package org.fabric3.security.spring;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.fabric3.api.SecuritySubject;
import org.fabric3.api.host.Fabric3Exception;
import org.fabric3.spi.security.AuthorizationException;
import org.fabric3.spi.security.AuthorizationService;
import org.oasisopen.sca.annotation.Init;
import org.oasisopen.sca.annotation.Property;
import org.oasisopen.sca.annotation.Reference;
import org.oasisopen.sca.annotation.Service;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.vote.AbstractAccessDecisionManager;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.AuthenticatedVoter;
import org.springframework.security.access.vote.ConsensusBased;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.access.vote.UnanimousBased;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;

@Service({AccessDecisionManager.class, AuthorizationService.class})
/* loaded from: input_file:org/fabric3/security/spring/Fabric3AccessDecisionManager.class */
public class Fabric3AccessDecisionManager extends AbstractAccessDecisionManager implements AuthorizationService {
    private static final AccessDecisionVoter<?> VOTER = new AccessDecisionVoter<Object>() { // from class: org.fabric3.security.spring.Fabric3AccessDecisionManager.1
        public boolean supports(ConfigAttribute configAttribute) {
            return false;
        }

        public boolean supports(Class<?> cls) {
            return false;
        }

        public int vote(Authentication authentication, Object obj, Collection<ConfigAttribute> collection) {
            return 0;
        }
    };
    private String managerType;
    private AccessDecisionManager delegate;

    @Property(required = false)
    public void setManagerType(String str) {
        this.managerType = str;
    }

    @Reference(required = false)
    public void setDecisionVoters(List<AccessDecisionVoter<?>> list) {
        if (list.isEmpty()) {
            return;
        }
        super.getDecisionVoters().addAll(list);
    }

    @Init
    public void init() throws Fabric3Exception {
        if (getDecisionVoters() == null || getDecisionVoters().isEmpty()) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new RoleVoter());
            arrayList.add(new AuthenticatedVoter());
            setDecisionVoters(arrayList);
        }
        if ("affirmative".equals(this.managerType)) {
            this.delegate = new AffirmativeBased(getDecisionVoters());
        } else if ("consensus".equals(this.managerType)) {
            this.delegate = new ConsensusBased(getDecisionVoters());
        } else {
            if (!"unanimous".equals(this.managerType)) {
                throw new Fabric3Exception("Unknown access decision manager type: " + this.managerType);
            }
            this.delegate = new UnanimousBased(getDecisionVoters());
        }
    }

    public Fabric3AccessDecisionManager() {
        super(new ArrayList(Collections.singleton(VOTER)));
        this.managerType = "affirmative";
    }

    public void decide(Authentication authentication, Object obj, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
        this.delegate.decide(authentication, obj, collection);
    }

    public void checkRole(SecuritySubject securitySubject, String str) throws AuthorizationException {
        Authentication authentication = (Authentication) securitySubject.getDelegate(Authentication.class);
        SecurityConfig securityConfig = new SecurityConfig(str);
        ArrayList arrayList = new ArrayList();
        arrayList.add(securityConfig);
        this.delegate.decide(authentication, (Object) null, arrayList);
    }

    public void checkRoles(SecuritySubject securitySubject, Collection<String> collection) throws AuthorizationException {
        Authentication authentication = (Authentication) securitySubject.getDelegate(Authentication.class);
        ArrayList arrayList = new ArrayList(collection.size());
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(new SecurityConfig(it.next()));
        }
        this.delegate.decide(authentication, (Object) null, arrayList);
    }

    public void checkHasRole(SecuritySubject securitySubject, List<String> list) {
        checkRoles(securitySubject, list);
    }

    public void checkPermission(SecuritySubject securitySubject, String str) throws AuthorizationException {
        checkRole(securitySubject, str);
    }

    public void checkPermissions(SecuritySubject securitySubject, Collection<String> collection) throws AuthorizationException {
        checkRoles(securitySubject, collection);
    }
}
