package org.summerclouds.common.security.permissions;

import java.util.Collection;
import java.util.HashMap;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.FilterInvocation;
import org.summerclouds.common.core.cfg.CfgBoolean;
import org.summerclouds.common.core.error.MException;
import org.summerclouds.common.core.log.Log;
import org.summerclouds.common.core.parser.StringCompiler;
import org.summerclouds.common.core.tool.MSecurity;

/* loaded from: input_file:org/summerclouds/common/security/permissions/ResourceAceVoter.class */
public class ResourceAceVoter implements AccessDecisionVoter<Object> {
    public static final String PREFIX_UPPER = "ACE_";
    public static final String PREFIX_LOWER = "ace_";
    private static final Log log = Log.getLog(ResourceAceVoter.class);
    private static CfgBoolean CFG_TRACE_ACCESS = new CfgBoolean(ResourceAceVoter.class, "trace", false);

    public boolean supports(ConfigAttribute configAttribute) {
        String resourceAceVoter = toString(configAttribute);
        return resourceAceVoter != null && (resourceAceVoter.startsWith(PREFIX_UPPER) || resourceAceVoter.startsWith(PREFIX_LOWER));
    }

    public String toString(ConfigAttribute configAttribute) {
        String str = null;
        if (configAttribute.getAttribute() != null) {
            str = configAttribute.getAttribute();
        } else {
            String configAttribute2 = configAttribute.toString();
            if (configAttribute2 != null && configAttribute2.startsWith("hasAuthority('")) {
                str = configAttribute2.substring(14, configAttribute2.length() - 2);
            }
        }
        return str;
    }

    public boolean supports(Class<?> cls) {
        return true;
    }

    public int vote(Authentication authentication, Object obj, Collection<ConfigAttribute> collection) {
        if (authentication == null) {
            return -1;
        }
        int i = 0;
        Collection<? extends GrantedAuthority> extractAuthorities = extractAuthorities(authentication);
        for (ConfigAttribute configAttribute : collection) {
            if (supports(configAttribute)) {
                String prepareAttribute = prepareAttribute(toString(configAttribute), obj);
                i = -1;
                for (GrantedAuthority grantedAuthority : extractAuthorities) {
                    if ((grantedAuthority instanceof Permissions) && ((Permissions) grantedAuthority).hasPermission(prepareAttribute)) {
                        if (!((Boolean) CFG_TRACE_ACCESS.value()).booleanValue()) {
                            return 1;
                        }
                        log.d("access granted for {1} on {2}", new Object[]{MSecurity.getCurrent(), obj});
                        return 1;
                    }
                }
            }
        }
        if (((Boolean) CFG_TRACE_ACCESS.value()).booleanValue() && i == -1) {
            log.d("access denied for {1} on {2}", new Object[]{MSecurity.getCurrent(), obj});
        }
        return i;
    }

    private String prepareAttribute(String str, Object obj) {
        String substring = str.substring(PREFIX_UPPER.length());
        HashMap hashMap = null;
        if (obj instanceof FilterInvocation) {
            hashMap = new HashMap();
            hashMap.put("method", ((FilterInvocation) obj).getRequest().getMethod());
            hashMap.put("url", ((FilterInvocation) obj).getRequestUrl());
        }
        if (hashMap != null) {
            try {
                substring = StringCompiler.compile(substring).execute(hashMap);
            } catch (MException e) {
                e.printStackTrace();
            }
        }
        return substring;
    }

    Collection<? extends GrantedAuthority> extractAuthorities(Authentication authentication) {
        return authentication.getAuthorities();
    }
}
