package com.vaadin.flow.server.auth;

import com.vaadin.flow.component.Component;
import com.vaadin.flow.router.BeforeEnterEvent;
import com.vaadin.flow.router.BeforeEnterListener;
import com.vaadin.flow.router.NotFoundException;
import com.vaadin.flow.server.VaadinRequest;
import com.vaadin.flow.server.VaadinServletRequest;
import jakarta.annotation.security.DenyAll;
import jakarta.annotation.security.PermitAll;
import jakarta.annotation.security.RolesAllowed;
import jakarta.servlet.http.HttpSession;
import java.security.Principal;
import java.util.Objects;
import java.util.function.Function;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/flow-server-24.1-SNAPSHOT.jar:com/vaadin/flow/server/auth/ViewAccessChecker.class */
public class ViewAccessChecker implements BeforeEnterListener {
    public static final String SESSION_STORED_REDIRECT = ViewAccessChecker.class.getName() + ".redirect";
    public static final String SESSION_STORED_REDIRECT_ABSOLUTE = ViewAccessChecker.class.getName() + ".redirectAbsolute";
    private final AccessAnnotationChecker accessAnnotationChecker;
    private Class<? extends Component> loginView;
    private String loginUrl;
    private boolean enabled;

    public ViewAccessChecker() {
        this(true);
    }

    public ViewAccessChecker(boolean z) {
        this(new AccessAnnotationChecker());
        this.enabled = z;
    }

    protected ViewAccessChecker(AccessAnnotationChecker accessAnnotationChecker) {
        this.enabled = false;
        this.accessAnnotationChecker = accessAnnotationChecker;
    }

    public void enable() {
        this.enabled = true;
    }

    public void setLoginView(Class<? extends Component> cls) {
        throwIfLoginViewSet();
        this.loginView = cls;
    }

    public void setLoginView(String str) {
        throwIfLoginViewSet();
        this.loginUrl = str;
    }

    private void throwIfLoginViewSet() {
        if (this.loginUrl != null) {
            throw new IllegalStateException("Already using " + this.loginUrl + " as the login view");
        }
        if (this.loginView != null) {
            throw new IllegalStateException("Already using " + this.loginView.getName() + " as the login view");
        }
    }

    @Override // com.vaadin.flow.router.internal.BeforeEnterHandler
    public void beforeEnter(BeforeEnterEvent beforeEnterEvent) {
        String str;
        if (this.enabled) {
            Class<?> navigationTarget = beforeEnterEvent.getNavigationTarget();
            VaadinRequest current = VaadinRequest.getCurrent();
            Principal principal = getPrincipal(current);
            Function<String, Boolean> rolesChecker = getRolesChecker(current);
            getLogger().debug("Checking access for view {}", navigationTarget.getName());
            if (this.loginView != null && navigationTarget == this.loginView) {
                getLogger().debug("Allowing access for login view {}", navigationTarget.getName());
                return;
            }
            if (this.accessAnnotationChecker.hasAccess(navigationTarget, principal, rolesChecker)) {
                getLogger().debug("Allowed access to view {}", navigationTarget.getName());
                return;
            }
            getLogger().debug("Denied access to view {}", navigationTarget.getName());
            if (principal != null) {
                if (isProductionMode(beforeEnterEvent)) {
                    beforeEnterEvent.rerouteToError(NotFoundException.class);
                    return;
                } else {
                    str = "Access denied";
                    beforeEnterEvent.rerouteToError(NotFoundException.class, isImplicitlyDenyAllAnnotated(navigationTarget) ? str + ". Consider adding one of the following annotations to make the view accessible: @AnonymousAllowed, @PermitAll, @RolesAllowed." : "Access denied");
                    return;
                }
            }
            HttpSession session = current instanceof VaadinServletRequest ? ((VaadinServletRequest) current).getSession() : null;
            if (session != null) {
                String stringBuffer = ((VaadinServletRequest) current).getRequestURL().toString();
                String pathWithQueryParameters = beforeEnterEvent.getLocation().getPathWithQueryParameters();
                session.setAttribute(SESSION_STORED_REDIRECT, pathWithQueryParameters);
                session.setAttribute(SESSION_STORED_REDIRECT_ABSOLUTE, stringBuffer + pathWithQueryParameters);
            } else if (current == null) {
                getLogger().debug("Unable to store redirect in session because no request is available");
            } else {
                getLogger().debug("Unable to store redirect in session because request is of type {}", current.getClass().getName());
            }
            if (this.loginView != null) {
                beforeEnterEvent.forwardTo(this.loginView);
            } else if (this.loginUrl != null) {
                beforeEnterEvent.forwardToUrl(this.loginUrl);
            } else {
                beforeEnterEvent.rerouteToError(NotFoundException.class);
            }
        }
    }

    protected Function<String, Boolean> getRolesChecker(VaadinRequest vaadinRequest) {
        if (vaadinRequest == null) {
            return str -> {
                return false;
            };
        }
        Objects.requireNonNull(vaadinRequest);
        return vaadinRequest::isUserInRole;
    }

    protected Principal getPrincipal(VaadinRequest vaadinRequest) {
        if (vaadinRequest == null) {
            return null;
        }
        return vaadinRequest.getUserPrincipal();
    }

    private boolean isProductionMode(BeforeEnterEvent beforeEnterEvent) {
        return beforeEnterEvent.getUI().getSession().getConfiguration().isProductionMode();
    }

    private boolean isImplicitlyDenyAllAnnotated(Class<?> cls) {
        return (cls.isAnnotationPresent(DenyAll.class) || cls.isAnnotationPresent(PermitAll.class) || cls.isAnnotationPresent(RolesAllowed.class)) ? false : true;
    }

    private Logger getLogger() {
        return LoggerFactory.getLogger(getClass());
    }
}
