package org.springframework.security.vote;

import java.lang.reflect.InvocationTargetException;
import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.Authentication;
import org.springframework.security.AuthorizationServiceException;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.acl.AclEntry;
import org.springframework.security.acl.AclManager;
import org.springframework.security.acl.basic.BasicAclEntry;
import org.springframework.security.acl.basic.SimpleAclEntry;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-core-2.0-M1.jar:org/springframework/security/vote/BasicAclEntryVoter.class */
public class BasicAclEntryVoter extends AbstractAclVoter implements InitializingBean {
    private static final Log logger;
    private AclManager aclManager;
    private String internalMethod;
    private String processConfigAttribute;
    private int[] requirePermission;
    static Class class$org$springframework$security$vote$BasicAclEntryVoter;

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.processConfigAttribute, "A processConfigAttribute is mandatory");
        Assert.notNull(this.aclManager, "An aclManager is mandatory");
        if (this.requirePermission == null || this.requirePermission.length == 0) {
            throw new IllegalArgumentException("One or more requirePermission entries is mandatory");
        }
    }

    public AclManager getAclManager() {
        return this.aclManager;
    }

    public String getInternalMethod() {
        return this.internalMethod;
    }

    public String getProcessConfigAttribute() {
        return this.processConfigAttribute;
    }

    public int[] getRequirePermission() {
        return this.requirePermission;
    }

    public void setAclManager(AclManager aclManager) {
        this.aclManager = aclManager;
    }

    public void setInternalMethod(String str) {
        this.internalMethod = str;
    }

    public void setProcessConfigAttribute(String str) {
        this.processConfigAttribute = str;
    }

    public void setRequirePermission(int[] iArr) {
        this.requirePermission = iArr;
    }

    public void setRequirePermissionFromString(String[] strArr) {
        setRequirePermission(SimpleAclEntry.parsePermissions(strArr));
    }

    @Override // org.springframework.security.vote.AbstractAclVoter, org.springframework.security.vote.AccessDecisionVoter
    public boolean supports(ConfigAttribute configAttribute) {
        return configAttribute.getAttribute() != null && configAttribute.getAttribute().equals(getProcessConfigAttribute());
    }

    @Override // org.springframework.security.vote.AbstractAclVoter, org.springframework.security.vote.AccessDecisionVoter
    public int vote(Authentication authentication, Object obj, ConfigAttributeDefinition configAttributeDefinition) {
        Iterator configAttributes = configAttributeDefinition.getConfigAttributes();
        while (configAttributes.hasNext()) {
            if (supports((ConfigAttribute) configAttributes.next())) {
                Object domainObjectInstance = getDomainObjectInstance(obj);
                if (domainObjectInstance == null) {
                    if (!logger.isDebugEnabled()) {
                        return 0;
                    }
                    logger.debug("Voting to abstain - domainObject is null");
                    return 0;
                }
                if (this.internalMethod != null && !"".equals(this.internalMethod)) {
                    try {
                        domainObjectInstance = domainObjectInstance.getClass().getMethod(this.internalMethod, new Class[0]).invoke(domainObjectInstance, new Object[0]);
                    } catch (IllegalAccessException e) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("IllegalAccessException", e);
                            if (e.getCause() != null) {
                                logger.debug(new StringBuffer().append("Cause: ").append(e.getCause().getMessage()).toString(), e.getCause());
                            }
                        }
                        throw new AuthorizationServiceException(new StringBuffer().append("Problem invoking internalMethod: ").append(this.internalMethod).append(" for object: ").append(domainObjectInstance).toString());
                    } catch (NoSuchMethodException e2) {
                        throw new AuthorizationServiceException(new StringBuffer().append("Object of class '").append(domainObjectInstance.getClass()).append("' does not provide the requested internalMethod: ").append(this.internalMethod).toString());
                    } catch (InvocationTargetException e3) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("InvocationTargetException", e3);
                            if (e3.getCause() != null) {
                                logger.debug(new StringBuffer().append("Cause: ").append(e3.getCause().getMessage()).toString(), e3.getCause());
                            }
                        }
                        throw new AuthorizationServiceException(new StringBuffer().append("Problem invoking internalMethod: ").append(this.internalMethod).append(" for object: ").append(domainObjectInstance).toString());
                    }
                }
                AclEntry[] acls = this.aclManager.getAcls(domainObjectInstance, authentication);
                if (acls == null || acls.length == 0) {
                    if (!logger.isDebugEnabled()) {
                        return -1;
                    }
                    logger.debug("Voting to deny access - no ACLs returned for this principal");
                    return -1;
                }
                for (int i = 0; i < acls.length; i++) {
                    if (acls[i] instanceof BasicAclEntry) {
                        BasicAclEntry basicAclEntry = (BasicAclEntry) acls[i];
                        for (int i2 = 0; i2 < this.requirePermission.length; i2++) {
                            if (basicAclEntry.isPermitted(this.requirePermission[i2])) {
                                if (!logger.isDebugEnabled()) {
                                    return 1;
                                }
                                logger.debug("Voting to grant access");
                                return 1;
                            }
                        }
                    }
                }
                if (!logger.isDebugEnabled()) {
                    return -1;
                }
                logger.debug("Voting to deny access - ACLs returned, but insufficient permissions for this principal");
                return -1;
            }
        }
        return 0;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$springframework$security$vote$BasicAclEntryVoter == null) {
            cls = class$("org.springframework.security.vote.BasicAclEntryVoter");
            class$org$springframework$security$vote$BasicAclEntryVoter = cls;
        } else {
            cls = class$org$springframework$security$vote$BasicAclEntryVoter;
        }
        logger = LogFactory.getLog(cls);
    }
}
