package org.openvpms.component.business.service.security;

import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.StringTokenizer;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.lang.StringUtils;
import org.openvpms.component.business.domain.archetype.ArchetypeId;
import org.openvpms.component.business.domain.im.security.ArchetypeAwareGrantedAuthority;
import org.openvpms.component.business.service.archetype.IArchetypeService;
import org.openvpms.component.model.object.IMObject;
import org.openvpms.component.model.object.Reference;
import org.openvpms.component.system.common.util.StringUtilities;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:org/openvpms/component/business/service/security/ArchetypeAccessDecisionManager.class */
public class ArchetypeAccessDecisionManager implements AccessDecisionManager {
    private static final String ARCHETYPE_PREFIX = "archetypeService";
    private static final Logger log = LoggerFactory.getLogger(ArchetypeAccessDecisionManager.class);

    public void decide(Authentication authentication, Object obj, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
        boolean z = false;
        String[] archetypes = getArchetypes((MethodInvocation) obj);
        for (ConfigAttribute configAttribute : collection) {
            if (!supports(configAttribute)) {
                throw new AccessDeniedException("Unsupported attribute: " + configAttribute);
            }
            StringTokenizer stringTokenizer = new StringTokenizer(configAttribute.getAttribute(), ".");
            String nextToken = stringTokenizer.hasMoreTokens() ? stringTokenizer.nextToken() : null;
            String nextToken2 = stringTokenizer.hasMoreTokens() ? stringTokenizer.nextToken() : null;
            if (nextToken == null || nextToken2 == null) {
                throw new AccessDeniedException("Unsupported attribute: " + configAttribute);
            }
            check(archetypes, authentication, nextToken, nextToken2);
            z = true;
        }
        if (!z) {
            throw new AccessDeniedException("Access is denied");
        }
    }

    public boolean supports(ConfigAttribute configAttribute) {
        String attribute = configAttribute.getAttribute();
        return attribute != null && attribute.startsWith(ARCHETYPE_PREFIX);
    }

    public boolean supports(Class<?> cls) {
        return cls == MethodInvocation.class;
    }

    private void check(String[] strArr, Authentication authentication, String str, String str2) {
        for (String str3 : strArr) {
            boolean z = false;
            Iterator it = authentication.getAuthorities().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                GrantedAuthority grantedAuthority = (GrantedAuthority) it.next();
                if ((grantedAuthority instanceof ArchetypeAwareGrantedAuthority) && isAccessGranted((ArchetypeAwareGrantedAuthority) grantedAuthority, str3, str, str2)) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                if (log.isWarnEnabled()) {
                    log.warn("Access denied to principal=" + authentication.getPrincipal() + ", operation=" + str2 + ", archetype=" + str3);
                }
                throw new ArchetypeAccessDeniedException(str3, str2);
            }
        }
    }

    private boolean isAccessGranted(ArchetypeAwareGrantedAuthority archetypeAwareGrantedAuthority, String str, String str2, String str3) {
        if (!str2.equals(archetypeAwareGrantedAuthority.getServiceName())) {
            return false;
        }
        String method = archetypeAwareGrantedAuthority.getMethod();
        String shortName = archetypeAwareGrantedAuthority.getShortName();
        return !StringUtils.isEmpty(method) && !StringUtils.isEmpty(shortName) && StringUtilities.matches(str3, method) && StringUtilities.matches(str, shortName);
    }

    private String[] getArchetypes(MethodInvocation methodInvocation) {
        String[] strArr = new String[0];
        if (methodInvocation != null) {
            String name = methodInvocation.getMethod().getName();
            if (methodInvocation.getMethod().getDeclaringClass().equals(IArchetypeService.class)) {
                Object obj = methodInvocation.getArguments()[0];
                boolean z = -1;
                switch (name.hashCode()) {
                    case -1352294148:
                        if (name.equals("create")) {
                            z = false;
                            break;
                        }
                        break;
                    case -934610812:
                        if (name.equals("remove")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 3522941:
                        if (name.equals("save")) {
                            z = true;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        if (!(obj instanceof String)) {
                            strArr = new String[]{((ArchetypeId) obj).getShortName()};
                            break;
                        } else {
                            strArr = new String[]{(String) obj};
                            break;
                        }
                    case true:
                        if (!(obj instanceof IMObject)) {
                            Collection collection = (Collection) obj;
                            HashSet hashSet = new HashSet();
                            Iterator it = collection.iterator();
                            while (it.hasNext()) {
                                hashSet.add(((IMObject) it.next()).getArchetype());
                            }
                            strArr = (String[]) hashSet.toArray(new String[0]);
                            break;
                        } else {
                            strArr = new String[]{((IMObject) obj).getArchetype()};
                            break;
                        }
                    case true:
                        if (!(obj instanceof IMObject)) {
                            strArr = new String[]{((Reference) obj).getArchetype()};
                            break;
                        } else {
                            strArr = new String[]{((IMObject) obj).getArchetype()};
                            break;
                        }
                }
            }
        }
        return strArr;
    }
}
