package com.alipay.mobile.nebulax.kernel.security.internal;

import com.alipay.mobile.nebulax.common.utils.NXLogger;
import com.alipay.mobile.nebulax.kernel.security.AccessControlException;
import com.alipay.mobile.nebulax.kernel.security.AccessControlManagement;
import com.alipay.mobile.nebulax.kernel.security.AccessController;
import com.alipay.mobile.nebulax.kernel.security.Accessor;
import com.alipay.mobile.nebulax.kernel.security.DefaultGroup;
import com.alipay.mobile.nebulax.kernel.security.DefaultPermission;
import com.alipay.mobile.nebulax.kernel.security.Group;
import com.alipay.mobile.nebulax.kernel.security.Guard;
import com.alipay.mobile.nebulax.kernel.security.Inquirer;
import com.alipay.mobile.nebulax.kernel.security.Permission;
import com.umeng.commonsdk.proguard.g;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes2.dex */
public class DefaultAccessController implements AccessController {
    private static final String TAG = "NebulaXKernel:Permission";
    private AccessControlManagement accessControlManagement;

    private void apply(Accessor accessor, List<Permission> list, final AccessController.ApplyCallback applyCallback) {
        accessor.inquiry(list, new Accessor.InquiryCallback() { // from class: com.alipay.mobile.nebulax.kernel.security.internal.DefaultAccessController.1
            @Override // com.alipay.mobile.nebulax.kernel.security.Accessor.InquiryCallback
            public void onComplete(List<? extends Permission> list2, List<? extends Permission> list3) {
                if (list3 == null || list3.size() < 0) {
                    applyCallback.onSuccess();
                } else {
                    applyCallback.onFailure(list3);
                }
            }
        });
    }

    private boolean check(List<Permission> list, Permission permission) {
        if (permission == null || permission == DefaultPermission.ALL) {
            return true;
        }
        Iterator<Permission> it2 = list.iterator();
        while (it2.hasNext()) {
            if (permission.authority().equalsIgnoreCase(it2.next().authority())) {
                return true;
            }
        }
        return false;
    }

    private boolean checkGroup(Permission permission, Group group) {
        if (group.groupName().equalsIgnoreCase(DefaultGroup.INTERNAL.groupName())) {
            return true;
        }
        List<? extends Permission> permissions = group.permissions();
        if (permissions == null) {
            return false;
        }
        Iterator<? extends Permission> it2 = permissions.iterator();
        while (it2.hasNext()) {
            if (it2.next().authority().equalsIgnoreCase(permission.authority())) {
                return true;
            }
        }
        return false;
    }

    @Override // com.alipay.mobile.nebulax.kernel.security.AccessController
    public boolean check(Accessor accessor, List<? extends Guard> list, AccessController.ApplyCallback applyCallback) {
        Group group = accessor.getGroup();
        AccessControlManagement accessControlManagement = this.accessControlManagement;
        if (accessControlManagement != null && !accessControlManagement.needPermissionCheck(accessor, list)) {
            NXLogger.d(TAG, "not need check permission");
            return false;
        }
        List<Permission> usePermissions = accessor.usePermissions();
        AccessControlManagement accessControlManagement2 = this.accessControlManagement;
        if (accessControlManagement2 != null) {
            group = accessControlManagement2.manageAccessorGroup(accessor);
            usePermissions = this.accessControlManagement.manageAccessorPermissions(accessor);
        }
        ArrayList arrayList = new ArrayList();
        if (usePermissions == null) {
            usePermissions = new ArrayList<>();
        }
        for (Guard guard : list) {
            Permission permit = guard.permit();
            if (permit != null) {
                if (group == null) {
                    throw new AccessControlException("the " + accessor + " not in any group.");
                }
                if (checkGroup(permit, group)) {
                    NXLogger.d(TAG, g.P + accessor.hashCode() + " has group permission [" + permit.authority() + "] ,group is [" + group.groupName() + "]");
                } else if (check(usePermissions, permit)) {
                    NXLogger.d(TAG, g.P + accessor.hashCode() + " has single permission [" + permit.authority() + "]");
                } else {
                    AccessControlManagement accessControlManagement3 = this.accessControlManagement;
                    if (accessControlManagement3 != null && accessControlManagement3.customPermissionCheck(permit, accessor)) {
                        NXLogger.d(TAG, g.P + accessor.hashCode() + " has custom permission [" + permit.authority() + "]");
                    } else {
                        if (!(permit instanceof Inquirer)) {
                            NXLogger.d(TAG, g.P + accessor.hashCode() + " no permission:" + permit.authority() + " when access " + guard);
                            throw new AccessControlException(accessor + " no permission:" + permit.authority() + " when access " + guard);
                        }
                        arrayList.add(permit);
                    }
                }
            }
        }
        if (arrayList.isEmpty()) {
            return false;
        }
        apply(accessor, arrayList, applyCallback);
        return true;
    }

    @Override // com.alipay.mobile.nebulax.kernel.security.AccessController
    public void setAccessControlManagement(AccessControlManagement accessControlManagement) {
        this.accessControlManagement = accessControlManagement;
    }
}
