package com.vaadin.flow.server.auth;

import com.vaadin.flow.router.Layout;
import com.vaadin.flow.router.RouterLayout;
import com.vaadin.flow.router.internal.RouteUtil;
import com.vaadin.flow.server.RouteRegistry;
import jakarta.annotation.security.DenyAll;
import jakarta.annotation.security.PermitAll;
import jakarta.annotation.security.RolesAllowed;
import java.security.Principal;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/vaadin/flow/server/auth/AnnotatedViewAccessChecker.class */
public class AnnotatedViewAccessChecker implements NavigationAccessChecker {
    private static final Logger LOGGER = LoggerFactory.getLogger(AnnotatedViewAccessChecker.class);
    private final AccessAnnotationChecker accessAnnotationChecker;

    public AnnotatedViewAccessChecker() {
        this(new AccessAnnotationChecker());
    }

    public AnnotatedViewAccessChecker(AccessAnnotationChecker accessAnnotationChecker) {
        this.accessAnnotationChecker = accessAnnotationChecker;
    }

    @Override // com.vaadin.flow.server.auth.NavigationAccessChecker
    public AccessCheckResult check(NavigationContext navigationContext) {
        String str;
        Class<?> navigationTarget = navigationContext.getNavigationTarget();
        if (RouteUtil.isAutolayoutEnabled(navigationTarget, navigationContext.getLocation().getPath())) {
            RouteRegistry registry = navigationContext.getRouter().getRegistry();
            if (((Boolean) registry.getRegisteredRoutes().stream().filter(routeData -> {
                return routeData.getNavigationTarget().equals(navigationTarget);
            }).map(routeData2 -> {
                return Boolean.valueOf(routeData2.getParentLayouts().isEmpty());
            }).findFirst().orElse(true)).booleanValue() && registry.hasLayout(navigationContext.getLocation().getPath())) {
                Class<? extends RouterLayout> layout = registry.getLayout(navigationContext.getLocation().getPath());
                AccessAnnotationChecker accessAnnotationChecker = this.accessAnnotationChecker;
                Principal principal = navigationContext.getPrincipal();
                Objects.requireNonNull(navigationContext);
                if (!accessAnnotationChecker.hasAccess((Class<?>) layout, principal, navigationContext::hasRole)) {
                    LOGGER.debug("Denied access to view due to layout '{}' access rules", layout.getSimpleName());
                    return navigationContext.deny("Consider adding one of the following annotations to make the layout accessible: @AnonymousAllowed, @PermitAll, @RolesAllowed.");
                }
            }
        }
        AccessAnnotationChecker accessAnnotationChecker2 = this.accessAnnotationChecker;
        Principal principal2 = navigationContext.getPrincipal();
        Objects.requireNonNull(navigationContext);
        boolean hasAccess = accessAnnotationChecker2.hasAccess(navigationTarget, principal2, navigationContext::hasRole);
        Logger logger = LOGGER;
        Object[] objArr = new Object[3];
        objArr[0] = navigationContext.getNavigationTarget().getName();
        objArr[1] = navigationContext.getLocation().getPath();
        objArr[2] = hasAccess ? "allowed" : "denied";
        logger.debug("Access to view '{}' with path '{}' is {}", objArr);
        if (hasAccess) {
            return navigationContext.allow();
        }
        if (isImplicitlyDenyAllAnnotated(navigationTarget)) {
            str = "Consider adding one of the following annotations to make the view accessible: @AnonymousAllowed, @PermitAll, @RolesAllowed.";
            if (navigationTarget.isAnnotationPresent(Layout.class) && navigationContext.getRouter().getRegistry().getTargetUrl(navigationTarget).isEmpty()) {
                LOGGER.debug("Denied access to view due to layout '{}' access rules", navigationTarget.getSimpleName());
                str = "Consider adding one of the following annotations to make the layout accessible: @AnonymousAllowed, @PermitAll, @RolesAllowed.";
            }
        } else {
            str = "Access is denied by annotations on the view.";
        }
        return navigationContext.deny(str);
    }

    private boolean isImplicitlyDenyAllAnnotated(Class<?> cls) {
        return (cls.isAnnotationPresent(DenyAll.class) || cls.isAnnotationPresent(PermitAll.class) || cls.isAnnotationPresent(RolesAllowed.class)) ? false : true;
    }
}
