package org.activiti.core.common.spring.security.policies;

import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.activiti.api.runtime.shared.identity.UserGroupManager;
import org.activiti.api.runtime.shared.security.SecurityManager;
import org.activiti.core.common.spring.security.policies.conf.SecurityPoliciesProperties;

/* loaded from: input_file:BOOT-INF/lib/activiti-spring-security-policies-7.0.43.jar:org/activiti/core/common/spring/security/policies/BaseSecurityPoliciesManagerImpl.class */
public abstract class BaseSecurityPoliciesManagerImpl implements SecurityPoliciesManager {
    protected UserGroupManager userGroupManager;
    protected SecurityManager securityManager;
    protected SecurityPoliciesProperties securityPoliciesProperties;

    public BaseSecurityPoliciesManagerImpl(UserGroupManager userGroupManager, SecurityManager securityManager, SecurityPoliciesProperties securityPoliciesProperties) {
        this.userGroupManager = userGroupManager;
        this.securityManager = securityManager;
        this.securityPoliciesProperties = securityPoliciesProperties;
    }

    @Override // org.activiti.core.common.spring.security.policies.SecurityPoliciesManager
    public boolean arePoliciesDefined() {
        return !this.securityPoliciesProperties.getPolicies().isEmpty();
    }

    @Override // org.activiti.core.common.spring.security.policies.SecurityPoliciesManager
    public Map<String, Set<String>> getAllowedKeys(SecurityPolicyAccess... securityPolicyAccessArr) {
        String authenticatedUserId = this.securityManager.getAuthenticatedUserId();
        this.userGroupManager.getUserRoles(authenticatedUserId);
        List<SecurityPolicy> policies = this.securityPoliciesProperties.getPolicies();
        HashMap hashMap = new HashMap();
        List<String> list = null;
        if (this.userGroupManager != null && authenticatedUserId != null) {
            list = this.userGroupManager.getUserGroups(authenticatedUserId);
        }
        for (SecurityPolicy securityPolicy : policies) {
            hashMap.computeIfAbsent(securityPolicy.getServiceName(), str -> {
                return new HashSet();
            });
            if (isUserInPolicy(securityPolicy, authenticatedUserId) || isGroupInPolicy(securityPolicy, list)) {
                List asList = Arrays.asList(securityPolicyAccessArr);
                if (asList.contains(SecurityPolicyAccess.WRITE)) {
                    if (securityPolicy.getAccess().equals(SecurityPolicyAccess.WRITE)) {
                        ((Set) hashMap.get(securityPolicy.getServiceName())).addAll(securityPolicy.getKeys());
                    }
                } else if (asList.contains(SecurityPolicyAccess.READ) && (securityPolicy.getAccess().equals(SecurityPolicyAccess.READ) || securityPolicy.getAccess().equals(SecurityPolicyAccess.WRITE))) {
                    ((Set) hashMap.get(securityPolicy.getServiceName())).addAll(securityPolicy.getKeys());
                }
            }
        }
        return hashMap;
    }

    private boolean isUserInPolicy(SecurityPolicy securityPolicy, String str) {
        return (securityPolicy.getUsers() == null || securityPolicy.getUsers().isEmpty() || !securityPolicy.getUsers().contains(str)) ? false : true;
    }

    private boolean isGroupInPolicy(SecurityPolicy securityPolicy, List<String> list) {
        if (securityPolicy.getGroups() == null || list == null) {
            return false;
        }
        Iterator<String> it = securityPolicy.getGroups().iterator();
        while (it.hasNext()) {
            if (list.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    @Override // org.activiti.core.common.spring.security.policies.SecurityPoliciesManager
    public boolean canRead(String str, String str2) {
        return hasPermission(str, SecurityPolicyAccess.READ, str2);
    }

    @Override // org.activiti.core.common.spring.security.policies.SecurityPoliciesManager
    public boolean canWrite(String str, String str2) {
        return hasPermission(str, SecurityPolicyAccess.WRITE, str2);
    }

    public boolean hasPermission(String str, SecurityPolicyAccess securityPolicyAccess, String str2) {
        if (this.securityPoliciesProperties.getPolicies().isEmpty() || this.userGroupManager.getUserRoles(this.securityManager.getAuthenticatedUserId()).contains("ACTIVITI_ADMIN")) {
            return true;
        }
        HashSet hashSet = new HashSet();
        Map<String, Set<String>> allowedKeys = getAllowedKeys(securityPolicyAccess);
        if (allowedKeys.get(str2) != null) {
            hashSet.addAll(allowedKeys.get(str2));
        }
        if (str2 != null && allowedKeys.get(str2.replaceAll("-", "").toLowerCase()) != null) {
            hashSet.addAll(allowedKeys.get(str2.replaceAll("-", "").toLowerCase()));
        }
        return anEntryInSetStartsKey(hashSet, str) || hashSet.contains(this.securityPoliciesProperties.getWildcard());
    }

    protected boolean anEntryInSetStartsKey(Set<String> set, String str) {
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            if (str.startsWith(it.next())) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityPoliciesProperties getSecurityPoliciesProperties() {
        return this.securityPoliciesProperties;
    }
}
