package com.github.mcollovati.quarkus.hilla;

import com.vaadin.flow.component.Component;
import com.vaadin.flow.server.HandlerHelper;
import com.vaadin.flow.server.RouteRegistry;
import com.vaadin.flow.server.ServiceInitEvent;
import com.vaadin.flow.server.VaadinService;
import com.vaadin.flow.server.auth.AccessAnnotationChecker;
import io.quarkus.runtime.Startup;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.vertx.http.runtime.security.AuthenticatedHttpSecurityPolicy;
import io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy;
import io.quarkus.vertx.http.runtime.security.PathMatcher;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;
import jakarta.enterprise.event.Observes;
import jakarta.inject.Inject;
import java.security.Principal;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Objects;
import java.util.Optional;
import java.util.function.UnaryOperator;
import org.eclipse.microprofile.config.Config;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Startup
/* loaded from: input_file:com/github/mcollovati/quarkus/hilla/HillaSecurityPolicy.class */
public class HillaSecurityPolicy implements HttpSecurityPolicy {

    @Inject
    AccessAnnotationChecker accessAnnotationChecker;
    VaadinService vaadinService;
    private final AuthenticatedHttpSecurityPolicy authenticatedHttpSecurityPolicy = new AuthenticatedHttpSecurityPolicy();
    private final PathMatcher<Boolean> pathMatcher = new PathMatcher<>();

    public HillaSecurityPolicy() {
        Arrays.stream(HandlerHelper.getPublicResourcesRequiringSecurityContext()).forEach(this::addPathMatcher);
        addPathMatcher("/HILLA/**");
        addPathMatcher("/connect/**");
        Arrays.stream(HandlerHelper.getPublicResources()).forEach(this::addPathMatcher);
    }

    public Uni<HttpSecurityPolicy.CheckResult> checkPermission(RoutingContext routingContext, Uni<SecurityIdentity> uni, HttpSecurityPolicy.AuthorizationRequestContext authorizationRequestContext) {
        Boolean bool = (Boolean) this.pathMatcher.match(routingContext.request().path()).getValue();
        return ((bool != null && bool.booleanValue()) || isFrameworkInternalRequest(routingContext) || isAnonymousRoute(detectRoute(routingContext), routingContext.normalizedPath())) ? Uni.createFrom().item(HttpSecurityPolicy.CheckResult.PERMIT) : this.authenticatedHttpSecurityPolicy.checkPermission(routingContext, uni, authorizationRequestContext);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void withFormLogin(Config config) {
        HashSet hashSet = new HashSet();
        UnaryOperator unaryOperator = str -> {
            return str.replaceFirst("\\?.*", "");
        };
        Optional map = config.getOptionalValue("quarkus.http.auth.form.login-page", String.class).map(unaryOperator);
        Objects.requireNonNull(hashSet);
        map.ifPresent((v1) -> {
            r1.add(v1);
        });
        Optional map2 = config.getOptionalValue("quarkus.http.auth.form.error-page", String.class).map(unaryOperator);
        Objects.requireNonNull(hashSet);
        map2.ifPresent((v1) -> {
            r1.add(v1);
        });
        hashSet.add((String) unaryOperator.apply((String) config.getValue("quarkus.http.auth.form.post-location", String.class)));
        hashSet.forEach(this::addPathMatcher);
    }

    private void addPathMatcher(String str) {
        if (str.endsWith("/") || str.endsWith("/**")) {
            this.pathMatcher.addPrefixPath(str.replaceFirst("/(\\*\\*)?$", ""), true);
        } else {
            this.pathMatcher.addExactPath(str, true);
        }
    }

    public boolean isFrameworkInternalRequest(RoutingContext routingContext) {
        return QuarkusHandlerHelper.isFrameworkInternalRequest("/*", routingContext);
    }

    private boolean isAnonymousRoute(Class<? extends Component> cls, String str) {
        if (this.vaadinService == null) {
            getLogger().warn("VaadinService not set. Cannot determine server route for {}", str);
            return true;
        }
        if (cls == null) {
            getLogger().trace("No route defined for {}", str);
            return true;
        }
        boolean hasAccess = this.accessAnnotationChecker.hasAccess(cls, (Principal) null, str2 -> {
            return false;
        });
        if (hasAccess) {
            getLogger().debug("{} refers to a public view", str);
        }
        return hasAccess;
    }

    private Class<? extends Component> detectRoute(RoutingContext routingContext) {
        String requestPathInsideContext = QuarkusHandlerHelper.getRequestPathInsideContext(routingContext);
        if (this.vaadinService == null) {
            return null;
        }
        RouteRegistry registry = this.vaadinService.getRouter().getRegistry();
        Optional map = HandlerHelper.getPathIfInsideServlet("/*", requestPathInsideContext).map(str -> {
            if (str.startsWith("/")) {
                str = str.substring(1);
            }
            return str;
        });
        Objects.requireNonNull(registry);
        return (Class) map.map(registry::getNavigationRouteTarget).map((v0) -> {
            return v0.getRouteTarget();
        }).map((v0) -> {
            return v0.getTarget();
        }).orElse(null);
    }

    private Logger getLogger() {
        return LoggerFactory.getLogger(getClass());
    }

    void onVaadinServiceInit(@Observes ServiceInitEvent serviceInitEvent) {
        this.vaadinService = serviceInitEvent.getSource();
    }
}
