package org.thymeleaf.extras.springsecurity3.auth;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanWrapperImpl;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.expression.EvaluationContext;
import org.springframework.expression.Expression;
import org.springframework.expression.ParseException;
import org.springframework.security.access.expression.ExpressionUtils;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
import org.springframework.security.web.access.expression.WebSecurityExpressionHandler;
import org.springframework.web.context.support.WebApplicationContextUtils;
import org.thymeleaf.Arguments;
import org.thymeleaf.TemplateEngine;
import org.thymeleaf.context.IProcessingContext;
import org.thymeleaf.exceptions.TemplateProcessingException;
import org.thymeleaf.standard.expression.IStandardVariableExpressionEvaluator;
import org.thymeleaf.util.Validate;

/* loaded from: input_file:org/thymeleaf/extras/springsecurity3/auth/AuthUtils.class */
public final class AuthUtils {
    private static final Logger logger = LoggerFactory.getLogger(AuthUtils.class);
    private static final FilterChain DUMMY_CHAIN = new FilterChain() { // from class: org.thymeleaf.extras.springsecurity3.auth.AuthUtils.1
        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            throw new UnsupportedOperationException();
        }
    };

    private AuthUtils() {
    }

    public static Authentication getAuthenticationObject() {
        if (logger.isTraceEnabled()) {
            logger.trace("[THYMELEAF][{}] Obtaining authentication object.", new Object[]{TemplateEngine.threadIndex()});
        }
        if (SecurityContextHolder.getContext() == null) {
            if (!logger.isTraceEnabled()) {
                return null;
            }
            logger.trace("[THYMELEAF][{}] No security context found, no authentication object returned.", new Object[]{TemplateEngine.threadIndex()});
            return null;
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null && authentication.getPrincipal() != null) {
            if (logger.isTraceEnabled()) {
                logger.trace("[THYMELEAF][{}] Authentication object of class {} found in context for user \"{}\".", new Object[]{TemplateEngine.threadIndex(), authentication.getClass().getName()}, authentication.getName());
            }
            return authentication;
        }
        if (!logger.isTraceEnabled()) {
            return null;
        }
        logger.trace("[THYMELEAF][{}] No authentication object found in context.", new Object[]{TemplateEngine.threadIndex()});
        return null;
    }

    public static Object getAuthenticationProperty(Authentication authentication, String str) {
        if (logger.isTraceEnabled()) {
            logger.trace("[THYMELEAF][{}] Reading property \"{}\" from authentication object.", new Object[]{TemplateEngine.threadIndex(), str});
        }
        if (authentication == null) {
            return null;
        }
        try {
            Object propertyValue = new BeanWrapperImpl(authentication).getPropertyValue(str);
            if (logger.isTraceEnabled()) {
                Logger logger2 = logger;
                Object[] objArr = new Object[4];
                objArr[0] = TemplateEngine.threadIndex();
                objArr[1] = str;
                objArr[2] = authentication.getName();
                objArr[3] = propertyValue == null ? null : propertyValue.getClass().getName();
                logger2.trace("[THYMELEAF][{}] Property \"{}\" obtained from authentication object for user \"{}\". Returned value of class {}.", objArr);
            }
            return propertyValue;
        } catch (BeansException e) {
            throw new TemplateProcessingException("Error retrieving value for property \"" + str + "\" of authentication object of class " + authentication.getClass().getName(), e);
        }
    }

    public static boolean authorizeUsingAccessExpression(IProcessingContext iProcessingContext, String str, Authentication authentication, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ServletContext servletContext) {
        Validate.notNull(iProcessingContext, "Processing context cannot be null");
        if (logger.isTraceEnabled()) {
            Logger logger2 = logger;
            Object[] objArr = new Object[3];
            objArr[0] = TemplateEngine.threadIndex();
            objArr[1] = str;
            objArr[2] = authentication == null ? null : authentication.getName();
            logger2.trace("[THYMELEAF][{}] Checking authorization using access expression \"{}\" for user \"{}\".", objArr);
        }
        String substring = (str != null && str.startsWith("${") && str.endsWith("}")) ? str.substring(2, str.length() - 1) : str;
        WebSecurityExpressionHandler expressionHandler = getExpressionHandler(servletContext);
        try {
            Expression parseExpression = expressionHandler.getExpressionParser().parseExpression(substring);
            EvaluationContext createEvaluationContext = expressionHandler.createEvaluationContext(authentication, new FilterInvocation(httpServletRequest, httpServletResponse, DUMMY_CHAIN));
            Map<String, Object> map = null;
            if (iProcessingContext instanceof Arguments) {
                Arguments arguments = (Arguments) iProcessingContext;
                map = SpringVersionSpecificUtils.computeExpressionObjectsFromExpressionEvaluator(arguments, (IStandardVariableExpressionEvaluator) arguments.getExecutionAttribute("EXPRESSION_EVALUATOR"));
            }
            if (map == null) {
                map = new HashMap();
                Map<? extends String, ? extends Object> expressionObjects = iProcessingContext.getExpressionObjects();
                if (expressionObjects != null) {
                    map.putAll(expressionObjects);
                }
            }
            if (ExpressionUtils.evaluateAsBoolean(parseExpression, SpringVersionSpecificUtils.wrapEvaluationContext(createEvaluationContext, map))) {
                if (!logger.isTraceEnabled()) {
                    return true;
                }
                Logger logger3 = logger;
                Object[] objArr2 = new Object[3];
                objArr2[0] = TemplateEngine.threadIndex();
                objArr2[1] = str;
                objArr2[2] = authentication == null ? null : authentication.getName();
                logger3.trace("[THYMELEAF][{}] Checked authorization using access expression \"{}\" for user \"{}\". Access GRANTED.", objArr2);
                return true;
            }
            if (!logger.isTraceEnabled()) {
                return false;
            }
            Logger logger4 = logger;
            Object[] objArr3 = new Object[3];
            objArr3[0] = TemplateEngine.threadIndex();
            objArr3[1] = str;
            objArr3[2] = authentication == null ? null : authentication.getName();
            logger4.trace("[THYMELEAF][{}] Checked authorization using access expression \"{}\" for user \"{}\". Access DENIED.", objArr3);
            return false;
        } catch (ParseException e) {
            throw new TemplateProcessingException("An error happened trying to parse Spring Security access expression \"" + substring + "\"", e);
        }
    }

    private static WebSecurityExpressionHandler getExpressionHandler(ServletContext servletContext) {
        Map beansOfType = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext).getBeansOfType(WebSecurityExpressionHandler.class);
        if (beansOfType.size() == 0) {
            throw new TemplateProcessingException("No visible WebSecurityExpressionHandler instance could be found in the application context. There must be at least one in order to support expressions in Spring Security authorization queries.");
        }
        return (WebSecurityExpressionHandler) beansOfType.values().toArray()[0];
    }

    public static boolean authorizeUsingUrlCheck(String str, String str2, Authentication authentication, HttpServletRequest httpServletRequest, ServletContext servletContext) {
        if (logger.isTraceEnabled()) {
            Logger logger2 = logger;
            Object[] objArr = new Object[4];
            objArr[0] = TemplateEngine.threadIndex();
            objArr[1] = str;
            objArr[2] = str2;
            objArr[3] = authentication == null ? null : authentication.getName();
            logger2.trace("[THYMELEAF][{}] Checking authorization for URL \"{}\" and method \"{}\" for user \"{}\".", objArr);
        }
        boolean z = getPrivilegeEvaluator(servletContext).isAllowed(httpServletRequest.getContextPath(), str, str2, authentication);
        if (logger.isTraceEnabled()) {
            Logger logger3 = logger;
            String str3 = "[THYMELEAF][{}] Checked authorization for URL \"{}\" and method \"{}\" for user \"{}\". " + (z ? "Access GRANTED." : "Access DENIED.");
            Object[] objArr2 = new Object[4];
            objArr2[0] = TemplateEngine.threadIndex();
            objArr2[1] = str;
            objArr2[2] = str2;
            objArr2[3] = authentication == null ? null : authentication.getName();
            logger3.trace(str3, objArr2);
        }
        return z;
    }

    private static WebInvocationPrivilegeEvaluator getPrivilegeEvaluator(ServletContext servletContext) {
        Map beansOfType = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext).getBeansOfType(WebInvocationPrivilegeEvaluator.class);
        if (beansOfType.size() == 0) {
            throw new TemplateProcessingException("No visible WebInvocationPrivilegeEvaluator instance could be found in the application context. There must be at least one in order to support URL access checks in Spring Security authorization queries.");
        }
        return (WebInvocationPrivilegeEvaluator) beansOfType.values().toArray()[0];
    }

    public static ApplicationContext getContext(ServletContext servletContext) {
        return WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
    }
}
