package com.vaadin.flow.server.auth;

import com.vaadin.flow.server.VaadinServletRequest;
import jakarta.annotation.security.DenyAll;
import jakarta.annotation.security.PermitAll;
import jakarta.annotation.security.RolesAllowed;
import jakarta.servlet.http.HttpServletRequest;
import java.io.Serializable;
import java.lang.reflect.AnnotatedElement;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.security.Principal;
import java.util.Objects;
import java.util.function.Function;

/* loaded from: input_file:WEB-INF/lib/flow-server-24.2-SNAPSHOT.jar:com/vaadin/flow/server/auth/AccessAnnotationChecker.class */
public class AccessAnnotationChecker implements Serializable {
    public boolean hasAccess(Method method) {
        VaadinServletRequest current = VaadinServletRequest.getCurrent();
        if (current == null) {
            throw new IllegalStateException("No request is available. This method can only be used with an active VaadinServletRequest");
        }
        return hasAccess(method, current);
    }

    public boolean hasAccess(Class<?> cls) {
        VaadinServletRequest current = VaadinServletRequest.getCurrent();
        if (current == null) {
            throw new IllegalStateException("No request is available. This method can only be used with an active VaadinServletRequest");
        }
        return hasAccess(cls, current);
    }

    public boolean hasAccess(Method method, HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            throw new IllegalArgumentException("The request cannot be null");
        }
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        Objects.requireNonNull(httpServletRequest);
        return hasAccess(method, userPrincipal, httpServletRequest::isUserInRole);
    }

    public boolean hasAccess(Class<?> cls, HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            throw new IllegalArgumentException("The request cannot be null");
        }
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        Objects.requireNonNull(httpServletRequest);
        return hasAccess(cls, userPrincipal, httpServletRequest::isUserInRole);
    }

    public boolean hasAccess(Method method, Principal principal, Function<String, Boolean> function) {
        return hasAccess(getSecurityTarget(method), principal, function);
    }

    public boolean hasAccess(Class<?> cls, Principal principal, Function<String, Boolean> function) {
        return hasAccess(getSecurityTarget(cls), principal, function);
    }

    public AnnotatedElement getSecurityTarget(Method method) {
        if (Modifier.isPublic(method.getModifiers())) {
            return hasSecurityAnnotation(method) ? method : method.getDeclaringClass();
        }
        throw new IllegalArgumentException(String.format("The method '%s' is not public hence cannot have a security target", method));
    }

    public AnnotatedElement getSecurityTarget(Class<?> cls) {
        Objects.requireNonNull(cls, "The input Class must not be null.");
        Class<?> cls2 = cls;
        while (true) {
            Class<?> cls3 = cls2;
            if (cls3 == null || cls3 == Object.class) {
                break;
            }
            if (hasSecurityAnnotation(cls3)) {
                return cls3;
            }
            cls2 = cls3.getSuperclass();
        }
        return cls;
    }

    private boolean hasAccess(AnnotatedElement annotatedElement, Principal principal, Function<String, Boolean> function) {
        if (annotatedElement.isAnnotationPresent(DenyAll.class)) {
            return false;
        }
        if (annotatedElement.isAnnotationPresent(AnonymousAllowed.class)) {
            return true;
        }
        if (principal == null) {
            return false;
        }
        RolesAllowed rolesAllowed = (RolesAllowed) annotatedElement.getAnnotation(RolesAllowed.class);
        return rolesAllowed == null ? annotatedElement.isAnnotationPresent(PermitAll.class) : roleAllowed(rolesAllowed, function);
    }

    private boolean roleAllowed(RolesAllowed rolesAllowed, Function<String, Boolean> function) {
        for (String str : rolesAllowed.value()) {
            if (function.apply(str).booleanValue()) {
                return true;
            }
        }
        return false;
    }

    private boolean hasSecurityAnnotation(AnnotatedElement annotatedElement) {
        return annotatedElement.isAnnotationPresent(AnonymousAllowed.class) || annotatedElement.isAnnotationPresent(PermitAll.class) || annotatedElement.isAnnotationPresent(DenyAll.class) || annotatedElement.isAnnotationPresent(RolesAllowed.class);
    }
}
