package com.atlassian.bamboo.security.acegi.vote;

import com.atlassian.bamboo.security.acegi.acls.HibernateObjectIdentityImpl;
import com.atlassian.bamboo.util.Narrow;
import com.atlassian.bamboo.ww2.actions.ViewActivityLog;
import com.atlassian.bamboo.ww2.aware.permissions.DomainObjectSecurityAware;
import java.util.Iterator;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthorizationServiceException;
import org.acegisecurity.ConfigAttribute;
import org.acegisecurity.ConfigAttributeDefinition;
import org.acegisecurity.acls.AclService;
import org.acegisecurity.acls.Permission;
import org.acegisecurity.acls.objectidentity.ObjectIdentity;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.codehaus.plexus.util.StringUtils;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/atlassian/bamboo/security/acegi/vote/WebworkAclVoter.class */
public class WebworkAclVoter extends AbstractBambooAclEntryVoter {
    private static final Logger log = LogManager.getLogger(WebworkAclVoter.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.atlassian.bamboo.security.acegi.vote.WebworkAclVoter$1, reason: invalid class name */
    /* loaded from: input_file:com/atlassian/bamboo/security/acegi/vote/WebworkAclVoter$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$atlassian$bamboo$security$acegi$acls$HibernateObjectIdentityImpl$AncestorPermissionCheckPolicy = new int[HibernateObjectIdentityImpl.AncestorPermissionCheckPolicy.values().length];

        static {
            try {
                $SwitchMap$com$atlassian$bamboo$security$acegi$acls$HibernateObjectIdentityImpl$AncestorPermissionCheckPolicy[HibernateObjectIdentityImpl.AncestorPermissionCheckPolicy.AND.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$atlassian$bamboo$security$acegi$acls$HibernateObjectIdentityImpl$AncestorPermissionCheckPolicy[HibernateObjectIdentityImpl.AncestorPermissionCheckPolicy.OR.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public WebworkAclVoter(AclService aclService, String str, Permission[] permissionArr) {
        super(aclService, str, permissionArr);
    }

    @Override // com.atlassian.bamboo.security.acegi.vote.AbstractBambooAclEntryVoter
    public int vote(Authentication authentication, Object obj, ConfigAttributeDefinition configAttributeDefinition) {
        Iterator configAttributes = configAttributeDefinition.getConfigAttributes();
        while (configAttributes.hasNext()) {
            if (supports((ConfigAttribute) configAttributes.next())) {
                Object domainObjectInstance = getDomainObjectInstance(obj);
                if (domainObjectInstance == null) {
                    log.info("{} voting to deny access to user '{}' - domainObject on {} is null", this, authentication.getName(), obj);
                    return -1;
                }
                if (StringUtils.isNotEmpty(getInternalMethod())) {
                    domainObjectInstance = getInnerDomainObject(domainObjectInstance);
                }
                ObjectIdentity objectIdentity = getObjectIdentityRetrievalStrategy().getObjectIdentity(domainObjectInstance);
                HibernateObjectIdentityImpl hibernateObjectIdentityImpl = (HibernateObjectIdentityImpl) Narrow.to(objectIdentity, HibernateObjectIdentityImpl.class);
                return hibernateObjectIdentityImpl != null ? vote(authentication, hibernateObjectIdentityImpl) : vote(authentication, objectIdentity);
            }
        }
        return 0;
    }

    private int vote(Authentication authentication, HibernateObjectIdentityImpl hibernateObjectIdentityImpl) {
        int vote = vote(authentication, (ObjectIdentity) hibernateObjectIdentityImpl);
        HibernateObjectIdentityImpl ancestorIdentity = hibernateObjectIdentityImpl.getAncestorIdentity();
        if (ancestorIdentity != null) {
            switch (AnonymousClass1.$SwitchMap$com$atlassian$bamboo$security$acegi$acls$HibernateObjectIdentityImpl$AncestorPermissionCheckPolicy[hibernateObjectIdentityImpl.getHighestRankPermissionCheckPolicy(getRequirePermission()).ordinal()]) {
                case ViewActivityLog.DEFAULT_REFRESH_RATE /* 1 */:
                    if (vote == 1) {
                        vote = vote(authentication, ancestorIdentity);
                        break;
                    }
                    break;
                case 2:
                    if (vote == -1) {
                        vote = vote(authentication, ancestorIdentity);
                        break;
                    }
                    break;
            }
        }
        return vote;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public Object getDomainObjectInstance(Object obj) {
        if (obj instanceof DomainObjectSecurityAware) {
            return ((DomainObjectSecurityAware) obj).getSecuredDomainObject();
        }
        throw new AuthorizationServiceException("Secure object: " + obj + " is not a " + DomainObjectSecurityAware.class.getName());
    }

    public boolean supports(Class cls) {
        return DomainObjectSecurityAware.class.isAssignableFrom(cls);
    }
}
