package org.apache.geronimo.openejb.deployment;

import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.ejb.TimedObject;
import javax.ejb.Timer;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import org.apache.geronimo.common.DeploymentException;
import org.apache.geronimo.security.jacc.ComponentPermissions;
import org.apache.openejb.jee.AssemblyDescriptor;
import org.apache.openejb.jee.ExcludeList;
import org.apache.openejb.jee.MessageDrivenBean;
import org.apache.openejb.jee.Method;
import org.apache.openejb.jee.MethodPermission;
import org.apache.openejb.jee.NamedMethod;
import org.apache.openejb.jee.RemoteBean;
import org.apache.openejb.jee.SecurityRoleRef;
import org.apache.openejb.jee.SessionBean;

/* loaded from: input_file:org/apache/geronimo/openejb/deployment/SecurityBuilder.class */
public class SecurityBuilder {
    public void addComponentPermissions(String str, Collection<Permission> collection, AssemblyDescriptor assemblyDescriptor, String str2, List<SecurityRoleRef> list, ComponentPermissions componentPermissions) throws DeploymentException {
        PermissionCollection permissionCollection;
        String[] strArr;
        String[] strArr2;
        PermissionCollection uncheckedPermissions = componentPermissions.getUncheckedPermissions();
        PermissionCollection excludedPermissions = componentPermissions.getExcludedPermissions();
        Map rolePermissions = componentPermissions.getRolePermissions();
        HashSet hashSet = new HashSet();
        if (assemblyDescriptor != null) {
            ExcludeList excludeList = assemblyDescriptor.getExcludeList();
            if (excludeList != null) {
                for (Method method : excludeList.getMethod()) {
                    if (str2.equals(method.getEjbName())) {
                        String methodName = method.getMethodName();
                        String methodIntf = method.getMethodIntf() == null ? null : method.getMethodIntf().toString();
                        if (method.getMethodParams() != null) {
                            List methodParam = method.getMethodParams().getMethodParam();
                            strArr2 = (String[]) methodParam.toArray(new String[methodParam.size()]);
                        } else {
                            strArr2 = null;
                        }
                        EJBMethodPermission eJBMethodPermission = new EJBMethodPermission(str2, methodName, methodIntf, strArr2);
                        excludedPermissions.add(eJBMethodPermission);
                        hashSet.addAll(intersectPermissions(collection, eJBMethodPermission, false));
                    }
                }
            }
            for (MethodPermission methodPermission : assemblyDescriptor.getMethodPermission()) {
                List<String> roleName = methodPermission.getRoleName();
                boolean unchecked = methodPermission.getUnchecked();
                for (Method method2 : methodPermission.getMethod()) {
                    if (str2.equals(method2.getEjbName())) {
                        String methodName2 = method2.getMethodName();
                        if ("*".equals(methodName2)) {
                            methodName2 = null;
                        }
                        String methodIntf2 = method2.getMethodIntf() == null ? null : method2.getMethodIntf().toString();
                        if (method2.getMethodParams() != null) {
                            List methodParam2 = method2.getMethodParams().getMethodParam();
                            strArr = (String[]) methodParam2.toArray(new String[methodParam2.size()]);
                        } else {
                            strArr = null;
                        }
                        EJBMethodPermission eJBMethodPermission2 = new EJBMethodPermission(str2, methodName2, methodIntf2, strArr);
                        Collection intersectPermissions = intersectPermissions(collection, eJBMethodPermission2, true);
                        int size = intersectPermissions.size();
                        intersectPermissions.removeAll(hashSet);
                        if (size == intersectPermissions.size()) {
                            intersectPermissions = Collections.singletonList(eJBMethodPermission2);
                        }
                        if (unchecked) {
                            Iterator it = intersectPermissions.iterator();
                            while (it.hasNext()) {
                                uncheckedPermissions.add((Permission) it.next());
                            }
                        } else if (intersectPermissions.size() > 0) {
                            for (String str3 : roleName) {
                                Permissions permissions = (Permissions) rolePermissions.get(str3);
                                if (permissions == null) {
                                    permissions = new Permissions();
                                    rolePermissions.put(str3, permissions);
                                }
                                Iterator it2 = intersectPermissions.iterator();
                                while (it2.hasNext()) {
                                    permissions.add((Permission) it2.next());
                                }
                            }
                        }
                    }
                }
            }
            for (SecurityRoleRef securityRoleRef : list) {
                String roleName2 = securityRoleRef.getRoleLink() == null ? securityRoleRef.getRoleName() : securityRoleRef.getRoleLink();
                PermissionCollection permissionCollection2 = (PermissionCollection) rolePermissions.get(roleName2);
                if (permissionCollection2 == null) {
                    permissionCollection2 = new Permissions();
                    rolePermissions.put(roleName2, permissionCollection2);
                }
                permissionCollection2.add(new EJBRoleRefPermission(str2, securityRoleRef.getRoleName()));
            }
        }
        if (str == null) {
            permissionCollection = uncheckedPermissions;
        } else {
            permissionCollection = (PermissionCollection) rolePermissions.get(str);
            if (permissionCollection == null) {
                permissionCollection = new Permissions();
                rolePermissions.put(str, permissionCollection);
            }
        }
        collection.removeAll(hashSet);
        Iterator<Permission> it3 = collection.iterator();
        while (it3.hasNext()) {
            permissionCollection.add(it3.next());
        }
    }

    public void addToPermissions(Collection<Permission> collection, String str, String str2, String str3, ClassLoader classLoader) throws DeploymentException {
        if (str3 == null) {
            return;
        }
        try {
            for (java.lang.reflect.Method method : Class.forName(str3, false, classLoader).getMethods()) {
                collection.add(new EJBMethodPermission(str, str2, method));
            }
        } catch (ClassNotFoundException e) {
            throw new DeploymentException(e);
        }
    }

    private Collection<Permission> intersectPermissions(Collection<Permission> collection, Permission permission, boolean z) {
        ArrayList arrayList = new ArrayList();
        Iterator<Permission> it = collection.iterator();
        while (it.hasNext()) {
            Permission next = it.next();
            if (permission.implies(next)) {
                if (z) {
                    it.remove();
                }
                arrayList.add(next);
            }
        }
        return arrayList;
    }

    public void addEjbTimeout(RemoteBean remoteBean, EjbModule ejbModule, Collection<Permission> collection) throws DeploymentException {
        NamedMethod namedMethod = null;
        if (remoteBean instanceof SessionBean) {
            namedMethod = ((SessionBean) remoteBean).getTimeoutMethod();
        } else if (remoteBean instanceof MessageDrivenBean) {
            namedMethod = ((MessageDrivenBean) remoteBean).getTimeoutMethod();
        }
        if (namedMethod != null) {
            collection.add(new EJBMethodPermission(remoteBean.getEjbName(), namedMethod.getMethodName(), (String) null, new String[]{Timer.class.getName()}));
            return;
        }
        try {
            if (TimedObject.class.isAssignableFrom(ejbModule.getClassLoader().loadClass(remoteBean.getEjbClass()))) {
                collection.add(new EJBMethodPermission(remoteBean.getEjbName(), "ejbTimeout", (String) null, new String[]{Timer.class.getName()}));
            }
        } catch (ClassNotFoundException e) {
            throw new DeploymentException("Could not figure out timer method", e);
        }
    }
}
