package org.apache.geronimo.web25.deployment.merge.annotation;

import javax.servlet.Servlet;
import javax.servlet.annotation.HttpConstraint;
import javax.servlet.annotation.HttpMethodConstraint;
import javax.servlet.annotation.ServletSecurity;
import org.apache.geronimo.common.DeploymentException;
import org.apache.geronimo.web25.deployment.merge.MergeContext;
import org.apache.geronimo.web25.deployment.utils.WebDeploymentValidationUtils;
import org.apache.geronimo.xbeans.javaee6.ServletType;
import org.apache.geronimo.xbeans.javaee6.WebAppType;
import org.osgi.framework.Bundle;

/* loaded from: input_file:org/apache/geronimo/web25/deployment/merge/annotation/ServletSecurityAnnotationMergeHandler.class */
public class ServletSecurityAnnotationMergeHandler implements AnnotationMergeHandler {
    @Override // org.apache.geronimo.web25.deployment.merge.annotation.AnnotationMergeHandler
    public void merge(Class<?>[] clsArr, WebAppType webAppType, MergeContext mergeContext) throws DeploymentException {
    }

    @Override // org.apache.geronimo.web25.deployment.merge.annotation.AnnotationMergeHandler
    public void postProcessWebXmlElement(WebAppType webAppType, MergeContext mergeContext) throws DeploymentException {
        ServletSecurity annotation;
        try {
            Bundle bundle = mergeContext.getBundle();
            for (ServletType servletType : webAppType.getServletArray()) {
                if (servletType.getServletClass() != null && !servletType.getServletClass().getStringValue().isEmpty()) {
                    String stringValue = servletType.getServletClass().getStringValue();
                    Class loadClass = bundle.loadClass(stringValue);
                    if (Servlet.class.isAssignableFrom(loadClass) && (annotation = loadClass.getAnnotation(ServletSecurity.class)) != null) {
                        if (annotation.httpMethodConstraints().length > 0) {
                            for (HttpMethodConstraint httpMethodConstraint : annotation.httpMethodConstraints()) {
                                String value = httpMethodConstraint.value();
                                if (value == null || value.trim().isEmpty()) {
                                    throw new DeploymentException("HTTP protocol method could not be null or empty string in the ServletSecurity annotation of the class " + stringValue);
                                }
                                if (!WebDeploymentValidationUtils.isValidHTTPMethod(value.trim())) {
                                    throw new DeploymentException("Invalid HTTP method value is found in the ServletSecurity annotation of the class " + stringValue);
                                }
                            }
                        } else {
                            HttpConstraint value2 = annotation.value();
                            if (value2.rolesAllowed().length > 0 && value2.value().equals(ServletSecurity.EmptyRoleSemantic.DENY)) {
                                throw new DeploymentException("EmptyRoleSemantic with value DENY is not allowed in combination with a non-empty rolesAllowed list in the class " + stringValue);
                            }
                        }
                    }
                }
            }
        } catch (ClassNotFoundException e) {
            throw new DeploymentException("Fail to load servlet class", e);
        }
    }

    @Override // org.apache.geronimo.web25.deployment.merge.annotation.AnnotationMergeHandler
    public void preProcessWebXmlElement(WebAppType webAppType, MergeContext mergeContext) throws DeploymentException {
    }
}
