package io.milton.http.annotated;

import io.milton.annotations.AccessControlList;
import io.milton.annotations.Post;
import io.milton.http.Auth;
import io.milton.http.HttpManager;
import io.milton.http.Request;
import io.milton.resource.AccessControlledResource;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class AccessControlListAnnotationHandler extends AbstractAnnotationHandler {
    private static final Logger log = LoggerFactory.getLogger(AccessControlListAnnotationHandler.class);

    public AccessControlListAnnotationHandler(AnnotationResourceFactory annotationResourceFactory) {
        super(annotationResourceFactory, AccessControlList.class, new Request.Method[0]);
    }

    private void addPrivsFromMethod(Method method, Object obj, Set<AccessControlledResource.Priviledge> set, Object obj2, AnnoResource annoResource, Auth auth) throws Exception {
        Object source = obj2 != null ? obj2 instanceof AnnoResource ? ((AnnoResource) obj2).getSource() : obj2 : null;
        if (method.getParameterTypes().length < 2) {
            return;
        }
        if (source != null) {
            Class<?> cls = method.getParameterTypes()[1];
            if (!cls.isAssignableFrom(source.getClass())) {
                log.info("ACL method second arg {} is not assignable from current user type {}", cls, source.getClass());
                return;
            }
        }
        Object invoke = method.invoke(obj, this.annoResourceFactory.buildInvokeArgsExt(annoResource, source, true, method, obj2, annoResource, auth));
        if (invoke == null) {
            return;
        }
        if (!(invoke instanceof Collection)) {
            if (invoke instanceof AccessControlledResource.Priviledge) {
                set.add((AccessControlledResource.Priviledge) invoke);
            }
        } else {
            for (Object obj3 : (Collection) invoke) {
                if (obj3 instanceof AccessControlledResource.Priviledge) {
                    set.add((AccessControlledResource.Priviledge) obj3);
                }
            }
        }
    }

    private AccessControlledResource.Priviledge getRequiredPostPriviledge(Request request, AnnoResource annoResource) {
        Post post;
        ControllerMethod postMethod = this.annoResourceFactory.postAnnotationHandler.getPostMethod(annoResource, request, HttpManager.request().getParams());
        if (postMethod == null || (post = (Post) postMethod.method.getAnnotation(Post.class)) == null) {
            return null;
        }
        return post.requiredPriviledge();
    }

    public Set<AccessControlledResource.Priviledge> availablePrivs(Object obj, AnnoResource annoResource, Auth auth) {
        Set<AccessControlledResource.Priviledge> directPrivs = directPrivs(obj, annoResource, auth);
        if (directPrivs != null) {
            return directPrivs;
        }
        for (AnnoCollectionResource parent = annoResource.getParent(); parent != null; parent = parent.getParent()) {
            directPrivs = directPrivs(obj, parent, auth);
            if (directPrivs != null) {
                return directPrivs;
            }
        }
        if (obj == null) {
            return directPrivs;
        }
        log.info("No explicit AccessControl annotation found, so defaulting to full access for logged in user");
        HashSet hashSet = new HashSet();
        hashSet.add(AccessControlledResource.Priviledge.ALL);
        return hashSet;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public Set<AccessControlledResource.Priviledge> directPrivs(Object obj, AnnoResource annoResource, Auth auth) {
        EnumSet noneOf = EnumSet.noneOf(AccessControlledResource.Priviledge.class);
        List<ControllerMethod> methods = getMethods(annoResource.getSource().getClass());
        if (methods.isEmpty()) {
            log.warn("No ACL methods were found");
            return null;
        }
        try {
            for (ControllerMethod controllerMethod : methods) {
                addPrivsFromMethod(controllerMethod.method, controllerMethod.controller, noneOf, obj, annoResource, auth);
            }
            return noneOf;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public AccessControlledResource.Priviledge requiredPriv(AnnoResource annoResource, Request.Method method, Request request) {
        if (!method.equals(Request.Method.POST)) {
            return method == Request.Method.ACL ? AccessControlledResource.Priviledge.READ_ACL : method == Request.Method.UNLOCK ? AccessControlledResource.Priviledge.UNLOCK : method == Request.Method.PROPFIND ? AccessControlledResource.Priviledge.READ_PROPERTIES : method.isWrite ? AccessControlledResource.Priviledge.WRITE_CONTENT : AccessControlledResource.Priviledge.READ_CONTENT;
        }
        AccessControlledResource.Priviledge requiredPostPriviledge = getRequiredPostPriviledge(request, annoResource);
        return requiredPostPriviledge == null ? AccessControlledResource.Priviledge.READ_CONTENT : requiredPostPriviledge;
    }
}
