package com.alibaba.nacos.plugin.auth.impl.authenticate;

import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.core.utils.Loggers;
import com.alibaba.nacos.plugin.auth.api.Permission;
import com.alibaba.nacos.plugin.auth.exception.AccessException;
import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants;
import com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService;
import com.alibaba.nacos.plugin.auth.impl.token.TokenManagerDelegate;
import com.alibaba.nacos.plugin.auth.impl.users.NacosUser;
import com.alibaba.nacos.plugin.auth.impl.users.NacosUserDetails;
import com.alibaba.nacos.plugin.auth.impl.users.NacosUserService;
import com.alibaba.nacos.plugin.auth.impl.utils.PasswordEncoderUtil;
import jakarta.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/alibaba/nacos/plugin/auth/impl/authenticate/AbstractAuthenticationManager.class */
public class AbstractAuthenticationManager implements IAuthenticationManager {
    private static final String USER_NOT_FOUND_MESSAGE = "User not found! Please check user exist or password is right!";
    protected NacosUserService userDetailsService;
    protected TokenManagerDelegate jwtTokenManager;
    protected NacosRoleService roleService;

    public AbstractAuthenticationManager(NacosUserService nacosUserService, TokenManagerDelegate tokenManagerDelegate, NacosRoleService nacosRoleService) {
        this.userDetailsService = nacosUserService;
        this.jwtTokenManager = tokenManagerDelegate;
        this.roleService = nacosRoleService;
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.authenticate.IAuthenticationManager
    public NacosUser authenticate(String str, String str2) throws AccessException {
        if (StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
            throw new AccessException(USER_NOT_FOUND_MESSAGE);
        }
        NacosUserDetails nacosUserDetails = (NacosUserDetails) this.userDetailsService.loadUserByUsername(str);
        if (nacosUserDetails == null || !PasswordEncoderUtil.matches(str2, nacosUserDetails.getPassword()).booleanValue()) {
            throw new AccessException(USER_NOT_FOUND_MESSAGE);
        }
        return new NacosUser(nacosUserDetails.getUsername(), this.jwtTokenManager.createToken(str));
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.authenticate.IAuthenticationManager
    public NacosUser authenticate(String str) throws AccessException {
        if (StringUtils.isBlank(str)) {
            throw new AccessException(USER_NOT_FOUND_MESSAGE);
        }
        return this.jwtTokenManager.parseToken(str);
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.authenticate.IAuthenticationManager
    public NacosUser authenticate(HttpServletRequest httpServletRequest) throws AccessException {
        String resolveToken = resolveToken(httpServletRequest);
        return StringUtils.isNotBlank(resolveToken) ? authenticate(resolveToken) : authenticate(httpServletRequest.getParameter(AuthConstants.PARAM_USERNAME), httpServletRequest.getParameter(AuthConstants.PARAM_PASSWORD));
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.authenticate.IAuthenticationManager
    public void authorize(Permission permission, NacosUser nacosUser) throws AccessException {
        if (Loggers.AUTH.isDebugEnabled()) {
            Loggers.AUTH.debug("auth permission: {}, nacosUser: {}", permission, nacosUser);
        }
        if (!nacosUser.isGlobalAdmin() && !hasGlobalAdminRole(nacosUser) && !this.roleService.hasPermission(nacosUser, permission)) {
            throw new AccessException("authorization failed!");
        }
    }

    private String resolveToken(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(AuthConstants.AUTHORIZATION_HEADER);
        return (StringUtils.isNotBlank(header) && header.startsWith(AuthConstants.TOKEN_PREFIX)) ? header.substring(AuthConstants.TOKEN_PREFIX.length()) : httpServletRequest.getParameter("accessToken");
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.authenticate.IAuthenticationManager
    public boolean hasGlobalAdminRole(String str) {
        return this.roleService.hasGlobalAdminRole(str);
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.authenticate.IAuthenticationManager
    public boolean hasGlobalAdminRole() {
        return this.roleService.hasGlobalAdminRole();
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.authenticate.IAuthenticationManager
    public boolean hasGlobalAdminRole(NacosUser nacosUser) {
        if (nacosUser.isGlobalAdmin()) {
            return true;
        }
        nacosUser.setGlobalAdmin(hasGlobalAdminRole(nacosUser.getUserName()));
        return nacosUser.isGlobalAdmin();
    }
}
