package org.apache.geronimo.web.security;

import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import org.apache.geronimo.security.jacc.ComponentPermissions;
import org.apache.geronimo.web.info.SecurityConstraintInfo;
import org.apache.geronimo.web.info.SecurityRoleRefInfo;
import org.apache.geronimo.web.info.ServletInfo;
import org.apache.geronimo.web.info.WebAppInfo;
import org.apache.geronimo.web.info.WebResourceCollectionInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/geronimo/web/security/SpecSecurityBuilder.class */
public class SpecSecurityBuilder {
    private static final Logger logger = LoggerFactory.getLogger(SpecSecurityBuilder.class);
    private final Set<String> securityRoles = new HashSet();
    private final Map<String, URLPattern> uncheckedPatterns = new HashMap();
    private final Map<UncheckedItem, HTTPMethods> uncheckedResourcePatterns = new HashMap();
    private final Map<UncheckedItem, HTTPMethods> uncheckedUserPatterns = new HashMap();
    private final Map<String, URLPattern> excludedPatterns = new HashMap();
    private final Map<String, Map<String, URLPattern>> rolesPatterns = new HashMap();
    private final Set<URLPattern> allSet = new HashSet();
    private final Map<String, URLPattern> allMap = new HashMap();
    private final RecordingPolicyConfiguration policyConfiguration = new RecordingPolicyConfiguration(true);
    private WebAppInfo webAppInfo;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/geronimo/web/security/SpecSecurityBuilder$RecordingPolicyConfiguration.class */
    public static class RecordingPolicyConfiguration implements PolicyConfiguration {
        private final PermissionCollection excludedPermissions;
        private final PermissionCollection uncheckedPermissions;
        private final Map<String, PermissionCollection> rolePermissions;
        private final StringBuilder audit;

        private RecordingPolicyConfiguration(boolean z) {
            this.excludedPermissions = new Permissions();
            this.uncheckedPermissions = new Permissions();
            this.rolePermissions = new HashMap();
            if (z) {
                this.audit = new StringBuilder();
            } else {
                this.audit = null;
            }
        }

        public String getContextID() throws PolicyContextException {
            return null;
        }

        public void addToRole(String str, PermissionCollection permissionCollection) {
            throw new IllegalStateException("not implemented");
        }

        public void addToRole(String str, Permission permission) throws PolicyContextException {
            if (this.audit != null) {
                this.audit.append("Role: ").append(str).append(" -> ").append(permission).append('\n');
            }
            PermissionCollection permissionCollection = this.rolePermissions.get(str);
            if (permissionCollection == null) {
                permissionCollection = new Permissions();
                this.rolePermissions.put(str, permissionCollection);
            }
            permissionCollection.add(permission);
        }

        public void addToUncheckedPolicy(PermissionCollection permissionCollection) {
            throw new IllegalStateException("not implemented");
        }

        public void addToUncheckedPolicy(Permission permission) throws PolicyContextException {
            if (this.audit != null) {
                this.audit.append("Unchecked -> ").append(permission).append('\n');
            }
            this.uncheckedPermissions.add(permission);
        }

        public void addToExcludedPolicy(PermissionCollection permissionCollection) {
            throw new IllegalStateException("not implemented");
        }

        public void addToExcludedPolicy(Permission permission) throws PolicyContextException {
            if (this.audit != null) {
                this.audit.append("Excluded -> ").append(permission).append('\n');
            }
            this.excludedPermissions.add(permission);
        }

        public void removeRole(String str) throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public void removeUncheckedPolicy() throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public void removeExcludedPolicy() throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public void linkConfiguration(PolicyConfiguration policyConfiguration) throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public void delete() throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public void commit() throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public boolean inService() throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public ComponentPermissions getComponentPermissions() {
            return new ComponentPermissions(this.excludedPermissions, this.uncheckedPermissions, this.rolePermissions);
        }

        public String getAudit() {
            return this.audit == null ? "no audit kept" : this.audit.toString();
        }
    }

    public SpecSecurityBuilder(WebAppInfo webAppInfo) {
        this.webAppInfo = webAppInfo;
    }

    public ComponentPermissions buildSpecSecurityConfig() {
        this.securityRoles.addAll(this.webAppInfo.securityRoles);
        try {
            Iterator<ServletInfo> it = this.webAppInfo.servlets.iterator();
            while (it.hasNext()) {
                processRoleRefPermissions(it.next());
            }
            addUnmappedJSPPermissions();
            analyzeSecurityConstraints(this.webAppInfo.securityConstraints);
            removeExcludedDups();
            return buildComponentPermissions();
        } catch (PolicyContextException e) {
            throw new IllegalStateException("Should not happen", e);
        }
    }

    private void analyzeSecurityConstraints(List<SecurityConstraintInfo> list) {
        for (SecurityConstraintInfo securityConstraintInfo : list) {
            Map<String, URLPattern> map = null;
            HashSet<String> hashSet = null;
            if (securityConstraintInfo.authConstraint == null) {
                map = this.uncheckedPatterns;
            } else if (securityConstraintInfo.authConstraint.roleNames.size() == 0) {
                map = this.excludedPatterns;
            } else {
                hashSet = new HashSet(securityConstraintInfo.authConstraint.roleNames);
                if (hashSet.remove("*")) {
                    hashSet.addAll(this.securityRoles);
                }
            }
            String str = securityConstraintInfo.userDataConstraint == null ? "NONE" : securityConstraintInfo.userDataConstraint;
            boolean z = map == null;
            for (WebResourceCollectionInfo webResourceCollectionInfo : securityConstraintInfo.webResourceCollections) {
                for (String str2 : webResourceCollectionInfo.urlPatterns) {
                    if (z) {
                        for (String str3 : hashSet) {
                            Map<String, URLPattern> map2 = this.rolesPatterns.get(str3);
                            if (map2 == null) {
                                map2 = new HashMap();
                                this.rolesPatterns.put(str3, map2);
                            }
                            analyzeURLPattern(str2, webResourceCollectionInfo.httpMethods, webResourceCollectionInfo.omission, str, map2);
                        }
                    } else {
                        analyzeURLPattern(str2, webResourceCollectionInfo.httpMethods, webResourceCollectionInfo.omission, str, map);
                    }
                    URLPattern uRLPattern = this.allMap.get(str2);
                    if (uRLPattern == null) {
                        URLPattern uRLPattern2 = new URLPattern(str2, webResourceCollectionInfo.httpMethods, webResourceCollectionInfo.omission);
                        this.allSet.add(uRLPattern2);
                        this.allMap.put(str2, uRLPattern2);
                    } else {
                        uRLPattern.addMethods(webResourceCollectionInfo.httpMethods, webResourceCollectionInfo.omission);
                    }
                }
            }
        }
    }

    private void analyzeURLPattern(String str, Set<String> set, boolean z, String str2, Map<String, URLPattern> map) {
        URLPattern uRLPattern = map.get(str);
        if (uRLPattern == null) {
            uRLPattern = new URLPattern(str, set, z);
            map.put(str, uRLPattern);
        } else {
            uRLPattern.addMethods(set, z);
        }
        uRLPattern.setTransport(str2);
    }

    private void removeExcludedDups() {
        for (Map.Entry<String, URLPattern> entry : this.excludedPatterns.entrySet()) {
            String key = entry.getKey();
            URLPattern value = entry.getValue();
            removeExcluded(key, value, this.uncheckedPatterns);
            Iterator<Map<String, URLPattern>> it = this.rolesPatterns.values().iterator();
            while (it.hasNext()) {
                removeExcluded(key, value, it.next());
            }
        }
    }

    private void removeExcluded(String str, URLPattern uRLPattern, Map<String, URLPattern> map) {
        URLPattern uRLPattern2 = map.get(str);
        if (uRLPattern2 == null || uRLPattern2.removeMethods(uRLPattern)) {
            return;
        }
        map.remove(str);
    }

    private ComponentPermissions buildComponentPermissions() throws PolicyContextException {
        for (URLPattern uRLPattern : this.excludedPatterns.values()) {
            String qualifiedPattern = uRLPattern.getQualifiedPattern(this.allSet);
            String methods = uRLPattern.getMethods();
            this.policyConfiguration.addToExcludedPolicy((Permission) new WebResourcePermission(qualifiedPattern, methods));
            this.policyConfiguration.addToExcludedPolicy((Permission) new WebUserDataPermission(qualifiedPattern, methods));
        }
        for (Map.Entry<String, Map<String, URLPattern>> entry : this.rolesPatterns.entrySet()) {
            HashSet hashSet = new HashSet(entry.getValue().values());
            for (URLPattern uRLPattern2 : entry.getValue().values()) {
                String qualifiedPattern2 = uRLPattern2.getQualifiedPattern(hashSet);
                this.policyConfiguration.addToRole(entry.getKey(), new WebResourcePermission(qualifiedPattern2, uRLPattern2.getMethods()));
                addOrUpdatePattern(this.uncheckedUserPatterns, qualifiedPattern2, uRLPattern2.getHTTPMethods(), uRLPattern2.getTransport());
            }
        }
        for (URLPattern uRLPattern3 : this.uncheckedPatterns.values()) {
            String qualifiedPattern3 = uRLPattern3.getQualifiedPattern(this.allSet);
            HTTPMethods hTTPMethods = uRLPattern3.getHTTPMethods();
            addOrUpdatePattern(this.uncheckedResourcePatterns, qualifiedPattern3, hTTPMethods, 0);
            addOrUpdatePattern(this.uncheckedUserPatterns, qualifiedPattern3, hTTPMethods, uRLPattern3.getTransport());
        }
        for (URLPattern uRLPattern4 : this.allSet) {
            String qualifiedPattern4 = uRLPattern4.getQualifiedPattern(this.allSet);
            HTTPMethods complementedHTTPMethods = uRLPattern4.getComplementedHTTPMethods();
            if (!complementedHTTPMethods.isNone()) {
                addOrUpdatePattern(this.uncheckedResourcePatterns, qualifiedPattern4, complementedHTTPMethods, 0);
                addOrUpdatePattern(this.uncheckedUserPatterns, qualifiedPattern4, complementedHTTPMethods, 0);
            }
        }
        if (!this.allMap.containsKey("/")) {
            URLPattern uRLPattern5 = new URLPattern("/", Collections.emptySet(), false);
            String qualifiedPattern5 = uRLPattern5.getQualifiedPattern(this.allSet);
            HTTPMethods complementedHTTPMethods2 = uRLPattern5.getComplementedHTTPMethods();
            addOrUpdatePattern(this.uncheckedResourcePatterns, qualifiedPattern5, complementedHTTPMethods2, 0);
            addOrUpdatePattern(this.uncheckedUserPatterns, qualifiedPattern5, complementedHTTPMethods2, 0);
        }
        for (UncheckedItem uncheckedItem : this.uncheckedResourcePatterns.keySet()) {
            this.policyConfiguration.addToUncheckedPolicy((Permission) new WebResourcePermission(uncheckedItem.getName(), URLPattern.getMethodsWithTransport(this.uncheckedResourcePatterns.get(uncheckedItem), uncheckedItem.getTransportType())));
        }
        for (UncheckedItem uncheckedItem2 : this.uncheckedUserPatterns.keySet()) {
            this.policyConfiguration.addToUncheckedPolicy((Permission) new WebUserDataPermission(uncheckedItem2.getName(), URLPattern.getMethodsWithTransport(this.uncheckedUserPatterns.get(uncheckedItem2), uncheckedItem2.getTransportType())));
        }
        return this.policyConfiguration.getComponentPermissions();
    }

    private void addOrUpdatePattern(Map<UncheckedItem, HTTPMethods> map, String str, HTTPMethods hTTPMethods, int i) {
        UncheckedItem uncheckedItem = new UncheckedItem(str, i);
        HTTPMethods hTTPMethods2 = map.get(uncheckedItem);
        if (hTTPMethods2 != null) {
            map.put(uncheckedItem, hTTPMethods2.add(hTTPMethods));
        } else {
            map.put(uncheckedItem, new HTTPMethods(hTTPMethods, false));
        }
    }

    protected void processRoleRefPermissions(ServletInfo servletInfo) throws PolicyContextException {
        String trim = servletInfo.servletName.trim();
        HashSet<String> hashSet = new HashSet(this.securityRoles);
        for (SecurityRoleRefInfo securityRoleRefInfo : servletInfo.securityRoleRefs) {
            this.policyConfiguration.addToRole(securityRoleRefInfo.roleLink, (Permission) new WebRoleRefPermission(trim, securityRoleRefInfo.roleName));
            hashSet.remove(securityRoleRefInfo.roleName);
        }
        for (String str : hashSet) {
            this.policyConfiguration.addToRole(str, (Permission) new WebRoleRefPermission(trim, str));
        }
    }

    protected void addUnmappedJSPPermissions() throws PolicyContextException {
        for (String str : this.securityRoles) {
            this.policyConfiguration.addToRole(str, (Permission) new WebRoleRefPermission("", str));
        }
    }

    public void clear() {
        this.securityRoles.clear();
        this.uncheckedPatterns.clear();
        this.uncheckedResourcePatterns.clear();
        this.uncheckedUserPatterns.clear();
        this.excludedPatterns.clear();
        this.rolesPatterns.clear();
        this.allSet.clear();
        this.allMap.clear();
    }
}
