package org.springframework.security.acls;

import java.lang.reflect.InvocationTargetException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.access.AuthorizationServiceException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.vote.AbstractAclVoter;
import org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl;
import org.springframework.security.acls.domain.SidRetrievalStrategyImpl;
import org.springframework.security.acls.model.AclService;
import org.springframework.security.acls.model.NotFoundException;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.acls.model.Sid;
import org.springframework.security.acls.model.SidRetrievalStrategy;
import org.springframework.security.core.Authentication;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:lib/spring-security-acl-3.2.7.RELEASE.jar:org/springframework/security/acls/AclEntryVoter.class */
public class AclEntryVoter extends AbstractAclVoter {
    private static final Log logger = LogFactory.getLog(AclEntryVoter.class);
    private AclService aclService;
    private ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
    private SidRetrievalStrategy sidRetrievalStrategy = new SidRetrievalStrategyImpl();
    private String internalMethod;
    private String processConfigAttribute;
    private List<Permission> requirePermission;

    public AclEntryVoter(AclService aclService, String str, Permission[] permissionArr) {
        Assert.notNull(str, "A processConfigAttribute is mandatory");
        Assert.notNull(aclService, "An AclService is mandatory");
        if (permissionArr == null || permissionArr.length == 0) {
            throw new IllegalArgumentException("One or more requirePermission entries is mandatory");
        }
        this.aclService = aclService;
        this.processConfigAttribute = str;
        this.requirePermission = Arrays.asList(permissionArr);
    }

    protected String getInternalMethod() {
        return this.internalMethod;
    }

    public void setInternalMethod(String str) {
        this.internalMethod = str;
    }

    protected String getProcessConfigAttribute() {
        return this.processConfigAttribute;
    }

    public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
        Assert.notNull(objectIdentityRetrievalStrategy, "ObjectIdentityRetrievalStrategy required");
        this.objectIdentityRetrievalStrategy = objectIdentityRetrievalStrategy;
    }

    public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy) {
        Assert.notNull(sidRetrievalStrategy, "SidRetrievalStrategy required");
        this.sidRetrievalStrategy = sidRetrievalStrategy;
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public boolean supports(ConfigAttribute configAttribute) {
        return configAttribute.getAttribute() != null && configAttribute.getAttribute().equals(getProcessConfigAttribute());
    }

    /* renamed from: vote, reason: avoid collision after fix types in other method */
    public int vote2(Authentication authentication, MethodInvocation methodInvocation, Collection<ConfigAttribute> collection) {
        Iterator<ConfigAttribute> it = collection.iterator();
        while (it.hasNext()) {
            if (supports(it.next())) {
                Object domainObjectInstance = getDomainObjectInstance(methodInvocation);
                if (domainObjectInstance == null) {
                    if (!logger.isDebugEnabled()) {
                        return 0;
                    }
                    logger.debug("Voting to abstain - domainObject is null");
                    return 0;
                }
                if (StringUtils.hasText(this.internalMethod)) {
                    try {
                        domainObjectInstance = domainObjectInstance.getClass().getMethod(this.internalMethod, new Class[0]).invoke(domainObjectInstance, new Object[0]);
                    } catch (IllegalAccessException e) {
                        logger.debug("IllegalAccessException", e);
                        throw new AuthorizationServiceException("Problem invoking internalMethod: " + this.internalMethod + " for object: " + domainObjectInstance);
                    } catch (NoSuchMethodException e2) {
                        throw new AuthorizationServiceException("Object of class '" + domainObjectInstance.getClass() + "' does not provide the requested internalMethod: " + this.internalMethod);
                    } catch (InvocationTargetException e3) {
                        logger.debug("InvocationTargetException", e3);
                        throw new AuthorizationServiceException("Problem invoking internalMethod: " + this.internalMethod + " for object: " + domainObjectInstance);
                    }
                }
                ObjectIdentity objectIdentity = this.objectIdentityRetrievalStrategy.getObjectIdentity(domainObjectInstance);
                List<Sid> sids = this.sidRetrievalStrategy.getSids(authentication);
                try {
                    try {
                        if (this.aclService.readAclById(objectIdentity, sids).isGranted(this.requirePermission, sids, false)) {
                            if (!logger.isDebugEnabled()) {
                                return 1;
                            }
                            logger.debug("Voting to grant access");
                            return 1;
                        }
                        if (!logger.isDebugEnabled()) {
                            return -1;
                        }
                        logger.debug("Voting to deny access - ACLs returned, but insufficient permissions for this principal");
                        return -1;
                    } catch (NotFoundException e4) {
                        if (!logger.isDebugEnabled()) {
                            return -1;
                        }
                        logger.debug("Voting to deny access - no ACLs apply for this principal");
                        return -1;
                    }
                } catch (NotFoundException e5) {
                    if (!logger.isDebugEnabled()) {
                        return -1;
                    }
                    logger.debug("Voting to deny access - no ACLs apply for this principal");
                    return -1;
                }
            }
        }
        return 0;
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public /* bridge */ /* synthetic */ int vote(Authentication authentication, MethodInvocation methodInvocation, Collection collection) {
        return vote2(authentication, methodInvocation, (Collection<ConfigAttribute>) collection);
    }
}
