package be.atbash.ee.security.octopus.view.component.service;

import be.atbash.ee.security.octopus.authz.Combined;
import be.atbash.ee.security.octopus.authz.permission.NamedDomainPermission;
import be.atbash.ee.security.octopus.authz.permission.StringPermissionLookup;
import be.atbash.ee.security.octopus.authz.permission.role.RolePermission;
import be.atbash.ee.security.octopus.authz.permission.role.voter.GenericRoleVoter;
import be.atbash.ee.security.octopus.authz.permission.voter.GenericPermissionVoter;
import be.atbash.ee.security.octopus.context.internal.OctopusInvocationContext;
import be.atbash.ee.security.octopus.interceptor.CustomAccessDecisionVoterContext;
import be.atbash.ee.security.octopus.view.component.secured.SecuredComponentData;
import be.atbash.ee.security.octopus.view.component.secured.SecuredComponentDataParameter;
import be.atbash.util.CDIUtils;
import java.lang.annotation.Annotation;
import java.util.NoSuchElementException;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.faces.context.FacesContext;
import javax.inject.Inject;
import org.apache.deltaspike.security.api.authorization.AbstractAccessDecisionVoter;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:be/atbash/ee/security/octopus/view/component/service/ComponentAuthorizationService.class */
public class ComponentAuthorizationService {

    @Inject
    private Logger logger;
    private StringPermissionLookup stringLookup;

    @PostConstruct
    public void init() {
        this.stringLookup = (StringPermissionLookup) CDIUtils.retrieveOptionalInstance(StringPermissionLookup.class, new Annotation[0]);
    }

    public boolean hasAccess(SecuredComponentData securedComponentData) {
        Combined combined = securedComponentData.getCombined();
        boolean z = combined == Combined.AND;
        Object[] contextParameters = getContextParameters(securedComponentData);
        for (String str : securedComponentData.getVoters()) {
            AbstractAccessDecisionVoter bean = getBean(str.trim());
            if (bean == null) {
                return false;
            }
            boolean isEmpty = bean.checkPermission(new CustomAccessDecisionVoterContext(new OctopusInvocationContext(securedComponentData.getTargetComponent(), contextParameters))).isEmpty();
            if (securedComponentData.isNot()) {
                isEmpty = !isEmpty;
            }
            z = isEmpty;
            if (combined == Combined.OR) {
                if (z) {
                    return true;
                }
            } else if (!z) {
                return false;
            }
        }
        return z;
    }

    private Object[] getContextParameters(SecuredComponentData securedComponentData) {
        if (securedComponentData.getParameters() == null) {
            return new Object[0];
        }
        Object[] objArr = new Object[securedComponentData.getParameters().length];
        int i = 0;
        for (SecuredComponentDataParameter securedComponentDataParameter : securedComponentData.getParameters()) {
            if (securedComponentDataParameter.isAtRuntime()) {
                int i2 = i;
                i++;
                objArr[i2] = evaluateExpression((String) securedComponentDataParameter.getParameterData());
            } else {
                int i3 = i;
                i++;
                objArr[i3] = securedComponentDataParameter.getParameterData();
            }
        }
        return objArr;
    }

    private AbstractAccessDecisionVoter getBean(String str) {
        NamedDomainPermission namedDomainPermission;
        GenericRoleVoter genericRoleVoter = null;
        if (!str.contains(":")) {
            try {
                genericRoleVoter = (AbstractAccessDecisionVoter) CDIUtils.retrieveInstanceByName(str, AbstractAccessDecisionVoter.class);
            } catch (NoSuchElementException e) {
                this.logger.warn("The AccessDecisionVoter with name " + str + " is not found.");
            }
        } else if (str.startsWith("::")) {
            genericRoleVoter = GenericRoleVoter.createInstance(new RolePermission(str.substring(2)));
        } else {
            if (str.startsWith(":")) {
                String substring = str.substring(1);
                namedDomainPermission = this.stringLookup == null ? new NamedDomainPermission(StringPermissionLookup.createNameForPermission(substring), substring + ":*:*") : this.stringLookup.getPermission(substring);
            } else {
                namedDomainPermission = new NamedDomainPermission(StringPermissionLookup.createNameForPermission(str), str);
            }
            genericRoleVoter = GenericPermissionVoter.createInstance(namedDomainPermission);
        }
        return genericRoleVoter;
    }

    private static Object evaluateExpression(String str) {
        FacesContext currentInstance = FacesContext.getCurrentInstance();
        return currentInstance.getApplication().getExpressionFactory().createValueExpression(currentInstance.getELContext(), str, Object.class).getValue(currentInstance.getELContext());
    }
}
