package com.gradecak.alfresco.mvc.aop;

import com.gradecak.alfresco.mvc.annotation.AlfrescoAuthentication;
import com.gradecak.alfresco.mvc.annotation.AuthenticationType;
import java.lang.annotation.Annotation;
import java.lang.reflect.AnnotatedElement;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.springframework.core.BridgeMethodResolver;
import org.springframework.util.ClassUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/gradecak/alfresco/mvc/aop/AuthenticationAdvice.class */
public class AuthenticationAdvice implements MethodInterceptor {
    private final ServiceRegistry serviceRegistry;

    public AuthenticationAdvice(ServiceRegistry serviceRegistry) {
        this.serviceRegistry = serviceRegistry;
    }

    public Object invoke(MethodInvocation methodInvocation) throws Throwable {
        AuthenticationType value;
        AlfrescoAuthentication parseAnnotation = parseAnnotation(BridgeMethodResolver.findBridgedMethod(ClassUtils.getMostSpecificMethod(methodInvocation.getMethod(), methodInvocation.getThis() != null ? methodInvocation.getThis().getClass() : null)));
        if (parseAnnotation != null && (value = parseAnnotation.value()) != null && !AuthenticationType.NONE.equals(value)) {
            MutableAuthenticationService authenticationService = this.serviceRegistry.getAuthenticationService();
            AuthorityService authorityService = this.serviceRegistry.getAuthorityService();
            if (StringUtils.hasText(authenticationService.getCurrentTicket())) {
                if (AuthenticationType.USER.equals(value) && authorityService.hasGuestAuthority()) {
                    throw new AuthenticationException("User has guest authority where at least a user authentication is required.");
                }
                if (AuthenticationType.ADMIN.equals(value) && !authorityService.hasAdminAuthority()) {
                    throw new AuthenticationException("User does not have admin authority where at least named admin authentication is required .");
                }
            } else {
                if (!AuthenticationType.GUEST.equals(value) || !authenticationService.guestUserAuthenticationAllowed()) {
                    throw new AuthenticationException("\nUnable to authenticate due to one of the following reasons:\nCredentials are not provided in HTTP request where at least named user or admin authentication is required.\nGuest user authentication is not allowed where at least guest authentication is required.\n");
                }
                authenticationService.authenticateAsGuest();
            }
        }
        return methodInvocation.proceed();
    }

    private AlfrescoAuthentication parseAnnotation(AnnotatedElement annotatedElement) {
        AlfrescoAuthentication alfrescoAuthentication = (AlfrescoAuthentication) annotatedElement.getAnnotation(AlfrescoAuthentication.class);
        if (alfrescoAuthentication == null) {
            for (Annotation annotation : annotatedElement.getAnnotations()) {
                alfrescoAuthentication = (AlfrescoAuthentication) annotation.annotationType().getAnnotation(AlfrescoAuthentication.class);
                if (alfrescoAuthentication != null) {
                    break;
                }
            }
        }
        if (alfrescoAuthentication != null) {
            return parseAnnotation(alfrescoAuthentication);
        }
        return null;
    }

    private AlfrescoAuthentication parseAnnotation(AlfrescoAuthentication alfrescoAuthentication) {
        return alfrescoAuthentication;
    }
}
