package org.apache.geronimo.web25.deployment.security;

import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import org.apache.geronimo.security.jacc.ComponentPermissions;
import org.apache.geronimo.xbeans.javaee.RoleNameType;
import org.apache.geronimo.xbeans.javaee.SecurityConstraintType;
import org.apache.geronimo.xbeans.javaee.SecurityRoleRefType;
import org.apache.geronimo.xbeans.javaee.SecurityRoleType;
import org.apache.geronimo.xbeans.javaee.ServletType;
import org.apache.geronimo.xbeans.javaee.UrlPatternType;
import org.apache.geronimo.xbeans.javaee.WebAppType;
import org.apache.geronimo.xbeans.javaee.WebResourceCollectionType;

/* loaded from: input_file:org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.class */
public class SpecSecurityBuilder {
    private final Set<String> securityRoles = new HashSet();
    private final Map<String, URLPattern> uncheckedPatterns = new HashMap();
    private final Map<UncheckedItem, HTTPMethods> uncheckedResourcePatterns = new HashMap();
    private final Map<UncheckedItem, HTTPMethods> uncheckedUserPatterns = new HashMap();
    private final Map<String, URLPattern> excludedPatterns = new HashMap();
    private final Map<String, URLPattern> rolesPatterns = new HashMap();
    private final Set<URLPattern> allSet = new HashSet();
    private final Map<String, URLPattern> allMap = new HashMap();
    private boolean useExcluded = true;
    private final RecordingPolicyConfiguration policyConfiguration = new RecordingPolicyConfiguration(true);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder$RecordingPolicyConfiguration.class */
    public static class RecordingPolicyConfiguration implements PolicyConfiguration {
        private final PermissionCollection excludedPermissions;
        private final PermissionCollection uncheckedPermissions;
        private final Map<String, PermissionCollection> rolePermissions;
        private final StringBuilder audit;

        private RecordingPolicyConfiguration(boolean z) {
            this.excludedPermissions = new Permissions();
            this.uncheckedPermissions = new Permissions();
            this.rolePermissions = new HashMap();
            if (z) {
                this.audit = new StringBuilder();
            } else {
                this.audit = null;
            }
        }

        public String getContextID() throws PolicyContextException {
            return null;
        }

        public void addToRole(String str, PermissionCollection permissionCollection) {
            throw new IllegalStateException("not implemented");
        }

        public void addToRole(String str, Permission permission) throws PolicyContextException {
            if (this.audit != null) {
                this.audit.append("Role: ").append(str).append(" -> ").append(permission).append('\n');
            }
            PermissionCollection permissionCollection = this.rolePermissions.get(str);
            if (permissionCollection == null) {
                permissionCollection = new Permissions();
                this.rolePermissions.put(str, permissionCollection);
            }
            permissionCollection.add(permission);
        }

        public void addToUncheckedPolicy(PermissionCollection permissionCollection) {
            throw new IllegalStateException("not implemented");
        }

        public void addToUncheckedPolicy(Permission permission) throws PolicyContextException {
            if (this.audit != null) {
                this.audit.append("Unchecked -> ").append(permission).append('\n');
            }
            this.uncheckedPermissions.add(permission);
        }

        public void addToExcludedPolicy(PermissionCollection permissionCollection) {
            throw new IllegalStateException("not implemented");
        }

        public void addToExcludedPolicy(Permission permission) throws PolicyContextException {
            if (this.audit != null) {
                this.audit.append("Excluded -> ").append(permission).append('\n');
            }
            this.excludedPermissions.add(permission);
        }

        public void removeRole(String str) throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public void removeUncheckedPolicy() throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public void removeExcludedPolicy() throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public void linkConfiguration(PolicyConfiguration policyConfiguration) throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public void delete() throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public void commit() throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public boolean inService() throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public ComponentPermissions getComponentPermissions() {
            return new ComponentPermissions(this.excludedPermissions, this.uncheckedPermissions, this.rolePermissions);
        }

        public String getAudit() {
            return this.audit == null ? "no audit kept" : this.audit.toString();
        }
    }

    public ComponentPermissions buildSpecSecurityConfig(WebAppType webAppType) {
        collectRoleNames(webAppType.getSecurityRoleArray());
        try {
            for (ServletType servletType : webAppType.getServletArray()) {
                processRoleRefPermissions(servletType);
            }
            addUnmappedJSPPermissions();
            analyzeSecurityConstraints(webAppType.getSecurityConstraintArray());
            removeExcludedDups();
            return buildComponentPermissions();
        } catch (PolicyContextException e) {
            throw new IllegalStateException("Should not happen", e);
        }
    }

    public void analyzeSecurityConstraints(SecurityConstraintType[] securityConstraintTypeArr) {
        for (SecurityConstraintType securityConstraintType : securityConstraintTypeArr) {
            Map<String, URLPattern> map = securityConstraintType.isSetAuthConstraint() ? securityConstraintType.getAuthConstraint().getRoleNameArray().length == 0 ? this.excludedPatterns : this.rolesPatterns : this.uncheckedPatterns;
            String upperCase = securityConstraintType.isSetUserDataConstraint() ? securityConstraintType.getUserDataConstraint().getTransportGuarantee().getStringValue().trim().toUpperCase() : "";
            for (WebResourceCollectionType webResourceCollectionType : securityConstraintType.getWebResourceCollectionArray()) {
                for (UrlPatternType urlPatternType : webResourceCollectionType.getUrlPatternArray()) {
                    String trim = urlPatternType.getStringValue().trim();
                    URLPattern uRLPattern = map.get(trim);
                    if (uRLPattern == null) {
                        uRLPattern = new URLPattern(trim);
                        map.put(trim, uRLPattern);
                    }
                    URLPattern uRLPattern2 = this.allMap.get(trim);
                    if (uRLPattern2 == null) {
                        uRLPattern2 = new URLPattern(trim);
                        this.allSet.add(uRLPattern2);
                        this.allMap.put(trim, uRLPattern2);
                    }
                    String[] httpMethodArray = webResourceCollectionType.getHttpMethodArray();
                    if (httpMethodArray.length == 0) {
                        uRLPattern.addMethod("");
                        uRLPattern2.addMethod("");
                    } else {
                        int length = httpMethodArray.length;
                        for (int i = 0; i < length; i++) {
                            String str = httpMethodArray[i];
                            String trim2 = str == null ? null : str.trim();
                            if (trim2 != null) {
                                uRLPattern.addMethod(trim2);
                                uRLPattern2.addMethod(trim2);
                            }
                        }
                    }
                    if (map == this.rolesPatterns) {
                        for (RoleNameType roleNameType : securityConstraintType.getAuthConstraint().getRoleNameArray()) {
                            String trim3 = roleNameType.getStringValue().trim();
                            if (trim3.equals("*")) {
                                uRLPattern.addAllRoles(this.securityRoles);
                            } else {
                                uRLPattern.addRole(trim3);
                            }
                        }
                    }
                    uRLPattern.setTransport(upperCase);
                }
            }
        }
    }

    public void removeExcludedDups() {
        for (Map.Entry<String, URLPattern> entry : this.excludedPatterns.entrySet()) {
            String key = entry.getKey();
            URLPattern value = entry.getValue();
            removeExcluded(key, value, this.uncheckedPatterns);
            removeExcluded(key, value, this.rolesPatterns);
        }
    }

    private void removeExcluded(String str, URLPattern uRLPattern, Map<String, URLPattern> map) {
        URLPattern uRLPattern2 = map.get(str);
        if (uRLPattern2 == null || uRLPattern2.removeMethods(uRLPattern)) {
            return;
        }
        map.remove(str);
    }

    public ComponentPermissions buildComponentPermissions() throws PolicyContextException {
        if (this.useExcluded) {
            for (URLPattern uRLPattern : this.excludedPatterns.values()) {
                String qualifiedPattern = uRLPattern.getQualifiedPattern(this.allSet);
                String methods = uRLPattern.getMethods();
                this.policyConfiguration.addToExcludedPolicy((Permission) new WebResourcePermission(qualifiedPattern, methods));
                this.policyConfiguration.addToExcludedPolicy((Permission) new WebUserDataPermission(qualifiedPattern, methods));
            }
        }
        for (URLPattern uRLPattern2 : this.rolesPatterns.values()) {
            String qualifiedPattern2 = uRLPattern2.getQualifiedPattern(this.allSet);
            Permission webResourcePermission = new WebResourcePermission(qualifiedPattern2, uRLPattern2.getMethods());
            Iterator<String> it = uRLPattern2.getRoles().iterator();
            while (it.hasNext()) {
                this.policyConfiguration.addToRole(it.next(), webResourcePermission);
            }
            addOrUpdatePattern(this.uncheckedUserPatterns, qualifiedPattern2, uRLPattern2.getHTTPMethods(), uRLPattern2.getTransport());
        }
        for (URLPattern uRLPattern3 : this.uncheckedPatterns.values()) {
            String qualifiedPattern3 = uRLPattern3.getQualifiedPattern(this.allSet);
            HTTPMethods hTTPMethods = uRLPattern3.getHTTPMethods();
            addOrUpdatePattern(this.uncheckedResourcePatterns, qualifiedPattern3, hTTPMethods, 0);
            addOrUpdatePattern(this.uncheckedUserPatterns, qualifiedPattern3, hTTPMethods, uRLPattern3.getTransport());
        }
        for (URLPattern uRLPattern4 : this.allSet) {
            String qualifiedPattern4 = uRLPattern4.getQualifiedPattern(this.allSet);
            HTTPMethods complementedHTTPMethods = uRLPattern4.getComplementedHTTPMethods();
            if (!complementedHTTPMethods.isNone()) {
                addOrUpdatePattern(this.uncheckedResourcePatterns, qualifiedPattern4, complementedHTTPMethods, 0);
                addOrUpdatePattern(this.uncheckedUserPatterns, qualifiedPattern4, complementedHTTPMethods, 0);
            }
        }
        URLPattern uRLPattern5 = new URLPattern("/");
        if (!this.allSet.contains(uRLPattern5)) {
            String qualifiedPattern5 = uRLPattern5.getQualifiedPattern(this.allSet);
            HTTPMethods complementedHTTPMethods2 = uRLPattern5.getComplementedHTTPMethods();
            addOrUpdatePattern(this.uncheckedResourcePatterns, qualifiedPattern5, complementedHTTPMethods2, 0);
            addOrUpdatePattern(this.uncheckedUserPatterns, qualifiedPattern5, complementedHTTPMethods2, 0);
        }
        for (UncheckedItem uncheckedItem : this.uncheckedResourcePatterns.keySet()) {
            this.policyConfiguration.addToUncheckedPolicy((Permission) new WebResourcePermission(uncheckedItem.getName(), URLPattern.getMethodsWithTransport(this.uncheckedResourcePatterns.get(uncheckedItem), uncheckedItem.getTransportType())));
        }
        for (UncheckedItem uncheckedItem2 : this.uncheckedUserPatterns.keySet()) {
            this.policyConfiguration.addToUncheckedPolicy((Permission) new WebUserDataPermission(uncheckedItem2.getName(), URLPattern.getMethodsWithTransport(this.uncheckedUserPatterns.get(uncheckedItem2), uncheckedItem2.getTransportType())));
        }
        return this.policyConfiguration.getComponentPermissions();
    }

    private void addOrUpdatePattern(Map<UncheckedItem, HTTPMethods> map, String str, HTTPMethods hTTPMethods, int i) {
        UncheckedItem uncheckedItem = new UncheckedItem(str, i);
        HTTPMethods hTTPMethods2 = map.get(uncheckedItem);
        if (hTTPMethods2 != null) {
            map.put(uncheckedItem, hTTPMethods2.add(hTTPMethods));
        } else {
            map.put(uncheckedItem, new HTTPMethods(hTTPMethods, false));
        }
    }

    protected void processRoleRefPermissions(ServletType servletType) throws PolicyContextException {
        String trim = servletType.getServletName().getStringValue().trim();
        SecurityRoleRefType[] securityRoleRefArray = servletType.getSecurityRoleRefArray();
        HashSet<String> hashSet = new HashSet(this.securityRoles);
        for (SecurityRoleRefType securityRoleRefType : securityRoleRefArray) {
            String trim2 = securityRoleRefType.getRoleName().getStringValue().trim();
            this.policyConfiguration.addToRole(securityRoleRefType.getRoleLink().getStringValue().trim(), (Permission) new WebRoleRefPermission(trim, trim2));
            hashSet.remove(trim2);
        }
        for (String str : hashSet) {
            this.policyConfiguration.addToRole(str, (Permission) new WebRoleRefPermission(trim, str));
        }
    }

    protected void addUnmappedJSPPermissions() throws PolicyContextException {
        for (String str : this.securityRoles) {
            this.policyConfiguration.addToRole(str, (Permission) new WebRoleRefPermission("", str));
        }
    }

    protected void collectRoleNames(SecurityRoleType[] securityRoleTypeArr) {
        for (SecurityRoleType securityRoleType : securityRoleTypeArr) {
            this.securityRoles.add(securityRoleType.getRoleName().getStringValue().trim());
        }
    }
}
