package org.acegisecurity.acls.domain;

import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.Authentication;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.acls.Acl;
import org.acegisecurity.acls.Permission;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.acegisecurity.acls.sid.SidRetrievalStrategy;
import org.acegisecurity.acls.sid.SidRetrievalStrategyImpl;
import org.acegisecurity.context.SecurityContextHolder;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/acegi-security-1.0.4.jar:org/acegisecurity/acls/domain/AclAuthorizationStrategyImpl.class */
public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
    private GrantedAuthority gaGeneralChanges;
    private GrantedAuthority gaModifyAuditing;
    private GrantedAuthority gaTakeOwnership;
    private SidRetrievalStrategy sidRetrievalStrategy = new SidRetrievalStrategyImpl();

    public AclAuthorizationStrategyImpl(GrantedAuthority[] grantedAuthorityArr) {
        Assert.notEmpty(grantedAuthorityArr, "GrantedAuthority[] with three elements required");
        Assert.isTrue(grantedAuthorityArr.length == 3, "GrantedAuthority[] with three elements required");
        this.gaTakeOwnership = grantedAuthorityArr[0];
        this.gaModifyAuditing = grantedAuthorityArr[1];
        this.gaGeneralChanges = grantedAuthorityArr[2];
    }

    @Override // org.acegisecurity.acls.domain.AclAuthorizationStrategy
    public void securityCheck(Acl acl, int i) {
        GrantedAuthority grantedAuthority;
        if (SecurityContextHolder.getContext() == null || SecurityContextHolder.getContext().getAuthentication() == null || !SecurityContextHolder.getContext().getAuthentication().isAuthenticated()) {
            throw new AccessDeniedException("Authenticated principal required to operate with ACLs");
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (new PrincipalSid(authentication).equals(acl.getOwner()) && (i == 2 || i == 0)) {
            return;
        }
        if (i == 1) {
            grantedAuthority = this.gaModifyAuditing;
        } else if (i == 2) {
            grantedAuthority = this.gaGeneralChanges;
        } else {
            if (i != 0) {
                throw new IllegalArgumentException("Unknown change type");
            }
            grantedAuthority = this.gaTakeOwnership;
        }
        for (GrantedAuthority grantedAuthority2 : authentication.getAuthorities()) {
            if (grantedAuthority.equals(grantedAuthority2)) {
                return;
            }
        }
        if (!acl.isGranted(new Permission[]{BasePermission.ADMINISTRATION}, this.sidRetrievalStrategy.getSids(authentication), false)) {
            throw new AccessDeniedException("Principal does not have required ACL permissions to perform requested operation");
        }
    }

    public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy) {
        Assert.notNull(sidRetrievalStrategy, "SidRetrievalStrategy required");
        this.sidRetrievalStrategy = sidRetrievalStrategy;
    }
}
