package org.apache.myfaces.tobago.security;

import java.lang.annotation.Annotation;
import java.lang.reflect.AnnotatedElement;
import java.util.Arrays;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.faces.application.FacesMessage;
import javax.faces.component.StateHolder;
import javax.faces.component.UIComponentBase;
import javax.faces.context.FacesContext;
import javax.faces.el.EvaluationException;
import javax.faces.el.MethodBinding;
import javax.faces.el.MethodNotFoundException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:org/apache/myfaces/tobago/security/CheckAuthorisationMethodBinding.class */
public class CheckAuthorisationMethodBinding extends MethodBinding implements StateHolder {
    private static final Log LOG = LogFactory.getLog(CheckAuthorisationMethodBinding.class);
    private static final Object NULL_VALUE = new Object();
    private static final Map<String, Object> AUTHORISATION_CACHE = new ConcurrentHashMap();
    private MethodBinding methodBinding;

    public CheckAuthorisationMethodBinding() {
    }

    public CheckAuthorisationMethodBinding(MethodBinding methodBinding) {
        this.methodBinding = methodBinding;
    }

    public String getExpressionString() {
        return this.methodBinding.getExpressionString();
    }

    public Class getType(FacesContext facesContext) throws MethodNotFoundException {
        return this.methodBinding.getType(facesContext);
    }

    public Object invoke(FacesContext facesContext, Object[] objArr) throws EvaluationException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("MethodBinding invoke " + getExpressionString());
        }
        if ((objArr != null && objArr.length > 0) || isAuthorized(facesContext)) {
            return this.methodBinding.invoke(facesContext, objArr);
        }
        facesContext.addMessage((String) null, new FacesMessage("Not authorised"));
        return null;
    }

    public boolean isAuthorized(FacesContext facesContext) {
        RolesAllowed securityAnnotation = getSecurityAnnotation(facesContext);
        if (securityAnnotation == null) {
            return true;
        }
        if (securityAnnotation instanceof DenyAll) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug("DenyAll");
            return false;
        }
        if (!(securityAnnotation instanceof RolesAllowed)) {
            if (!(securityAnnotation instanceof PermitAll) || !LOG.isDebugEnabled()) {
                return true;
            }
            LOG.debug("PermitAll");
            return true;
        }
        String[] value = securityAnnotation.value();
        if (LOG.isDebugEnabled()) {
            LOG.debug("RolesAllowed " + Arrays.asList(securityAnnotation.value()));
        }
        for (String str : value) {
            if (facesContext.getExternalContext().isUserInRole(str)) {
                return true;
            }
        }
        return false;
    }

    private Annotation getSecurityAnnotation(FacesContext facesContext) {
        String expressionString = getExpressionString();
        if (AUTHORISATION_CACHE.containsKey(expressionString)) {
            Object obj = AUTHORISATION_CACHE.get(expressionString);
            if (obj instanceof Annotation) {
                return (Annotation) obj;
            }
            return null;
        }
        Annotation annotation = null;
        if (expressionString.startsWith("#{") && expressionString.endsWith("}")) {
            expressionString = expressionString.substring(2, expressionString.length() - 1);
            int lastIndexOf = expressionString.lastIndexOf(46);
            if (lastIndexOf != -1) {
                String substring = expressionString.substring(lastIndexOf + 1, expressionString.length());
                Object resolveVariable = facesContext.getApplication().getVariableResolver().resolveVariable(facesContext, expressionString.substring(0, lastIndexOf));
                if (resolveVariable != null) {
                    try {
                        annotation = getSecurityAnnotations(resolveVariable.getClass().getMethod(substring, new Class[0]));
                        if (annotation == null) {
                            annotation = getSecurityAnnotations(resolveVariable.getClass());
                        }
                    } catch (NoSuchMethodException e) {
                        LOG.error("No Method " + substring + " in class " + resolveVariable.getClass(), e);
                    }
                }
            }
        }
        if (annotation != null) {
            AUTHORISATION_CACHE.put(expressionString, annotation);
        } else {
            AUTHORISATION_CACHE.put(expressionString, NULL_VALUE);
        }
        return annotation;
    }

    private Annotation getSecurityAnnotations(AnnotatedElement annotatedElement) {
        Annotation annotation = annotatedElement.getAnnotation(RolesAllowed.class);
        if (annotation != null) {
            return annotation;
        }
        Annotation annotation2 = annotatedElement.getAnnotation(DenyAll.class);
        if (annotation2 != null) {
            return annotation2;
        }
        Annotation annotation3 = annotatedElement.getAnnotation(PermitAll.class);
        if (annotation3 != null) {
            return annotation3;
        }
        return null;
    }

    public Object saveState(FacesContext facesContext) {
        return new Object[]{UIComponentBase.saveAttachedState(facesContext, this.methodBinding)};
    }

    public void restoreState(FacesContext facesContext, Object obj) {
        this.methodBinding = (MethodBinding) UIComponentBase.restoreAttachedState(facesContext, ((Object[]) obj)[0]);
    }

    public boolean isTransient() {
        return (this.methodBinding instanceof StateHolder) && this.methodBinding.isTransient();
    }

    public void setTransient(boolean z) {
        if (this.methodBinding instanceof StateHolder) {
            this.methodBinding.setTransient(z);
        }
    }
}
