package org.springframework.security.access.expression;

import java.io.Serializable;
import java.util.Collection;
import java.util.Set;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;

/* loaded from: input_file:WEB-INF/lib/spring-security-core-5.5.8.jar:org/springframework/security/access/expression/SecurityExpressionRoot.class */
public abstract class SecurityExpressionRoot implements SecurityExpressionOperations {
    protected final Authentication authentication;
    private AuthenticationTrustResolver trustResolver;
    private RoleHierarchy roleHierarchy;
    private Set<String> roles;
    private PermissionEvaluator permissionEvaluator;
    private String defaultRolePrefix = "ROLE_";
    public final boolean permitAll = true;
    public final boolean denyAll = false;
    public final String read = "read";
    public final String write = "write";
    public final String create = "create";
    public final String delete = "delete";
    public final String admin = "administration";

    public SecurityExpressionRoot(Authentication authentication) {
        if (authentication == null) {
            throw new IllegalArgumentException("Authentication object cannot be null");
        }
        this.authentication = authentication;
    }

    @Override // org.springframework.security.access.expression.SecurityExpressionOperations
    public final boolean hasAuthority(String str) {
        return hasAnyAuthority(str);
    }

    @Override // org.springframework.security.access.expression.SecurityExpressionOperations
    public final boolean hasAnyAuthority(String... strArr) {
        return hasAnyAuthorityName(null, strArr);
    }

    @Override // org.springframework.security.access.expression.SecurityExpressionOperations
    public final boolean hasRole(String str) {
        return hasAnyRole(str);
    }

    @Override // org.springframework.security.access.expression.SecurityExpressionOperations
    public final boolean hasAnyRole(String... strArr) {
        return hasAnyAuthorityName(this.defaultRolePrefix, strArr);
    }

    private boolean hasAnyAuthorityName(String str, String... strArr) {
        Set<String> authoritySet = getAuthoritySet();
        for (String str2 : strArr) {
            if (authoritySet.contains(getRoleWithDefaultPrefix(str, str2))) {
                return true;
            }
        }
        return false;
    }

    @Override // org.springframework.security.access.expression.SecurityExpressionOperations
    public final Authentication getAuthentication() {
        return this.authentication;
    }

    @Override // org.springframework.security.access.expression.SecurityExpressionOperations
    public final boolean permitAll() {
        return true;
    }

    @Override // org.springframework.security.access.expression.SecurityExpressionOperations
    public final boolean denyAll() {
        return false;
    }

    @Override // org.springframework.security.access.expression.SecurityExpressionOperations
    public final boolean isAnonymous() {
        return this.trustResolver.isAnonymous(this.authentication);
    }

    @Override // org.springframework.security.access.expression.SecurityExpressionOperations
    public final boolean isAuthenticated() {
        return !isAnonymous();
    }

    @Override // org.springframework.security.access.expression.SecurityExpressionOperations
    public final boolean isRememberMe() {
        return this.trustResolver.isRememberMe(this.authentication);
    }

    @Override // org.springframework.security.access.expression.SecurityExpressionOperations
    public final boolean isFullyAuthenticated() {
        return (this.trustResolver.isAnonymous(this.authentication) || this.trustResolver.isRememberMe(this.authentication)) ? false : true;
    }

    public Object getPrincipal() {
        return this.authentication.getPrincipal();
    }

    public void setTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
        this.trustResolver = authenticationTrustResolver;
    }

    public void setRoleHierarchy(RoleHierarchy roleHierarchy) {
        this.roleHierarchy = roleHierarchy;
    }

    public void setDefaultRolePrefix(String str) {
        this.defaultRolePrefix = str;
    }

    private Set<String> getAuthoritySet() {
        if (this.roles == null) {
            Collection<? extends GrantedAuthority> authorities = this.authentication.getAuthorities();
            if (this.roleHierarchy != null) {
                authorities = this.roleHierarchy.getReachableGrantedAuthorities(authorities);
            }
            this.roles = AuthorityUtils.authorityListToSet(authorities);
        }
        return this.roles;
    }

    @Override // org.springframework.security.access.expression.SecurityExpressionOperations
    public boolean hasPermission(Object obj, Object obj2) {
        return this.permissionEvaluator.hasPermission(this.authentication, obj, obj2);
    }

    @Override // org.springframework.security.access.expression.SecurityExpressionOperations
    public boolean hasPermission(Object obj, String str, Object obj2) {
        return this.permissionEvaluator.hasPermission(this.authentication, (Serializable) obj, str, obj2);
    }

    public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) {
        this.permissionEvaluator = permissionEvaluator;
    }

    private static String getRoleWithDefaultPrefix(String str, String str2) {
        return str2 == null ? str2 : (str == null || str.length() == 0) ? str2 : str2.startsWith(str) ? str2 : str + str2;
    }
}
