package org.springframework.security.acls;

import java.io.Serializable;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.acls.domain.DefaultPermissionFactory;
import org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl;
import org.springframework.security.acls.domain.PermissionFactory;
import org.springframework.security.acls.domain.SidRetrievalStrategyImpl;
import org.springframework.security.acls.model.AclService;
import org.springframework.security.acls.model.NotFoundException;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.security.acls.model.ObjectIdentityGenerator;
import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.acls.model.Sid;
import org.springframework.security.acls.model.SidRetrievalStrategy;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:spg-admin-ui-war-2.1.24.war:WEB-INF/lib/spring-security-acl-3.1.1.RELEASE.jar:org/springframework/security/acls/AclPermissionEvaluator.class */
public class AclPermissionEvaluator implements PermissionEvaluator {
    private final AclService aclService;
    private final Log logger = LogFactory.getLog(getClass());
    private ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
    private ObjectIdentityGenerator objectIdentityGenerator = new ObjectIdentityRetrievalStrategyImpl();
    private SidRetrievalStrategy sidRetrievalStrategy = new SidRetrievalStrategyImpl();
    private PermissionFactory permissionFactory = new DefaultPermissionFactory();

    public AclPermissionEvaluator(AclService aclService) {
        this.aclService = aclService;
    }

    @Override // org.springframework.security.access.PermissionEvaluator
    public boolean hasPermission(Authentication authentication, Object obj, Object obj2) {
        if (obj == null) {
            return false;
        }
        return checkPermission(authentication, this.objectIdentityRetrievalStrategy.getObjectIdentity(obj), obj2);
    }

    @Override // org.springframework.security.access.PermissionEvaluator
    public boolean hasPermission(Authentication authentication, Serializable serializable, String str, Object obj) {
        return checkPermission(authentication, this.objectIdentityGenerator.createObjectIdentity(serializable, str), obj);
    }

    private boolean checkPermission(Authentication authentication, ObjectIdentity objectIdentity, Object obj) {
        List<Sid> sids = this.sidRetrievalStrategy.getSids(authentication);
        List<Permission> resolvePermission = resolvePermission(obj);
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        if (isDebugEnabled) {
            this.logger.debug("Checking permission '" + obj + "' for object '" + objectIdentity + "'");
        }
        try {
            if (!this.aclService.readAclById(objectIdentity, sids).isGranted(resolvePermission, sids, false)) {
                if (isDebugEnabled) {
                    this.logger.debug("Returning false - ACLs returned, but insufficient permissions for this principal");
                }
                return false;
            }
            if (!isDebugEnabled) {
                return true;
            }
            this.logger.debug("Access is granted");
            return true;
        } catch (NotFoundException e) {
            if (!isDebugEnabled) {
                return false;
            }
            this.logger.debug("Returning false - no ACLs apply for this principal");
            return false;
        }
    }

    List<Permission> resolvePermission(Object obj) {
        Permission buildFromName;
        if (obj instanceof Integer) {
            return Arrays.asList(this.permissionFactory.buildFromMask(((Integer) obj).intValue()));
        }
        if (obj instanceof Permission) {
            return Arrays.asList((Permission) obj);
        }
        if (obj instanceof Permission[]) {
            return Arrays.asList((Permission[]) obj);
        }
        if (obj instanceof String) {
            String str = (String) obj;
            try {
                buildFromName = this.permissionFactory.buildFromName(str);
            } catch (IllegalArgumentException e) {
                buildFromName = this.permissionFactory.buildFromName(str.toUpperCase());
            }
            if (buildFromName != null) {
                return Arrays.asList(buildFromName);
            }
        }
        throw new IllegalArgumentException("Unsupported permission: " + obj);
    }

    public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
        this.objectIdentityRetrievalStrategy = objectIdentityRetrievalStrategy;
    }

    public void setObjectIdentityGenerator(ObjectIdentityGenerator objectIdentityGenerator) {
        this.objectIdentityGenerator = objectIdentityGenerator;
    }

    public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy) {
        this.sidRetrievalStrategy = sidRetrievalStrategy;
    }

    public void setPermissionFactory(PermissionFactory permissionFactory) {
        this.permissionFactory = permissionFactory;
    }
}
