package com.vaadin.flow.spring.security;

import com.vaadin.flow.internal.hilla.EndpointRequestUtil;
import com.vaadin.flow.internal.hilla.FileRouterRequestUtil;
import com.vaadin.flow.router.Location;
import com.vaadin.flow.router.QueryParameters;
import com.vaadin.flow.router.Router;
import com.vaadin.flow.router.internal.NavigationRouteTarget;
import com.vaadin.flow.router.internal.RouteTarget;
import com.vaadin.flow.server.HandlerHelper;
import com.vaadin.flow.server.VaadinServletService;
import com.vaadin.flow.server.auth.AccessCheckDecision;
import com.vaadin.flow.server.auth.AccessCheckResult;
import com.vaadin.flow.server.auth.NavigationAccessControl;
import com.vaadin.flow.server.auth.NavigationContext;
import com.vaadin.flow.spring.SpringServlet;
import com.vaadin.flow.spring.VaadinConfigurationProperties;
import jakarta.servlet.http.HttpServletRequest;
import java.security.Principal;
import java.util.Optional;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.http.HttpMethod;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/vaadin/flow/spring/security/RequestUtil.class */
public class RequestUtil {
    private static final ThreadLocal<Boolean> ROUTE_PATH_MATCHER_RUNNING = new ThreadLocal<>();

    @Autowired
    private ObjectProvider<NavigationAccessControl> accessControl;

    @Autowired
    private VaadinConfigurationProperties configurationProperties;

    @Autowired(required = false)
    private EndpointRequestUtil endpointRequestUtil;

    @Autowired(required = false)
    private FileRouterRequestUtil fileRouterRequestUtil;

    @Autowired
    private ServletRegistrationBean<SpringServlet> springServletRegistration;
    private WebIconsRequestMatcher webIconsRequestMatcher;

    public boolean isFrameworkInternalRequest(HttpServletRequest httpServletRequest) {
        return HandlerHelper.isFrameworkInternalRequest(this.configurationProperties.getUrlMapping(), httpServletRequest);
    }

    public boolean isEndpointRequest(HttpServletRequest httpServletRequest) {
        if (this.endpointRequestUtil != null) {
            return this.endpointRequestUtil.isEndpointRequest(httpServletRequest);
        }
        return false;
    }

    public boolean isAnonymousEndpoint(HttpServletRequest httpServletRequest) {
        if (this.endpointRequestUtil != null) {
            return this.endpointRequestUtil.isAnonymousEndpoint(httpServletRequest);
        }
        return false;
    }

    public boolean isAllowedHillaView(HttpServletRequest httpServletRequest) {
        if (this.fileRouterRequestUtil != null) {
            return this.fileRouterRequestUtil.isRouteAllowed(httpServletRequest);
        }
        return false;
    }

    public boolean isAnonymousRoute(HttpServletRequest httpServletRequest) {
        if (ROUTE_PATH_MATCHER_RUNNING.get() != null) {
            return false;
        }
        ROUTE_PATH_MATCHER_RUNNING.set(Boolean.TRUE);
        try {
            boolean isAnonymousRouteInternal = isAnonymousRouteInternal(httpServletRequest);
            ROUTE_PATH_MATCHER_RUNNING.remove();
            return isAnonymousRouteInternal;
        } catch (Throwable th) {
            ROUTE_PATH_MATCHER_RUNNING.remove();
            throw th;
        }
    }

    public boolean isCustomWebIcon(HttpServletRequest httpServletRequest) {
        if (this.webIconsRequestMatcher == null) {
            VaadinServletService service = this.springServletRegistration.getServlet().getService();
            if (service == null) {
                getLogger().debug("WebIconsRequestMatcher cannot be created because VaadinService is not yet available. This may happen after a hot-reload, and can cause requests for icons to be blocked by Spring Security.");
                return false;
            }
            this.webIconsRequestMatcher = new WebIconsRequestMatcher(service, this.configurationProperties.getUrlMapping());
        }
        return this.webIconsRequestMatcher.matches(httpServletRequest);
    }

    public static RequestMatcher[] antMatchers(String... strArr) {
        return (RequestMatcher[]) Stream.of((Object[]) strArr).map(AntPathRequestMatcher::new).toArray(i -> {
            return new RequestMatcher[i];
        });
    }

    public static RequestMatcher[] routeMatchers(String... strArr) {
        return (RequestMatcher[]) Stream.of((Object[]) strArr).map(str -> {
            return AntPathRequestMatcher.antMatcher(HttpMethod.GET, str);
        }).toArray(i -> {
            return new RequestMatcher[i];
        });
    }

    private boolean isAnonymousRouteInternal(HttpServletRequest httpServletRequest) {
        RouteTarget routeTarget;
        Class target;
        Optional pathIfInsideServlet = HandlerHelper.getPathIfInsideServlet(this.configurationProperties.getUrlMapping(), HandlerHelper.getRequestPathInsideContext(httpServletRequest));
        if (pathIfInsideServlet.isEmpty()) {
            return false;
        }
        String str = (String) pathIfInsideServlet.get();
        if (str.startsWith("/")) {
            str = str.substring(1);
        }
        VaadinServletService service = this.springServletRegistration.getServlet().getService();
        if (service == null) {
            return false;
        }
        Router router = service.getRouter();
        NavigationRouteTarget navigationRouteTarget = router.getRegistry().getNavigationRouteTarget(str);
        if (navigationRouteTarget == null || (routeTarget = navigationRouteTarget.getRouteTarget()) == null || (target = routeTarget.getTarget()) == null) {
            return false;
        }
        boolean isProductionMode = service.getDeploymentConfiguration().isProductionMode();
        NavigationAccessControl navigationAccessControl = (NavigationAccessControl) this.accessControl.getObject();
        if (!navigationAccessControl.isEnabled()) {
            if (isProductionMode) {
                getLogger().debug("Navigation Access Control is disabled. Cannot determine if {} refers to a public view, thus access is denied. Please add an explicit request matcher rule for this URL.", str);
                return false;
            }
            getLogger().info("Navigation Access Control is disabled. Cannot determine if {} refers to a public view, thus access is denied. Please add an explicit request matcher rule for this URL.", str);
            return false;
        }
        AccessCheckResult checkAccess = navigationAccessControl.checkAccess(new NavigationContext(router, target, new Location(str, QueryParameters.full(httpServletRequest.getParameterMap())), navigationRouteTarget.getRouteParameters(), (Principal) null, str2 -> {
            return false;
        }, false), isProductionMode);
        boolean z = checkAccess.decision() == AccessCheckDecision.ALLOW;
        if (z) {
            getLogger().debug("{} refers to a public view", str);
        } else {
            getLogger().debug("Access to {} denied by Flow navigation access control. {}", str, checkAccess.reason());
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getUrlMapping() {
        return this.configurationProperties.getUrlMapping();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String applyUrlMapping(String str) {
        return applyUrlMapping(this.configurationProperties.getUrlMapping(), str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String applyUrlMapping(String str, String str2) {
        String replaceFirst = str == null ? "" : str.replaceFirst("/\\*?$", "");
        if (str2 == null) {
            str2 = "";
        } else if (str2.startsWith("/")) {
            str2 = str2.substring(1);
        }
        return replaceFirst + "/" + str2;
    }

    private Logger getLogger() {
        return LoggerFactory.getLogger(getClass());
    }
}
