package eu.etaxonomy.cdm.persistence.permission.voter;

import eu.etaxonomy.cdm.model.common.CdmBase;
import eu.etaxonomy.cdm.model.permission.CRUD;
import eu.etaxonomy.cdm.model.permission.PermissionClass;
import eu.etaxonomy.cdm.persistence.permission.CdmAuthority;
import eu.etaxonomy.cdm.persistence.permission.CdmAuthorityParsingException;
import eu.etaxonomy.cdm.persistence.permission.TargetEntityStates;
import java.util.Collection;
import java.util.EnumSet;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:lib/cdmlib-persistence-5.42.0.jar:eu/etaxonomy/cdm/persistence/permission/voter/CdmPermissionVoter.class */
public abstract class CdmPermissionVoter implements AccessDecisionVoter<TargetEntityStates> {
    private static final Logger logger = LogManager.getLogger();
    private static final EnumSet<CRUD> DELETE = EnumSet.of(CRUD.DELETE);

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:lib/cdmlib-persistence-5.42.0.jar:eu/etaxonomy/cdm/persistence/permission/voter/CdmPermissionVoter$ValidationResult.class */
    public class ValidationResult {
        public boolean isIgnoreUuidMatch;
        boolean isPermissionMatch = false;
        boolean isPropertyMatch = false;
        boolean isUuidMatch = false;
        boolean isClassMatch = false;

        protected ValidationResult() {
        }

        public String toString() {
            return "isClassMatch: " + Boolean.toString(this.isClassMatch) + ", isUuidMatch: " + Boolean.toString(this.isUuidMatch) + ", isPermissionMatch: " + Boolean.toString(this.isPermissionMatch) + ", isPropertyMatch: " + Boolean.toString(this.isPropertyMatch);
        }
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public boolean supports(ConfigAttribute configAttribute) {
        return configAttribute instanceof CdmAuthority;
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public boolean supports(Class<?> cls) {
        return cls.isInstance(CdmBase.class);
    }

    public abstract Class<? extends CdmBase> getResponsibilityClass();

    protected boolean isResponsibleFor(Object obj) {
        return getResponsibilityClass().isAssignableFrom(obj.getClass());
    }

    protected boolean isResponsibleFor(PermissionClass permissionClass) {
        return getResponsibility().equals(permissionClass);
    }

    protected PermissionClass getResponsibility() {
        return PermissionClass.getValueOf(getResponsibilityClass());
    }

    /* renamed from: vote, reason: avoid collision after fix types in other method */
    public int vote2(Authentication authentication, TargetEntityStates targetEntityStates, Collection<ConfigAttribute> collection) {
        if (!isResponsibleFor(targetEntityStates.getEntity())) {
            if (!logger.isDebugEnabled()) {
                return 0;
            }
            logger.debug(voterLoggingLabel() + " class missmatch => ACCESS_ABSTAIN");
            return 0;
        }
        if (logger.isDebugEnabled()) {
            logger.debug(voterLoggingLabel() + " voting for authentication: " + authentication.getName() + ", object : " + targetEntityStates.getEntity().toString() + ", attribute[0]:" + ((CdmAuthority) collection.iterator().next()).getAttribute());
        }
        int i = -1;
        boolean z = false;
        for (ConfigAttribute configAttribute : collection) {
            if (!(configAttribute instanceof CdmAuthority)) {
                throw new RuntimeException("attributes must contain only CdmAuthority");
            }
            CdmAuthority cdmAuthority = (CdmAuthority) configAttribute;
            for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
                try {
                    CdmAuthority fromGrantedAuthority = CdmAuthority.fromGrantedAuthority(grantedAuthority);
                    if (isResponsibleFor(cdmAuthority.getPermissionClass())) {
                        ValidationResult validationResult = new ValidationResult();
                        validationResult.isClassMatch = fromGrantedAuthority.getPermissionClass().equals(PermissionClass.ALL) || fromGrantedAuthority.getPermissionClass().equals(cdmAuthority.getPermissionClass());
                        validationResult.isPermissionMatch = fromGrantedAuthority.getOperation().containsAll(cdmAuthority.getOperation());
                        validationResult.isUuidMatch = fromGrantedAuthority.hasTargetUuid() && fromGrantedAuthority.getTargetUUID().equals(targetEntityStates.getEntity().getUuid());
                        validationResult.isIgnoreUuidMatch = !fromGrantedAuthority.hasTargetUuid();
                        if (logger.isDebugEnabled()) {
                            logger.debug(voterLoggingLabel() + " " + validationResult);
                        }
                        if (validationResult.isClassMatch && cdmAuthority.getOperation().equals(DELETE) && isOrpahn(targetEntityStates.getEntity())) {
                            if (!logger.isDebugEnabled()) {
                                return 1;
                            }
                            logger.debug(voterLoggingLabel() + " entity is considered orphan => ACCESS_GRANTED");
                            return 1;
                        }
                        if (!fromGrantedAuthority.hasProperty()) {
                            if (validationResult.isIgnoreUuidMatch && validationResult.isClassMatch && validationResult.isPermissionMatch) {
                                if (!logger.isDebugEnabled()) {
                                    return 1;
                                }
                                logger.debug(voterLoggingLabel() + " no targetUuid, class & permission match => ACCESS_GRANTED");
                                return 1;
                            }
                            if (validationResult.isUuidMatch && validationResult.isClassMatch && validationResult.isPermissionMatch) {
                                if (!logger.isDebugEnabled()) {
                                    return 1;
                                }
                                logger.debug(voterLoggingLabel() + " permission, class and uuid are matching => ACCESS_GRANTED");
                                return 1;
                            }
                        } else if (validationResult.isClassMatch) {
                            i = 0;
                        }
                        Integer furtherVotingDescisions = furtherVotingDescisions(fromGrantedAuthority, targetEntityStates, collection, validationResult);
                        if (furtherVotingDescisions == null) {
                            continue;
                        } else {
                            if (logger.isDebugEnabled()) {
                                logger.debug(voterLoggingLabel() + " furtherVotingResult => " + voteToString(furtherVotingDescisions.intValue()));
                            }
                            switch (furtherVotingDescisions.intValue()) {
                                case -1:
                                    z = true;
                                    break;
                                case 1:
                                    return 1;
                            }
                        }
                    } else {
                        logger.debug(voterLoggingLabel() + " not responsible for " + cdmAuthority.getPermissionClass() + " -> skipping");
                    }
                } catch (CdmAuthorityParsingException e) {
                    logger.debug(voterLoggingLabel() + " skipping " + grantedAuthority.getAuthority() + " due to CdmAuthorityParsingException");
                }
            }
        }
        int i2 = z ? -1 : i;
        if (logger.isDebugEnabled()) {
            logger.debug(voterLoggingLabel() + " fallThroughVote => " + voteToString(i));
            logger.debug(voterLoggingLabel() + " ##votingResult## => " + voteToString(i2));
        }
        return i2;
    }

    public abstract boolean isOrpahn(CdmBase cdmBase);

    protected Integer furtherVotingDescisions(CdmAuthority cdmAuthority, TargetEntityStates targetEntityStates, Collection<ConfigAttribute> collection, ValidationResult validationResult) {
        return null;
    }

    protected String voterLoggingLabel() {
        return "(" + getResponsibilityClass().getSimpleName() + "-Voter)";
    }

    protected String voteToString(int i) {
        switch (i) {
            case -1:
                return "ACCESS_DENIED";
            case 0:
                return "ACCESS_ABSTAIN";
            case 1:
                return "ACCESS_GRANTED";
            default:
                return Integer.toString(i);
        }
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public /* bridge */ /* synthetic */ int vote(Authentication authentication, TargetEntityStates targetEntityStates, Collection collection) {
        return vote2(authentication, targetEntityStates, (Collection<ConfigAttribute>) collection);
    }
}
