package leap.web.security.path;

import leap.core.security.Authentication;
import leap.core.security.Authorization;
import leap.lang.Args;
import leap.lang.Arrays2;
import leap.lang.logging.Log;
import leap.lang.logging.LogFactory;
import leap.lang.path.PathPattern;
import leap.web.Request;
import leap.web.route.Route;
import leap.web.security.SecurityFailureHandler;
import leap.web.security.authc.AuthenticationContext;
import leap.web.security.authz.AuthorizationContext;
import leap.web.security.permission.PermissionManager;

/* loaded from: input_file:leap/web/security/path/DefaultSecuredPath.class */
public class DefaultSecuredPath implements SecuredPath {
    private static final Log log = LogFactory.get(DefaultSecuredPath.class);
    protected final Route route;
    protected final PathPattern pattern;
    protected final Boolean allowAnonymous;
    protected final Boolean allowClientOnly;
    protected final Boolean allowRememberMe;
    protected final SecurityFailureHandler failureHandler;
    protected final String[] permissions;
    protected final String[] roles;

    public DefaultSecuredPath(Route route, PathPattern pathPattern, Boolean bool, Boolean bool2, Boolean bool3, SecurityFailureHandler securityFailureHandler, String[] strArr, String[] strArr2) {
        Args.notNull(pathPattern, "path pattern");
        this.route = route;
        this.pattern = pathPattern;
        this.allowAnonymous = bool;
        this.allowClientOnly = bool2;
        this.allowRememberMe = bool3;
        this.failureHandler = securityFailureHandler;
        this.permissions = strArr;
        this.roles = strArr2;
    }

    @Override // leap.web.security.path.SecuredPath
    public Route getRoute() {
        return this.route;
    }

    @Override // leap.web.security.path.SecuredPath
    public PathPattern getPattern() {
        return this.pattern;
    }

    @Override // leap.web.security.path.SecuredPath
    public Boolean getAllowAnonymous() {
        return this.allowAnonymous;
    }

    @Override // leap.web.security.path.SecuredPath
    public Boolean getAllowClientOnly() {
        return this.allowClientOnly;
    }

    @Override // leap.web.security.path.SecuredPath
    public Boolean getAllowRememberMe() {
        return this.allowRememberMe;
    }

    @Override // leap.web.security.path.SecuredPath
    public SecurityFailureHandler getFailureHandler() {
        return this.failureHandler;
    }

    @Override // leap.web.security.path.SecuredPath
    public String[] getPermissions() {
        return this.permissions;
    }

    @Override // leap.web.security.path.SecuredPath
    public String[] getRoles() {
        return this.roles;
    }

    @Override // leap.web.security.path.SecuredPath
    public boolean checkAuthentication(Request request, AuthenticationContext authenticationContext) {
        if (isAllowAnonymous()) {
            return true;
        }
        Authentication authentication = authenticationContext.getAuthentication();
        if (authentication == null || !authentication.isAuthenticated()) {
            log.debug("path [{}] : not authenticated, deny the request.", new Object[]{this.pattern});
            return false;
        }
        if (authentication.isRememberMe() && !isAllowRememberMe()) {
            log.debug("path [{}] : remember-me authentication not allowed.", new Object[]{this.pattern});
            return false;
        }
        if (!authentication.isClientOnly() || isAllowClientOnly()) {
            return true;
        }
        log.debug("path [{}] : client-only authentication not allowed.", new Object[]{this.pattern});
        return false;
    }

    @Override // leap.web.security.path.SecuredPath
    public boolean checkAuthorization(Request request, AuthorizationContext authorizationContext) {
        Authentication authentication = authorizationContext.getAuthentication();
        Authorization authorization = authorizationContext.getAuthorization();
        if (this.roles.length > 0) {
            boolean z = false;
            String[] roles = authentication.getRoles();
            if (null != roles && roles.length > 0) {
                z = Arrays2.containsAny(roles, this.roles);
            }
            if (!z) {
                z = authorization.hasAnyRole(this.roles);
            }
            if (!z) {
                return false;
            }
        }
        if (this.permissions.length <= 0) {
            return true;
        }
        PermissionManager permissionManager = authorizationContext.getPermissionManager();
        boolean z2 = false;
        String[] permissions = authentication.getPermissions();
        if (null != permissions && permissions.length > 0) {
            z2 = permissionManager.checkPermissionImpliesAll(permissions, this.permissions);
        }
        if (!z2) {
            z2 = authorization.hasAllPermission(this.permissions);
        }
        return z2;
    }

    @Override // java.lang.Comparable
    public int compareTo(SecuredPath securedPath) {
        return COMPARATOR.compare(this, securedPath);
    }
}
