package org.springframework.statemachine.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import org.springframework.expression.ExpressionParser;
import org.springframework.expression.spel.SpelCompilerMode;
import org.springframework.expression.spel.SpelParserConfiguration;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.messaging.Message;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.vote.AbstractAccessDecisionManager;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.ConsensusBased;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.access.vote.UnanimousBased;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.statemachine.StateContext;
import org.springframework.statemachine.StateMachine;
import org.springframework.statemachine.security.SecurityRule;
import org.springframework.statemachine.support.StateMachineInterceptorAdapter;
import org.springframework.statemachine.transition.Transition;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-statemachine-core-1.1.0.RELEASE.jar:org/springframework/statemachine/security/StateMachineSecurityInterceptor.class */
public class StateMachineSecurityInterceptor<S, E> extends StateMachineInterceptorAdapter<S, E> {
    private AccessDecisionManager transitionAccessDecisionManager;
    private AccessDecisionManager eventAccessDecisionManager;
    private final ExpressionParser expressionParser;
    private SecurityRule eventSecurityRule;

    public StateMachineSecurityInterceptor() {
        this(null, null);
    }

    public StateMachineSecurityInterceptor(AccessDecisionManager accessDecisionManager, AccessDecisionManager accessDecisionManager2) {
        this(accessDecisionManager, accessDecisionManager2, null);
    }

    public StateMachineSecurityInterceptor(AccessDecisionManager accessDecisionManager, AccessDecisionManager accessDecisionManager2, SecurityRule securityRule) {
        this.expressionParser = new SpelExpressionParser(new SpelParserConfiguration(SpelCompilerMode.OFF, (ClassLoader) null));
        this.transitionAccessDecisionManager = accessDecisionManager;
        this.eventAccessDecisionManager = accessDecisionManager2;
        this.eventSecurityRule = securityRule;
    }

    @Override // org.springframework.statemachine.support.StateMachineInterceptorAdapter, org.springframework.statemachine.support.StateMachineInterceptor
    public Message<E> preEvent(Message<E> message, StateMachine<S, E> stateMachine) {
        if (this.eventSecurityRule != null) {
            decide(this.eventSecurityRule, message);
        }
        return super.preEvent(message, stateMachine);
    }

    @Override // org.springframework.statemachine.support.StateMachineInterceptorAdapter, org.springframework.statemachine.support.StateMachineInterceptor
    public StateContext<S, E> preTransition(StateContext<S, E> stateContext) {
        Transition<S, E> transition = stateContext.getTransition();
        SecurityRule securityRule = transition.getSecurityRule();
        if (securityRule != null) {
            decide(securityRule, transition);
        }
        return super.preTransition(stateContext);
    }

    public void setEventAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
        this.eventAccessDecisionManager = accessDecisionManager;
    }

    public void setTransitionAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
        this.transitionAccessDecisionManager = accessDecisionManager;
    }

    public void setEventSecurityRule(SecurityRule securityRule) {
        this.eventSecurityRule = securityRule;
    }

    private void decide(SecurityRule securityRule, Message<E> message) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Collection<ConfigAttribute> eentConfigAttributes = getEentConfigAttributes(securityRule);
        if (this.eventAccessDecisionManager != null) {
            decide(this.eventAccessDecisionManager, authentication, message, eentConfigAttributes);
        } else {
            decide((AccessDecisionManager) createDefaultEventManager(securityRule), authentication, (Message) message, eentConfigAttributes);
        }
    }

    private void decide(SecurityRule securityRule, Transition<S, E> transition) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Collection<ConfigAttribute> transitionConfigAttributes = getTransitionConfigAttributes(securityRule);
        if (this.transitionAccessDecisionManager != null) {
            decide(this.transitionAccessDecisionManager, authentication, transition, transitionConfigAttributes);
        } else {
            decide((AccessDecisionManager) createDefaultTransitionManager(securityRule), authentication, (Transition) transition, transitionConfigAttributes);
        }
    }

    private Collection<ConfigAttribute> getTransitionConfigAttributes(SecurityRule securityRule) {
        ArrayList arrayList = new ArrayList();
        if (securityRule.getAttributes() != null) {
            Iterator<String> it = securityRule.getAttributes().iterator();
            while (it.hasNext()) {
                arrayList.add(new SecurityConfig(it.next()));
            }
        }
        if (StringUtils.hasText(securityRule.getExpression())) {
            arrayList.add(new TransitionExpressionConfigAttribute(this.expressionParser.parseExpression(securityRule.getExpression())));
        }
        return arrayList;
    }

    private Collection<ConfigAttribute> getEentConfigAttributes(SecurityRule securityRule) {
        ArrayList arrayList = new ArrayList();
        if (securityRule.getAttributes() != null) {
            Iterator<String> it = securityRule.getAttributes().iterator();
            while (it.hasNext()) {
                arrayList.add(new SecurityConfig(it.next()));
            }
        }
        if (StringUtils.hasText(securityRule.getExpression())) {
            arrayList.add(new EventExpressionConfigAttribute(this.expressionParser.parseExpression(securityRule.getExpression())));
        }
        return arrayList;
    }

    private void decide(AccessDecisionManager accessDecisionManager, Authentication authentication, Transition<S, E> transition, Collection<ConfigAttribute> collection) {
        if (accessDecisionManager.supports(transition.getClass())) {
            accessDecisionManager.decide(authentication, transition, collection);
        }
    }

    private void decide(AccessDecisionManager accessDecisionManager, Authentication authentication, Message<E> message, Collection<ConfigAttribute> collection) {
        if (accessDecisionManager.supports(message.getClass())) {
            accessDecisionManager.decide(authentication, message, collection);
        }
    }

    private AbstractAccessDecisionManager createDefaultTransitionManager(SecurityRule securityRule) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new TransitionExpressionVoter());
        arrayList.add(new TransitionVoter());
        arrayList.add(new RoleVoter());
        if (securityRule.getComparisonType() == SecurityRule.ComparisonType.ANY) {
            return new AffirmativeBased(arrayList);
        }
        if (securityRule.getComparisonType() == SecurityRule.ComparisonType.ALL) {
            return new UnanimousBased(arrayList);
        }
        if (securityRule.getComparisonType() == SecurityRule.ComparisonType.MAJORITY) {
            return new ConsensusBased(arrayList);
        }
        throw new IllegalStateException("Unknown SecurityRule match type: " + securityRule.getComparisonType());
    }

    private AbstractAccessDecisionManager createDefaultEventManager(SecurityRule securityRule) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new EventExpressionVoter());
        arrayList.add(new EventVoter());
        arrayList.add(new RoleVoter());
        if (securityRule.getComparisonType() == SecurityRule.ComparisonType.ANY) {
            return new AffirmativeBased(arrayList);
        }
        if (securityRule.getComparisonType() == SecurityRule.ComparisonType.ALL) {
            return new UnanimousBased(arrayList);
        }
        if (securityRule.getComparisonType() == SecurityRule.ComparisonType.MAJORITY) {
            return new ConsensusBased(arrayList);
        }
        throw new IllegalStateException("Unknown SecurityRule match type: " + securityRule.getComparisonType());
    }

    public String toString() {
        return "StateMachineSecurityInterceptor [transitionAccessDecisionManager=" + this.transitionAccessDecisionManager + ", eventAccessDecisionManager=" + this.eventAccessDecisionManager + ", eventSecurityRule=" + this.eventSecurityRule + "]";
    }
}
