package org.craftercms.commons.security.permissions.annotations;

import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.Map;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.craftercms.commons.i10n.I10nLogger;
import org.craftercms.commons.security.exception.ActionDeniedException;
import org.craftercms.commons.security.exception.PermissionException;
import org.craftercms.commons.security.permissions.PermissionEvaluator;
import org.springframework.core.annotation.Order;

@Aspect
@Order(-1)
/* loaded from: input_file:WEB-INF/lib/crafter-commons-security-2.5.6.jar:org/craftercms/commons/security/permissions/annotations/HasPermissionAnnotationHandler.class */
public class HasPermissionAnnotationHandler {
    private static final I10nLogger logger = new I10nLogger((Class<?>) HasPermissionAnnotationHandler.class, "crafter.security.messages.logging");
    private static final String LOG_KEY_METHOD_INT = "security.permission.methodIntercepted";
    private static final String LOG_KEY_METHOD_INT_NO_SEC_OBJ = "security.permission.methodInterceptedNoSecObject";
    private static final String ERROR_KEY_EVALUATOR_NOT_FOUND = "security.permission.evaluatorNotFound";
    private static final String ERROR_KEY_EVALUATION_FAILED = "security.permission.evaluationFailed";
    protected Map<Class<?>, PermissionEvaluator<?, ?>> permissionEvaluators;

    public void setPermissionEvaluators(Map<Class<?>, PermissionEvaluator<?, ?>> map) {
        this.permissionEvaluators = map;
    }

    @Around("@within(org.craftercms.commons.security.permissions.annotations.HasPermission) || @annotation(org.craftercms.commons.security.permissions.annotations.HasPermission)")
    public Object checkPermissions(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        Method actualMethod = getActualMethod(proceedingJoinPoint);
        HasPermission hasPermissionAnnotation = getHasPermissionAnnotation(actualMethod, proceedingJoinPoint);
        Class<?> type = hasPermissionAnnotation.type();
        String action = hasPermissionAnnotation.action();
        Object annotatedSecuredObject = getAnnotatedSecuredObject(actualMethod, proceedingJoinPoint);
        PermissionEvaluator<?, ?> permissionEvaluator = this.permissionEvaluators.get(type);
        if (annotatedSecuredObject != null) {
            logger.debug(LOG_KEY_METHOD_INT, actualMethod, hasPermissionAnnotation, annotatedSecuredObject);
        } else {
            logger.debug(LOG_KEY_METHOD_INT_NO_SEC_OBJ, actualMethod, hasPermissionAnnotation);
        }
        if (permissionEvaluator == null) {
            throw new PermissionException(ERROR_KEY_EVALUATOR_NOT_FOUND, type);
        }
        try {
            if (permissionEvaluator.isAllowed(annotatedSecuredObject, action)) {
                return proceedingJoinPoint.proceed();
            }
            if (annotatedSecuredObject != null) {
                throw new ActionDeniedException(hasPermissionAnnotation.action(), annotatedSecuredObject);
            }
            throw new ActionDeniedException(hasPermissionAnnotation.action());
        } catch (PermissionException e) {
            throw new PermissionException(ERROR_KEY_EVALUATION_FAILED, e, new Object[0]);
        }
    }

    protected Method getActualMethod(ProceedingJoinPoint proceedingJoinPoint) {
        Method method = ((MethodSignature) proceedingJoinPoint.getSignature()).getMethod();
        if (method.getDeclaringClass().isInterface()) {
            try {
                method = proceedingJoinPoint.getTarget().getClass().getDeclaredMethod(method.getName(), method.getParameterTypes());
            } catch (NoSuchMethodException e) {
                throw new RuntimeException(e);
            }
        }
        return method;
    }

    protected HasPermission getHasPermissionAnnotation(Method method, ProceedingJoinPoint proceedingJoinPoint) {
        HasPermission hasPermission = (HasPermission) method.getAnnotation(HasPermission.class);
        if (hasPermission == null) {
            hasPermission = (HasPermission) proceedingJoinPoint.getTarget().getClass().getAnnotation(HasPermission.class);
        }
        return hasPermission;
    }

    protected Object getAnnotatedSecuredObject(Method method, ProceedingJoinPoint proceedingJoinPoint) {
        Annotation[][] parameterAnnotations = method.getParameterAnnotations();
        Object[] args = proceedingJoinPoint.getArgs();
        for (int i = 0; i < parameterAnnotations.length; i++) {
            for (Annotation annotation : parameterAnnotations[i]) {
                if (annotation instanceof SecuredObject) {
                    return args[i];
                }
            }
        }
        return null;
    }
}
