package com.kero.security.core.property;

import com.kero.security.core.access.Access;
import com.kero.security.core.config.action.Action;
import com.kero.security.core.config.action.ActionDeny;
import com.kero.security.core.config.action.ActionGrant;
import com.kero.security.core.interceptor.DenyInterceptor;
import com.kero.security.core.property.exceptions.PropertyPrepareException;
import com.kero.security.core.property.exceptions.RoleCollisionException;
import com.kero.security.core.role.Role;
import com.kero.security.core.scheme.AccessScheme;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/kero/security/core/property/LocalProperty.class */
public class LocalProperty implements Property {
    private String name;
    private AccessScheme scheme;
    private DenyInterceptor defaultInterceptor;
    private Access defaultAccess = Access.UNKNOWN;
    private Set<Role> grantRoles = new HashSet();
    private Set<Role> denyRoles = new HashSet();
    private List<DenyInterceptor> interceptors = new LinkedList();
    private Map<Role, Role> rolesPropagations = new HashMap();

    public LocalProperty(AccessScheme accessScheme, String str) {
        this.scheme = accessScheme;
        this.name = str;
    }

    @Override // com.kero.security.core.property.Property
    public Access accessible(Collection<Role> collection) {
        if (collection.isEmpty()) {
            return Access.UNKNOWN;
        }
        HashSet hashSet = new HashSet(collection);
        hashSet.removeAll(this.denyRoles);
        return hashSet.isEmpty() ? Access.DENY : !Collections.disjoint(hashSet, this.grantRoles) ? Access.GRANT : !this.scheme.isInherit() ? Access.UNKNOWN : getParent().accessible(hashSet);
    }

    @Override // com.kero.security.core.property.Property
    public Action prepare(Collection<Role> collection) {
        Access accessible = accessible(collection);
        if (accessible == Access.UNKNOWN) {
            accessible = determineDefaultAccess();
        }
        if (accessible == Access.GRANT) {
            return new ActionGrant(this.scheme, propagateRoles(collection));
        }
        if (accessible != Access.DENY) {
            throw new PropertyPrepareException("Can't prepare property: \"" + this.name + "\". Your Kero-Security configuration is bad, if you see this exception.");
        }
        DenyInterceptor determineInterceptor = determineInterceptor(collection);
        return determineInterceptor != null ? determineInterceptor.prepare(collection) : new ActionDeny(this.scheme);
    }

    protected Access determineDefaultAccess() {
        Access defaultAccess = getDefaultAccess();
        if (defaultAccess == Access.UNKNOWN) {
            defaultAccess = this.scheme.determineDefaultAccess();
        }
        return defaultAccess;
    }

    @Override // com.kero.security.core.property.Property
    public DenyInterceptor determineInterceptor(Collection<Role> collection) {
        int i = 0;
        int i2 = Integer.MAX_VALUE;
        DenyInterceptor denyInterceptor = null;
        for (DenyInterceptor denyInterceptor2 : getInterceptors()) {
            int i3 = 0;
            int i4 = 0;
            Iterator<Role> it = denyInterceptor2.getRoles().iterator();
            while (it.hasNext()) {
                if (collection.contains(it.next())) {
                    i3++;
                } else {
                    i4++;
                }
            }
            if (i3 > i) {
                i = i3;
                i2 = i4;
                denyInterceptor = denyInterceptor2;
            } else if (i3 == i && i4 < i2) {
                i = i3;
                i2 = i4;
                denyInterceptor = denyInterceptor2;
            }
        }
        return (i == 0 || denyInterceptor == null) ? getDefaultInterceptor() : denyInterceptor;
    }

    @Override // com.kero.security.core.property.Property
    public Role propagateRole(Role role) {
        HashSet hashSet = new HashSet();
        hashSet.add(role);
        return propagateRoles(hashSet).iterator().next();
    }

    @Override // com.kero.security.core.property.Property
    public Set<Role> propagateRoles(Collection<Role> collection) {
        HashSet<Role> hashSet = new HashSet(collection);
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        for (Role role : hashSet) {
            if (hasPropagationFor(role)) {
                hashSet2.add(this.rolesPropagations.get(role));
                hashSet3.add(role);
            }
        }
        hashSet.removeAll(hashSet3);
        if (this.scheme.isInherit()) {
            hashSet2.addAll(getParent().propagateRoles(hashSet));
        }
        return hashSet2;
    }

    @Override // com.kero.security.core.property.Property
    public boolean hasPropagationFor(Role role) {
        return this.rolesPropagations.containsKey(role);
    }

    @Override // com.kero.security.core.property.Property
    public void addRolePropagation(Role role, Role role2) {
        this.rolesPropagations.put(role, role2);
    }

    @Override // com.kero.security.core.property.Property
    public void addInterceptor(DenyInterceptor denyInterceptor) {
        this.interceptors.add(denyInterceptor);
    }

    @Override // com.kero.security.core.property.Property
    public List<DenyInterceptor> getInterceptors() {
        ArrayList arrayList = new ArrayList(this.interceptors);
        if (this.scheme.isInherit()) {
            arrayList.addAll(getParent().getInterceptors());
        }
        return arrayList;
    }

    @Override // com.kero.security.core.property.Property
    public void grantRoles(Collection<Role> collection) {
        Iterator<Role> it = collection.iterator();
        while (it.hasNext()) {
            grantRole(it.next());
        }
    }

    @Override // com.kero.security.core.property.Property
    public void grantRole(Role role) {
        if (this.denyRoles.contains(role)) {
            throw new RoleCollisionException("Detected roles collision: " + role);
        }
        this.grantRoles.add(role);
    }

    @Override // com.kero.security.core.property.Property
    public void denyRoles(Collection<Role> collection) {
        Iterator<Role> it = collection.iterator();
        while (it.hasNext()) {
            denyRole(it.next());
        }
    }

    @Override // com.kero.security.core.property.Property
    public void denyRole(Role role) {
        if (this.grantRoles.contains(role)) {
            throw new RoleCollisionException("Detected roles collision: " + role);
        }
        this.denyRoles.add(role);
    }

    @Override // com.kero.security.core.property.Property
    public Set<Role> getGrantRoles() {
        return this.grantRoles;
    }

    @Override // com.kero.security.core.property.Property
    public Set<Role> getDenyRoles() {
        return this.denyRoles;
    }

    @Override // com.kero.security.core.DefaultAccessOwner
    public void setDefaultAccess(Access access) {
        this.defaultAccess = access;
    }

    @Override // com.kero.security.core.DefaultAccessOwner
    public boolean hasDefaultAccess() {
        return this.defaultAccess != Access.UNKNOWN;
    }

    @Override // com.kero.security.core.DefaultAccessOwner
    public Access getDefaultAccess() {
        return hasDefaultAccess() ? this.defaultAccess : !this.scheme.isInherit() ? Access.UNKNOWN : getParent().getDefaultAccess();
    }

    @Override // com.kero.security.core.property.Property
    public String getName() {
        return this.name;
    }

    @Override // com.kero.security.core.property.Property
    public void setDefaultInterceptor(DenyInterceptor denyInterceptor) {
        this.defaultInterceptor = denyInterceptor;
    }

    @Override // com.kero.security.core.property.Property
    public boolean hasDefaultInterceptor() {
        return this.defaultInterceptor != null;
    }

    @Override // com.kero.security.core.property.Property
    public DenyInterceptor getDefaultInterceptor() {
        if (hasDefaultInterceptor()) {
            return this.defaultInterceptor;
        }
        if (this.scheme.isInherit()) {
            return getParent().getDefaultInterceptor();
        }
        return null;
    }

    @Override // com.kero.security.core.property.Property
    public Property getParent() {
        return this.scheme.getParentProperty(this.name);
    }
}
