package org.apache.geronimo.web.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.IdentityHashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.HttpMethodConstraintElement;
import javax.servlet.Servlet;
import javax.servlet.ServletContext;
import javax.servlet.ServletRegistration;
import javax.servlet.ServletSecurityElement;
import javax.servlet.annotation.ServletSecurity;
import org.apache.geronimo.web.info.AuthConstraintInfo;
import org.apache.geronimo.web.info.SecurityConstraintInfo;
import org.apache.geronimo.web.info.WebAppInfo;
import org.apache.geronimo.web.info.WebResourceCollectionInfo;
import org.osgi.framework.Bundle;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/geronimo/web/security/WebSecurityConstraintStore.class */
public class WebSecurityConstraintStore {
    private static final Logger logger = LoggerFactory.getLogger(WebSecurityConstraintStore.class);
    private boolean annotationScanRequired;
    private Bundle bundle;
    private Map<Servlet, String> containerCreatedDynamicServlets;
    private Map<String, String> containerCreatedDynamicServletNameClassMap;
    private Map<String, ServletSecurityElement> dynamicServletNameSecurityElementMap;
    private Map<RegistrationKey, ServletSecurityElement> registrationSecurityElementMap;
    private Set<String> securityRoles;
    private ServletContext servletContext;
    private WebAppInfo webXmlAppInfo;
    private Set<String> webXmlConstraintUrlPatterns;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/geronimo/web/security/WebSecurityConstraintStore$RegistrationKey.class */
    public static final class RegistrationKey {
        private final ServletRegistration.Dynamic registration;

        private RegistrationKey(ServletRegistration.Dynamic dynamic) {
            this.registration = dynamic;
        }

        public boolean equals(Object obj) {
            return (obj instanceof RegistrationKey) && this.registration.getName().equals(((RegistrationKey) obj).registration.getName());
        }

        public int hashCode() {
            return this.registration.getName().hashCode();
        }
    }

    public WebSecurityConstraintStore(WebAppInfo webAppInfo) {
        this(webAppInfo, null, false, null);
    }

    public WebSecurityConstraintStore(WebAppInfo webAppInfo, Bundle bundle, boolean z, ServletContext servletContext) {
        this.containerCreatedDynamicServlets = new IdentityHashMap();
        this.containerCreatedDynamicServletNameClassMap = new HashMap();
        this.dynamicServletNameSecurityElementMap = new LinkedHashMap();
        this.registrationSecurityElementMap = new LinkedHashMap();
        this.securityRoles = new HashSet();
        this.webXmlConstraintUrlPatterns = new HashSet();
        this.webXmlAppInfo = webAppInfo;
        if (z && bundle == null) {
            throw new IllegalArgumentException("Bundle parameter could not be null while annotation scanning is required");
        }
        this.bundle = bundle;
        this.servletContext = servletContext;
        this.annotationScanRequired = z;
        initialize();
    }

    public void setAnnotationScanRequired(boolean z) {
        this.annotationScanRequired = z;
    }

    public void addContainerCreatedDynamicServlet(Servlet servlet) {
        this.containerCreatedDynamicServlets.put(servlet, null);
    }

    public boolean isContainerCreatedDynamicServlet(Servlet servlet) {
        return this.containerCreatedDynamicServlets.containsKey(servlet);
    }

    public void addContainerCreatedDynamicServletEntry(ServletRegistration.Dynamic dynamic, String str) {
        ServletSecurityElement processServletConstraintAnnotation;
        if (!this.annotationScanRequired || (processServletConstraintAnnotation = processServletConstraintAnnotation(str)) == null) {
            return;
        }
        setDynamicServletSecurity(dynamic, processServletConstraintAnnotation);
    }

    public void addContainerCreatedDynamicServletEntry(String str, String str2) {
        this.containerCreatedDynamicServletNameClassMap.put(str, str2);
    }

    public void declareRoles(String... strArr) {
        for (String str : strArr) {
            if (str == null || str.trim().length() == 0) {
                throw new IllegalArgumentException("RoleName of null value or empty string is not allowed in declareRoles method");
            }
            this.securityRoles.add(str);
        }
    }

    public WebAppInfo exportMergedWebAppInfo() {
        ArrayList arrayList = new ArrayList();
        if (this.annotationScanRequired) {
            for (Map.Entry<String, String> entry : this.containerCreatedDynamicServletNameClassMap.entrySet()) {
                String key = entry.getKey();
                Collection<String> mappings = this.servletContext.getServletRegistration(key).getMappings();
                mappings.removeAll(this.webXmlConstraintUrlPatterns);
                if (!this.dynamicServletNameSecurityElementMap.containsKey(key)) {
                    processServletConstraintAnnotation(arrayList, key, entry.getValue(), mappings);
                }
            }
        }
        for (Map.Entry<String, ServletSecurityElement> entry2 : this.dynamicServletNameSecurityElementMap.entrySet()) {
            Collection<String> mappings2 = this.servletContext.getServletRegistration(entry2.getKey()).getMappings();
            mappings2.removeAll(this.webXmlConstraintUrlPatterns);
            processServletSecurityElement(arrayList, entry2.getValue(), mappings2);
        }
        for (Map.Entry<RegistrationKey, ServletSecurityElement> entry3 : this.registrationSecurityElementMap.entrySet()) {
            Collection<String> mappings3 = entry3.getKey().registration.getMappings();
            mappings3.removeAll(this.webXmlConstraintUrlPatterns);
            processServletSecurityElement(arrayList, entry3.getValue(), mappings3);
        }
        this.webXmlAppInfo.securityConstraints.addAll(arrayList);
        return this.webXmlAppInfo;
    }

    public Set<String> setDynamicServletSecurity(ServletRegistration.Dynamic dynamic, ServletSecurityElement servletSecurityElement) {
        this.registrationSecurityElementMap.put(new RegistrationKey(dynamic), servletSecurityElement);
        HashSet hashSet = new HashSet(dynamic.getMappings());
        hashSet.retainAll(this.webXmlConstraintUrlPatterns);
        return hashSet;
    }

    public Set<String> setDynamicServletSecurity(String str, ServletSecurityElement servletSecurityElement, Collection<String> collection) {
        this.dynamicServletNameSecurityElementMap.put(str, servletSecurityElement);
        HashSet hashSet = new HashSet(collection);
        hashSet.retainAll(this.webXmlConstraintUrlPatterns);
        return hashSet;
    }

    private void initialize() {
        Iterator<SecurityConstraintInfo> it = this.webXmlAppInfo.securityConstraints.iterator();
        while (it.hasNext()) {
            Iterator<WebResourceCollectionInfo> it2 = it.next().webResourceCollections.iterator();
            while (it2.hasNext()) {
                this.webXmlConstraintUrlPatterns.addAll(it2.next().urlPatterns);
            }
        }
    }

    private SecurityConstraintInfo newHTTPMethodSecurityConstraint(String[] strArr, ServletSecurity.TransportGuarantee transportGuarantee, ServletSecurity.EmptyRoleSemantic emptyRoleSemantic, String str, Collection<String> collection) {
        SecurityConstraintInfo newSecurityConstraint = newSecurityConstraint(strArr, transportGuarantee, emptyRoleSemantic, true);
        WebResourceCollectionInfo webResourceCollectionInfo = newSecurityConstraint.webResourceCollections.get(0);
        webResourceCollectionInfo.urlPatterns.addAll(collection);
        webResourceCollectionInfo.httpMethods.add(str);
        return newSecurityConstraint;
    }

    private SecurityConstraintInfo newHTTPSecurityConstraint(String[] strArr, ServletSecurity.TransportGuarantee transportGuarantee, ServletSecurity.EmptyRoleSemantic emptyRoleSemantic, Collection<String> collection, Collection<String> collection2) {
        SecurityConstraintInfo newSecurityConstraint = newSecurityConstraint(strArr, transportGuarantee, emptyRoleSemantic, !collection.isEmpty());
        if (newSecurityConstraint != null) {
            WebResourceCollectionInfo webResourceCollectionInfo = newSecurityConstraint.webResourceCollections.get(0);
            webResourceCollectionInfo.httpMethods.addAll(collection);
            webResourceCollectionInfo.urlPatterns.addAll(collection2);
            webResourceCollectionInfo.omission = true;
        }
        return newSecurityConstraint;
    }

    private SecurityConstraintInfo newSecurityConstraint(String[] strArr, ServletSecurity.TransportGuarantee transportGuarantee, ServletSecurity.EmptyRoleSemantic emptyRoleSemantic, boolean z) {
        if (!z && strArr.length <= 0 && !transportGuarantee.equals(ServletSecurity.TransportGuarantee.CONFIDENTIAL) && !emptyRoleSemantic.equals(ServletSecurity.EmptyRoleSemantic.DENY)) {
            return null;
        }
        SecurityConstraintInfo securityConstraintInfo = new SecurityConstraintInfo();
        securityConstraintInfo.webResourceCollections.add(new WebResourceCollectionInfo());
        if (transportGuarantee.equals(ServletSecurity.TransportGuarantee.CONFIDENTIAL)) {
            securityConstraintInfo.userDataConstraint = ServletSecurity.TransportGuarantee.CONFIDENTIAL.name();
        }
        if (emptyRoleSemantic.equals(ServletSecurity.EmptyRoleSemantic.DENY)) {
            securityConstraintInfo.authConstraint = new AuthConstraintInfo();
        } else if (strArr.length > 0) {
            AuthConstraintInfo authConstraintInfo = new AuthConstraintInfo();
            for (String str : strArr) {
                authConstraintInfo.roleNames.add(str);
            }
            securityConstraintInfo.authConstraint = authConstraintInfo;
        }
        return securityConstraintInfo;
    }

    private void processServletConstraintAnnotation(List<SecurityConstraintInfo> list, String str, String str2, Collection<String> collection) {
        ServletSecurity servletSecurity;
        try {
            Class loadClass = this.bundle.loadClass(str2);
            if (Servlet.class.isAssignableFrom(loadClass) && (servletSecurity = (ServletSecurity) loadClass.getAnnotation(ServletSecurity.class)) != null) {
                if (!collection.isEmpty()) {
                    processServletSecurityAnnotation(list, servletSecurity, collection);
                } else if (logger.isDebugEnabled()) {
                    logger.debug("No url pattern for the servlet class " + str2 + " is found in the deployment plan, SecurityConstraint annotation is ignored");
                }
            }
        } catch (ClassNotFoundException e) {
            logger.error("Fail to load class", e);
        }
    }

    private ServletSecurityElement processServletConstraintAnnotation(String str) {
        ServletSecurity annotation;
        try {
            Class loadClass = this.bundle.loadClass(str);
            if (Servlet.class.isAssignableFrom(loadClass) && (annotation = loadClass.getAnnotation(ServletSecurity.class)) != null) {
                return new ServletSecurityElement(annotation);
            }
            return null;
        } catch (ClassNotFoundException e) {
            logger.error("Fail to load class", e);
            return null;
        }
    }

    private void processServletSecurityAnnotation(List<SecurityConstraintInfo> list, ServletSecurity servletSecurity, Collection<String> collection) {
        processServletSecurityElement(list, new ServletSecurityElement(servletSecurity), collection);
    }

    private void processServletSecurityElement(List<SecurityConstraintInfo> list, ServletSecurityElement servletSecurityElement, Collection<String> collection) {
        if (servletSecurityElement.getHttpMethodConstraints().size() > 0) {
            for (HttpMethodConstraintElement httpMethodConstraintElement : servletSecurityElement.getHttpMethodConstraints()) {
                SecurityConstraintInfo newHTTPMethodSecurityConstraint = newHTTPMethodSecurityConstraint(httpMethodConstraintElement.getRolesAllowed(), httpMethodConstraintElement.getTransportGuarantee(), httpMethodConstraintElement.getEmptyRoleSemantic(), httpMethodConstraintElement.getMethodName(), collection);
                if (newHTTPMethodSecurityConstraint != null) {
                    list.add(newHTTPMethodSecurityConstraint);
                }
                declareRoles(httpMethodConstraintElement.getRolesAllowed());
            }
        }
        SecurityConstraintInfo newHTTPSecurityConstraint = newHTTPSecurityConstraint(servletSecurityElement.getRolesAllowed(), servletSecurityElement.getTransportGuarantee(), servletSecurityElement.getEmptyRoleSemantic(), servletSecurityElement.getMethodNames(), collection);
        if (newHTTPSecurityConstraint != null) {
            list.add(newHTTPSecurityConstraint);
        }
        declareRoles(servletSecurityElement.getRolesAllowed());
    }
}
