package org.valkyriercp.security.support;

import com.google.common.collect.Maps;
import java.lang.ref.WeakReference;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.core.Authentication;
import org.springframework.util.Assert;
import org.valkyriercp.binding.form.FormModel;
import org.valkyriercp.core.AuthorityConfigurable;
import org.valkyriercp.core.Authorizable;
import org.valkyriercp.core.Secured;
import org.valkyriercp.security.SecurityController;

/* loaded from: input_file:org/valkyriercp/security/support/AuthorityConfigurableSecurityController.class */
public class AuthorityConfigurableSecurityController implements SecurityController {
    private AccessDecisionManager accessDecisionManager;
    private List<ConfigAttribute> configAttributeDefinition;
    private final Log logger = LogFactory.getLog(getClass());
    private List<WeakReference<Authorizable>> controlledObjects = new ArrayList();
    private Authentication lastAuthentication = null;
    private Map<String, List<ConfigAttribute>> idConfigAttributeDefinitionMap = Maps.newHashMap();

    protected void setLastAuthentication(Authentication authentication) {
        this.lastAuthentication = authentication;
    }

    public void setIdAuthorityMap(Map<String, String> map) {
        this.idConfigAttributeDefinitionMap = new HashMap(map.size());
        for (Map.Entry<String, String> entry : map.entrySet()) {
            this.idConfigAttributeDefinitionMap.put(entry.getKey(), SecurityConfig.createListFromCommaDelimitedString(entry.getValue()));
        }
    }

    protected Authentication getLastAuthentication() {
        return this.lastAuthentication;
    }

    @Override // org.valkyriercp.security.SecurityController
    public void addControlledObject(Authorizable authorizable) {
        addAndPrepareControlledObject(authorizable);
    }

    private void addAndPrepareControlledObject(Authorizable authorizable) {
        this.controlledObjects.add(new WeakReference<>(authorizable));
        updateControlledObject(authorizable, shouldAuthorize(getLastAuthentication(), authorizable));
    }

    protected void updateControlledObject(Authorizable authorizable, boolean z) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("setAuthorized( " + z + ") on: " + authorizable);
        }
        authorizable.setAuthorized(z);
    }

    protected boolean shouldAuthorize(Authentication authentication, Authorizable authorizable) {
        boolean z;
        Assert.state(getAccessDecisionManager() != null, "The AccessDecisionManager can not be null!");
        if (authentication != null) {
            try {
                List<ConfigAttribute> configAttributeDefinition = getConfigAttributeDefinition(authorizable);
                if (configAttributeDefinition != null) {
                    getAccessDecisionManager().decide(authentication, (Object) null, configAttributeDefinition);
                }
                z = true;
            } catch (AccessDeniedException unused) {
                z = false;
            }
        } else {
            z = true;
        }
        return z;
    }

    private List<ConfigAttribute> getConfigAttributeDefinition(Authorizable authorizable) {
        if (this.configAttributeDefinition != null) {
            return this.configAttributeDefinition;
        }
        if (authorizable instanceof Secured) {
            Secured secured = (Secured) authorizable;
            if (secured.getSecurityControllerId() != null) {
                List<ConfigAttribute> list = this.idConfigAttributeDefinitionMap.get(secured.getSecurityControllerId());
                if (list != null) {
                    return list;
                }
            }
            if (secured.getAuthorities() != null) {
                return SecurityConfig.createList(((AuthorityConfigurable) authorizable).getAuthorities());
            }
            return null;
        }
        if (!(authorizable instanceof FormModel)) {
            return null;
        }
        FormModel formModel = (FormModel) authorizable;
        if (formModel.getId() == null) {
            return null;
        }
        List<ConfigAttribute> list2 = this.idConfigAttributeDefinitionMap.get(String.valueOf(formModel.getId()) + ".edit");
        if (list2 != null) {
            return list2;
        }
        return null;
    }

    public void setConfigAttributeDefinition(List<ConfigAttribute> list) {
        this.configAttributeDefinition = list;
    }

    @Override // org.valkyriercp.security.SecurityController
    public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
        this.accessDecisionManager = accessDecisionManager;
    }

    @Override // org.valkyriercp.security.SecurityController
    public AccessDecisionManager getAccessDecisionManager() {
        return this.accessDecisionManager;
    }

    @Override // org.valkyriercp.security.SecurityController
    public Object removeControlledObject(Authorizable authorizable) {
        Authorizable authorizable2 = null;
        Iterator<WeakReference<Authorizable>> it = this.controlledObjects.iterator();
        while (it.hasNext()) {
            Authorizable authorizable3 = it.next().get();
            if (authorizable3 == null) {
                it.remove();
            } else if (authorizable3.equals(authorizable)) {
                authorizable2 = authorizable3;
                it.remove();
            }
        }
        return authorizable2;
    }

    @Override // org.valkyriercp.security.SecurityController
    public void setControlledObjects(List list) {
        this.controlledObjects = new ArrayList(list.size());
        for (Object obj : list) {
            if (!(obj instanceof Authorizable)) {
                throw new IllegalArgumentException("Controlled object must implement Authorizable, got " + obj.getClass());
            }
            addAndPrepareControlledObject((Authorizable) obj);
        }
    }

    @Override // org.valkyriercp.security.AuthenticationAware
    public void setAuthenticationToken(Authentication authentication) {
        setLastAuthentication(authentication);
        runAuthorization();
    }

    protected void runAuthorization() {
        Iterator<WeakReference<Authorizable>> it = this.controlledObjects.iterator();
        while (it.hasNext()) {
            Authorizable authorizable = it.next().get();
            if (authorizable == null) {
                it.remove();
            } else {
                updateControlledObject(authorizable, shouldAuthorize(getLastAuthentication(), authorizable));
            }
        }
    }
}
