package io.milton.property;

import io.milton.annotations.BeanProperty;
import io.milton.annotations.BeanPropertyResource;
import io.milton.http.AclUtils;
import io.milton.http.Request;
import io.milton.http.Response;
import io.milton.property.PropertyAuthoriser;
import io.milton.resource.AccessControlledResource;
import io.milton.resource.Resource;
import java.beans.PropertyDescriptor;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.xml.namespace.QName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/milton-server-ce-2.6.5.6.jar:io/milton/property/BeanPropertyAuthoriser.class */
public class BeanPropertyAuthoriser implements PropertyAuthoriser {
    private static final Logger log = LoggerFactory.getLogger(BeanPropertyAuthoriser.class);
    private final BeanPropertySource beanPropertySource;
    private final PropertyAuthoriser wrapped;

    public BeanPropertyAuthoriser(BeanPropertySource beanPropertySource, PropertyAuthoriser propertyAuthoriser) {
        this.beanPropertySource = beanPropertySource;
        this.wrapped = propertyAuthoriser;
    }

    @Override // io.milton.property.PropertyAuthoriser
    public Set<PropertyAuthoriser.CheckResult> checkPermissions(Request request, Request.Method method, PropertyAuthoriser.PropertyPermission propertyPermission, Set<QName> set, Resource resource) {
        AccessControlledResource.Priviledge requiredRole;
        log.trace("checkPermissions");
        HashSet hashSet = null;
        BeanPropertyResource annotation = this.beanPropertySource.getAnnotation(resource);
        if (annotation != null && (resource instanceof AccessControlledResource)) {
            AccessControlledResource accessControlledResource = (AccessControlledResource) resource;
            List<AccessControlledResource.Priviledge> priviledges = accessControlledResource.getPriviledges(request.getAuthorization());
            if (priviledges == null) {
                log.trace("got null priviledges");
                return null;
            }
            if (log.isTraceEnabled()) {
                log.trace("found priviledges: " + priviledges + " from resource: " + accessControlledResource.getClass());
            }
            for (QName qName : set) {
                if (!qName.getNamespaceURI().equals(annotation.value())) {
                    log.debug("different namespace", annotation.value(), qName.getNamespaceURI());
                } else if (this.beanPropertySource.getPropertyDescriptor(resource, qName.getLocalPart()) != null && (requiredRole = getRequiredRole(qName, resource, propertyPermission)) != null) {
                    if (log.isTraceEnabled()) {
                        log.trace("requires Priviledge: " + requiredRole + "  for field: " + qName);
                    }
                    if (!AclUtils.containsPriviledge(requiredRole, priviledges)) {
                        log.debug("not authorised to access field: " + qName);
                        if (hashSet == null) {
                            hashSet = new HashSet();
                        }
                        hashSet.add(new PropertyAuthoriser.CheckResult(qName, Response.Status.SC_UNAUTHORIZED, "Not authorised to edit field: " + qName.getLocalPart(), resource));
                    }
                }
            }
            if (log.isTraceEnabled()) {
                if (hashSet == null) {
                    log.trace("no field errors");
                } else {
                    log.trace("field errors: " + hashSet.size());
                }
            }
            return hashSet;
        }
        return null;
    }

    private AccessControlledResource.Priviledge getRequiredRole(QName qName, Resource resource, PropertyAuthoriser.PropertyPermission propertyPermission) {
        if (log.isTraceEnabled()) {
            log.trace("getRequiredRole: " + qName);
        }
        PropertyDescriptor propertyDescriptor = this.beanPropertySource.getPropertyDescriptor(resource, qName.getLocalPart());
        if (propertyDescriptor == null || propertyDescriptor.getReadMethod() == null) {
            log.trace("property not found, so use default role");
            return defaultRequiredRole(resource, propertyPermission);
        }
        BeanProperty beanProperty = (BeanProperty) propertyDescriptor.getReadMethod().getAnnotation(BeanProperty.class);
        if (beanProperty == null) {
            log.trace("no annotation");
            return defaultRequiredRole(resource, propertyPermission);
        }
        log.trace("got annotation");
        return propertyPermission == PropertyAuthoriser.PropertyPermission.READ ? beanProperty.readRole() : beanProperty.writeRole();
    }

    private AccessControlledResource.Priviledge defaultRequiredRole(Resource resource, PropertyAuthoriser.PropertyPermission propertyPermission) {
        return propertyPermission == PropertyAuthoriser.PropertyPermission.READ ? AccessControlledResource.Priviledge.READ : AccessControlledResource.Priviledge.WRITE;
    }
}
