package org.alfresco.module.org_alfresco_module_rm.capability;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.ConfigAttribute;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.policy.ConfigAttributeDefinition;
import org.alfresco.module.org_alfresco_module_rm.capability.policy.Policy;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.repo.transaction.TransactionalResourceHelper;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.cmr.security.OwnableService;
import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;

/* loaded from: input_file:org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.class */
public class RMEntryVoter extends RMSecurityCommon implements AccessDecisionVoter, InitializingBean, ApplicationContextAware, PolicyRegister {
    private static Log logger = LogFactory.getLog(RMEntryVoter.class);
    private NamespacePrefixResolver nspr;
    private SearchService searchService;
    private OwnableService ownableService;
    private CapabilityService capabilityService;
    private HashMap<String, Policy> policies = new HashMap<>();
    private ApplicationContext applicationContext;

    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
    }

    public void setCapabilityService(CapabilityService capabilityService) {
        this.capabilityService = capabilityService;
    }

    public SearchService getSearchService() {
        if (this.searchService == null) {
            this.searchService = (SearchService) this.applicationContext.getBean("SearchService");
        }
        return this.searchService;
    }

    public OwnableService getOwnableService() {
        if (this.ownableService == null) {
            this.ownableService = (OwnableService) this.applicationContext.getBean("ownableService");
        }
        return this.ownableService;
    }

    public void setNamespacePrefixResolver(NamespacePrefixResolver namespacePrefixResolver) {
        this.nspr = namespacePrefixResolver;
    }

    @Override // org.alfresco.module.org_alfresco_module_rm.capability.PolicyRegister
    public void registerPolicy(Policy policy) {
        this.policies.put(policy.getName(), policy);
    }

    public boolean supports(ConfigAttribute configAttribute) {
        if (configAttribute.getAttribute() != null) {
            return configAttribute.getAttribute().equals(ConfigAttributeDefinition.RM_ABSTAIN) || configAttribute.getAttribute().equals(ConfigAttributeDefinition.RM_QUERY) || configAttribute.getAttribute().equals(ConfigAttributeDefinition.RM_ALLOW) || configAttribute.getAttribute().equals(ConfigAttributeDefinition.RM_DENY) || configAttribute.getAttribute().startsWith(ConfigAttributeDefinition.RM_CAP) || configAttribute.getAttribute().startsWith(ConfigAttributeDefinition.RM);
        }
        return false;
    }

    public boolean supports(Class cls) {
        return MethodInvocation.class.isAssignableFrom(cls);
    }

    public int vote(Authentication authentication, Object obj, net.sf.acegisecurity.ConfigAttributeDefinition configAttributeDefinition) {
        MethodInvocation methodInvocation = (MethodInvocation) obj;
        if (TransactionalResourceHelper.isResourcePresent(r0)) {
            if (!logger.isDebugEnabled()) {
                return 1;
            }
            logger.debug(" .. grant access already voting: " + methodInvocation.getMethod().getDeclaringClass().getName() + "." + methodInvocation.getMethod().getName());
            return 1;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Method: " + methodInvocation.getMethod().getDeclaringClass().getName() + "." + methodInvocation.getMethod().getName());
        }
        AlfrescoTransactionSupport.bindResource("voting", true);
        try {
            if (AuthenticationUtil.isRunAsUserTheSystemUser()) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Access granted for the system user");
                }
                return 1;
            }
            List<ConfigAttributeDefinition> extractSupportedDefinitions = extractSupportedDefinitions(configAttributeDefinition);
            if (extractSupportedDefinitions.size() == 0) {
                AlfrescoTransactionSupport.unbindResource("voting");
                return 0;
            }
            MethodInvocation methodInvocation2 = (MethodInvocation) obj;
            Class<?>[] parameterTypes = methodInvocation2.getMethod().getParameterTypes();
            for (ConfigAttributeDefinition configAttributeDefinition2 : extractSupportedDefinitions) {
                if (configAttributeDefinition2.getTypeString().equals(ConfigAttributeDefinition.RM_DENY)) {
                    AlfrescoTransactionSupport.unbindResource("voting");
                    return -1;
                }
                if (configAttributeDefinition2.getTypeString().equals(ConfigAttributeDefinition.RM_ABSTAIN)) {
                    AlfrescoTransactionSupport.unbindResource("voting");
                    return 0;
                }
                if (configAttributeDefinition2.getTypeString().equals(ConfigAttributeDefinition.RM_ALLOW)) {
                    AlfrescoTransactionSupport.unbindResource("voting");
                    return 1;
                }
                if (configAttributeDefinition2.getTypeString().equals(ConfigAttributeDefinition.RM_QUERY)) {
                    AlfrescoTransactionSupport.unbindResource("voting");
                    return 1;
                }
                if (configAttributeDefinition2.getParameters().get(0) == null || configAttributeDefinition2.getParameters().get(0).intValue() < methodInvocation2.getArguments().length) {
                    if (configAttributeDefinition2.getParameters().get(1) == null || configAttributeDefinition2.getParameters().get(1).intValue() < methodInvocation2.getArguments().length) {
                        if (configAttributeDefinition2.getTypeString().equals(ConfigAttributeDefinition.RM_CAP)) {
                            switch (checkCapability(methodInvocation2, parameterTypes, configAttributeDefinition2)) {
                                case -1:
                                    AlfrescoTransactionSupport.unbindResource("voting");
                                    return -1;
                                case 0:
                                    if (logger.isDebugEnabled()) {
                                        if (logger.isTraceEnabled()) {
                                            logger.trace("Capability " + configAttributeDefinition2.getRequired() + " abstained for " + methodInvocation2.getMethod(), new IllegalStateException());
                                        } else {
                                            logger.debug("Capability " + configAttributeDefinition2.getRequired() + " abstained for " + methodInvocation2.getMethod());
                                        }
                                    }
                                    AlfrescoTransactionSupport.unbindResource("voting");
                                    return -1;
                            }
                        }
                        if (configAttributeDefinition2.getTypeString().equals(ConfigAttributeDefinition.RM)) {
                            switch (checkPolicy(methodInvocation2, parameterTypes, configAttributeDefinition2)) {
                                case -1:
                                    AlfrescoTransactionSupport.unbindResource("voting");
                                    return -1;
                                case 0:
                                    if (logger.isDebugEnabled()) {
                                        if (logger.isTraceEnabled()) {
                                            logger.trace("Policy " + configAttributeDefinition2.getPolicyName() + " abstained for " + methodInvocation2.getMethod(), new IllegalStateException());
                                        } else {
                                            logger.debug("Policy " + configAttributeDefinition2.getPolicyName() + " abstained for " + methodInvocation2.getMethod());
                                        }
                                    }
                                    AlfrescoTransactionSupport.unbindResource("voting");
                                    return -1;
                            }
                        }
                    }
                }
            }
            AlfrescoTransactionSupport.unbindResource("voting");
            return 1;
        } finally {
            AlfrescoTransactionSupport.unbindResource("voting");
        }
    }

    private int checkCapability(MethodInvocation methodInvocation, Class[] clsArr, ConfigAttributeDefinition configAttributeDefinition) {
        NodeRef testNode = getTestNode(methodInvocation, clsArr, configAttributeDefinition.getParameters().get(0).intValue(), configAttributeDefinition.isParent());
        if (testNode == null) {
            return 0;
        }
        Capability capability = this.capabilityService.getCapability(configAttributeDefinition.getRequired().getName());
        if (capability == null) {
            return -1;
        }
        return capability.hasPermissionRaw(testNode);
    }

    private int checkPolicy(MethodInvocation methodInvocation, Class[] clsArr, ConfigAttributeDefinition configAttributeDefinition) {
        Policy policy = this.policies.get(configAttributeDefinition.getPolicyName());
        if (policy == null) {
            return 1;
        }
        return policy.evaluate(methodInvocation, clsArr, configAttributeDefinition);
    }

    public void afterPropertiesSet() throws Exception {
    }

    private List<ConfigAttributeDefinition> extractSupportedDefinitions(net.sf.acegisecurity.ConfigAttributeDefinition configAttributeDefinition) {
        ArrayList arrayList = new ArrayList(2);
        Iterator configAttributes = configAttributeDefinition.getConfigAttributes();
        while (configAttributes.hasNext()) {
            ConfigAttribute configAttribute = (ConfigAttribute) configAttributes.next();
            if (supports(configAttribute)) {
                arrayList.add(new ConfigAttributeDefinition(configAttribute, this.nspr));
            }
        }
        return arrayList;
    }
}
