package org.apache.myfaces.extensions.cdi.jsf.impl.security;

import java.util.Map;
import javax.enterprise.event.Observes;
import javax.enterprise.inject.spi.BeanManager;
import javax.faces.context.FacesContext;
import javax.faces.event.PhaseEvent;
import org.apache.myfaces.extensions.cdi.core.api.config.view.ViewConfig;
import org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException;
import org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils;
import org.apache.myfaces.extensions.cdi.jsf.api.config.view.ViewConfigDescriptor;
import org.apache.myfaces.extensions.cdi.jsf.api.listener.phase.AfterPhase;
import org.apache.myfaces.extensions.cdi.jsf.api.listener.phase.BeforePhase;
import org.apache.myfaces.extensions.cdi.jsf.api.listener.phase.JsfPhaseId;
import org.apache.myfaces.extensions.cdi.jsf.impl.config.view.ViewConfigCache;
import org.apache.myfaces.extensions.cdi.jsf.impl.config.view.spi.EditableViewConfigDescriptor;

/* loaded from: input_file:WEB-INF/lib/myfaces-extcdi-jsf12-module-impl-1.0.1.jar:org/apache/myfaces/extensions/cdi/jsf/impl/security/SecurityViewListener.class */
public class SecurityViewListener {
    private static final String LAZY_SECURITY_CHECK_KEY = "LAZY_SECURITY_CHECK";

    public void checkPermission(@Observes @AfterPhase(JsfPhaseId.RESTORE_VIEW) PhaseEvent phaseEvent, BeanManager beanManager) {
        FacesContext facesContext = phaseEvent.getFacesContext();
        if (facesContext.getViewRoot() == null) {
            triggerFallback(facesContext);
        } else {
            checkPermission(beanManager, facesContext);
        }
    }

    public void checkPermissionBeforeRendering(@Observes @BeforePhase(JsfPhaseId.RENDER_RESPONSE) PhaseEvent phaseEvent, BeanManager beanManager) {
        Map<String, Object> requestMap;
        FacesContext facesContext = phaseEvent.getFacesContext();
        if (facesContext.getViewRoot() == null || (requestMap = getRequestMap(facesContext)) == null || !Boolean.TRUE.equals(requestMap.get(LAZY_SECURITY_CHECK_KEY))) {
            return;
        }
        checkPermission(beanManager, facesContext);
    }

    private void checkPermission(BeanManager beanManager, FacesContext facesContext) {
        ViewConfigDescriptor viewConfigDescriptor = ViewConfigCache.getViewConfigDescriptor(facesContext.getViewRoot().getViewId());
        if (viewConfigDescriptor == null) {
            return;
        }
        try {
            Class<? extends ViewConfig> cls = null;
            if (viewConfigDescriptor instanceof EditableViewConfigDescriptor) {
                cls = ((EditableViewConfigDescriptor) viewConfigDescriptor).getErrorView();
            }
            SecurityUtils.invokeVoters(null, beanManager, viewConfigDescriptor.getAccessDecisionVoters(), cls);
        } catch (AccessDeniedException e) {
            org.apache.myfaces.extensions.cdi.jsf.impl.util.SecurityUtils.tryToHandleSecurityViolation(e);
            facesContext.renderResponse();
        }
    }

    private void triggerFallback(FacesContext facesContext) {
        Map<String, Object> requestMap = getRequestMap(facesContext);
        if (requestMap != null) {
            requestMap.put(LAZY_SECURITY_CHECK_KEY, Boolean.TRUE);
        }
    }

    private Map<String, Object> getRequestMap(FacesContext facesContext) {
        if (facesContext.getExternalContext() == null || facesContext.getExternalContext().getRequestMap() == null) {
            return null;
        }
        return facesContext.getExternalContext().getRequestMap();
    }
}
