package com.linkare.zas.aspectj;

import com.linkare.zas.annotation.AccessControlled;
import com.linkare.zas.annotation.AccessControls;
import com.linkare.zas.api.Decider;
import com.linkare.zas.api.EnforcerAdvise;
import com.linkare.zas.api.IAOPMetaData;
import com.linkare.zas.api.IJoinPoint;
import com.linkare.zas.api.UnauthorizedAccessImplementor;
import com.linkare.zas.api.ZasInitializer;
import com.linkare.zas.aspectj.accessinfo.AOPMetaData;
import com.linkare.zas.aspectj.utils.BaseZas;
import com.linkare.zas.aspectj.utils.ReflectionUtils;
import com.linkare.zas.aspectj.utils.ZasUtils;
import com.linkare.zas.config.Configuration;
import com.linkare.zas.exception.AccessControlException;
import com.linkare.zas.exception.NoAccessControlInheritedAllowedException;
import com.linkare.zas.metainfo.AccessControlInheritedRequirement;
import com.linkare.zas.metainfo.AccessControlledRequirement;
import com.linkare.zas.metainfo.ForcedRequirement;
import com.linkare.zas.metainfo.ZasBaseRequirement;
import java.lang.annotation.Annotation;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Modifier;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.After;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.SuppressAjWarnings;

/* compiled from: Enforcer.aj */
@SuppressAjWarnings({"adviceDidNotMatch"})
/* loaded from: input_file:com/linkare/zas/aspectj/Enforcer.class */
public abstract class Enforcer<S> extends BaseZas<S> {
    private Map<Class<? extends UnauthorizedAccessImplementor>, UnauthorizedAccessImplementor> unauthorizedAccessImplementorClassInstancesMap = new Hashtable();

    @ZasInitializer
    protected Enforcer() {
    }

    @EnforcerAdvise
    @Before(value = "(enabled() && (forcedContext() && (weavingContext() && if(void java.lang.Object.if_()))))", argNames = "")
    @SuppressAjWarnings({"adviceDidNotMatch"})
    public void ajc$before$com_linkare_zas_aspectj_Enforcer$1$f8f6c579(JoinPoint joinPoint) {
        com.linkare.zas.aspectj.accessinfo.JoinPoint joinPoint2 = new com.linkare.zas.aspectj.accessinfo.JoinPoint(joinPoint);
        if (buildForcedRequirement(joinPoint2, true).isForced()) {
            SharedSecurityContext.registerForcedJoinPoint(joinPoint2);
        }
    }

    @EnforcerAdvise
    @Before(value = "(enabled() && (accessControlledTypes(accessControlledOnType) && (accessToControlledObjects(accessControlledOnObject) && (!privilegedAccess() && (accessControlledInheritedAccess() && weavingContext())))))", argNames = "accessControlledOnType,accessControlledOnObject")
    @SuppressAjWarnings({"adviceDidNotMatch"})
    public void ajc$before$com_linkare_zas_aspectj_Enforcer$2$4c654663(AccessControlled accessControlled, AccessControlled accessControlled2, JoinPoint joinPoint, JoinPoint.StaticPart staticPart) {
        com.linkare.zas.aspectj.accessinfo.JoinPoint joinPoint2 = new com.linkare.zas.aspectj.accessinfo.JoinPoint(joinPoint);
        checkAuthorization(AOPMetaData.create(joinPoint, staticPart), getAccessControlledAnnotationInObjectOrType(buildAccessControlInheritedRequirement(joinPoint2, true).isAccessControlInherited(), accessControlled2, accessControlled, joinPoint2));
    }

    @EnforcerAdvise
    @Before(value = "(enabled() && (accessControlsInTypes(accessControlsOnType) && (accessControlsInObjects(accessControlsOnObject) && (!privilegedAccess() && (accessControlsInheritedAccess() && weavingContext())))))", argNames = "accessControlsOnType,accessControlsOnObject")
    @SuppressAjWarnings({"adviceDidNotMatch"})
    public void ajc$before$com_linkare_zas_aspectj_Enforcer$3$b7bf0bda(AccessControls accessControls, AccessControls accessControls2, JoinPoint joinPoint, JoinPoint.StaticPart staticPart) {
        com.linkare.zas.aspectj.accessinfo.JoinPoint joinPoint2 = new com.linkare.zas.aspectj.accessinfo.JoinPoint(joinPoint);
        checkAuthorization(AOPMetaData.create(joinPoint, staticPart), getAccessControlsAnnotationInObjectOrType(buildAccessControlInheritedRequirement(joinPoint2, true).isAccessControlInherited(), accessControls2, accessControls, joinPoint2));
    }

    @EnforcerAdvise
    @Before(value = "(enabled() && (accessToControlledObjects(accessControlledOnObject) && (!privilegedAccess() && (!accessControlledInheritedAccess() && weavingContext()))))", argNames = "accessControlledOnObject")
    @SuppressAjWarnings({"adviceDidNotMatch"})
    public void ajc$before$com_linkare_zas_aspectj_Enforcer$4$b14636a(AccessControlled accessControlled, JoinPoint joinPoint, JoinPoint.StaticPart staticPart) {
        com.linkare.zas.aspectj.accessinfo.JoinPoint joinPoint2 = new com.linkare.zas.aspectj.accessinfo.JoinPoint(joinPoint);
        checkAuthorization(AOPMetaData.create(joinPoint, staticPart), getAccessControlledAnnotationInObjectOrType(buildAccessControlInheritedRequirement(joinPoint2, false).isAccessControlInherited(), accessControlled, null, joinPoint2));
    }

    @EnforcerAdvise
    @Before(value = "(enabled() && (accessControlsInObjects(accessControlsOnObject) && (!privilegedAccess() && (!accessControlsInheritedAccess() && weavingContext()))))", argNames = "accessControlsOnObject")
    @SuppressAjWarnings({"adviceDidNotMatch"})
    public void ajc$before$com_linkare_zas_aspectj_Enforcer$5$3ec9debc(AccessControls accessControls, JoinPoint joinPoint, JoinPoint.StaticPart staticPart) {
        com.linkare.zas.aspectj.accessinfo.JoinPoint joinPoint2 = new com.linkare.zas.aspectj.accessinfo.JoinPoint(joinPoint);
        checkAuthorization(AOPMetaData.create(joinPoint, staticPart), getAccessControlsAnnotationInObjectOrType(buildAccessControlInheritedRequirement(joinPoint2, false).isAccessControlInherited(), accessControls, null, joinPoint2));
    }

    @EnforcerAdvise
    @SuppressAjWarnings({"adviceDidNotMatch"})
    @After(value = "(enabled() && (forcedContext() && (weavingContext() && if(void java.lang.Object.if_()))))", argNames = "")
    public void ajc$after$com_linkare_zas_aspectj_Enforcer$6$f8f6c579(JoinPoint joinPoint) {
        com.linkare.zas.aspectj.accessinfo.JoinPoint joinPoint2 = new com.linkare.zas.aspectj.accessinfo.JoinPoint(joinPoint);
        if (buildForcedRequirement(joinPoint2, true).isForced()) {
            SharedSecurityContext.unregisterForcedJoinPoint(joinPoint2);
        }
    }

    public abstract S currentSubject();

    public abstract Class<? extends Decider<? extends Object>> defaultDeciderClass();

    private List<Decider<S>> buildDeciders(List<Class<? extends Decider>> list) throws IllegalAccessException, NoSuchMethodException, InvocationTargetException {
        ArrayList arrayList = new ArrayList(list.size());
        for (Class<? extends Decider> cls : list) {
            try {
                Decider decider = (Decider) instantiateDeciderClass(cls);
                Configuration.canUseStackOfCodeSubjects();
                arrayList.add(decider);
            } catch (InstantiationException e) {
                System.err.println(e + ". It was not possible to instantiate the decider class " + cls.getSimpleName());
            }
        }
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Object instantiateDeciderClass(Class<? extends Decider> cls) throws InstantiationException, IllegalAccessException, SecurityException, NoSuchMethodException, IllegalArgumentException, InvocationTargetException {
        if (!cls.isMemberClass() || Modifier.isStatic(cls.getModifiers())) {
            return cls.newInstance();
        }
        Class<?> enclosingClass = cls.getEnclosingClass();
        return cls.getConstructor(enclosingClass).newInstance(instantiateDeciderClass(enclosingClass));
    }

    private void checkAuthorization(IAOPMetaData iAOPMetaData, AccessControlled accessControlled) {
        IJoinPoint joinPoint = iAOPMetaData.getJoinPoint();
        boolean z = !SharedSecurityContext.isForced(joinPoint) && SharedSecurityContext.shouldBeShallowlyVerified();
        boolean isTrustResultTrueForJoinPointSignature = SharedSecurityContext.isTrustResultTrueForJoinPointSignature(joinPoint.getSignature());
        boolean isAllowedInvokerResultTrueForJoinPointSignature = SharedSecurityContext.isAllowedInvokerResultTrueForJoinPointSignature(joinPoint.getSignature());
        if (SharedSecurityContext.isForced(joinPoint) || !(isTrustResultTrueForJoinPointSignature || isAllowedInvokerResultTrueForJoinPointSignature || z)) {
            try {
                S currentSubject = currentSubject();
                for (AccessControlled accessControlled2 : getDecisionMetaInfos(joinPoint)) {
                    if (accessControlled2 != null) {
                        ZasBaseRequirement buildAccessControlRequirement = buildAccessControlRequirement(joinPoint, accessControlled2);
                        int size = buildAccessControlRequirement.getDeciderClasses().size();
                        ArrayList arrayList = new ArrayList(size);
                        if (size == 0) {
                            arrayList.add(defaultDeciderClass());
                        } else {
                            arrayList.addAll(buildAccessControlRequirement.getDeciderClasses());
                        }
                        List<Decider<S>> buildDeciders = buildDeciders(arrayList);
                        if (buildDeciders.isEmpty()) {
                            denyAccessBecauseOfEmptyDeciders(iAOPMetaData);
                        } else {
                            Iterator<Decider<S>> it = buildDeciders.iterator();
                            while (it.hasNext()) {
                                if (!it.next().checkAccess(currentSubject, buildAccessControlRequirement.getAbstractAccessMode(), iAOPMetaData)) {
                                    denyAccess(buildAccessControlRequirement, iAOPMetaData);
                                }
                            }
                        }
                    }
                }
            } catch (AccessControlException e) {
                throw e;
            } catch (RuntimeException e2) {
                throw e2;
            } catch (Exception e3) {
                e3.printStackTrace();
            }
        }
    }

    private void checkAuthorization(IAOPMetaData iAOPMetaData, AccessControls accessControls) {
        IJoinPoint joinPoint = iAOPMetaData.getJoinPoint();
        boolean z = !SharedSecurityContext.isForced(joinPoint) && SharedSecurityContext.shouldBeShallowlyVerified();
        boolean isTrustResultTrueForJoinPointSignature = SharedSecurityContext.isTrustResultTrueForJoinPointSignature(joinPoint.getSignature());
        boolean isAllowedInvokerResultTrueForJoinPointSignature = SharedSecurityContext.isAllowedInvokerResultTrueForJoinPointSignature(joinPoint.getSignature());
        if (SharedSecurityContext.isForced(joinPoint) || !(isTrustResultTrueForJoinPointSignature || isAllowedInvokerResultTrueForJoinPointSignature || z)) {
            try {
                S currentSubject = currentSubject();
                for (AccessControlled accessControlled : accessControls.value()) {
                    if (accessControlled != null) {
                        ZasBaseRequirement buildAccessControlRequirement = buildAccessControlRequirement(joinPoint, accessControlled);
                        int size = buildAccessControlRequirement.getDeciderClasses().size();
                        ArrayList arrayList = new ArrayList(size);
                        if (size == 0) {
                            arrayList.add(defaultDeciderClass());
                        } else {
                            arrayList.addAll(buildAccessControlRequirement.getDeciderClasses());
                        }
                        List<Decider<S>> buildDeciders = buildDeciders(arrayList);
                        if (buildDeciders.isEmpty()) {
                            denyAccessBecauseOfEmptyDeciders(iAOPMetaData);
                        } else {
                            Iterator<Decider<S>> it = buildDeciders.iterator();
                            while (it.hasNext()) {
                                if (!it.next().checkAccess(currentSubject, buildAccessControlRequirement.getAbstractAccessMode(), iAOPMetaData)) {
                                    denyAccess(buildAccessControlRequirement, iAOPMetaData);
                                }
                            }
                        }
                    }
                }
            } catch (RuntimeException e) {
                throw e;
            } catch (Exception e2) {
                e2.printStackTrace();
            } catch (AccessControlException e3) {
                throw e3;
            }
        }
    }

    private void denyAccess(ZasBaseRequirement zasBaseRequirement, IAOPMetaData iAOPMetaData) {
        try {
            UnauthorizedAccessImplementor orRegisterUnauthorizedAccessImplementor = getOrRegisterUnauthorizedAccessImplementor(zasBaseRequirement.getUnauthorizedAccessImplementorClass());
            orRegisterUnauthorizedAccessImplementor.doBeforeDenyAccess(zasBaseRequirement, iAOPMetaData, currentSubject());
            try {
                try {
                    orRegisterUnauthorizedAccessImplementor.denyAccess(zasBaseRequirement, iAOPMetaData, currentSubject());
                    orRegisterUnauthorizedAccessImplementor.doAfterDenyAccess(zasBaseRequirement, iAOPMetaData, currentSubject());
                } catch (RuntimeException e) {
                    throw e;
                }
            } catch (Throwable th) {
                orRegisterUnauthorizedAccessImplementor.doAfterDenyAccess(zasBaseRequirement, iAOPMetaData, currentSubject());
                throw th;
            }
        } catch (IllegalAccessException e2) {
            e2.printStackTrace();
        } catch (InstantiationException e3) {
            e3.printStackTrace();
        }
    }

    private UnauthorizedAccessImplementor getOrRegisterUnauthorizedAccessImplementor(Class<? extends UnauthorizedAccessImplementor> cls) throws InstantiationException, IllegalAccessException {
        if (this.unauthorizedAccessImplementorClassInstancesMap.get(cls) == null) {
            this.unauthorizedAccessImplementorClassInstancesMap.put(cls, cls.newInstance());
        }
        return this.unauthorizedAccessImplementorClassInstancesMap.get(cls);
    }

    private void denyAccessBecauseOfEmptyDeciders(IAOPMetaData iAOPMetaData) {
        throw new AccessControlException("Deciders were empty " + iAOPMetaData.getSignature().toString());
    }

    private List<AccessControlled> getDecisionMetaInfos(IJoinPoint iJoinPoint) throws SecurityException, NoSuchMethodException, ClassNotFoundException, NoSuchFieldException {
        if (iJoinPoint.getKind().isMethod()) {
            return ZasUtils.buildDecisionMetaInfoForMethods(ReflectionUtils.getEquivalentMethodsInTheHierarchy(ReflectionUtils.getMethodFrom(iJoinPoint)));
        }
        if (iJoinPoint.getKind().isConstructor()) {
            return ZasUtils.buildDecisionMetaInfoForConstructors(ReflectionUtils.getEquivalentConstructorsInTheHierarchy(ReflectionUtils.getConstructorFrom(iJoinPoint)));
        }
        if (iJoinPoint.getKind().isField()) {
            return ZasUtils.buildDecisionMetaInfoForField(ReflectionUtils.getFieldFrom(iJoinPoint));
        }
        return null;
    }

    private ZasBaseRequirement buildAccessControlRequirement(IJoinPoint iJoinPoint, AccessControlled accessControlled) {
        ZasBaseRequirement externalRequirement;
        return (!Configuration.getAccessRequirementSpecificationMode().isFileReadingEnabled() || (externalRequirement = BaseZas.getExternalRequirement(iJoinPoint.getSignature().getFullyQualifiedName())) == null) ? new AccessControlledRequirement(accessControlled) : externalRequirement;
    }

    private ZasBaseRequirement buildForcedRequirement(IJoinPoint iJoinPoint, boolean z) {
        ZasBaseRequirement externalRequirement;
        return (!Configuration.getAccessRequirementSpecificationMode().isFileReadingEnabled() || (externalRequirement = BaseZas.getExternalRequirement(iJoinPoint.getSignature().getFullyQualifiedName())) == null) ? new ForcedRequirement(z, iJoinPoint.getKind()) : externalRequirement;
    }

    private ZasBaseRequirement buildAccessControlInheritedRequirement(IJoinPoint iJoinPoint, boolean z) {
        ZasBaseRequirement externalRequirement;
        return (!Configuration.getAccessRequirementSpecificationMode().isFileReadingEnabled() || (externalRequirement = BaseZas.getExternalRequirement(iJoinPoint.getSignature().getFullyQualifiedName())) == null) ? new AccessControlInheritedRequirement(z, iJoinPoint.getKind()) : externalRequirement;
    }

    private AccessControlled getAccessControlledAnnotationInObjectOrType(boolean z, AccessControlled accessControlled, AccessControlled accessControlled2, IJoinPoint iJoinPoint) {
        if (!z) {
            return accessControlled;
        }
        AccessControlled accessControlled3 = accessControlled2 == null ? (AccessControlled) ReflectionUtils.getAnnotation((Class<? extends Object>) iJoinPoint.getSignature().getDeclaringType(), (Class<? extends Annotation>) AccessControlled.class) : accessControlled2;
        if (accessControlled3 == null) {
            throw new NoAccessControlInheritedAllowedException(iJoinPoint.getSignature().toString());
        }
        return (accessControlled.value().equals("false") && accessControlled.deciderClasses().length == 0) ? accessControlled3 : accessControlled;
    }

    private AccessControls getAccessControlsAnnotationInObjectOrType(boolean z, AccessControls accessControls, AccessControls accessControls2, IJoinPoint iJoinPoint) {
        if (!z) {
            return accessControls;
        }
        AccessControls accessControls3 = accessControls2 == null ? (AccessControls) ReflectionUtils.getAnnotation((Class<? extends Object>) iJoinPoint.getSignature().getDeclaringType(), (Class<? extends Annotation>) AccessControls.class) : accessControls2;
        if (accessControls3 == null) {
            throw new NoAccessControlInheritedAllowedException(iJoinPoint.getSignature().toString());
        }
        return (accessControls.isInherited() && accessControls.value().length == 0) ? accessControls3 : accessControls;
    }
}
