package org.springframework.security.acls.domain;

import java.util.Arrays;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.acls.model.Acl;
import org.springframework.security.acls.model.SidRetrievalStrategy;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.Assert;

/* loaded from: input_file:spg-admin-ui-war-2.1.15.war:WEB-INF/lib/spring-security-acl-3.1.1.RELEASE.jar:org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.class */
public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
    private final GrantedAuthority gaGeneralChanges;
    private final GrantedAuthority gaModifyAuditing;
    private final GrantedAuthority gaTakeOwnership;
    private SidRetrievalStrategy sidRetrievalStrategy = new SidRetrievalStrategyImpl();

    public AclAuthorizationStrategyImpl(GrantedAuthority... grantedAuthorityArr) {
        Assert.isTrue(grantedAuthorityArr != null && (grantedAuthorityArr.length == 3 || grantedAuthorityArr.length == 1), "One or three GrantedAuthority instances required");
        if (grantedAuthorityArr.length == 3) {
            this.gaTakeOwnership = grantedAuthorityArr[0];
            this.gaModifyAuditing = grantedAuthorityArr[1];
            this.gaGeneralChanges = grantedAuthorityArr[2];
        } else {
            GrantedAuthority grantedAuthority = grantedAuthorityArr[0];
            this.gaGeneralChanges = grantedAuthority;
            this.gaModifyAuditing = grantedAuthority;
            this.gaTakeOwnership = grantedAuthority;
        }
    }

    @Override // org.springframework.security.acls.domain.AclAuthorizationStrategy
    public void securityCheck(Acl acl, int i) {
        GrantedAuthority grantedAuthority;
        if (SecurityContextHolder.getContext() == null || SecurityContextHolder.getContext().getAuthentication() == null || !SecurityContextHolder.getContext().getAuthentication().isAuthenticated()) {
            throw new AccessDeniedException("Authenticated principal required to operate with ACLs");
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (new PrincipalSid(authentication).equals(acl.getOwner()) && (i == 2 || i == 0)) {
            return;
        }
        if (i == 1) {
            grantedAuthority = this.gaModifyAuditing;
        } else if (i == 2) {
            grantedAuthority = this.gaGeneralChanges;
        } else {
            if (i != 0) {
                throw new IllegalArgumentException("Unknown change type");
            }
            grantedAuthority = this.gaTakeOwnership;
        }
        if (!authentication.getAuthorities().contains(grantedAuthority) && !acl.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), this.sidRetrievalStrategy.getSids(authentication), false)) {
            throw new AccessDeniedException("Principal does not have required ACL permissions to perform requested operation");
        }
    }

    public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy) {
        Assert.notNull(sidRetrievalStrategy, "SidRetrievalStrategy required");
        this.sidRetrievalStrategy = sidRetrievalStrategy;
    }
}
