().addParam("role", str).addParam("userName", str2), String.class));
        } catch (NacosException e) {
            throw new NacosRuntimeException(e.getErrCode(), e.getErrMsg());
        } catch (Exception e2) {
            throw new NacosRuntimeException(500, e2.getMessage());
        }
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public void deleteRole(String str) {
        try {
            RemoteServerUtil.singleCheckResult(this.nacosRestTemplate.delete(buildRemoteRoleUrlPath(AuthConstants.ROLE_PATH), RemoteServerUtil.buildServerRemoteHeader(this.authConfigs), Query.newInstance().addParam("role", str), String.class));
            getCachedRoleSet().remove(str);
        } catch (NacosException e) {
            throw new NacosRuntimeException(e.getErrCode(), e.getErrMsg());
        } catch (Exception e2) {
            throw new NacosRuntimeException(500, e2.getMessage());
        }
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public void addAdminRole(String str) {
        if (hasGlobalAdminRole()) {
            return;
        }
        getCachedRoleSet().add(AuthConstants.GLOBAL_ADMIN_ROLE);
        this.authConfigs.setHasGlobalAdminRole(true);
    }

    private String buildRemotePermissionUrlPath(String str) {
        return "http://" + RemoteServerUtil.getOneNacosServerAddress() + RemoteServerUtil.getRemoteServerContextPath() + str;
    }

    private Page<PermissionInfo> getPermissionInfoPageFromRemote(Query query) {
        try {
            HttpRestResult httpRestResult = this.nacosRestTemplate.get(buildRemotePermissionUrlPath("/v3/auth/permission/list"), RemoteServerUtil.buildServerRemoteHeader(this.authConfigs), query, String.class);
            RemoteServerUtil.singleCheckResult(httpRestResult);
            return (Page) ((Result) JacksonUtils.toObj((String) httpRestResult.getData(), new TypeReference<Result<Page<PermissionInfo>>>() { // from class: com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleServiceRemoteImpl.2
            })).getData();
        } catch (Exception e) {
            throw new NacosRuntimeException(500, e.getMessage());
        } catch (NacosException e2) {
            throw new NacosRuntimeException(e2.getErrCode(), e2.getErrMsg());
        }
    }

    private String buildRemoteRoleUrlPath(String str) {
        return "http://" + RemoteServerUtil.getOneNacosServerAddress() + RemoteServerUtil.getRemoteServerContextPath() + str;
    }

    private Page<RoleInfo> getRoleInfoPageFromRemote(Query query) {
        try {
            HttpRestResult httpRestResult = this.nacosRestTemplate.get(buildRemoteRoleUrlPath("/v3/auth/role/list"), RemoteServerUtil.buildServerRemoteHeader(this.authConfigs), query, String.class);
            RemoteServerUtil.singleCheckResult(httpRestResult);
            return (Page) ((Result) JacksonUtils.toObj((String) httpRestResult.getData(), new TypeReference<Result<Page<RoleInfo>>>() { // from class: com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleServiceRemoteImpl.3
            })).getData();
        } catch (Exception e) {
            throw new NacosRuntimeException(500, e.getMessage());
        } catch (NacosException e2) {
            throw new NacosRuntimeException(e2.getErrCode(), e2.getErrMsg());
        }
    }
}
