package org.springframework.security.authorization.method;

import jakarta.annotation.security.DenyAll;
import jakarta.annotation.security.PermitAll;
import jakarta.annotation.security.RolesAllowed;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.function.Supplier;
import org.aopalliance.intercept.MethodInvocation;
import org.springframework.aop.support.AopUtils;
import org.springframework.core.annotation.AnnotationConfigurationException;
import org.springframework.lang.NonNull;
import org.springframework.security.authorization.AuthoritiesAuthorizationManager;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/spring-security-core-6.2.0.jar:org/springframework/security/authorization/method/Jsr250AuthorizationManager.class */
public final class Jsr250AuthorizationManager implements AuthorizationManager<MethodInvocation> {
    private static final Set<Class<? extends Annotation>> JSR250_ANNOTATIONS = new HashSet();
    private final Jsr250AuthorizationManagerRegistry registry = new Jsr250AuthorizationManagerRegistry();
    private AuthorizationManager<Collection<String>> authoritiesAuthorizationManager = new AuthoritiesAuthorizationManager();
    private String rolePrefix = "ROLE_";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/spring-security-core-6.2.0.jar:org/springframework/security/authorization/method/Jsr250AuthorizationManager$Jsr250AuthorizationManagerRegistry.class */
    public final class Jsr250AuthorizationManagerRegistry extends AbstractAuthorizationManagerRegistry {
        private Jsr250AuthorizationManagerRegistry() {
        }

        @Override // org.springframework.security.authorization.method.AbstractAuthorizationManagerRegistry
        @NonNull
        AuthorizationManager<MethodInvocation> resolveManager(Method method, Class<?> cls) {
            Annotation findJsr250Annotation = findJsr250Annotation(method, cls);
            if (findJsr250Annotation instanceof DenyAll) {
                return (supplier, methodInvocation) -> {
                    return new AuthorizationDecision(false);
                };
            }
            if (findJsr250Annotation instanceof PermitAll) {
                return (supplier2, methodInvocation2) -> {
                    return new AuthorizationDecision(true);
                };
            }
            if (!(findJsr250Annotation instanceof RolesAllowed)) {
                return NULL_MANAGER;
            }
            RolesAllowed rolesAllowed = (RolesAllowed) findJsr250Annotation;
            return (supplier3, methodInvocation3) -> {
                return Jsr250AuthorizationManager.this.authoritiesAuthorizationManager.check(supplier3, getAllowedRolesWithPrefix(rolesAllowed));
            };
        }

        private Annotation findJsr250Annotation(Method method, Class<?> cls) {
            Method mostSpecificMethod = AopUtils.getMostSpecificMethod(method, cls);
            Annotation findAnnotation = findAnnotation(mostSpecificMethod);
            return findAnnotation != null ? findAnnotation : findAnnotation(mostSpecificMethod.getDeclaringClass());
        }

        private Annotation findAnnotation(Method method) {
            HashSet hashSet = new HashSet();
            Iterator<Class<? extends Annotation>> it = Jsr250AuthorizationManager.JSR250_ANNOTATIONS.iterator();
            while (it.hasNext()) {
                Annotation findUniqueAnnotation = AuthorizationAnnotationUtils.findUniqueAnnotation(method, (Class<Annotation>) it.next());
                if (findUniqueAnnotation != null) {
                    hashSet.add(findUniqueAnnotation);
                }
            }
            if (hashSet.isEmpty()) {
                return null;
            }
            if (hashSet.size() > 1) {
                throw new AnnotationConfigurationException("The JSR-250 specification disallows DenyAll, PermitAll, and RolesAllowed from appearing on the same method.");
            }
            return (Annotation) hashSet.iterator().next();
        }

        private Annotation findAnnotation(Class<?> cls) {
            HashSet hashSet = new HashSet();
            Iterator<Class<? extends Annotation>> it = Jsr250AuthorizationManager.JSR250_ANNOTATIONS.iterator();
            while (it.hasNext()) {
                Annotation findUniqueAnnotation = AuthorizationAnnotationUtils.findUniqueAnnotation(cls, (Class<Annotation>) it.next());
                if (findUniqueAnnotation != null) {
                    hashSet.add(findUniqueAnnotation);
                }
            }
            if (hashSet.isEmpty()) {
                return null;
            }
            if (hashSet.size() > 1) {
                throw new AnnotationConfigurationException("The JSR-250 specification disallows DenyAll, PermitAll, and RolesAllowed from appearing on the same class definition.");
            }
            return (Annotation) hashSet.iterator().next();
        }

        private Set<String> getAllowedRolesWithPrefix(RolesAllowed rolesAllowed) {
            HashSet hashSet = new HashSet();
            for (int i = 0; i < rolesAllowed.value().length; i++) {
                hashSet.add(Jsr250AuthorizationManager.this.rolePrefix + rolesAllowed.value()[i]);
            }
            return hashSet;
        }
    }

    public void setAuthoritiesAuthorizationManager(AuthorizationManager<Collection<String>> authorizationManager) {
        Assert.notNull(authorizationManager, "authoritiesAuthorizationManager cannot be null");
        this.authoritiesAuthorizationManager = authorizationManager;
    }

    public void setRolePrefix(String str) {
        Assert.notNull(str, "rolePrefix cannot be null");
        this.rolePrefix = str;
    }

    /* renamed from: check, reason: avoid collision after fix types in other method */
    public AuthorizationDecision check2(Supplier<Authentication> supplier, MethodInvocation methodInvocation) {
        return this.registry.getManager(methodInvocation).check(supplier, methodInvocation);
    }

    @Override // org.springframework.security.authorization.AuthorizationManager
    public /* bridge */ /* synthetic */ AuthorizationDecision check(Supplier supplier, MethodInvocation methodInvocation) {
        return check2((Supplier<Authentication>) supplier, methodInvocation);
    }

    static {
        JSR250_ANNOTATIONS.add(DenyAll.class);
        JSR250_ANNOTATIONS.add(PermitAll.class);
        JSR250_ANNOTATIONS.add(RolesAllowed.class);
    }
}
