package org.zowe.apiml.security.common.auth.saf;

import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:BOOT-INF/lib/apiml-security-common-0.0.55.jar:org/zowe/apiml/security/common/auth/saf/SafResourceAccessSaf.class */
public class SafResourceAccessSaf implements SafResourceAccessVerifying {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SafResourceAccessSaf.class);
    private static final String PLATFORM_ACCESS_CONTROL_CLASS_NAME = "com.ibm.os390.security.PlatformAccessControl";
    private static final String PLATFORM_PLATFORM_CLASS_NAME = "com.ibm.os390.security.PlatformReturned";
    private static final String CHECK_PERMISSION_METHOD_NAME = "checkPermission";
    private PlatformReturnedHelper<Object> platformReturnedHelper;
    private MethodHandle checkPermission;

    public SafResourceAccessSaf() throws ClassNotFoundException, NoSuchMethodException, NoSuchFieldException, IllegalAccessException {
        init();
    }

    protected Class<?> getPlatformClass() throws ClassNotFoundException {
        return Class.forName(PLATFORM_ACCESS_CONTROL_CLASS_NAME);
    }

    protected Class<?> getPlatformReturnedClass() throws ClassNotFoundException {
        return Class.forName(PLATFORM_PLATFORM_CLASS_NAME);
    }

    protected MethodHandle getCheckPermissionMethodHandle(Class<?> cls) throws IllegalAccessException, NoSuchMethodException {
        return MethodHandles.lookup().unreflect(cls.getDeclaredMethod(CHECK_PERMISSION_METHOD_NAME, String.class, String.class, String.class, Integer.TYPE));
    }

    private void init() throws ClassNotFoundException, IllegalAccessException, NoSuchMethodException, NoSuchFieldException {
        this.platformReturnedHelper = new PlatformReturnedHelper<>(getPlatformReturnedClass());
        this.checkPermission = getCheckPermissionMethodHandle(getPlatformClass());
    }

    private boolean evaluatePlatformReturned(PlatformReturned platformReturned, boolean z) {
        String str;
        if (platformReturned == null) {
            return true;
        }
        PlatformAckErrno valueOfErrno = PlatformAckErrno.valueOfErrno(platformReturned.getErrno());
        PlatformErrno2 valueOfErrno2 = PlatformErrno2.valueOfErrno(platformReturned.getErrno2());
        if (valueOfErrno != null && valueOfErrno2 != null) {
            str = "Platform access control failed: " + valueOfErrno2.explanation;
            switch (valueOfErrno2) {
                case JRSAFResourceUndefined:
                    return !z;
                case JRSAFNoUser:
                case JRNoResourceAccess:
                    return false;
                default:
                    log.error("Platform access control failed: {} {} {} {}", valueOfErrno.shortErrorName, valueOfErrno2.shortErrorName, valueOfErrno2.explanation, platformReturned);
                    break;
            }
        } else {
            str = "Unknown access control error";
            log.error("Platform access control failed: {}", platformReturned);
        }
        throw new AccessControlError(platformReturned, str + ": " + platformReturned.toString());
    }

    private PlatformReturned checkPermission(String str, String str2, String str3, int i) {
        try {
            return this.platformReturnedHelper.convert(this.checkPermission.invokeWithArguments(str, str2, str3, Integer.valueOf(i)));
        } catch (RuntimeException e) {
            throw e;
        } catch (Throwable th) {
            throw new IllegalStateException(th);
        }
    }

    private boolean checkPermission(String str, String str2, String str3, int i, boolean z) {
        return evaluatePlatformReturned(checkPermission(str, str2, str3, i), z);
    }

    @Override // org.zowe.apiml.security.common.auth.saf.SafResourceAccessVerifying
    public boolean hasSafResourceAccess(Authentication authentication, String str, String str2, String str3) {
        String name = authentication.getName();
        AccessLevel valueOf = AccessLevel.valueOf(str3);
        log.debug("Evaluating access of user {} to resource {} in class {} level {}", name, str, str2, valueOf);
        return checkPermission(name, str, str2, valueOf.getValue(), true);
    }
}
