package com.atlassian.bamboo.security.acegi.vote;

import com.atlassian.bamboo.security.acegi.acls.BambooPermission;
import com.atlassian.bamboo.utils.BambooLogger;
import java.lang.reflect.InvocationTargetException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.stream.Collectors;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthorizationServiceException;
import org.acegisecurity.ConfigAttribute;
import org.acegisecurity.ConfigAttributeDefinition;
import org.acegisecurity.acls.AclService;
import org.acegisecurity.acls.NotFoundException;
import org.acegisecurity.acls.Permission;
import org.acegisecurity.acls.objectidentity.ObjectIdentity;
import org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategy;
import org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategyImpl;
import org.acegisecurity.acls.sid.Sid;
import org.acegisecurity.acls.sid.SidRetrievalStrategy;
import org.acegisecurity.acls.sid.SidRetrievalStrategyImpl;
import org.acegisecurity.vote.AclEntryVoter;

/* loaded from: input_file:com/atlassian/bamboo/security/acegi/vote/AbstractBambooAclEntryVoter.class */
public abstract class AbstractBambooAclEntryVoter extends AclEntryVoter {
    private static final BambooLogger log = BambooLogger.getLogger(AbstractBambooAclEntryVoter.class);
    private final AclService aclService;
    private final Permission[] requirePermission;
    private ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy;
    private SidRetrievalStrategy sidRetrievalStrategy;

    public AbstractBambooAclEntryVoter(AclService aclService, String str, Permission[] permissionArr) {
        super(aclService, str, permissionArr);
        this.objectIdentityRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
        this.sidRetrievalStrategy = new SidRetrievalStrategyImpl();
        this.aclService = aclService;
        this.requirePermission = permissionArr;
    }

    public int vote(Authentication authentication, Object obj, ConfigAttributeDefinition configAttributeDefinition) {
        Iterator configAttributes = configAttributeDefinition.getConfigAttributes();
        while (configAttributes.hasNext()) {
            if (supports((ConfigAttribute) configAttributes.next())) {
                Object domainObjectInstance = getDomainObjectInstance(obj);
                if (domainObjectInstance != null && getInternalMethod() != null && !"".equals(getInternalMethod())) {
                    domainObjectInstance = getInnerDomainObject(domainObjectInstance);
                }
                if (domainObjectInstance != null) {
                    return vote(authentication, this.objectIdentityRetrievalStrategy.getObjectIdentity(domainObjectInstance));
                }
                log.debug("%s voting to abstain for %s - domainObject on %s is null", new Object[]{this, authentication.getName(), obj});
                return 0;
            }
        }
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int vote(Authentication authentication, ObjectIdentity objectIdentity) {
        Sid[] sids = getSidRetrievalStrategy().getSids(authentication);
        try {
            try {
                if (this.aclService.readAclById(objectIdentity, sids).isGranted(getRequirePermission(), sids, false)) {
                    log.debug("%s voting to grant access to user '%s' on %s(%s)", new Object[]{this, authentication.getName(), objectIdentity.getJavaType().getSimpleName(), objectIdentity.getIdentifier()});
                    return 1;
                }
                log.debug("%s voting to deny access to user '%s' on %s(%s) - ACLs returned, but insufficient permissions for this principal", new Object[]{this, authentication.getName(), objectIdentity.getJavaType().getSimpleName(), objectIdentity.getIdentifier()});
                return -1;
            } catch (NotFoundException e) {
                log.debug("%s voting to deny access to user '%s' on %s(%s) - no ACLs apply for this principal", new Object[]{this, authentication.getName(), objectIdentity.getJavaType().getSimpleName(), objectIdentity.getIdentifier()});
                return -1;
            }
        } catch (NotFoundException e2) {
            log.debug("%s voting to deny access to user '%s' on %s(%s) - no ACLs apply for this principal", new Object[]{this, authentication.getName(), objectIdentity.getJavaType().getSimpleName(), objectIdentity.getIdentifier()});
            return -1;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Object getInnerDomainObject(Object obj) {
        try {
            obj = obj.getClass().getMethod(getInternalMethod(), new Class[0]).invoke(obj, new Object[0]);
            return obj;
        } catch (IllegalAccessException | InvocationTargetException e) {
            log.debug("%s encountered problem invoking internalMethod %s for object: %s", new Object[]{this, getInternalMethod(), obj});
            log.debug((String) null, e);
            throw new AuthorizationServiceException("Problem invoking internalMethod: " + getInternalMethod() + " for object: " + obj);
        } catch (NoSuchMethodException e2) {
            throw new AuthorizationServiceException(String.format("Object of class '%s' does not provide the requested internalMethod: %s", obj.getClass(), getInternalMethod()));
        }
    }

    public AclService getAclService() {
        return this.aclService;
    }

    public Permission[] getRequirePermission() {
        return this.requirePermission;
    }

    public ObjectIdentityRetrievalStrategy getObjectIdentityRetrievalStrategy() {
        return this.objectIdentityRetrievalStrategy;
    }

    public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
        super.setObjectIdentityRetrievalStrategy(objectIdentityRetrievalStrategy);
        this.objectIdentityRetrievalStrategy = objectIdentityRetrievalStrategy;
    }

    public SidRetrievalStrategy getSidRetrievalStrategy() {
        return this.sidRetrievalStrategy;
    }

    public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy) {
        super.setSidRetrievalStrategy(sidRetrievalStrategy);
        this.sidRetrievalStrategy = sidRetrievalStrategy;
    }

    public String toString() {
        return String.format("Voter(%s, %s)", getProcessConfigAttribute(), Arrays.stream(getRequirePermission()).map(permission -> {
            return permission instanceof BambooPermission ? ((BambooPermission) permission).getName() : permission.toString();
        }).collect(Collectors.toList()));
    }
}
