package it.techgap.common.security.aop;

import it.techgap.common.security.cache.SecurityCache;
import it.techgap.common.security.rules.AspectSecurityRule;
import it.techgap.common.security.security.SecurityPolicy;
import java.util.Collection;
import java.util.Iterator;
import org.apache.commons.collections.CollectionUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Pointcut;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:it/techgap/common/security/aop/AspectSecurity.class */
public abstract class AspectSecurity<UserClass extends Authentication> {
    private static final Logger log = LoggerFactory.getLogger(AspectSecurity.class);
    private final SecurityCache<UserClass> securityCache;
    private String defaultPolicy = "denyAnonymousAccess";

    @Autowired
    ApplicationContext applicationContext;

    public AspectSecurity(SecurityCache<UserClass> securityCache) {
        this.securityCache = securityCache;
    }

    protected abstract UserClass getUser(Authentication authentication);

    @Pointcut("execution(public * *(..))")
    public final void anyPublicOperation() {
    }

    @Pointcut("within(@it.tgi.common.security.annotation.AopSecured *)")
    public final void isSecuredBean() {
    }

    @Around("isSecuredBean() && anyPublicOperation()")
    public Object checkIfMethodAllowed(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        securityCheck(AspectSecurityUtils.getSignatureString(proceedingJoinPoint), proceedingJoinPoint);
        return proceedingJoinPoint.proceed();
    }

    private void securityCheck(String str, ProceedingJoinPoint proceedingJoinPoint) throws Exception {
        UserClass user = getUser(SecurityContextHolder.getContext().getAuthentication());
        if (user != null) {
            if (!checkRules(proceedingJoinPoint, user, this.securityCache.retrieve(user, str))) {
                throw new InsufficientAuthenticationException("Access to method  is not allowed!");
            }
        } else if (!getChecker(this.defaultPolicy).check(proceedingJoinPoint, null)) {
            throw new InsufficientAuthenticationException("Access to method  is not allowed!");
        }
    }

    private boolean checkRules(ProceedingJoinPoint proceedingJoinPoint, UserClass userclass, Collection<? extends SecurityPolicy> collection) {
        if (!CollectionUtils.isNotEmpty(collection)) {
            return false;
        }
        Iterator<? extends SecurityPolicy> it2 = collection.iterator();
        while (it2.hasNext()) {
            AspectSecurityRule<UserClass> checker = getChecker(it2.next().getPolicy());
            if (checker != null && checker.check(proceedingJoinPoint, userclass)) {
                return true;
            }
        }
        return false;
    }

    protected AspectSecurityRule<UserClass> getChecker(String str) {
        return (AspectSecurityRule) this.applicationContext.getBean(str, AspectSecurityRule.class);
    }

    public void setDefaultPolicy(String str) {
        if (str == null) {
            throw new IllegalArgumentException("defaultPolicy cannot be null!");
        }
        this.defaultPolicy = str;
    }
}
