package org.springframework.security.acls.domain;

import java.util.Iterator;
import java.util.List;
import org.springframework.security.acls.model.AccessControlEntry;
import org.springframework.security.acls.model.Acl;
import org.springframework.security.acls.model.NotFoundException;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.acls.model.PermissionGrantingStrategy;
import org.springframework.security.acls.model.Sid;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-acl-5.4.10.jar:org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.class */
public class DefaultPermissionGrantingStrategy implements PermissionGrantingStrategy {
    private final transient AuditLogger auditLogger;

    public DefaultPermissionGrantingStrategy(AuditLogger auditLogger) {
        Assert.notNull(auditLogger, "auditLogger cannot be null");
        this.auditLogger = auditLogger;
    }

    @Override // org.springframework.security.acls.model.PermissionGrantingStrategy
    public boolean isGranted(Acl acl, List<Permission> list, List<Sid> list2, boolean z) throws NotFoundException {
        List<AccessControlEntry> entries = acl.getEntries();
        AccessControlEntry accessControlEntry = null;
        for (Permission permission : list) {
            for (Sid sid : list2) {
                boolean z2 = true;
                Iterator<AccessControlEntry> it = entries.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    AccessControlEntry next = it.next();
                    if (isGranted(next, permission) && next.getSid().equals(sid)) {
                        if (next.isGranting()) {
                            if (z) {
                                return true;
                            }
                            this.auditLogger.logIfNeeded(true, next);
                            return true;
                        }
                        if (accessControlEntry == null) {
                            accessControlEntry = next;
                        }
                        z2 = false;
                    }
                }
                if (!z2) {
                    break;
                }
            }
        }
        if (accessControlEntry != null) {
            if (z) {
                return false;
            }
            this.auditLogger.logIfNeeded(false, accessControlEntry);
            return false;
        }
        if (!acl.isEntriesInheriting() || acl.getParentAcl() == null) {
            throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs");
        }
        return acl.getParentAcl().isGranted(list, list2, false);
    }

    protected boolean isGranted(AccessControlEntry accessControlEntry, Permission permission) {
        return accessControlEntry.getPermission().getMask() == permission.getMask();
    }
}
