package de.codecamp.vaadin.security.spring.access.route;

import com.vaadin.flow.component.Component;
import com.vaadin.flow.router.BeforeEnterEvent;
import com.vaadin.flow.router.HasErrorParameter;
import com.vaadin.flow.router.RouteConfiguration;
import com.vaadin.flow.router.RouteNotFoundError;
import com.vaadin.flow.router.RouteParameters;
import com.vaadin.flow.router.RouterLayout;
import com.vaadin.flow.router.internal.NavigationRouteTarget;
import com.vaadin.flow.router.internal.RouteTarget;
import com.vaadin.flow.server.RouteRegistry;
import com.vaadin.flow.server.SessionRouteRegistry;
import com.vaadin.flow.server.VaadinSession;
import de.codecamp.vaadin.security.spring.access.AccessEvaluator;
import de.codecamp.vaadin.security.spring.access.AccessRule;
import de.codecamp.vaadin.security.spring.access.VaadinSecurity;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/codecamp/vaadin/security/spring/access/route/DefaultRouteAccessControl.class */
public class DefaultRouteAccessControl implements RouteAccessControl {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultRouteAccessControl.class);
    private boolean denyUnsecured;
    private List<RouteAccessDeniedHandler> accessDeniedHandlers;

    public void setDenyUnsecured(boolean z) {
        this.denyUnsecured = z;
    }

    public void setAccessDeniedHandlers(List<RouteAccessDeniedHandler> list) {
        this.accessDeniedHandlers = list;
    }

    @Override // de.codecamp.vaadin.security.spring.access.route.RouteAccessControl
    public boolean hasAccessTo(Class<? extends Component> cls) {
        RouteRegistry sessionRegistry = SessionRouteRegistry.getSessionRegistry(VaadinSession.getCurrent());
        RouteTarget routeTarget = sessionRegistry.getRouteTarget(cls, RouteParameters.empty());
        if (routeTarget == null) {
            LOG.warn("Could not find registered route for navigation target '{}'.", cls);
            return false;
        }
        if (((String) RouteConfiguration.forRegistry(sessionRegistry).getUrlBase(cls).orElse(null)) != null) {
            return hasAccess(null, routeTarget.getTarget(), routeTarget.getParentLayouts(), null);
        }
        LOG.warn("Could not find registered route for navigation target '{}'.", cls);
        return false;
    }

    @Override // de.codecamp.vaadin.security.spring.access.route.RouteAccessControl
    public boolean hasAccessTo(String str) {
        NavigationRouteTarget navigationRouteTarget = SessionRouteRegistry.getSessionRegistry(VaadinSession.getCurrent()).getNavigationRouteTarget(str);
        if (navigationRouteTarget.hasTarget()) {
            RouteTarget routeTarget = navigationRouteTarget.getRouteTarget();
            return hasAccess(str, routeTarget.getTarget(), routeTarget.getParentLayouts(), null);
        }
        LOG.warn("Could not find navigation target for route path '{}'.", str);
        return false;
    }

    @Override // de.codecamp.vaadin.security.spring.access.route.RouteAccessControl
    public void checkAccess(BeforeEnterEvent beforeEnterEvent) {
        LOG.trace("Checking access to route '{}' ({}).", beforeEnterEvent.getLocation().getPath(), beforeEnterEvent.getNavigationTarget().getName());
        if (HasErrorParameter.class.isAssignableFrom(beforeEnterEvent.getNavigationTarget()) || (RouteNotFoundError.class.isAssignableFrom(beforeEnterEvent.getNavigationTarget()) && VaadinSecurity.check().isAuthenticated())) {
            LOG.debug("Access granted to error view '{}' at '{}'.", beforeEnterEvent.getNavigationTarget().getName(), beforeEnterEvent.getLocation().getPath());
            return;
        }
        if (beforeEnterEvent.getNavigationTarget().getName().contains("ClientViewPlaceholder")) {
            LOG.debug("Ignoring navigation to client-side view at '{}'.", beforeEnterEvent.getLocation().getPath());
        } else if (hasAccess(beforeEnterEvent.getLocation().getPath(), beforeEnterEvent.getNavigationTarget(), beforeEnterEvent.getLayouts(), beforeEnterEvent.getUI().getSession())) {
            LOG.debug("Access granted to route '{}' ({}).", beforeEnterEvent.getLocation().getPath(), beforeEnterEvent.getNavigationTarget().getName());
        } else {
            LOG.debug("Access denied to route '{}' ({}).", beforeEnterEvent.getLocation().getPath(), beforeEnterEvent.getNavigationTarget().getName());
            onAccessDenied(beforeEnterEvent);
        }
    }

    protected boolean hasAccess(String str, Class<? extends Component> cls, List<Class<? extends RouterLayout>> list, VaadinSession vaadinSession) {
        if (vaadinSession == null) {
            vaadinSession = VaadinSession.getCurrent();
        }
        if (vaadinSession == null) {
            throw new IllegalStateException("No VaadinSession available.");
        }
        boolean z = false;
        boolean z2 = true;
        ArrayList arrayList = new ArrayList();
        arrayList.add(cls);
        arrayList.addAll(list);
        SessionRouteAccessRuleRegistry sessionRegistry = SessionRouteAccessRuleRegistry.getSessionRegistry(vaadinSession);
        Iterator it = arrayList.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Class<? extends Component> cls2 = (Class) it.next();
            AccessRule accessRule = null;
            if (cls2 == cls) {
                accessRule = sessionRegistry.getAccessRule(str).orElse(null);
            }
            if (accessRule == null) {
                accessRule = sessionRegistry.getAccessRule(cls2).orElse(null);
            }
            if (accessRule != null) {
                z = true;
                if (accessRule.expression() != null && !VaadinSecurity.hasAccess(accessRule.expression())) {
                    z2 = false;
                    break;
                }
                if (accessRule.evaluator() != null && !((AccessEvaluator) vaadinSession.getService().getInstantiator().getOrCreate(accessRule.evaluator())).hasAccess(new RouteAccessContext(cls2))) {
                    z2 = false;
                    break;
                }
                if (!accessRule.checkLayout()) {
                    break;
                }
            }
        }
        if (this.denyUnsecured && !z) {
            z2 = false;
        }
        return z2;
    }

    protected void onAccessDenied(BeforeEnterEvent beforeEnterEvent) {
        if (beforeEnterEvent.hasForwardTarget() || beforeEnterEvent.hasRerouteTarget() || beforeEnterEvent.hasErrorParameter()) {
            return;
        }
        Iterator<RouteAccessDeniedHandler> it = this.accessDeniedHandlers.iterator();
        while (it.hasNext()) {
            it.next().handleAccessDenied(beforeEnterEvent);
            if (beforeEnterEvent.hasForwardTarget() || beforeEnterEvent.hasRerouteTarget() || beforeEnterEvent.hasErrorParameter()) {
                return;
            }
        }
        if (!beforeEnterEvent.hasForwardTarget() && !beforeEnterEvent.hasRerouteTarget() && !beforeEnterEvent.hasErrorParameter()) {
            throw new RouteAccessDeniedException("Access denied");
        }
    }
}
