package org.springframework.security.taglibs.authz;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.tagext.TagSupport;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.security.acls.domain.DefaultPermissionFactory;
import org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl;
import org.springframework.security.acls.domain.PermissionFactory;
import org.springframework.security.acls.domain.SidRetrievalStrategyImpl;
import org.springframework.security.acls.model.AclService;
import org.springframework.security.acls.model.NotFoundException;
import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.acls.model.Sid;
import org.springframework.security.acls.model.SidRetrievalStrategy;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.context.support.WebApplicationContextUtils;
import org.springframework.web.util.ExpressionEvaluationUtils;

/* loaded from: input_file:WEB-INF/lib/spring-security-taglibs-3.0.2.RELEASE.jar:org/springframework/security/taglibs/authz/AccessControlListTag.class */
public class AccessControlListTag extends TagSupport {
    protected static final Log logger = LogFactory.getLog(AccessControlListTag.class);
    private AclService aclService;
    private ApplicationContext applicationContext;
    private Object domainObject;
    private ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy;
    private SidRetrievalStrategy sidRetrievalStrategy;
    private PermissionFactory permissionFactory;
    private String hasPermission = "";

    public int doStartTag() throws JspException {
        if (null == this.hasPermission || "".equals(this.hasPermission)) {
            return 0;
        }
        initializeIfRequired();
        List<Permission> parsePermissionsString = parsePermissionsString(ExpressionEvaluationUtils.evaluateString("hasPermission", this.hasPermission, this.pageContext));
        Object evaluate = this.domainObject instanceof String ? ExpressionEvaluationUtils.evaluate("domainObject", (String) this.domainObject, Object.class, this.pageContext) : this.domainObject;
        if (evaluate == null) {
            if (!logger.isDebugEnabled()) {
                return 1;
            }
            logger.debug("domainObject resolved to null, so including tag body");
            return 1;
        }
        if (SecurityContextHolder.getContext().getAuthentication() != null) {
            List<Sid> sids = this.sidRetrievalStrategy.getSids(SecurityContextHolder.getContext().getAuthentication());
            try {
                return this.aclService.readAclById(this.objectIdentityRetrievalStrategy.getObjectIdentity(evaluate), sids).isGranted(parsePermissionsString, sids, false) ? 1 : 0;
            } catch (NotFoundException e) {
                return 0;
            }
        }
        if (!logger.isDebugEnabled()) {
            return 0;
        }
        logger.debug("SecurityContextHolder did not return a non-null Authentication object, so skipping tag body");
        return 0;
    }

    protected ApplicationContext getContext(PageContext pageContext) {
        return WebApplicationContextUtils.getRequiredWebApplicationContext(pageContext.getServletContext());
    }

    public Object getDomainObject() {
        return this.domainObject;
    }

    public String getHasPermission() {
        return this.hasPermission;
    }

    private void initializeIfRequired() throws JspException {
        if (this.applicationContext != null) {
            return;
        }
        this.applicationContext = getContext(this.pageContext);
        this.aclService = (AclService) getBeanOfType(AclService.class);
        this.sidRetrievalStrategy = (SidRetrievalStrategy) getBeanOfType(SidRetrievalStrategy.class);
        if (this.sidRetrievalStrategy == null) {
            this.sidRetrievalStrategy = new SidRetrievalStrategyImpl();
        }
        this.objectIdentityRetrievalStrategy = (ObjectIdentityRetrievalStrategy) getBeanOfType(ObjectIdentityRetrievalStrategy.class);
        if (this.objectIdentityRetrievalStrategy == null) {
            this.objectIdentityRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
        }
        this.permissionFactory = (PermissionFactory) getBeanOfType(PermissionFactory.class);
        if (this.permissionFactory == null) {
            this.permissionFactory = new DefaultPermissionFactory();
        }
    }

    private <T> T getBeanOfType(Class<T> cls) throws JspException {
        Map<String, T> beansOfType = this.applicationContext.getBeansOfType(cls);
        ApplicationContext parent = this.applicationContext.getParent();
        while (true) {
            ApplicationContext applicationContext = parent;
            if (applicationContext == null) {
                break;
            }
            beansOfType.putAll(applicationContext.getBeansOfType(cls));
            parent = applicationContext.getParent();
        }
        if (beansOfType.size() == 0) {
            return null;
        }
        if (beansOfType.size() == 1) {
            return beansOfType.values().iterator().next();
        }
        throw new JspException("Found incorrect number of " + cls.getSimpleName() + " instances in application context - you must have only have one!");
    }

    private List<Permission> parsePermissionsString(String str) throws NumberFormatException {
        HashSet hashSet = new HashSet();
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",", false);
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            try {
                hashSet.add(this.permissionFactory.buildFromMask(Integer.valueOf(nextToken).intValue()));
            } catch (NumberFormatException e) {
                hashSet.add(this.permissionFactory.buildFromName(nextToken));
            }
        }
        return new ArrayList(hashSet);
    }

    public void setDomainObject(Object obj) {
        this.domainObject = obj;
    }

    public void setHasPermission(String str) {
        this.hasPermission = str;
    }
}
