package leap.web.security.path;

import java.util.ArrayList;
import leap.core.security.Authentication;
import leap.core.security.SimpleSecurity;
import leap.lang.Strings;
import leap.lang.path.PathPattern;
import leap.web.route.Route;
import leap.web.security.SecuredObjectBase;
import leap.web.security.SecurityContextHolder;

/* loaded from: input_file:leap/web/security/path/SecuredRoute.class */
public class SecuredRoute extends SecuredObjectBase implements SecuredPath {
    private final Route route;

    public SecuredRoute(Route route) {
        this.route = route;
    }

    public Object getSource() {
        return null;
    }

    @Override // leap.web.security.path.SecuredPath
    public Route getRoute() {
        return this.route;
    }

    @Override // leap.web.security.path.SecuredPath
    public PathPattern getPattern() {
        return this.route.getPathTemplate();
    }

    @Override // leap.web.security.path.SecuredPath
    public Boolean getAllowAnonymous() {
        return this.route.getAllowAnonymous();
    }

    @Override // leap.web.security.path.SecuredPath
    public Boolean getAllowRememberMe() {
        return this.route.getAllowRememberMe();
    }

    @Override // leap.web.security.path.SecuredPath
    public Boolean getAllowClientOnly() {
        return this.route.getAllowClientOnly();
    }

    @Override // leap.web.security.path.SecuredPath
    public String[] getPermissions() {
        return this.route.getPermissions();
    }

    @Override // leap.web.security.path.SecuredPath
    public String[] getRoles() {
        return this.route.getRoles();
    }

    @Override // leap.web.security.SecuredObject
    public Boolean tryCheckAuthentication(SecurityContextHolder securityContextHolder) {
        Authentication authentication = securityContextHolder.getAuthentication();
        if (this.route.getAllowAnonymous() == Boolean.TRUE) {
            return true;
        }
        SimpleSecurity[] securities = this.route.getSecurities();
        if (null != securities && securities.length > 0) {
            ArrayList arrayList = new ArrayList();
            for (SimpleSecurity simpleSecurity : securities) {
                if (simpleSecurity.matchAuthentication(authentication)) {
                    arrayList.add(simpleSecurity);
                }
            }
            if (arrayList.isEmpty()) {
                securityContextHolder.setDenyMessage(getAuthenticationDenyMessage(authentication, securities));
                return false;
            }
            securityContextHolder.setSecurities((SimpleSecurity[]) arrayList.toArray(new SimpleSecurity[arrayList.size()]));
            return true;
        }
        if (authentication == null || !authentication.isAuthenticated()) {
            return false;
        }
        if (authentication.isRememberMe() && (null == this.route.getAllowRememberMe() || !this.route.getAllowRememberMe().booleanValue())) {
            return false;
        }
        if (!authentication.isClientOnly()) {
            return null;
        }
        if (null != this.route.getAllowClientOnly() && this.route.getAllowClientOnly().booleanValue()) {
            return null;
        }
        securityContextHolder.setDenyMessage("client only authentication not allowed");
        return false;
    }

    @Override // leap.web.security.SecuredObject
    public Boolean tryCheckAuthorization(SecurityContextHolder securityContextHolder) {
        if (!checkRoles(securityContextHolder, this.route.getRoles())) {
            securityContextHolder.setDenyMessage("Roles [" + Strings.join(this.route.getRoles(), ',') + "] required");
            return false;
        }
        if (!checkPermissions(securityContextHolder, this.route.getPermissions())) {
            securityContextHolder.setDenyMessage("Permissions [" + Strings.join(this.route.getPermissions(), ',') + "] required");
            return false;
        }
        SimpleSecurity[] securities = securityContextHolder.getSecurities();
        if (null == securities || securities.length <= 0) {
            return null;
        }
        for (SimpleSecurity simpleSecurity : securities) {
            if (checkPermissions(securityContextHolder, simpleSecurity.getPermissions()) && checkRoles(securityContextHolder, simpleSecurity.getRoles())) {
                return true;
            }
        }
        securityContextHolder.setDenyMessage(getAuthorizationDenyMessage(securityContextHolder.getAuthentication(), securities));
        return false;
    }

    protected String getAuthenticationDenyMessage(Authentication authentication, SimpleSecurity[] simpleSecurityArr) {
        StringBuilder sb = new StringBuilder();
        sb.append("Expected one of authentications [ ");
        for (int i = 0; i < simpleSecurityArr.length; i++) {
            SimpleSecurity simpleSecurity = simpleSecurityArr[i];
            if (i > 0) {
                sb.append(" , ");
            }
            sb.append("(");
            sb.append("user: ").append(simpleSecurity.isUserRequired());
            sb.append(", client: ").append(simpleSecurity.isClientRequired());
            sb.append(")");
        }
        sb.append(" ], Actual ");
        sb.append("(");
        sb.append("user: ").append(authentication.isUserAuthenticated());
        sb.append(", client: ").append(authentication.isClientAuthenticated());
        sb.append(")");
        return sb.toString();
    }

    protected String getAuthorizationDenyMessage(Authentication authentication, SimpleSecurity[] simpleSecurityArr) {
        StringBuilder sb = new StringBuilder();
        sb.append("Expected one of authorizations [ ");
        for (int i = 0; i < simpleSecurityArr.length; i++) {
            SimpleSecurity simpleSecurity = simpleSecurityArr[i];
            if (i > 0) {
                sb.append(" , ");
            }
            sb.append("(");
            sb.append(" perms: ").append(Strings.join(simpleSecurity.getPermissions(), ' '));
            sb.append(", roles: ").append(Strings.join(simpleSecurity.getRoles(), ' '));
            sb.append(")");
        }
        sb.append(" ], Actual ");
        sb.append("(");
        sb.append("perms: ").append(Strings.join(authentication.getPermissions(), ' '));
        sb.append(", roles: ").append(Strings.join(authentication.getRoles(), ' '));
        sb.append(")");
        return sb.toString();
    }

    public String toString() {
        return this.route.toString();
    }
}
