package com.alibaba.ariver.kernel.api.security.internal;

import androidx.annotation.Nullable;
import com.alibaba.ariver.kernel.api.security.AccessControlException;
import com.alibaba.ariver.kernel.api.security.AccessControlManagement;
import com.alibaba.ariver.kernel.api.security.AccessController;
import com.alibaba.ariver.kernel.api.security.Accessor;
import com.alibaba.ariver.kernel.api.security.ApiPermissionCheckResult;
import com.alibaba.ariver.kernel.api.security.DefaultGroup;
import com.alibaba.ariver.kernel.api.security.Group;
import com.alibaba.ariver.kernel.api.security.Guard;
import com.alibaba.ariver.kernel.api.security.Inquirer;
import com.alibaba.ariver.kernel.api.security.Permission;
import com.alibaba.ariver.kernel.common.utils.RVLogger;
import com.umeng.analytics.pro.an;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;

/* loaded from: classes2.dex */
public class DefaultAccessController implements AccessController {

    /* renamed from: a, reason: collision with root package name */
    private static final String f8675a = "AriverKernel:Permission";

    /* renamed from: b, reason: collision with root package name */
    private AccessControlManagement f8676b;

    private void a(Accessor accessor, List<Permission> list, @Nullable final AccessController.ApplyCallback applyCallback) {
        accessor.inquiry(list, new Accessor.InquiryCallback() { // from class: com.alibaba.ariver.kernel.api.security.internal.DefaultAccessController.1
            @Override // com.alibaba.ariver.kernel.api.security.Accessor.InquiryCallback
            public void onComplete(List<? extends Permission> list2, List<? extends Permission> list3) {
                if (applyCallback != null) {
                    if (list3 == null || list3.size() < 0) {
                        applyCallback.onSuccess();
                    } else {
                        applyCallback.onFailure(list3);
                    }
                }
            }
        });
    }

    private boolean a(Permission permission, Group group) {
        if (group.groupName().equalsIgnoreCase(DefaultGroup.INTERNAL.groupName())) {
            return true;
        }
        Map<String, ? extends Permission> permissions = group.permissions();
        return permissions != null && permissions.containsKey(permission.authority());
    }

    @Override // com.alibaba.ariver.kernel.api.security.AccessController
    public boolean check(Accessor accessor, List<? extends Guard> list, @Nullable AccessController.ApplyCallback applyCallback) {
        Group group = accessor.getGroup();
        AccessControlManagement accessControlManagement = this.f8676b;
        boolean z = false;
        if (accessControlManagement != null && !accessControlManagement.needPermissionCheck(accessor, list)) {
            if (list != null) {
                RVLogger.d(f8675a, "not need check permission" + list.size());
                for (Guard guard : list) {
                    if (guard != null && guard.permit() != null) {
                        z = this.f8676b.asyncInterceptJsapi(guard.permit(), accessor);
                    }
                }
            }
            return z;
        }
        AccessControlManagement accessControlManagement2 = this.f8676b;
        if (accessControlManagement2 != null) {
            group = accessControlManagement2.manageAccessorGroup(accessor);
        }
        ArrayList arrayList = new ArrayList();
        for (Guard guard2 : list) {
            Permission permit = guard2.permit();
            if (permit != null) {
                if (group == null) {
                    throw new AccessControlException("the " + accessor + " not in any group.");
                }
                if (a(permit, group)) {
                    RVLogger.d(f8675a, an.Q + accessor.hashCode() + " has group permission [" + permit.authority() + "] ,group is [" + group.groupName() + "]");
                } else {
                    ApiPermissionCheckResult permissionCheck = this.f8676b.permissionCheck(permit, accessor);
                    if (ApiPermissionCheckResult.IGNORE == permissionCheck || ApiPermissionCheckResult.ALLOW == permissionCheck) {
                        RVLogger.d(f8675a, an.Q + accessor.hashCode() + " has single permission [" + permit.authority() + "]");
                        if (this.f8676b.asyncPermissionCheck(permit, accessor)) {
                            arrayList.add(permit);
                        }
                    } else {
                        AccessControlManagement accessControlManagement3 = this.f8676b;
                        if (accessControlManagement3 != null && accessControlManagement3.bizPermissionCheck(permit, accessor)) {
                            RVLogger.d(f8675a, an.Q + accessor.hashCode() + " has custom permission [" + permit.authority() + "]");
                        } else {
                            if (!(permit instanceof Inquirer)) {
                                RVLogger.d(f8675a, an.Q + accessor.hashCode() + " no permission:" + permit.authority() + " when access " + guard2);
                                throw new AccessControlException((permissionCheck == null || !permissionCheck.hasSignature()) ? accessor + " no permission:" + permit.authority() + " when access " + guard2 : permissionCheck.getSignature());
                            }
                            arrayList.add(permit);
                        }
                    }
                }
            }
        }
        if (arrayList.isEmpty()) {
            return false;
        }
        a(accessor, arrayList, applyCallback);
        return true;
    }

    @Override // com.alibaba.ariver.kernel.api.security.AccessController
    public void setAccessControlManagement(AccessControlManagement accessControlManagement) {
        this.f8676b = accessControlManagement;
    }
}
