package org.alfresco.module.org_alfresco_module_rm.security;

import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import net.sf.acegisecurity.AccessDeniedException;
import net.sf.acegisecurity.intercept.InterceptorStatusToken;
import org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor;
import org.alfresco.service.cmr.security.AccessStatus;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:org/alfresco/module/org_alfresco_module_rm/security/RMMethodSecurityInterceptor.class */
public class RMMethodSecurityInterceptor extends MethodSecurityInterceptor {
    protected static final Log LOGGER = LogFactory.getLog(RMMethodSecurityInterceptor.class);
    private static final ThreadLocal<Map<String, CapabilityReport>> CAPABILITIES = new ThreadLocal<Map<String, CapabilityReport>>() { // from class: org.alfresco.module.org_alfresco_module_rm.security.RMMethodSecurityInterceptor.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public Map<String, CapabilityReport> initialValue() {
            return new HashMap();
        }
    };
    private static final ThreadLocal<Boolean> IS_RM_SECURITY_CHECK = new ThreadLocal<Boolean>() { // from class: org.alfresco.module.org_alfresco_module_rm.security.RMMethodSecurityInterceptor.2
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public Boolean initialValue() {
            return false;
        }
    };
    private static final ThreadLocal<List<String>> MESSAGES = new ThreadLocal<List<String>>() { // from class: org.alfresco.module.org_alfresco_module_rm.security.RMMethodSecurityInterceptor.3
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public List<String> initialValue() {
            return new ArrayList();
        }
    };

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/alfresco/module/org_alfresco_module_rm/security/RMMethodSecurityInterceptor$CapabilityReport.class */
    public static class CapabilityReport {
        public String name;
        public AccessStatus status;
        public Map<String, Boolean> conditions = new HashMap();

        private CapabilityReport() {
        }
    }

    private static AccessStatus translate(int i) {
        switch (i) {
            case -1:
                return AccessStatus.DENIED;
            case 0:
                return AccessStatus.UNDETERMINED;
            case 1:
                return AccessStatus.ALLOWED;
            default:
                return AccessStatus.UNDETERMINED;
        }
    }

    private static CapabilityReport getCapabilityReport(String str) {
        Map<String, CapabilityReport> map = CAPABILITIES.get();
        CapabilityReport capabilityReport = map.get(str);
        if (capabilityReport == null) {
            capabilityReport = new CapabilityReport();
            capabilityReport.name = str;
            map.put(str, capabilityReport);
        }
        return capabilityReport;
    }

    public static void isRMSecurityChecked(boolean z) {
        if (LOGGER.isDebugEnabled()) {
            IS_RM_SECURITY_CHECK.set(Boolean.valueOf(z));
        }
    }

    public static void addMessage(String str) {
        if (LOGGER.isDebugEnabled()) {
            MESSAGES.get().add(str);
        }
    }

    public static void addMessage(String str, Object... objArr) {
        if (LOGGER.isDebugEnabled()) {
            addMessage(MessageFormat.format(str, objArr));
        }
    }

    public static void reportCapabilityStatus(String str, int i) {
        if (LOGGER.isDebugEnabled()) {
            getCapabilityReport(str).status = translate(i);
        }
    }

    public static void reportCapabilityCondition(String str, String str2, boolean z, boolean z2) {
        if (LOGGER.isDebugEnabled()) {
            CapabilityReport capabilityReport = getCapabilityReport(str);
            if (!z) {
                str2 = "!" + str2;
            }
            capabilityReport.conditions.put(str2, Boolean.valueOf(z == z2));
        }
    }

    public String getFailureReport() {
        String str = null;
        if (LOGGER.isDebugEnabled()) {
            Collection<CapabilityReport> values = CAPABILITIES.get().values();
            if (!values.isEmpty()) {
                StringBuilder sb = new StringBuilder("\n");
                for (CapabilityReport capabilityReport : values) {
                    sb.append("  ").append(capabilityReport.name).append(" (").append(capabilityReport.status).append(")\n");
                    if (!capabilityReport.conditions.isEmpty()) {
                        for (Map.Entry<String, Boolean> entry : capabilityReport.conditions.entrySet()) {
                            sb.append("    - ").append(entry.getKey()).append(" (");
                            if (entry.getValue().booleanValue()) {
                                sb.append("passed");
                            } else {
                                sb.append("failed");
                            }
                            sb.append(")\n");
                        }
                    }
                }
                str = sb.toString();
            }
        }
        return str;
    }

    protected InterceptorStatusToken beforeInvocation(Object obj) {
        try {
            CAPABILITIES.remove();
            IS_RM_SECURITY_CHECK.remove();
            MESSAGES.remove();
            return super.beforeInvocation(obj);
        } catch (AccessDeniedException e) {
            if (!LOGGER.isDebugEnabled()) {
                throw e;
            }
            MethodInvocation methodInvocation = (MethodInvocation) obj;
            StringBuilder sb = new StringBuilder("\n");
            if (IS_RM_SECURITY_CHECK.get().booleanValue()) {
                sb.append("RM method security check was performed.\n");
            } else {
                sb.append("Standard DM method security check was performed.\n");
            }
            boolean z = true;
            sb.append("Failed on method:  ").append(methodInvocation.getMethod().getName()).append("(");
            for (Object obj2 : methodInvocation.getArguments()) {
                if (z) {
                    z = false;
                } else {
                    sb.append(", ");
                }
                if (obj2 != null) {
                    sb.append(obj2.toString());
                } else {
                    sb.append("null");
                }
            }
            sb.append(")\n");
            Iterator<String> it = MESSAGES.get().iterator();
            while (it.hasNext()) {
                sb.append(it.next()).append("\n");
            }
            if (getFailureReport() == null) {
                throw new AccessDeniedException(e.getMessage() + sb, e);
            }
            throw new AccessDeniedException(e.getMessage() + sb + getFailureReport(), e);
        }
    }

    public Object invoke(MethodInvocation methodInvocation) throws Throwable {
        Object obj = null;
        InterceptorStatusToken beforeInvocation = beforeInvocation(methodInvocation);
        try {
            obj = methodInvocation.proceed();
            return super.afterInvocation(beforeInvocation, obj);
        } catch (Throwable th) {
            super.afterInvocation(beforeInvocation, obj);
            throw th;
        }
    }
}
