package io.milton.http.annotated;

import io.milton.annotations.AccessControlList;
import io.milton.annotations.Post;
import io.milton.http.Auth;
import io.milton.http.HttpManager;
import io.milton.http.Request;
import io.milton.resource.AccessControlledResource;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes3.dex */
public class AccessControlListAnnotationHandler extends AbstractAnnotationHandler {
    private static final Logger log = LoggerFactory.getLogger(AccessControlListAnnotationHandler.class);

    public AccessControlListAnnotationHandler(AnnotationResourceFactory annotationResourceFactory) {
        super(annotationResourceFactory, AccessControlList.class, new Request.Method[0]);
    }

    private void addPrivsFromMethod(Method method, Object obj, Set<AccessControlledResource.Priviledge> set, AnnoPrincipalResource annoPrincipalResource, AnnoResource annoResource, Auth auth) throws Exception {
        Object invoke = method.invoke(obj, this.annoResourceFactory.buildInvokeArgsExt(annoResource, annoPrincipalResource != null ? annoPrincipalResource.getSource() : null, true, method, annoPrincipalResource, annoResource, auth));
        if (invoke == null) {
            return;
        }
        if (!(invoke instanceof Collection)) {
            if (invoke instanceof AccessControlledResource.Priviledge) {
                set.add((AccessControlledResource.Priviledge) invoke);
            }
        } else {
            for (Object obj2 : (Collection) invoke) {
                if (obj2 instanceof AccessControlledResource.Priviledge) {
                    set.add((AccessControlledResource.Priviledge) obj2);
                }
            }
        }
    }

    private AccessControlledResource.Priviledge getRequiredPostPriviledge(Request request, AnnoResource annoResource) {
        Post post;
        ControllerMethod postMethod = this.annoResourceFactory.postAnnotationHandler.getPostMethod(annoResource, request, HttpManager.request().getParams());
        if (postMethod == null || (post = (Post) postMethod.method.getAnnotation(Post.class)) == null) {
            return null;
        }
        return post.requiredPriviledge();
    }

    public Set<AccessControlledResource.Priviledge> availablePrivs(AnnoPrincipalResource annoPrincipalResource, AnnoResource annoResource, Auth auth) {
        Set<AccessControlledResource.Priviledge> directPrivs = directPrivs(annoPrincipalResource, annoResource, auth);
        if (directPrivs != null) {
            return directPrivs;
        }
        for (AnnoCollectionResource parent = annoResource.getParent(); parent != null; parent = parent.getParent()) {
            Set<AccessControlledResource.Priviledge> directPrivs2 = directPrivs(annoPrincipalResource, parent, auth);
            if (directPrivs2 != null) {
                return directPrivs2;
            }
        }
        HashSet hashSet = new HashSet();
        if (annoPrincipalResource != null) {
            log.info("No explicit AccessControl annotation found, so defaulting to full access for logged in user");
            hashSet.add(AccessControlledResource.Priviledge.ALL);
        }
        return hashSet;
    }

    public Set<AccessControlledResource.Priviledge> directPrivs(AnnoPrincipalResource annoPrincipalResource, AnnoResource annoResource, Auth auth) {
        HashSet hashSet = new HashSet();
        List<ControllerMethod> methods = getMethods(annoResource.getSource().getClass());
        if (methods.isEmpty()) {
            log.warn("No ACL methods were found");
            return null;
        }
        try {
            for (ControllerMethod controllerMethod : methods) {
                addPrivsFromMethod(controllerMethod.method, controllerMethod.controller, hashSet, annoPrincipalResource, annoResource, auth);
            }
            return hashSet;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public AccessControlledResource.Priviledge requiredPriv(AnnoResource annoResource, Request.Method method, Request request) {
        if (!method.equals(Request.Method.POST)) {
            return method == Request.Method.ACL ? AccessControlledResource.Priviledge.READ_ACL : method == Request.Method.UNLOCK ? AccessControlledResource.Priviledge.UNLOCK : method == Request.Method.PROPFIND ? AccessControlledResource.Priviledge.READ_PROPERTIES : method.isWrite ? AccessControlledResource.Priviledge.WRITE_CONTENT : AccessControlledResource.Priviledge.READ_CONTENT;
        }
        AccessControlledResource.Priviledge requiredPostPriviledge = getRequiredPostPriviledge(request, annoResource);
        return requiredPostPriviledge == null ? AccessControlledResource.Priviledge.READ_CONTENT : requiredPostPriviledge;
    }
}
