package oo;

import java.util.Collection;
import java.util.HashSet;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.util.Assert;
import uo.j;

/* loaded from: classes3.dex */
public abstract class a implements InitializingBean, ApplicationEventPublisherAware, MessageSourceAware {

    /* renamed from: c, reason: collision with root package name */
    public ApplicationEventPublisher f29987c;

    /* renamed from: d, reason: collision with root package name */
    public ho.a f29988d;

    /* renamed from: e, reason: collision with root package name */
    public oo.b f29989e;

    /* renamed from: a, reason: collision with root package name */
    public final nn.a f29985a = nn.h.getLog(getClass());

    /* renamed from: b, reason: collision with root package name */
    public MessageSourceAccessor f29986b = ep.e.getAccessor();

    /* renamed from: f, reason: collision with root package name */
    public j f29990f = new b();

    /* renamed from: g, reason: collision with root package name */
    public h f29991g = new f();

    /* renamed from: h, reason: collision with root package name */
    public boolean f29992h = false;

    /* renamed from: i, reason: collision with root package name */
    public boolean f29993i = false;

    /* renamed from: j, reason: collision with root package name */
    public boolean f29994j = true;

    /* renamed from: k, reason: collision with root package name */
    public boolean f29995k = false;

    /* loaded from: classes3.dex */
    public static class b implements j {
        public b() {
        }

        @Override // uo.j
        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            throw new AuthenticationServiceException("Cannot authenticate " + authentication);
        }
    }

    private Authentication b() {
        Authentication authentication = ip.g.getContext().getAuthentication();
        if (authentication.isAuthenticated() && !this.f29992h) {
            if (this.f29985a.isDebugEnabled()) {
                this.f29985a.debug("Previously Authenticated: " + authentication);
            }
            return authentication;
        }
        Authentication authenticate = this.f29990f.authenticate(authentication);
        if (this.f29985a.isDebugEnabled()) {
            this.f29985a.debug("Successfully Authenticated: " + authenticate);
        }
        ip.g.getContext().setAuthentication(authenticate);
        return authenticate;
    }

    private void d(String str, Object obj, Collection<ConfigAttribute> collection) {
        AuthenticationCredentialsNotFoundException authenticationCredentialsNotFoundException = new AuthenticationCredentialsNotFoundException(str);
        f(new ko.b(obj, collection, authenticationCredentialsNotFoundException));
        throw authenticationCredentialsNotFoundException;
    }

    private void f(ApplicationEvent applicationEvent) {
        ApplicationEventPublisher applicationEventPublisher = this.f29987c;
        if (applicationEventPublisher != null) {
            applicationEventPublisher.publishEvent(applicationEvent);
        }
    }

    public Object a(d dVar, Object obj) {
        if (dVar == null) {
            return obj;
        }
        e(dVar);
        oo.b bVar = this.f29989e;
        if (bVar == null) {
            return obj;
        }
        try {
            return bVar.decide(dVar.getSecurityContext().getAuthentication(), dVar.getSecureObject(), dVar.getAttributes(), obj);
        } catch (AccessDeniedException e10) {
            f(new ko.c(dVar.getSecureObject(), dVar.getAttributes(), dVar.getSecurityContext().getAuthentication(), e10));
            throw e10;
        }
    }

    public void afterPropertiesSet() throws Exception {
        oo.b bVar;
        Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()");
        Assert.notNull(this.f29986b, "A message source must be set");
        Assert.notNull(this.f29990f, "An AuthenticationManager is required");
        Assert.notNull(this.f29988d, "An AccessDecisionManager is required");
        Assert.notNull(this.f29991g, "A RunAsManager is required");
        Assert.notNull(obtainSecurityMetadataSource(), "An SecurityMetadataSource is required");
        Assert.isTrue(obtainSecurityMetadataSource().supports(getSecureObjectClass()), "SecurityMetadataSource does not support secure object class: " + getSecureObjectClass());
        Assert.isTrue(this.f29991g.supports(getSecureObjectClass()), "RunAsManager does not support secure object class: " + getSecureObjectClass());
        Assert.isTrue(this.f29988d.supports(getSecureObjectClass()), "AccessDecisionManager does not support secure object class: " + getSecureObjectClass());
        oo.b bVar2 = this.f29989e;
        if (bVar2 != null) {
            Assert.isTrue(bVar2.supports(getSecureObjectClass()), "AfterInvocationManager does not support secure object class: " + getSecureObjectClass());
        }
        if (this.f29994j) {
            Collection<ConfigAttribute> allConfigAttributes = obtainSecurityMetadataSource().getAllConfigAttributes();
            if (allConfigAttributes == null) {
                this.f29985a.warn("Could not validate configuration attributes as the SecurityMetadataSource did not return any attributes from getAllConfigAttributes()");
                return;
            }
            HashSet hashSet = new HashSet();
            for (ConfigAttribute configAttribute : allConfigAttributes) {
                if (!this.f29991g.supports(configAttribute) && !this.f29988d.supports(configAttribute) && ((bVar = this.f29989e) == null || !bVar.supports(configAttribute))) {
                    hashSet.add(configAttribute);
                }
            }
            if (hashSet.size() == 0) {
                this.f29985a.debug("Validated configuration attributes");
                return;
            }
            throw new IllegalArgumentException("Unsupported configuration attributes: " + hashSet);
        }
    }

    public d c(Object obj) {
        Assert.notNull(obj, "Object was null");
        boolean isDebugEnabled = this.f29985a.isDebugEnabled();
        if (!getSecureObjectClass().isAssignableFrom(obj.getClass())) {
            throw new IllegalArgumentException("Security invocation attempted for object " + obj.getClass().getName() + " but AbstractSecurityInterceptor only configured to support secure objects of type: " + getSecureObjectClass());
        }
        Collection<ConfigAttribute> attributes = obtainSecurityMetadataSource().getAttributes(obj);
        if (attributes == null || attributes.isEmpty()) {
            if (!this.f29993i) {
                if (isDebugEnabled) {
                    this.f29985a.debug("Public object - authentication not attempted");
                }
                f(new ko.f(obj));
                return null;
            }
            throw new IllegalArgumentException("Secure object invocation " + obj + " was denied as public invocations are not allowed via this interceptor. This indicates a configuration error because the rejectPublicInvocations property is set to 'true'");
        }
        if (isDebugEnabled) {
            this.f29985a.debug("Secure object: " + obj + "; Attributes: " + attributes);
        }
        if (ip.g.getContext().getAuthentication() == null) {
            d(this.f29986b.getMessage("AbstractSecurityInterceptor.authenticationNotFound", "An Authentication object was not found in the SecurityContext"), obj, attributes);
        }
        Authentication b10 = b();
        try {
            this.f29988d.decide(b10, obj, attributes);
            if (isDebugEnabled) {
                this.f29985a.debug("Authorization successful");
            }
            if (this.f29995k) {
                f(new ko.d(obj, attributes, b10));
            }
            Authentication buildRunAs = this.f29991g.buildRunAs(b10, obj, attributes);
            if (buildRunAs == null) {
                if (isDebugEnabled) {
                    this.f29985a.debug("RunAsManager did not change Authentication object");
                }
                return new d(ip.g.getContext(), false, attributes, obj);
            }
            if (isDebugEnabled) {
                this.f29985a.debug("Switching to RunAs Authentication: " + buildRunAs);
            }
            SecurityContext context = ip.g.getContext();
            ip.g.setContext(ip.g.createEmptyContext());
            ip.g.getContext().setAuthentication(buildRunAs);
            return new d(context, true, attributes, obj);
        } catch (AccessDeniedException e10) {
            f(new ko.c(obj, attributes, b10, e10));
            throw e10;
        }
    }

    public void e(d dVar) {
        if (dVar == null || !dVar.isContextHolderRefreshRequired()) {
            return;
        }
        if (this.f29985a.isDebugEnabled()) {
            this.f29985a.debug("Reverting to original Authentication: " + dVar.getSecurityContext().getAuthentication());
        }
        ip.g.setContext(dVar.getSecurityContext());
    }

    public ho.a getAccessDecisionManager() {
        return this.f29988d;
    }

    public oo.b getAfterInvocationManager() {
        return this.f29989e;
    }

    public j getAuthenticationManager() {
        return this.f29990f;
    }

    public h getRunAsManager() {
        return this.f29991g;
    }

    public abstract Class<?> getSecureObjectClass();

    public boolean isAlwaysReauthenticate() {
        return this.f29992h;
    }

    public boolean isRejectPublicInvocations() {
        return this.f29993i;
    }

    public boolean isValidateConfigAttributes() {
        return this.f29994j;
    }

    public abstract ho.f obtainSecurityMetadataSource();

    public void setAccessDecisionManager(ho.a aVar) {
        this.f29988d = aVar;
    }

    public void setAfterInvocationManager(oo.b bVar) {
        this.f29989e = bVar;
    }

    public void setAlwaysReauthenticate(boolean z10) {
        this.f29992h = z10;
    }

    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.f29987c = applicationEventPublisher;
    }

    public void setAuthenticationManager(j jVar) {
        this.f29990f = jVar;
    }

    public void setMessageSource(MessageSource messageSource) {
        this.f29986b = new MessageSourceAccessor(messageSource);
    }

    public void setPublishAuthorizationSuccess(boolean z10) {
        this.f29995k = z10;
    }

    public void setRejectPublicInvocations(boolean z10) {
        this.f29993i = z10;
    }

    public void setRunAsManager(h hVar) {
        this.f29991g = hVar;
    }

    public void setValidateConfigAttributes(boolean z10) {
        this.f29994j = z10;
    }
}
