package de.codecamp.vaadin.security.spring.access;

import com.vaadin.flow.router.BeforeEnterEvent;
import com.vaadin.flow.router.HasErrorParameter;
import com.vaadin.flow.router.RouteNotFoundError;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/codecamp/vaadin/security/spring/access/DefaultRouteAccessControl.class */
public class DefaultRouteAccessControl implements RouteAccessControl {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultRouteAccessControl.class);
    private boolean denyUnsecured;
    private List<RouteAccessDeniedHandler> accessDeniedHandlers;

    public void setDenyUnsecured(boolean z) {
        this.denyUnsecured = z;
    }

    public void setAccessDeniedHandlers(List<RouteAccessDeniedHandler> list) {
        this.accessDeniedHandlers = list;
    }

    @Override // de.codecamp.vaadin.security.spring.access.RouteAccessControl
    public void checkAccess(BeforeEnterEvent beforeEnterEvent) {
        LOG.debug("Checking access to navigation target '{}' ({}).", beforeEnterEvent.getLocation().getPath(), beforeEnterEvent.getNavigationTarget().getName());
        if (HasErrorParameter.class.isAssignableFrom(beforeEnterEvent.getNavigationTarget()) || (RouteNotFoundError.class.isAssignableFrom(beforeEnterEvent.getNavigationTarget()) && VaadinSecurity.check().isAuthenticated())) {
            LOG.debug("Access granted to error view '{}' at '{}'.", beforeEnterEvent.getNavigationTarget().getName(), beforeEnterEvent.getLocation().getPath());
            return;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(beforeEnterEvent.getNavigationTarget());
        arrayList.addAll(beforeEnterEvent.getLayouts());
        boolean z = false;
        boolean z2 = true;
        SessionAccessRuleRegistry sessionRegistry = SessionAccessRuleRegistry.getSessionRegistry(beforeEnterEvent.getUI().getSession());
        Iterator it = arrayList.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Class<?> cls = (Class) it.next();
            AccessRule accessRule = null;
            if (cls == beforeEnterEvent.getNavigationTarget()) {
                accessRule = sessionRegistry.getAccessRule(beforeEnterEvent.getLocation().getPath()).orElse(null);
            }
            if (accessRule == null) {
                accessRule = sessionRegistry.getAccessRule(cls).orElse(null);
            }
            if (accessRule != null) {
                z = true;
                if (accessRule.evaluator() != null && !((AccessEvaluator) beforeEnterEvent.getUI().getSession().getService().getInstantiator().getOrCreate(accessRule.evaluator())).hasAccess(beforeEnterEvent, cls)) {
                    z2 = false;
                    break;
                }
                String expression = accessRule.expression();
                if (expression == null) {
                    expression = "isAuthenticated()";
                }
                if (!VaadinSecurity.hasAccess(expression)) {
                    z2 = false;
                    break;
                } else if (!accessRule.checkLayout()) {
                    break;
                }
            }
        }
        if (this.denyUnsecured && !z) {
            z2 = false;
        }
        if (z2) {
            LOG.debug("Access granted to navigation target '{}' ({}).", beforeEnterEvent.getLocation().getPath(), beforeEnterEvent.getNavigationTarget().getName());
        } else {
            onAccessDenied(beforeEnterEvent);
        }
    }

    protected void onAccessDenied(BeforeEnterEvent beforeEnterEvent) {
        if (beforeEnterEvent.hasForwardTarget() || beforeEnterEvent.hasRerouteTarget() || beforeEnterEvent.hasErrorParameter()) {
            return;
        }
        Iterator<RouteAccessDeniedHandler> it = this.accessDeniedHandlers.iterator();
        while (it.hasNext()) {
            it.next().handleAccessDenied(beforeEnterEvent);
            if (beforeEnterEvent.hasForwardTarget() || beforeEnterEvent.hasRerouteTarget() || beforeEnterEvent.hasErrorParameter()) {
                return;
            }
        }
        if (beforeEnterEvent.hasForwardTarget() || beforeEnterEvent.hasRerouteTarget() || beforeEnterEvent.hasErrorParameter()) {
            return;
        }
        LOG.debug("Access denied to navigation target '{}' ({}).", beforeEnterEvent.getLocation().getPath(), beforeEnterEvent.getNavigationTarget().getName());
        throw new RouteAccessDeniedException("Access denied");
    }
}
