package org.apache.deltaspike.jsf.impl.util;

import java.lang.annotation.Annotation;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.enterprise.inject.Typed;
import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import org.apache.deltaspike.core.api.config.view.DefaultErrorView;
import org.apache.deltaspike.core.api.config.view.ViewConfig;
import org.apache.deltaspike.core.api.config.view.metadata.ConfigDescriptor;
import org.apache.deltaspike.core.api.config.view.metadata.ViewConfigDescriptor;
import org.apache.deltaspike.core.api.config.view.metadata.ViewConfigResolver;
import org.apache.deltaspike.core.api.config.view.navigation.ViewNavigationHandler;
import org.apache.deltaspike.core.api.provider.BeanProvider;
import org.apache.deltaspike.security.api.authorization.AccessDecisionState;
import org.apache.deltaspike.security.api.authorization.AccessDeniedException;
import org.apache.deltaspike.security.api.authorization.ErrorViewAwareAccessDeniedException;
import org.apache.deltaspike.security.api.authorization.Secured;
import org.apache.deltaspike.security.api.authorization.SecurityViolation;
import org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext;
import org.apache.deltaspike.security.spi.authorization.SecurityViolationHandler;

@Typed
/* loaded from: input_file:WEB-INF/lib/deltaspike-jsf-module-impl-1.9.4.jar:org/apache/deltaspike/jsf/impl/util/SecurityUtils.class */
public abstract class SecurityUtils {
    public static void invokeVoters(EditableAccessDecisionVoterContext editableAccessDecisionVoterContext, ConfigDescriptor<?> configDescriptor) {
        if (configDescriptor == null) {
            return;
        }
        List<T> metaData = configDescriptor.getMetaData(Secured.class);
        if (metaData.isEmpty()) {
            return;
        }
        editableAccessDecisionVoterContext.addMetaData(ViewConfig.class.getName(), configDescriptor.getConfigClass());
        for (Annotation annotation : configDescriptor.getMetaData()) {
            if (!annotation.annotationType().equals(Secured.class)) {
                editableAccessDecisionVoterContext.addMetaData(annotation.annotationType().getName(), annotation);
            }
        }
        Secured.Descriptor descriptor = (Secured.Descriptor) configDescriptor.getExecutableCallbackDescriptor(Secured.class, Secured.Descriptor.class);
        AccessDecisionState accessDecisionState = AccessDecisionState.VOTE_IN_PROGRESS;
        try {
            editableAccessDecisionVoterContext.setState(accessDecisionState);
            Set<SecurityViolation> createViolationResult = createViolationResult(descriptor.execute(editableAccessDecisionVoterContext));
            if (!createViolationResult.isEmpty()) {
                AccessDecisionState accessDecisionState2 = AccessDecisionState.VIOLATION_FOUND;
                Iterator<SecurityViolation> it = createViolationResult.iterator();
                while (it.hasNext()) {
                    editableAccessDecisionVoterContext.addViolation(it.next());
                }
                throw new ErrorViewAwareAccessDeniedException(createViolationResult, ((Secured) metaData.iterator().next()).errorView());
            }
            if (AccessDecisionState.VOTE_IN_PROGRESS.equals(accessDecisionState)) {
                accessDecisionState = AccessDecisionState.NO_VIOLATION_FOUND;
            }
            editableAccessDecisionVoterContext.setState(accessDecisionState);
        } catch (Throwable th) {
            if (AccessDecisionState.VOTE_IN_PROGRESS.equals(accessDecisionState)) {
                accessDecisionState = AccessDecisionState.NO_VIOLATION_FOUND;
            }
            editableAccessDecisionVoterContext.setState(accessDecisionState);
            throw th;
        }
    }

    private static Set<SecurityViolation> createViolationResult(List<Set<SecurityViolation>> list) {
        if (list == null || list.isEmpty()) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        Iterator<Set<SecurityViolation>> it = list.iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next());
        }
        return hashSet;
    }

    public static void handleSecurityViolationWithoutNavigation(RuntimeException runtimeException) {
        tryToHandleSecurityViolation(runtimeException, false);
    }

    public static void tryToHandleSecurityViolation(RuntimeException runtimeException) {
        tryToHandleSecurityViolation(runtimeException, true);
    }

    private static void tryToHandleSecurityViolation(RuntimeException runtimeException, boolean z) {
        ViewConfigDescriptor defaultErrorViewConfigDescriptor;
        ErrorViewAwareAccessDeniedException extractException = extractException(runtimeException);
        if (extractException == null) {
            throw runtimeException;
        }
        Class<? extends ViewConfig> cls = null;
        Class<? extends ViewConfig> errorView = extractException.getErrorView();
        if (errorView != null && !DefaultErrorView.class.getName().equals(errorView.getName())) {
            cls = errorView;
        }
        if (cls == null && (defaultErrorViewConfigDescriptor = ((ViewConfigResolver) BeanProvider.getContextualReference(ViewConfigResolver.class, new Annotation[0])).getDefaultErrorViewConfigDescriptor()) != null) {
            cls = defaultErrorViewConfigDescriptor.getConfigClass();
        }
        if (cls == null && z) {
            throw extractException;
        }
        processApplicationSecurityException(extractException, cls, z);
    }

    private static ErrorViewAwareAccessDeniedException extractException(Throwable th) {
        if (th == null) {
            return null;
        }
        return th instanceof ErrorViewAwareAccessDeniedException ? (ErrorViewAwareAccessDeniedException) th : extractException(th.getCause());
    }

    private static void processApplicationSecurityException(AccessDeniedException accessDeniedException, Class<? extends ViewConfig> cls, boolean z) {
        SecurityViolationHandler securityViolationHandler = (SecurityViolationHandler) BeanProvider.getContextualReference(SecurityViolationHandler.class, true, new Annotation[0]);
        if (securityViolationHandler != null) {
            securityViolationHandler.processSecurityViolations(accessDeniedException.getViolations());
        } else {
            addViolationsAsMessage(accessDeniedException.getViolations());
        }
        if (z) {
            ((ViewNavigationHandler) BeanProvider.getContextualReference(ViewNavigationHandler.class, new Annotation[0])).navigateTo(cls);
        }
    }

    private static void addViolationsAsMessage(Set<SecurityViolation> set) {
        Iterator<SecurityViolation> it = set.iterator();
        while (it.hasNext()) {
            String reason = it.next().getReason();
            if (!isMessageAddedAlready(reason)) {
                FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR, reason, reason));
            }
        }
    }

    private static boolean isMessageAddedAlready(String str) {
        List<FacesMessage> messageList;
        FacesContext currentInstance = FacesContext.getCurrentInstance();
        if (currentInstance == null || str == null || (messageList = currentInstance.getMessageList()) == null) {
            return false;
        }
        Iterator<FacesMessage> it = messageList.iterator();
        while (it.hasNext()) {
            if (str.equals(it.next().getSummary())) {
                return true;
            }
        }
        return false;
    }
}
