package org.thymeleaf.extras.springsecurity4.auth;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.servlet.ServletContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.security.acls.domain.DefaultPermissionFactory;
import org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl;
import org.springframework.security.acls.domain.PermissionFactory;
import org.springframework.security.acls.domain.SidRetrievalStrategyImpl;
import org.springframework.security.acls.model.AclService;
import org.springframework.security.acls.model.NotFoundException;
import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.acls.model.SidRetrievalStrategy;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import org.thymeleaf.TemplateEngine;
import org.thymeleaf.exceptions.ConfigurationException;

/* loaded from: input_file:WEB-INF/lib/thymeleaf-extras-springsecurity4-2.1.2.RELEASE.jar:org/thymeleaf/extras/springsecurity4/auth/AclAuthUtils.class */
public final class AclAuthUtils {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AclAuthUtils.class);

    private AclAuthUtils() {
    }

    public static boolean authorizeUsingAccessControlList(Object obj, ApplicationContext applicationContext, String str, Authentication authentication, ServletContext servletContext) {
        return authorizeUsingAccessControlList(obj, parsePermissionsString(applicationContext, str), authentication, servletContext);
    }

    public static boolean authorizeUsingAccessControlList(Object obj, List<Permission> list, Authentication authentication, ServletContext servletContext) {
        if (logger.isTraceEnabled()) {
            Logger logger2 = logger;
            Object[] objArr = new Object[4];
            objArr[0] = TemplateEngine.threadIndex();
            objArr[1] = authentication == null ? null : authentication.getName();
            objArr[2] = obj == null ? null : obj.getClass().getName();
            objArr[3] = list;
            logger2.trace("[THYMELEAF][{}] Checking authorization using Access Control List for user \"{}\". Domain object is of class \"{}\" and permissions are \"{}\".", objArr);
        }
        WebApplicationContext requiredWebApplicationContext = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
        AclService aclService = (AclService) getBeanOfType(requiredWebApplicationContext, AclService.class);
        if (authentication == null) {
            if (!logger.isTraceEnabled()) {
                return false;
            }
            logger.trace("[THYMELEAF][{}] Authentication object is null. Access is DENIED. ", TemplateEngine.threadIndex());
            return false;
        }
        SidRetrievalStrategyImpl sidRetrievalStrategyImpl = (SidRetrievalStrategy) getBeanOfType(requiredWebApplicationContext, SidRetrievalStrategy.class);
        if (sidRetrievalStrategyImpl == null) {
            sidRetrievalStrategyImpl = new SidRetrievalStrategyImpl();
        }
        ObjectIdentityRetrievalStrategyImpl objectIdentityRetrievalStrategyImpl = (ObjectIdentityRetrievalStrategy) getBeanOfType(requiredWebApplicationContext, ObjectIdentityRetrievalStrategy.class);
        if (objectIdentityRetrievalStrategyImpl == null) {
            objectIdentityRetrievalStrategyImpl = new ObjectIdentityRetrievalStrategyImpl();
        }
        if (null == list || list.isEmpty()) {
            if (!logger.isTraceEnabled()) {
                return false;
            }
            logger.trace("[THYMELEAF][{}] Permissions are null or empty. Access is DENIED. ", TemplateEngine.threadIndex());
            return false;
        }
        if (obj == null) {
            if (!logger.isTraceEnabled()) {
                return true;
            }
            logger.trace("[THYMELEAF][{}] Domain object for resolved to null. Access by Access Control List is GRANTED.", TemplateEngine.threadIndex());
            return true;
        }
        List sids = sidRetrievalStrategyImpl.getSids(SecurityContextHolder.getContext().getAuthentication());
        try {
            if (aclService.readAclById(objectIdentityRetrievalStrategyImpl.getObjectIdentity(obj), sids).isGranted(list, sids, false)) {
                if (!logger.isTraceEnabled()) {
                    return true;
                }
                logger.trace("[THYMELEAF][{}] Checked authorization using Access Control List for user \"{}\". Domain object is of class \"{}\" and permissions are \"{}\". Access is GRANTED.", TemplateEngine.threadIndex(), authentication.getName(), obj.getClass().getName(), list);
                return true;
            }
            if (!logger.isTraceEnabled()) {
                return false;
            }
            logger.trace("[THYMELEAF][{}] Checked authorization using Access Control List for user \"{}\". Domain object is of class \"{}\" and permissions are \"{}\". Access is DENIED.", TemplateEngine.threadIndex(), authentication.getName(), obj.getClass().getName(), list);
            return false;
        } catch (NotFoundException e) {
            return false;
        }
    }

    public static List<Permission> parsePermissionsString(ApplicationContext applicationContext, String str) throws NumberFormatException {
        if (logger.isTraceEnabled()) {
            logger.trace("[THYMELEAF][{}] Parsing permissions string \"{}\".", TemplateEngine.threadIndex(), str);
        }
        if (str == null || str.trim().equals("")) {
            return Collections.emptyList();
        }
        DefaultPermissionFactory defaultPermissionFactory = (PermissionFactory) getBeanOfType(applicationContext, PermissionFactory.class);
        if (defaultPermissionFactory == null) {
            defaultPermissionFactory = new DefaultPermissionFactory();
        }
        HashSet hashSet = new HashSet();
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",", false);
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            try {
                hashSet.add(defaultPermissionFactory.buildFromMask(Integer.valueOf(nextToken).intValue()));
            } catch (NumberFormatException e) {
                hashSet.add(defaultPermissionFactory.buildFromName(nextToken));
            }
        }
        return new ArrayList(hashSet);
    }

    private static <T> T getBeanOfType(ApplicationContext applicationContext, Class<T> cls) {
        Map<String, T> beansOfType = applicationContext.getBeansOfType(cls);
        ApplicationContext parent = applicationContext.getParent();
        while (true) {
            ApplicationContext applicationContext2 = parent;
            if (applicationContext2 == null) {
                break;
            }
            beansOfType.putAll(applicationContext2.getBeansOfType(cls));
            parent = applicationContext2.getParent();
        }
        if (beansOfType.size() == 0) {
            return null;
        }
        if (beansOfType.size() == 1) {
            return beansOfType.values().iterator().next();
        }
        throw new ConfigurationException("Found incorrect number of " + cls.getSimpleName() + " instances in application context - you must have only have one!");
    }
}
