package com.vaadin.flow.server.connect.auth;

import java.lang.reflect.AnnotatedElement;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.security.Principal;
import java.util.function.Function;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/vaadin/flow/server/connect/auth/AccessAnnotationChecker.class */
public class AccessAnnotationChecker {
    public boolean annotationAllowsAccess(Method method, HttpServletRequest httpServletRequest) {
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        httpServletRequest.getClass();
        return annotationAllowsAccess(method, userPrincipal, httpServletRequest::isUserInRole);
    }

    public boolean annotationAllowsAccess(Class<?> cls, HttpServletRequest httpServletRequest) {
        AnnotatedElement securityTarget = getSecurityTarget(cls);
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        httpServletRequest.getClass();
        return annotationAllowsAccess(securityTarget, userPrincipal, httpServletRequest::isUserInRole);
    }

    public boolean annotationAllowsAccess(Method method, Principal principal, Function<String, Boolean> function) {
        return annotationAllowsAccess(getSecurityTarget(method), principal, function);
    }

    public AnnotatedElement getSecurityTarget(Method method) {
        if (Modifier.isPublic(method.getModifiers())) {
            return hasSecurityAnnotation(method) ? method : method.getDeclaringClass();
        }
        throw new IllegalArgumentException(String.format("The method '%s' is not public hence cannot have a security target", method));
    }

    public AnnotatedElement getSecurityTarget(Class<?> cls) {
        return cls;
    }

    private boolean annotationAllowsAccess(AnnotatedElement annotatedElement, Principal principal, Function<String, Boolean> function) {
        if (annotatedElement.isAnnotationPresent(DenyAll.class)) {
            return false;
        }
        if (annotatedElement.isAnnotationPresent(AnonymousAllowed.class)) {
            return true;
        }
        if (principal == null) {
            return false;
        }
        RolesAllowed rolesAllowed = (RolesAllowed) annotatedElement.getAnnotation(RolesAllowed.class);
        return rolesAllowed == null ? annotatedElement.isAnnotationPresent(PermitAll.class) : roleAllowed(rolesAllowed, function);
    }

    private boolean roleAllowed(RolesAllowed rolesAllowed, Function<String, Boolean> function) {
        for (String str : rolesAllowed.value()) {
            if (function.apply(str).booleanValue()) {
                return true;
            }
        }
        return false;
    }

    private boolean hasSecurityAnnotation(Method method) {
        return method.isAnnotationPresent(AnonymousAllowed.class) || method.isAnnotationPresent(PermitAll.class) || method.isAnnotationPresent(DenyAll.class) || method.isAnnotationPresent(RolesAllowed.class);
    }
}
