package de.codecamp.vaadin.security.spring.access.endpoint;

import com.vaadin.flow.server.auth.AccessAnnotationChecker;
import de.codecamp.vaadin.security.spring.access.AccessEvaluator;
import de.codecamp.vaadin.security.spring.access.AccessRule;
import de.codecamp.vaadin.security.spring.access.SecuredAccess;
import de.codecamp.vaadin.security.spring.access.VaadinSecurity;
import jakarta.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import java.security.Principal;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.function.Function;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:de/codecamp/vaadin/security/spring/access/endpoint/EndpointAccessChecker.class */
public class EndpointAccessChecker extends dev.hilla.auth.EndpointAccessChecker {
    private static final Logger LOG = LoggerFactory.getLogger(EndpointAccessChecker.class);
    private final ConcurrentMap<Method, AccessRule> accessRuleCache;

    public EndpointAccessChecker(AccessAnnotationChecker accessAnnotationChecker) {
        super(accessAnnotationChecker);
        this.accessRuleCache = new ConcurrentHashMap();
    }

    public String check(Method method, HttpServletRequest httpServletRequest) {
        return doCheck(method, httpServletRequest);
    }

    public String check(Method method, Principal principal, Function<String, Boolean> function) {
        Optional ofNullable = Optional.ofNullable(RequestContextHolder.getRequestAttributes());
        Class<ServletRequestAttributes> cls = ServletRequestAttributes.class;
        Objects.requireNonNull(ServletRequestAttributes.class);
        Optional filter = ofNullable.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<ServletRequestAttributes> cls2 = ServletRequestAttributes.class;
        Objects.requireNonNull(ServletRequestAttributes.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) filter.map((v1) -> {
            return r1.cast(v1);
        }).map((v0) -> {
            return v0.getRequest();
        }).orElse(null);
        if (httpServletRequest != null) {
            return doCheck(method, httpServletRequest);
        }
        LOG.error("The current HttpServletRequest could not be acquired when checking Vaadin endpoint access.");
        return "Access denied";
    }

    private String doCheck(Method method, HttpServletRequest httpServletRequest) {
        LOG.trace("Checking access to endpoint method '{} # {}(...)' in {}.", new Object[]{method.getDeclaringClass().getSimpleName(), method.getName(), method.getDeclaringClass().getName()});
        AccessRule computeIfAbsent = this.accessRuleCache.computeIfAbsent(method, method2 -> {
            return (AccessRule) EndpointAccessContext.findAnnotation(method, SecuredAccess.class).map(AccessRule::asCopyOf).orElse(null);
        });
        if (computeIfAbsent == null) {
            LOG.debug("Delegating to Vaadin's default access control for endpoint method '{} # {}(...)' in {}.", new Object[]{method.getDeclaringClass().getSimpleName(), method.getName(), method.getDeclaringClass().getName()});
            Principal userPrincipal = httpServletRequest.getUserPrincipal();
            Objects.requireNonNull(httpServletRequest);
            return super.check(method, userPrincipal, httpServletRequest::isUserInRole);
        }
        boolean z = true;
        if (computeIfAbsent.expression() != null && !VaadinSecurity.hasAccess(computeIfAbsent.expression())) {
            z = false;
        }
        if (z && computeIfAbsent.evaluator() != null && !((AccessEvaluator) WebApplicationContextUtils.getRequiredWebApplicationContext(httpServletRequest.getServletContext()).getBean(computeIfAbsent.evaluator())).hasAccess(new EndpointAccessContext(method, httpServletRequest))) {
            z = false;
        }
        if (z) {
            LOG.debug("Access granted to endpoint method '{} # {}(...)' in {}.", new Object[]{method.getDeclaringClass().getSimpleName(), method.getName(), method.getDeclaringClass().getName()});
            return null;
        }
        LOG.debug("Access denied to endpoint method '{} # {}(...)' in {}.", new Object[]{method.getDeclaringClass().getSimpleName(), method.getName(), method.getDeclaringClass().getName()});
        return "Access denied";
    }
}
