package grails.plugin.springsecurity.web.access.intercept;

import grails.plugin.springsecurity.InterceptedUrl;
import grails.util.GrailsUtil;
import grails.util.Metadata;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.concurrent.CopyOnWriteArrayList;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.spi.LocationInfo;
import org.glassfish.hk2.utilities.BuilderHelper;
import org.hibernate.util.xml.MappingReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.http.HttpMethod;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.vote.AuthenticatedVoter;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/classes/grails/plugin/springsecurity/web/access/intercept/AbstractFilterInvocationDefinition.class */
public abstract class AbstractFilterInvocationDefinition implements FilterInvocationSecurityMetadataSource, InitializingBean {
    protected static final Collection<ConfigAttribute> DENY = Collections.singletonList(new SecurityConfig("_DENY_"));
    protected boolean rejectIfNoRule;
    protected RoleVoter roleVoter;
    protected AuthenticatedVoter authenticatedVoter;
    protected boolean initialized;
    protected boolean grails23Plus;
    protected final List<InterceptedUrl> compiled = new CopyOnWriteArrayList();
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    protected AntPathMatcher urlMatcher = new AntPathMatcher();
    protected final Logger log = LoggerFactory.getLogger(getClass());

    public void reset() throws Exception {
    }

    @Override // org.springframework.security.access.SecurityMetadataSource
    public Collection<ConfigAttribute> getAttributes(Object obj) throws IllegalArgumentException {
        Assert.notNull(obj, "Object must be a FilterInvocation");
        Assert.isTrue(supports(obj.getClass()), "Object must be a FilterInvocation");
        FilterInvocation filterInvocation = (FilterInvocation) obj;
        try {
            Collection<ConfigAttribute> findConfigAttributes = findConfigAttributes(determineUrl(filterInvocation), filterInvocation.getRequest().getMethod());
            return ((findConfigAttributes == null || findConfigAttributes.isEmpty()) && this.rejectIfNoRule) ? DENY : findConfigAttributes;
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    protected String determineUrl(FilterInvocation filterInvocation) {
        return lowercaseAndStripQuerystring(calculateUri(filterInvocation.getHttpRequest()));
    }

    protected boolean stopAtFirstMatch() {
        return false;
    }

    public InterceptedUrl getInterceptedUrl(String str, HttpMethod httpMethod) throws Exception {
        initialize();
        for (InterceptedUrl interceptedUrl : this.compiled) {
            if (interceptedUrl.getHttpMethod() == httpMethod && interceptedUrl.getPattern().equals(str)) {
                return interceptedUrl;
            }
        }
        return null;
    }

    protected Collection<ConfigAttribute> findConfigAttributes(String str, String str2) throws Exception {
        initialize();
        Collection<ConfigAttribute> collection = null;
        String str3 = null;
        boolean stopAtFirstMatch = stopAtFirstMatch();
        for (InterceptedUrl interceptedUrl : this.compiled) {
            if (interceptedUrl.getHttpMethod() == null || str2 == null || interceptedUrl.getHttpMethod() == HttpMethod.valueOf(str2)) {
                if (this.urlMatcher.match(interceptedUrl.getPattern(), str) && (collection == null || this.urlMatcher.match(str3, interceptedUrl.getPattern()))) {
                    collection = interceptedUrl.getConfigAttributes();
                    str3 = interceptedUrl.getPattern();
                    if (this.log.isTraceEnabled()) {
                        this.log.trace("new candidate for '{}': '{}':{}", str, interceptedUrl.getPattern(), collection);
                    }
                    if (stopAtFirstMatch) {
                        break;
                    }
                }
            } else if (this.log.isDebugEnabled()) {
                this.log.debug("Request '{} {}' doesn't match '{} {}'", str2, str, interceptedUrl.getHttpMethod(), interceptedUrl.getPattern());
            }
        }
        if (this.log.isTraceEnabled()) {
            if (collection == null) {
                this.log.trace("no config for '{}'", str);
            } else {
                this.log.trace("config for '{}' is '{}':{}", str, str3, collection);
            }
        }
        return collection;
    }

    protected void initialize() throws Exception {
    }

    @Override // org.springframework.security.access.SecurityMetadataSource
    public boolean supports(Class<?> cls) {
        return FilterInvocation.class.isAssignableFrom(cls);
    }

    @Override // org.springframework.security.access.SecurityMetadataSource
    public Collection<ConfigAttribute> getAllConfigAttributes() {
        try {
            initialize();
        } catch (Exception e) {
            GrailsUtil.deepSanitize(e);
            this.log.error(e.getMessage(), (Throwable) e);
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        Iterator<InterceptedUrl> it = this.compiled.iterator();
        while (it.hasNext()) {
            linkedHashSet.addAll(it.next().getConfigAttributes());
        }
        return Collections.unmodifiableCollection(linkedHashSet);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String calculateUri(HttpServletRequest httpServletRequest) {
        String substring = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
        int indexOf = substring.indexOf(BuilderHelper.TOKEN_SEPARATOR);
        return indexOf == -1 ? substring : substring.substring(0, indexOf);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String lowercaseAndStripQuerystring(String str) {
        String lowerCase = str.toLowerCase();
        int indexOf = lowerCase.indexOf(LocationInfo.NA);
        if (indexOf != -1) {
            lowerCase = lowerCase.substring(0, indexOf);
        }
        return lowerCase;
    }

    protected AntPathMatcher getUrlMatcher() {
        return this.urlMatcher;
    }

    public List<InterceptedUrl> getConfigAttributeMap() {
        return Collections.unmodifiableList(this.compiled);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<String> split(String str) {
        if (!str.startsWith("ROLE_") && !str.startsWith("IS_")) {
            return Collections.singletonList(str);
        }
        String[] commaDelimitedListToStringArray = StringUtils.commaDelimitedListToStringArray(str);
        ArrayList arrayList = new ArrayList();
        for (String str2 : commaDelimitedListToStringArray) {
            String trim = str2.trim();
            if (trim.length() > 0) {
                arrayList.add(trim);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void compileAndStoreMapping(InterceptedUrl interceptedUrl) {
        String pattern = interceptedUrl.getPattern();
        HttpMethod httpMethod = interceptedUrl.getHttpMethod();
        String lowerCase = pattern.toLowerCase();
        Collection<ConfigAttribute> configAttributes = interceptedUrl.getConfigAttributes();
        InterceptedUrl storeMapping = storeMapping(lowerCase, httpMethod, Collections.unmodifiableCollection(configAttributes));
        if (storeMapping != null) {
            this.log.warn("replaced rule for '{}' with roles {} with roles {}", lowerCase, storeMapping.getConfigAttributes(), configAttributes);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public InterceptedUrl storeMapping(String str, HttpMethod httpMethod, Collection<ConfigAttribute> collection) {
        InterceptedUrl interceptedUrl = null;
        Iterator<InterceptedUrl> it = this.compiled.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            InterceptedUrl next = it.next();
            if (next.getPattern().equals(str) && next.getHttpMethod() == httpMethod) {
                interceptedUrl = next;
                break;
            }
        }
        if (interceptedUrl != null) {
            this.compiled.remove(interceptedUrl);
        }
        this.compiled.add(new InterceptedUrl(str, httpMethod, collection));
        return interceptedUrl;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void resetConfigs() {
        this.compiled.clear();
    }

    public Collection<ConfigAttribute> findMatchingAttributes(String str) {
        for (InterceptedUrl interceptedUrl : this.compiled) {
            if (this.urlMatcher.match(interceptedUrl.getPattern(), str)) {
                return interceptedUrl.getConfigAttributes();
            }
        }
        return Collections.emptyList();
    }

    public void setRejectIfNoRule(boolean z) {
        this.rejectIfNoRule = z;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        String grailsVersion = Metadata.getCurrent().getGrailsVersion();
        this.grails23Plus = (grailsVersion.startsWith(MappingReader.ASSUMED_ORM_XSD_VERSION) || grailsVersion.startsWith("2.1") || grailsVersion.startsWith("2.2")) ? false : true;
    }
}
