package org.springframework.security.authorization.method;

import java.lang.reflect.Method;
import java.util.function.Supplier;
import org.aopalliance.aop.Advice;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.springframework.aop.Pointcut;
import org.springframework.aop.PointcutAdvisor;
import org.springframework.aop.framework.AopInfrastructureBean;
import org.springframework.aop.support.AopUtils;
import org.springframework.core.Ordered;
import org.springframework.lang.NonNull;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-core-5.7.4.jar:org/springframework/security/authorization/method/PostFilterAuthorizationMethodInterceptor.class */
public final class PostFilterAuthorizationMethodInterceptor implements Ordered, MethodInterceptor, PointcutAdvisor, AopInfrastructureBean {
    private static final Supplier<Authentication> AUTHENTICATION_SUPPLIER = () -> {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            throw new AuthenticationCredentialsNotFoundException("An Authentication object was not found in the SecurityContext");
        }
        return authentication;
    };
    private final PostFilterExpressionAttributeRegistry registry = new PostFilterExpressionAttributeRegistry();
    private int order = AuthorizationInterceptorsOrder.POST_FILTER.getOrder();
    private MethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
    private final Pointcut pointcut = AuthorizationMethodPointcuts.forAnnotations(PostFilter.class);

    /* loaded from: input_file:WEB-INF/lib/spring-security-core-5.7.4.jar:org/springframework/security/authorization/method/PostFilterAuthorizationMethodInterceptor$PostFilterExpressionAttributeRegistry.class */
    private final class PostFilterExpressionAttributeRegistry extends AbstractExpressionAttributeRegistry<ExpressionAttribute> {
        private PostFilterExpressionAttributeRegistry() {
        }

        @Override // org.springframework.security.authorization.method.AbstractExpressionAttributeRegistry
        @NonNull
        ExpressionAttribute resolveAttribute(Method method, Class<?> cls) {
            PostFilter findPostFilterAnnotation = findPostFilterAnnotation(AopUtils.getMostSpecificMethod(method, cls));
            return findPostFilterAnnotation == null ? ExpressionAttribute.NULL_ATTRIBUTE : new ExpressionAttribute(PostFilterAuthorizationMethodInterceptor.this.expressionHandler.getExpressionParser().parseExpression(findPostFilterAnnotation.value()));
        }

        private PostFilter findPostFilterAnnotation(Method method) {
            PostFilter postFilter = (PostFilter) AuthorizationAnnotationUtils.findUniqueAnnotation(method, PostFilter.class);
            return postFilter != null ? postFilter : (PostFilter) AuthorizationAnnotationUtils.findUniqueAnnotation(method.getDeclaringClass(), PostFilter.class);
        }
    }

    public void setExpressionHandler(MethodSecurityExpressionHandler methodSecurityExpressionHandler) {
        Assert.notNull(methodSecurityExpressionHandler, "expressionHandler cannot be null");
        this.expressionHandler = methodSecurityExpressionHandler;
    }

    @Override // org.springframework.core.Ordered
    public int getOrder() {
        return this.order;
    }

    public void setOrder(int i) {
        this.order = i;
    }

    @Override // org.springframework.aop.PointcutAdvisor
    public Pointcut getPointcut() {
        return this.pointcut;
    }

    @Override // org.springframework.aop.Advisor
    public Advice getAdvice() {
        return this;
    }

    @Override // org.springframework.aop.Advisor
    public boolean isPerInstance() {
        return true;
    }

    @Override // org.aopalliance.intercept.MethodInterceptor
    public Object invoke(MethodInvocation methodInvocation) throws Throwable {
        Object proceed = methodInvocation.proceed();
        ExpressionAttribute attribute = this.registry.getAttribute(methodInvocation);
        if (attribute == ExpressionAttribute.NULL_ATTRIBUTE) {
            return proceed;
        }
        return this.expressionHandler.filter(proceed, attribute.getExpression(), this.expressionHandler.createEvaluationContext(AUTHENTICATION_SUPPLIER.get(), methodInvocation));
    }
}
