package de.codecamp.vaadin.security.spring.access;

import com.vaadin.flow.component.UI;
import com.vaadin.flow.router.BeforeEnterEvent;
import com.vaadin.flow.router.HasErrorParameter;
import com.vaadin.flow.router.NavigationHandler;
import com.vaadin.flow.router.NavigationState;
import com.vaadin.flow.router.RouteNotFoundError;
import com.vaadin.flow.server.VaadinSession;
import de.codecamp.vaadin.security.spring.authentication.AuthenticationResult;
import de.codecamp.vaadin.security.spring.authentication.AuthenticationResultHandler;
import java.util.ArrayList;
import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.Order;

@Order(Integer.MAX_VALUE)
/* loaded from: input_file:de/codecamp/vaadin/security/spring/access/DefaultRouteAccessControl.class */
public class DefaultRouteAccessControl implements RouteAccessControl, AuthenticationResultHandler {
    private static final String SESSION_ORIGINAL_TARGET = "VaadinAuthenticationOriginalTarget";
    private static final String SESSION_ON_LOGIN_VIEW = "VaadinAuthenticationOnLoginView";
    private static final Logger LOG = LoggerFactory.getLogger(DefaultRouteAccessControl.class);
    private boolean denyUnsecured;
    private String mainRoute;
    private String loginRoute;
    private RouteAccessDeniedHandler accessDeniedHandler;

    public void setDenyUnsecured(boolean z) {
        this.denyUnsecured = z;
    }

    public void setMainRoute(String str) {
        this.mainRoute = str;
    }

    public void setLoginRoute(String str) {
        this.loginRoute = str;
    }

    public void setAccessDeniedHandler(RouteAccessDeniedHandler routeAccessDeniedHandler) {
        this.accessDeniedHandler = routeAccessDeniedHandler;
    }

    @Override // de.codecamp.vaadin.security.spring.access.RouteAccessControl
    public void checkAccess(BeforeEnterEvent beforeEnterEvent) {
        LOG.debug("Checking access to navigation target '{}' ({}).", beforeEnterEvent.getLocation().getPath(), beforeEnterEvent.getNavigationTarget().getName());
        if (beforeEnterEvent.getLocation().getPath().equals(this.loginRoute)) {
            beforeEnterEvent.getUI().getSession().setAttribute(SESSION_ON_LOGIN_VIEW, true);
            if (!VaadinSecurity.check().isFullyAuthenticated()) {
                LOG.debug("Access granted to login route '{}' ({}).", beforeEnterEvent.getLocation().getPath(), beforeEnterEvent.getNavigationTarget().getName());
                return;
            } else {
                LOG.debug("Already fully authenticated. Forwarding from login route to main route {} ({}).", beforeEnterEvent.getLocation().getPath(), beforeEnterEvent.getNavigationTarget().getName());
                beforeEnterEvent.forwardTo(this.mainRoute);
                return;
            }
        }
        beforeEnterEvent.getUI().getSession().setAttribute(SESSION_ON_LOGIN_VIEW, (Object) null);
        if (HasErrorParameter.class.isAssignableFrom(beforeEnterEvent.getNavigationTarget()) && (!RouteNotFoundError.class.isAssignableFrom(beforeEnterEvent.getNavigationTarget()) || VaadinSecurity.check().isAuthenticated())) {
            LOG.debug("Access granted to error view '{}' ({}).", beforeEnterEvent.getLocation().getPath(), beforeEnterEvent.getNavigationTarget().getName());
            return;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(beforeEnterEvent.getNavigationTarget());
        arrayList.addAll(beforeEnterEvent.getLayouts());
        boolean z = false;
        boolean z2 = true;
        SessionAccessRuleRegistry sessionRegistry = SessionAccessRuleRegistry.getSessionRegistry(beforeEnterEvent.getUI().getSession());
        Iterator it = arrayList.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Class<?> cls = (Class) it.next();
            AccessRule accessRule = null;
            if (cls == beforeEnterEvent.getNavigationTarget()) {
                accessRule = sessionRegistry.getAccessRule(beforeEnterEvent.getLocation().getPath()).orElse(null);
            }
            if (accessRule == null) {
                accessRule = sessionRegistry.getAccessRule(cls).orElse(null);
            }
            if (accessRule != null) {
                z = true;
                if (accessRule.evaluator() != null && !((AccessEvaluator) beforeEnterEvent.getUI().getSession().getService().getInstantiator().getOrCreate(accessRule.evaluator())).hasAccess(beforeEnterEvent, cls)) {
                    z2 = false;
                    break;
                }
                String expression = accessRule.expression();
                if (expression == null) {
                    expression = "isAuthenticated()";
                }
                if (!VaadinSecurity.hasAccess(expression)) {
                    z2 = false;
                    break;
                } else if (!accessRule.checkLayout()) {
                    break;
                }
            }
        }
        if (this.denyUnsecured && !z) {
            z2 = false;
        }
        if (z2) {
            LOG.debug("Access granted to navigation target '{}' ({}).", beforeEnterEvent.getLocation().getPath(), beforeEnterEvent.getNavigationTarget().getName());
        } else {
            onAccessDenied(beforeEnterEvent);
        }
    }

    protected void onAccessDenied(BeforeEnterEvent beforeEnterEvent) {
        if (VaadinSecurity.check().isFullyAuthenticated()) {
            if (beforeEnterEvent.hasForwardTarget() || beforeEnterEvent.hasRerouteTarget()) {
                return;
            }
            if (this.accessDeniedHandler != null) {
                this.accessDeniedHandler.handleAccessDenied(beforeEnterEvent);
            }
            if (beforeEnterEvent.hasForwardTarget() || beforeEnterEvent.hasRerouteTarget()) {
                return;
            }
            LOG.debug("Access denied to navigation target '{}' ({}).", beforeEnterEvent.getLocation().getPath(), beforeEnterEvent.getNavigationTarget().getName());
            throw new RouteAccessDeniedException("Access denied");
        }
        String pathWithQueryParameters = beforeEnterEvent.getLocation().getPathWithQueryParameters();
        if (pathWithQueryParameters.equals(".")) {
            pathWithQueryParameters = "";
        }
        beforeEnterEvent.getUI().getSession().setAttribute(SESSION_ORIGINAL_TARGET, pathWithQueryParameters);
        LOG.debug("Forwarding to login route '{}'.", this.loginRoute);
        beforeEnterEvent.forwardTo(this.loginRoute);
        if (beforeEnterEvent.hasRerouteTarget()) {
            beforeEnterEvent.rerouteTo((NavigationHandler) null, (NavigationState) null);
        }
    }

    @Override // de.codecamp.vaadin.security.spring.authentication.AuthenticationResultHandler
    public boolean handleAuthenticationResult(AuthenticationResult authenticationResult) {
        if (!authenticationResult.isSuccess()) {
            return false;
        }
        VaadinSession current = VaadinSession.getCurrent();
        String str = (String) current.getAttribute(SESSION_ORIGINAL_TARGET);
        current.setAttribute(SESSION_ORIGINAL_TARGET, (Object) null);
        Boolean bool = (Boolean) current.getAttribute(SESSION_ON_LOGIN_VIEW);
        if (bool == null) {
            bool = false;
        }
        if (!bool.booleanValue()) {
            return true;
        }
        if (str == null || str.isEmpty()) {
            str = this.mainRoute;
        }
        UI.getCurrent().navigate(str);
        return true;
    }
}
