package org.openvpms.component.business.service.security;

import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.StringTokenizer;
import org.acegisecurity.Authentication;
import org.acegisecurity.ConfigAttribute;
import org.acegisecurity.ConfigAttributeDefinition;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.vote.AccessDecisionVoter;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.openvpms.component.business.domain.archetype.ArchetypeId;
import org.openvpms.component.business.domain.im.common.IMObject;
import org.openvpms.component.business.domain.im.security.ArchetypeAwareGrantedAuthority;
import org.openvpms.component.business.service.archetype.IArchetypeService;
import org.openvpms.component.system.common.util.StringUtilities;
import org.springframework.aop.framework.ReflectiveMethodInvocation;

/* loaded from: input_file:org/openvpms/component/business/service/security/ArchetypeAwareVoter.class */
public class ArchetypeAwareVoter implements AccessDecisionVoter {
    private static final String archetypePrefix = "archetypeService";
    private static final Log log = LogFactory.getLog(ArchetypeAwareVoter.class);

    public boolean supports(ConfigAttribute configAttribute) {
        String attribute = configAttribute.getAttribute();
        return attribute != null && attribute.startsWith(archetypePrefix);
    }

    public boolean supports(Class cls) {
        return cls == MethodInvocation.class;
    }

    public int vote(Authentication authentication, Object obj, ConfigAttributeDefinition configAttributeDefinition) {
        int i = 0;
        if (obj instanceof ReflectiveMethodInvocation) {
            String[] archetypeShortNames = getArchetypeShortNames((ReflectiveMethodInvocation) obj);
            Iterator configAttributes = configAttributeDefinition.getConfigAttributes();
            while (configAttributes.hasNext()) {
                ConfigAttribute configAttribute = (ConfigAttribute) configAttributes.next();
                if (supports(configAttribute)) {
                    i = isAccessGranted(archetypeShortNames, authentication, configAttribute);
                }
            }
        }
        return i;
    }

    private int isAccessGranted(String[] strArr, Authentication authentication, ConfigAttribute configAttribute) {
        boolean z = false;
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            String str = strArr[i];
            z = false;
            GrantedAuthority[] authorities = authentication.getAuthorities();
            int length2 = authorities.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length2) {
                    break;
                }
                if (isAccessGranted((ArchetypeAwareGrantedAuthority) authorities[i2], configAttribute, str)) {
                    z = true;
                    break;
                }
                i2++;
            }
            if (z) {
                i++;
            } else if (log.isWarnEnabled()) {
                log.warn("Access denied to principal=" + authentication.getPrincipal() + ", operation=" + configAttribute.getAttribute() + ", archetype=" + str);
            }
        }
        return z ? 1 : -1;
    }

    private boolean isAccessGranted(ArchetypeAwareGrantedAuthority archetypeAwareGrantedAuthority, ConfigAttribute configAttribute, String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(configAttribute.getAttribute(), ".");
        if (!stringTokenizer.nextToken().equals(archetypeAwareGrantedAuthority.getServiceName())) {
            return false;
        }
        String nextToken = stringTokenizer.nextToken();
        String method = archetypeAwareGrantedAuthority.getMethod();
        String archetypeShortName = archetypeAwareGrantedAuthority.getArchetypeShortName();
        return !StringUtils.isEmpty(method) && !StringUtils.isEmpty(archetypeShortName) && StringUtilities.matches(nextToken, method) && StringUtilities.matches(str, archetypeShortName);
    }

    private String[] getArchetypeShortNames(MethodInvocation methodInvocation) {
        String[] strArr = new String[0];
        if (methodInvocation != null) {
            String name = methodInvocation.getMethod().getName();
            if (methodInvocation.getMethod().getDeclaringClass().getName().equals(IArchetypeService.class.getName())) {
                Object obj = methodInvocation.getArguments()[0];
                if (name.equals("create")) {
                    strArr = obj instanceof String ? new String[]{(String) obj} : new String[]{((ArchetypeId) obj).getShortName()};
                } else if (name.equals("save")) {
                    if (obj instanceof IMObject) {
                        strArr = new String[]{((IMObject) obj).getArchetypeId().getShortName()};
                    } else {
                        Collection collection = (Collection) obj;
                        HashSet hashSet = new HashSet();
                        Iterator it = collection.iterator();
                        while (it.hasNext()) {
                            hashSet.add(((IMObject) it.next()).getArchetypeId().getShortName());
                        }
                        strArr = (String[]) hashSet.toArray(new String[hashSet.size()]);
                    }
                } else if (name.equals("remove")) {
                    strArr = new String[]{((IMObject) obj).getArchetypeId().getShortName()};
                }
            }
        }
        return strArr;
    }
}
