package org.springframework.security.authorization;

import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.function.Supplier;
import org.springframework.security.access.hierarchicalroles.NullRoleHierarchy;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/authorization/AuthorityAuthorizationManager.class */
public final class AuthorityAuthorizationManager<T> implements AuthorizationManager<T> {
    private static final String ROLE_PREFIX = "ROLE_";
    private final List<GrantedAuthority> authorities;
    private RoleHierarchy roleHierarchy = new NullRoleHierarchy();

    private AuthorityAuthorizationManager(String... strArr) {
        this.authorities = AuthorityUtils.createAuthorityList(strArr);
    }

    public void setRoleHierarchy(RoleHierarchy roleHierarchy) {
        Assert.notNull(roleHierarchy, "roleHierarchy cannot be null");
        this.roleHierarchy = roleHierarchy;
    }

    public static <T> AuthorityAuthorizationManager<T> hasRole(String str) {
        Assert.notNull(str, "role cannot be null");
        return hasAuthority(ROLE_PREFIX + str);
    }

    public static <T> AuthorityAuthorizationManager<T> hasAuthority(String str) {
        Assert.notNull(str, "authority cannot be null");
        return new AuthorityAuthorizationManager<>(str);
    }

    public static <T> AuthorityAuthorizationManager<T> hasAnyRole(String... strArr) {
        return hasAnyRole(ROLE_PREFIX, strArr);
    }

    public static <T> AuthorityAuthorizationManager<T> hasAnyRole(String str, String[] strArr) {
        Assert.notNull(str, "rolePrefix cannot be null");
        Assert.notEmpty(strArr, "roles cannot be empty");
        Assert.noNullElements(strArr, "roles cannot contain null values");
        return hasAnyAuthority(toNamedRolesArray(str, strArr));
    }

    public static <T> AuthorityAuthorizationManager<T> hasAnyAuthority(String... strArr) {
        Assert.notEmpty(strArr, "authorities cannot be empty");
        Assert.noNullElements(strArr, "authorities cannot contain null values");
        return new AuthorityAuthorizationManager<>(strArr);
    }

    private static String[] toNamedRolesArray(String str, String[] strArr) {
        String[] strArr2 = new String[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            strArr2[i] = str + strArr[i];
        }
        return strArr2;
    }

    @Override // org.springframework.security.authorization.AuthorizationManager
    public AuthorizationDecision check(Supplier<Authentication> supplier, T t) {
        return new AuthorityAuthorizationDecision(isGranted(supplier.get()), this.authorities);
    }

    private boolean isGranted(Authentication authentication) {
        return authentication != null && authentication.isAuthenticated() && isAuthorized(authentication);
    }

    private boolean isAuthorized(Authentication authentication) {
        Set<String> authorityListToSet = AuthorityUtils.authorityListToSet(this.authorities);
        Iterator<? extends GrantedAuthority> it = getGrantedAuthorities(authentication).iterator();
        while (it.hasNext()) {
            if (authorityListToSet.contains(it.next().getAuthority())) {
                return true;
            }
        }
        return false;
    }

    private Collection<? extends GrantedAuthority> getGrantedAuthorities(Authentication authentication) {
        return this.roleHierarchy.getReachableGrantedAuthorities(authentication.getAuthorities());
    }

    public String toString() {
        return "AuthorityAuthorizationManager[authorities=" + this.authorities + "]";
    }
}
