package org.zkoss.spring.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import org.springframework.beans.BeanWrapperImpl;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.security.acls.domain.DefaultPermissionFactory;
import org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl;
import org.springframework.security.acls.domain.PermissionFactory;
import org.springframework.security.acls.domain.SidRetrievalStrategyImpl;
import org.springframework.security.acls.model.AclService;
import org.springframework.security.acls.model.NotFoundException;
import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.acls.model.SidRetrievalStrategy;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.zkoss.spring.SpringUtil;
import org.zkoss.zk.ui.UiException;

/* loaded from: input_file:org/zkoss/spring/security/SecurityUtil.class */
public class SecurityUtil {
    private static AclService _aclService;
    private static ApplicationContext _applicationContext;
    private static ObjectIdentityRetrievalStrategy _objectIdentityRetrievalStrategy;
    private static SidRetrievalStrategy _sidRetrievalStrategy;
    private static PermissionFactory permissionFactory;

    public static boolean isAccessible(String str, Object obj) {
        if (str == null || "".equals(str)) {
            return false;
        }
        initializeIfRequired();
        List<Permission> parsePermissions = parsePermissions(str);
        if (obj == null) {
            return true;
        }
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            return false;
        }
        List sids = _sidRetrievalStrategy.getSids(SecurityContextHolder.getContext().getAuthentication());
        try {
            return _aclService.readAclById(_objectIdentityRetrievalStrategy.getObjectIdentity(obj), sids).isGranted(parsePermissions, sids, false);
        } catch (NotFoundException e) {
            return false;
        }
    }

    public static boolean isNoneGranted(String str) {
        if (null == str || "".equals(str)) {
            return false;
        }
        return retainAll(getPrincipalAuthorities(), parseAuthoritiesString(str)).isEmpty();
    }

    public static boolean isAllGranted(String str) {
        if (null == str || "".equals(str)) {
            return false;
        }
        return getPrincipalAuthorities().containsAll(parseAuthoritiesString(str));
    }

    public static boolean isAnyGranted(String str) {
        return (null == str || "".equals(str) || retainAll(getPrincipalAuthorities(), parseAuthoritiesString(str)).isEmpty()) ? false : true;
    }

    public static Authentication getAuthentication() {
        Authentication authentication;
        if (SecurityContextHolder.getContext() == null || !(SecurityContextHolder.getContext() instanceof SecurityContext) || (authentication = SecurityContextHolder.getContext().getAuthentication()) == null || authentication.getPrincipal() == null) {
            return null;
        }
        return authentication;
    }

    public static Object getAuthentication(String str) {
        if (str == null || SecurityContextHolder.getContext() == null || !(SecurityContextHolder.getContext() instanceof SecurityContext) || SecurityContextHolder.getContext().getAuthentication() == null) {
            return null;
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication.getPrincipal() == null) {
            return null;
        }
        try {
            return new BeanWrapperImpl(authentication).getPropertyValue(str);
        } catch (BeansException e) {
            throw new UiException(e);
        }
    }

    private static List<Permission> parsePermissions(String str) {
        HashSet hashSet = new HashSet();
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",", false);
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            try {
                hashSet.add(permissionFactory.buildFromMask(Integer.valueOf(nextToken).intValue()));
            } catch (NumberFormatException e) {
                hashSet.add(permissionFactory.buildFromName(nextToken));
            }
        }
        return new ArrayList(hashSet);
    }

    private static void initializeIfRequired() {
        if (_applicationContext != null) {
            return;
        }
        _applicationContext = SpringUtil.getApplicationContext();
        HashMap hashMap = new HashMap();
        ApplicationContext applicationContext = _applicationContext;
        while (true) {
            ApplicationContext applicationContext2 = applicationContext;
            if (applicationContext2 == null) {
                break;
            }
            hashMap.putAll(applicationContext2.getBeansOfType(AclService.class));
            applicationContext = applicationContext2.getParent();
        }
        if (hashMap.size() != 1) {
            throw new UiException("Found incorrect number of AclService instances in application context - you must have only have one!");
        }
        _aclService = (AclService) hashMap.values().iterator().next();
        Map beansOfType = _applicationContext.getBeansOfType(SidRetrievalStrategy.class);
        if (beansOfType.size() == 0) {
            _sidRetrievalStrategy = new SidRetrievalStrategyImpl();
        } else {
            if (beansOfType.size() != 1) {
                throw new UiException("Found incorrect number of SidRetrievalStrategy instances in application context - you must have only have one!");
            }
            _sidRetrievalStrategy = (SidRetrievalStrategy) beansOfType.values().iterator().next();
        }
        Map beansOfType2 = _applicationContext.getBeansOfType(ObjectIdentityRetrievalStrategy.class);
        if (beansOfType2.size() == 0) {
            _objectIdentityRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
        } else {
            if (beansOfType2.size() != 1) {
                throw new UiException("Found incorrect number of ObjectIdentityRetrievalStrategy instances in application context - you must have only have one!");
            }
            _objectIdentityRetrievalStrategy = (ObjectIdentityRetrievalStrategy) beansOfType2.values().iterator().next();
        }
        Map beansOfType3 = _applicationContext.getBeansOfType(PermissionFactory.class);
        if (beansOfType3.size() == 0) {
            permissionFactory = new DefaultPermissionFactory();
        } else {
            if (beansOfType3.size() != 1) {
                throw new UiException("Found incorrect number of PermissionFactory instances in application context - you must have only have one!");
            }
            permissionFactory = (PermissionFactory) beansOfType3.values().iterator().next();
        }
    }

    private static Set authoritiesToRoles(Collection collection) {
        HashSet hashSet = new HashSet();
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            GrantedAuthority grantedAuthority = (GrantedAuthority) it.next();
            if (null == grantedAuthority.getAuthority()) {
                throw new IllegalArgumentException("Cannot process GrantedAuthority objects which return null from getAuthority() - attempting to process " + grantedAuthority.toString());
            }
            hashSet.add(grantedAuthority.getAuthority());
        }
        return hashSet;
    }

    private static Collection<? extends GrantedAuthority> getPrincipalAuthorities() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return null == authentication ? Collections.emptyList() : (null == authentication.getAuthorities() || authentication.getAuthorities().size() < 1) ? Collections.emptyList() : authentication.getAuthorities();
    }

    private static Collection<GrantedAuthority> parseAuthoritiesString(String str) {
        ArrayList arrayList = new ArrayList();
        for (String str2 : str.split(",")) {
            arrayList.add(new GrantedAuthorityImpl(str2.trim()));
        }
        return arrayList;
    }

    private static Set retainAll(Collection<? extends GrantedAuthority> collection, Collection<GrantedAuthority> collection2) {
        Set authoritiesToRoles = authoritiesToRoles(collection);
        authoritiesToRoles.retainAll(authoritiesToRoles(collection2));
        return rolesToAuthorities(authoritiesToRoles, collection);
    }

    private static Set rolesToAuthorities(Set set, Collection collection) {
        HashSet hashSet = new HashSet();
        Iterator it = set.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            Iterator it2 = collection.iterator();
            while (true) {
                if (it2.hasNext()) {
                    GrantedAuthority grantedAuthority = (GrantedAuthority) it2.next();
                    if (grantedAuthority.getAuthority().equals(str)) {
                        hashSet.add(grantedAuthority);
                        break;
                    }
                }
            }
        }
        return hashSet;
    }
}
