package com.atlassian.stash.security;

import com.atlassian.stash.internal.user.StashUserAuthenticationToken;
import com.google.common.base.Defaults;
import com.google.common.collect.Lists;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.ClassUtils;
import org.junit.Assert;
import org.junit.runners.model.MultipleFailureException;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.core.LocalVariableTableParameterNameDiscoverer;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.ReflectionUtils;

/* loaded from: input_file:com/atlassian/stash/security/AuthorizedAnnotationHelper.class */
public class AuthorizedAnnotationHelper {
    private final Class<?> serviceClass;

    public AuthorizedAnnotationHelper(Class<?> cls) {
        this.serviceClass = cls;
    }

    public void testAuthorizedMethods() throws Throwable {
        MultipleFailureException.assertEmpty(findBrokenAuthorizedMethods());
    }

    public List<Throwable> findBrokenAuthorizedMethods() throws Exception {
        SecurityContextHolder.getContext().setAuthentication(new StashUserAuthenticationToken.Builder().build());
        try {
            List<Throwable> validateAnnotations = validateAnnotations(this.serviceClass);
            SecurityContextHolder.getContext().setAuthentication((Authentication) null);
            return validateAnnotations;
        } catch (Throwable th) {
            SecurityContextHolder.getContext().setAuthentication((Authentication) null);
            throw th;
        }
    }

    private static Object[] mockArguments(Method method) {
        Class<?>[] parameterTypes = method.getParameterTypes();
        Object[] objArr = new Object[parameterTypes.length];
        for (int i = 0; i < parameterTypes.length; i++) {
            if (parameterTypes[i].isPrimitive()) {
                objArr[i] = Defaults.defaultValue(parameterTypes[i]);
            } else if (parameterTypes[i] == String.class) {
                objArr[i] = "";
            } else if (Modifier.isFinal(parameterTypes[i].getModifiers())) {
                objArr[i] = null;
            } else {
                objArr[i] = Mockito.mock(parameterTypes[i], Mockito.RETURNS_DEEP_STUBS);
            }
        }
        return objArr;
    }

    private static Object secureBean(final Class<?> cls, Object obj) {
        ClassPathXmlApplicationContext classPathXmlApplicationContext = new ClassPathXmlApplicationContext("classpath:/spring/security-test-context.xml");
        ((DefaultMethodSecurityExpressionHandler) classPathXmlApplicationContext.getBean(DefaultMethodSecurityExpressionHandler.class)).setParameterNameDiscoverer(new LocalVariableTableParameterNameDiscoverer() { // from class: com.atlassian.stash.security.AuthorizedAnnotationHelper.1
            public String[] getParameterNames(Method method) {
                return super.getParameterNames(ReflectionUtils.findMethod(cls, method.getName(), method.getParameterTypes()));
            }
        });
        return classPathXmlApplicationContext.getAutowireCapableBeanFactory().initializeBean(obj, cls.getName());
    }

    private static List<Throwable> validateAnnotations(Class<?> cls) throws Exception {
        PreAuthorize findAnnotation = AnnotationUtils.findAnnotation(cls, PreAuthorize.class);
        Object mock = Mockito.mock(cls);
        Object secureBean = secureBean(cls, mock);
        ArrayList newArrayList = Lists.newArrayList();
        Iterator it = ClassUtils.getAllInterfaces(cls).iterator();
        while (it.hasNext()) {
            for (Method method : ((Class) it.next()).getDeclaredMethods()) {
                Method findMethod = ReflectionUtils.findMethod(cls, method.getName(), method.getParameterTypes());
                try {
                    if (AnnotationUtils.findAnnotation(findMethod, PostAuthorize.class) != null) {
                        validatePostAuthorize(mock, secureBean, method, mockArguments(findMethod));
                    } else if (findAnnotation != null || AnnotationUtils.findAnnotation(findMethod, PreAuthorize.class) != null) {
                        validatePreAuthorize(secureBean, method, mockArguments(findMethod));
                    }
                } catch (AccessDeniedException e) {
                } catch (Throwable th) {
                    newArrayList.add(th);
                }
            }
        }
        return newArrayList;
    }

    private static void validatePreAuthorize(Object obj, Method method, Object[] objArr) {
        ReflectionUtils.invokeMethod(method, obj, objArr);
        Assert.fail("PreAuthorize has failed: " + method);
    }

    private static void validatePostAuthorize(Object obj, Object obj2, Method method, Object[] objArr) throws Exception {
        method.invoke(Mockito.doAnswer(new Answer() { // from class: com.atlassian.stash.security.AuthorizedAnnotationHelper.2
            public Object answer(InvocationOnMock invocationOnMock) throws Throwable {
                return Mockito.mock(invocationOnMock.getMethod().getReturnType(), Mockito.RETURNS_DEEP_STUBS);
            }
        }).when(obj), objArr);
        ReflectionUtils.invokeMethod(method, obj2, objArr);
        Assert.fail("PostAuthorize has failed: " + method);
    }
}
