package io.milton.property;

import G.a;
import io.milton.annotations.BeanProperty;
import io.milton.annotations.BeanPropertyResource;
import io.milton.http.AclUtils;
import io.milton.http.Request;
import io.milton.http.Response;
import io.milton.property.PropertyAuthoriser;
import io.milton.resource.AccessControlledResource;
import io.milton.resource.Resource;
import java.beans.PropertyDescriptor;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.xml.namespace.QName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class BeanPropertyAuthoriser implements PropertyAuthoriser {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) BeanPropertyAuthoriser.class);
    private final BeanPropertySource beanPropertySource;

    public BeanPropertyAuthoriser(BeanPropertySource beanPropertySource, PropertyAuthoriser propertyAuthoriser) {
        this.beanPropertySource = beanPropertySource;
    }

    private AccessControlledResource.Priviledge defaultRequiredRole(Resource resource, PropertyAuthoriser.PropertyPermission propertyPermission) {
        return propertyPermission == PropertyAuthoriser.PropertyPermission.READ ? AccessControlledResource.Priviledge.READ : AccessControlledResource.Priviledge.WRITE;
    }

    private AccessControlledResource.Priviledge getRequiredRole(QName qName, Resource resource, PropertyAuthoriser.PropertyPermission propertyPermission) {
        String str;
        Logger logger = log;
        if (logger.isTraceEnabled()) {
            logger.trace("getRequiredRole: " + qName);
        }
        PropertyDescriptor propertyDescriptor = this.beanPropertySource.getPropertyDescriptor(resource, qName.getLocalPart());
        if (propertyDescriptor == null || propertyDescriptor.getReadMethod() == null) {
            str = "property not found, so use default role";
        } else {
            BeanProperty beanProperty = (BeanProperty) propertyDescriptor.getReadMethod().getAnnotation(BeanProperty.class);
            if (beanProperty != null) {
                logger.trace("got annotation");
                return propertyPermission == PropertyAuthoriser.PropertyPermission.READ ? beanProperty.readRole() : beanProperty.writeRole();
            }
            str = "no annotation";
        }
        logger.trace(str);
        return defaultRequiredRole(resource, propertyPermission);
    }

    @Override // io.milton.property.PropertyAuthoriser
    public Set<PropertyAuthoriser.CheckResult> checkPermissions(Request request, Request.Method method, PropertyAuthoriser.PropertyPermission propertyPermission, Set<QName> set, Resource resource) {
        String sb;
        AccessControlledResource.Priviledge requiredRole;
        Logger logger = log;
        logger.trace("checkPermissions");
        BeanPropertyResource annotation = this.beanPropertySource.getAnnotation(resource);
        HashSet hashSet = null;
        if (annotation == null || !(resource instanceof AccessControlledResource)) {
            return null;
        }
        AccessControlledResource accessControlledResource = (AccessControlledResource) resource;
        List<AccessControlledResource.Priviledge> priviledges = accessControlledResource.getPriviledges(request.getAuthorization());
        if (priviledges == null) {
            logger.trace("got null priviledges");
            return null;
        }
        if (logger.isTraceEnabled()) {
            logger.trace("found priviledges: " + priviledges + " from resource: " + accessControlledResource.getClass());
        }
        for (QName qName : set) {
            if (!qName.getNamespaceURI().equals(annotation.value())) {
                log.debug("different namespace", annotation.value(), qName.getNamespaceURI());
            } else if (this.beanPropertySource.getPropertyDescriptor(resource, qName.getLocalPart()) != null && (requiredRole = getRequiredRole(qName, resource, propertyPermission)) != null) {
                Logger logger2 = log;
                if (logger2.isTraceEnabled()) {
                    logger2.trace("requires Priviledge: " + requiredRole + "  for field: " + qName);
                }
                if (!AclUtils.containsPriviledge(requiredRole, priviledges)) {
                    logger2.debug("not authorised to access field: " + qName);
                    if (hashSet == null) {
                        hashSet = new HashSet();
                    }
                    Response.Status status = Response.Status.SC_UNAUTHORIZED;
                    StringBuilder t2 = a.t("Not authorised to edit field: ");
                    t2.append(qName.getLocalPart());
                    hashSet.add(new PropertyAuthoriser.CheckResult(qName, status, t2.toString(), resource));
                }
            }
        }
        Logger logger3 = log;
        if (logger3.isTraceEnabled()) {
            if (hashSet == null) {
                sb = "no field errors";
            } else {
                StringBuilder t3 = a.t("field errors: ");
                t3.append(hashSet.size());
                sb = t3.toString();
            }
            logger3.trace(sb);
        }
        return hashSet;
    }
}
