package iq;

import java.util.Collection;
import java.util.HashSet;
import oq.j;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.util.Assert;

/* loaded from: classes3.dex */
public abstract class a implements InitializingBean, ApplicationEventPublisherAware, MessageSourceAware {

    /* renamed from: c, reason: collision with root package name */
    public ApplicationEventPublisher f22033c;

    /* renamed from: d, reason: collision with root package name */
    public cq.a f22034d;

    /* renamed from: e, reason: collision with root package name */
    public iq.b f22035e;

    /* renamed from: a, reason: collision with root package name */
    public final jp.a f22031a = jp.h.getLog(getClass());

    /* renamed from: b, reason: collision with root package name */
    public MessageSourceAccessor f22032b = yq.e.getAccessor();

    /* renamed from: f, reason: collision with root package name */
    public j f22036f = new b();

    /* renamed from: g, reason: collision with root package name */
    public h f22037g = new f();

    /* renamed from: h, reason: collision with root package name */
    public boolean f22038h = false;

    /* renamed from: i, reason: collision with root package name */
    public boolean f22039i = false;

    /* renamed from: j, reason: collision with root package name */
    public boolean f22040j = true;

    /* renamed from: k, reason: collision with root package name */
    public boolean f22041k = false;

    /* loaded from: classes3.dex */
    public static class b implements j {
        public b() {
        }

        @Override // oq.j
        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            throw new AuthenticationServiceException("Cannot authenticate " + authentication);
        }
    }

    private Authentication b() {
        Authentication authentication = cr.g.getContext().getAuthentication();
        if (authentication.isAuthenticated() && !this.f22038h) {
            if (this.f22031a.isDebugEnabled()) {
                this.f22031a.debug("Previously Authenticated: " + authentication);
            }
            return authentication;
        }
        Authentication authenticate = this.f22036f.authenticate(authentication);
        if (this.f22031a.isDebugEnabled()) {
            this.f22031a.debug("Successfully Authenticated: " + authenticate);
        }
        cr.g.getContext().setAuthentication(authenticate);
        return authenticate;
    }

    private void d(String str, Object obj, Collection<ConfigAttribute> collection) {
        AuthenticationCredentialsNotFoundException authenticationCredentialsNotFoundException = new AuthenticationCredentialsNotFoundException(str);
        f(new eq.b(obj, collection, authenticationCredentialsNotFoundException));
        throw authenticationCredentialsNotFoundException;
    }

    private void f(ApplicationEvent applicationEvent) {
        ApplicationEventPublisher applicationEventPublisher = this.f22033c;
        if (applicationEventPublisher != null) {
            applicationEventPublisher.publishEvent(applicationEvent);
        }
    }

    public Object a(d dVar, Object obj) {
        if (dVar == null) {
            return obj;
        }
        e(dVar);
        iq.b bVar = this.f22035e;
        if (bVar == null) {
            return obj;
        }
        try {
            return bVar.decide(dVar.getSecurityContext().getAuthentication(), dVar.getSecureObject(), dVar.getAttributes(), obj);
        } catch (AccessDeniedException e10) {
            f(new eq.c(dVar.getSecureObject(), dVar.getAttributes(), dVar.getSecurityContext().getAuthentication(), e10));
            throw e10;
        }
    }

    public void afterPropertiesSet() throws Exception {
        iq.b bVar;
        Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()");
        Assert.notNull(this.f22032b, "A message source must be set");
        Assert.notNull(this.f22036f, "An AuthenticationManager is required");
        Assert.notNull(this.f22034d, "An AccessDecisionManager is required");
        Assert.notNull(this.f22037g, "A RunAsManager is required");
        Assert.notNull(obtainSecurityMetadataSource(), "An SecurityMetadataSource is required");
        Assert.isTrue(obtainSecurityMetadataSource().supports(getSecureObjectClass()), "SecurityMetadataSource does not support secure object class: " + getSecureObjectClass());
        Assert.isTrue(this.f22037g.supports(getSecureObjectClass()), "RunAsManager does not support secure object class: " + getSecureObjectClass());
        Assert.isTrue(this.f22034d.supports(getSecureObjectClass()), "AccessDecisionManager does not support secure object class: " + getSecureObjectClass());
        iq.b bVar2 = this.f22035e;
        if (bVar2 != null) {
            Assert.isTrue(bVar2.supports(getSecureObjectClass()), "AfterInvocationManager does not support secure object class: " + getSecureObjectClass());
        }
        if (this.f22040j) {
            Collection<ConfigAttribute> allConfigAttributes = obtainSecurityMetadataSource().getAllConfigAttributes();
            if (allConfigAttributes == null) {
                this.f22031a.warn("Could not validate configuration attributes as the SecurityMetadataSource did not return any attributes from getAllConfigAttributes()");
                return;
            }
            HashSet hashSet = new HashSet();
            for (ConfigAttribute configAttribute : allConfigAttributes) {
                if (!this.f22037g.supports(configAttribute) && !this.f22034d.supports(configAttribute) && ((bVar = this.f22035e) == null || !bVar.supports(configAttribute))) {
                    hashSet.add(configAttribute);
                }
            }
            if (hashSet.size() == 0) {
                this.f22031a.debug("Validated configuration attributes");
                return;
            }
            throw new IllegalArgumentException("Unsupported configuration attributes: " + hashSet);
        }
    }

    public d c(Object obj) {
        Assert.notNull(obj, "Object was null");
        boolean isDebugEnabled = this.f22031a.isDebugEnabled();
        if (!getSecureObjectClass().isAssignableFrom(obj.getClass())) {
            throw new IllegalArgumentException("Security invocation attempted for object " + obj.getClass().getName() + " but AbstractSecurityInterceptor only configured to support secure objects of type: " + getSecureObjectClass());
        }
        Collection<ConfigAttribute> attributes = obtainSecurityMetadataSource().getAttributes(obj);
        if (attributes == null || attributes.isEmpty()) {
            if (!this.f22039i) {
                if (isDebugEnabled) {
                    this.f22031a.debug("Public object - authentication not attempted");
                }
                f(new eq.f(obj));
                return null;
            }
            throw new IllegalArgumentException("Secure object invocation " + obj + " was denied as public invocations are not allowed via this interceptor. This indicates a configuration error because the rejectPublicInvocations property is set to 'true'");
        }
        if (isDebugEnabled) {
            this.f22031a.debug("Secure object: " + obj + "; Attributes: " + attributes);
        }
        if (cr.g.getContext().getAuthentication() == null) {
            d(this.f22032b.getMessage("AbstractSecurityInterceptor.authenticationNotFound", "An Authentication object was not found in the SecurityContext"), obj, attributes);
        }
        Authentication b10 = b();
        try {
            this.f22034d.decide(b10, obj, attributes);
            if (isDebugEnabled) {
                this.f22031a.debug("Authorization successful");
            }
            if (this.f22041k) {
                f(new eq.d(obj, attributes, b10));
            }
            Authentication buildRunAs = this.f22037g.buildRunAs(b10, obj, attributes);
            if (buildRunAs == null) {
                if (isDebugEnabled) {
                    this.f22031a.debug("RunAsManager did not change Authentication object");
                }
                return new d(cr.g.getContext(), false, attributes, obj);
            }
            if (isDebugEnabled) {
                this.f22031a.debug("Switching to RunAs Authentication: " + buildRunAs);
            }
            SecurityContext context = cr.g.getContext();
            cr.g.setContext(cr.g.createEmptyContext());
            cr.g.getContext().setAuthentication(buildRunAs);
            return new d(context, true, attributes, obj);
        } catch (AccessDeniedException e10) {
            f(new eq.c(obj, attributes, b10, e10));
            throw e10;
        }
    }

    public void e(d dVar) {
        if (dVar == null || !dVar.isContextHolderRefreshRequired()) {
            return;
        }
        if (this.f22031a.isDebugEnabled()) {
            this.f22031a.debug("Reverting to original Authentication: " + dVar.getSecurityContext().getAuthentication());
        }
        cr.g.setContext(dVar.getSecurityContext());
    }

    public cq.a getAccessDecisionManager() {
        return this.f22034d;
    }

    public iq.b getAfterInvocationManager() {
        return this.f22035e;
    }

    public j getAuthenticationManager() {
        return this.f22036f;
    }

    public h getRunAsManager() {
        return this.f22037g;
    }

    public abstract Class<?> getSecureObjectClass();

    public boolean isAlwaysReauthenticate() {
        return this.f22038h;
    }

    public boolean isRejectPublicInvocations() {
        return this.f22039i;
    }

    public boolean isValidateConfigAttributes() {
        return this.f22040j;
    }

    public abstract cq.f obtainSecurityMetadataSource();

    public void setAccessDecisionManager(cq.a aVar) {
        this.f22034d = aVar;
    }

    public void setAfterInvocationManager(iq.b bVar) {
        this.f22035e = bVar;
    }

    public void setAlwaysReauthenticate(boolean z10) {
        this.f22038h = z10;
    }

    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.f22033c = applicationEventPublisher;
    }

    public void setAuthenticationManager(j jVar) {
        this.f22036f = jVar;
    }

    public void setMessageSource(MessageSource messageSource) {
        this.f22032b = new MessageSourceAccessor(messageSource);
    }

    public void setPublishAuthorizationSuccess(boolean z10) {
        this.f22041k = z10;
    }

    public void setRejectPublicInvocations(boolean z10) {
        this.f22039i = z10;
    }

    public void setRunAsManager(h hVar) {
        this.f22037g = hVar;
    }

    public void setValidateConfigAttributes(boolean z10) {
        this.f22040j = z10;
    }
}
