package org.springframework.security.messaging.access.intercept;

import java.util.function.Supplier;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.core.log.LogMessage;
import org.springframework.messaging.Message;
import org.springframework.messaging.MessageChannel;
import org.springframework.messaging.support.ChannelInterceptor;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationEventPublisher;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.authorization.AuthorizationResult;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/messaging/access/intercept/AuthorizationChannelInterceptor.class */
public final class AuthorizationChannelInterceptor implements ChannelInterceptor {
    private final AuthorizationManager<Message<?>> preSendAuthorizationManager;
    private Supplier<Authentication> authentication = getAuthentication(SecurityContextHolder.getContextHolderStrategy());
    private final Log logger = LogFactory.getLog(getClass());
    private AuthorizationEventPublisher eventPublisher = new NoopAuthorizationEventPublisher();

    /* loaded from: input_file:org/springframework/security/messaging/access/intercept/AuthorizationChannelInterceptor$NoopAuthorizationEventPublisher.class */
    private static class NoopAuthorizationEventPublisher implements AuthorizationEventPublisher {
        private NoopAuthorizationEventPublisher() {
        }

        public <T> void publishAuthorizationEvent(Supplier<Authentication> supplier, T t, AuthorizationDecision authorizationDecision) {
        }

        public <T> void publishAuthorizationEvent(Supplier<Authentication> supplier, T t, AuthorizationResult authorizationResult) {
        }
    }

    public AuthorizationChannelInterceptor(AuthorizationManager<Message<?>> authorizationManager) {
        Assert.notNull(authorizationManager, "preSendAuthorizationManager cannot be null");
        this.preSendAuthorizationManager = authorizationManager;
    }

    public Message<?> preSend(Message<?> message, MessageChannel messageChannel) {
        this.logger.debug(LogMessage.of(() -> {
            return "Authorizing message send";
        }));
        AuthorizationResult authorize = this.preSendAuthorizationManager.authorize(this.authentication, message);
        this.eventPublisher.publishAuthorizationEvent(this.authentication, message, authorize);
        if (authorize == null || !authorize.isGranted()) {
            this.logger.debug(LogMessage.of(() -> {
                return "Failed to authorize message with authorization manager " + this.preSendAuthorizationManager + " and result " + authorize;
            }));
            throw new AccessDeniedException("Access Denied");
        }
        this.logger.debug(LogMessage.of(() -> {
            return "Authorized message send";
        }));
        return message;
    }

    public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) {
        this.authentication = getAuthentication(securityContextHolderStrategy);
    }

    public void setAuthorizationEventPublisher(AuthorizationEventPublisher authorizationEventPublisher) {
        Assert.notNull(authorizationEventPublisher, "eventPublisher cannot be null");
        this.eventPublisher = authorizationEventPublisher;
    }

    private Supplier<Authentication> getAuthentication(SecurityContextHolderStrategy securityContextHolderStrategy) {
        return () -> {
            Authentication authentication = securityContextHolderStrategy.getContext().getAuthentication();
            if (authentication == null) {
                throw new AuthenticationCredentialsNotFoundException("An Authentication object was not found in the SecurityContext");
            }
            return authentication;
        };
    }
}
