package org.acegisecurity.afterinvocation;

import java.util.Collection;
import java.util.Iterator;
import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthorizationServiceException;
import org.acegisecurity.ConfigAttribute;
import org.acegisecurity.ConfigAttributeDefinition;
import org.acegisecurity.acl.AclEntry;
import org.acegisecurity.acl.AclManager;
import org.acegisecurity.acl.basic.BasicAclEntry;
import org.acegisecurity.acl.basic.SimpleAclEntry;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/lib/acegi-security-1.0.7.jar:org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProvider.class */
public class BasicAclEntryAfterInvocationCollectionFilteringProvider implements AfterInvocationProvider, InitializingBean {
    protected static final Log logger;
    private AclManager aclManager;
    private Class processDomainObjectClass;
    private String processConfigAttribute;
    private int[] requirePermission;
    static Class class$org$acegisecurity$afterinvocation$BasicAclEntryAfterInvocationCollectionFilteringProvider;
    static Class class$java$lang$Object;

    public BasicAclEntryAfterInvocationCollectionFilteringProvider() {
        Class cls;
        if (class$java$lang$Object == null) {
            cls = class$("java.lang.Object");
            class$java$lang$Object = cls;
        } else {
            cls = class$java$lang$Object;
        }
        this.processDomainObjectClass = cls;
        this.processConfigAttribute = "AFTER_ACL_COLLECTION_READ";
        this.requirePermission = new int[]{SimpleAclEntry.READ};
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.processConfigAttribute, "A processConfigAttribute is mandatory");
        Assert.notNull(this.aclManager, "An aclManager is mandatory");
        if (this.requirePermission == null || this.requirePermission.length == 0) {
            throw new IllegalArgumentException("One or more requirePermission entries is mandatory");
        }
    }

    @Override // org.acegisecurity.afterinvocation.AfterInvocationProvider
    public Object decide(Authentication authentication, Object obj, ConfigAttributeDefinition configAttributeDefinition, Object obj2) throws AccessDeniedException {
        Filterer arrayFilterer;
        Iterator configAttributes = configAttributeDefinition.getConfigAttributes();
        while (configAttributes.hasNext()) {
            if (supports((ConfigAttribute) configAttributes.next())) {
                if (obj2 == null) {
                    if (!logger.isDebugEnabled()) {
                        return null;
                    }
                    logger.debug("Return object is null, skipping");
                    return null;
                }
                if (obj2 instanceof Collection) {
                    arrayFilterer = new CollectionFilterer((Collection) obj2);
                } else {
                    if (!obj2.getClass().isArray()) {
                        throw new AuthorizationServiceException(new StringBuffer().append("A Collection or an array (or null) was required as the returnedObject, but the returnedObject was: ").append(obj2).toString());
                    }
                    arrayFilterer = new ArrayFilterer((Object[]) obj2);
                }
                for (Object obj3 : arrayFilterer) {
                    boolean z = false;
                    if (obj3 != null && this.processDomainObjectClass.isAssignableFrom(obj3.getClass())) {
                        AclEntry[] acls = this.aclManager.getAcls(obj3, authentication);
                        if (acls != null && acls.length != 0) {
                            for (int i = 0; i < acls.length; i++) {
                                if (acls[i] instanceof BasicAclEntry) {
                                    BasicAclEntry basicAclEntry = (BasicAclEntry) acls[i];
                                    for (int i2 = 0; i2 < this.requirePermission.length; i2++) {
                                        if (basicAclEntry.isPermitted(this.requirePermission[i2])) {
                                            z = true;
                                            if (logger.isDebugEnabled()) {
                                                logger.debug(new StringBuffer().append("Principal is authorised for element: ").append(obj3).append(" due to ACL: ").append(basicAclEntry.toString()).toString());
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        if (!z) {
                            arrayFilterer.remove(obj3);
                            if (logger.isDebugEnabled()) {
                                logger.debug(new StringBuffer().append("Principal is NOT authorised for element: ").append(obj3).toString());
                            }
                        }
                    }
                }
                return arrayFilterer.getFilteredObject();
            }
        }
        return obj2;
    }

    public AclManager getAclManager() {
        return this.aclManager;
    }

    public String getProcessConfigAttribute() {
        return this.processConfigAttribute;
    }

    public int[] getRequirePermission() {
        return this.requirePermission;
    }

    public void setAclManager(AclManager aclManager) {
        this.aclManager = aclManager;
    }

    public void setProcessConfigAttribute(String str) {
        this.processConfigAttribute = str;
    }

    public void setProcessDomainObjectClass(Class cls) {
        Assert.notNull(cls, "processDomainObjectClass cannot be set to null");
        this.processDomainObjectClass = cls;
    }

    public void setRequirePermission(int[] iArr) {
        this.requirePermission = iArr;
    }

    public void setRequirePermissionFromString(String[] strArr) {
        setRequirePermission(SimpleAclEntry.parsePermissions(strArr));
    }

    @Override // org.acegisecurity.afterinvocation.AfterInvocationProvider
    public boolean supports(ConfigAttribute configAttribute) {
        return configAttribute.getAttribute() != null && configAttribute.getAttribute().equals(getProcessConfigAttribute());
    }

    @Override // org.acegisecurity.afterinvocation.AfterInvocationProvider
    public boolean supports(Class cls) {
        return true;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$acegisecurity$afterinvocation$BasicAclEntryAfterInvocationCollectionFilteringProvider == null) {
            cls = class$("org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider");
            class$org$acegisecurity$afterinvocation$BasicAclEntryAfterInvocationCollectionFilteringProvider = cls;
        } else {
            cls = class$org$acegisecurity$afterinvocation$BasicAclEntryAfterInvocationCollectionFilteringProvider;
        }
        logger = LogFactory.getLog(cls);
    }
}
