package org.apache.geronimo.web.security;

import java.net.URL;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import javax.servlet.HttpMethodConstraintElement;
import javax.servlet.Servlet;
import javax.servlet.ServletSecurityElement;
import javax.servlet.annotation.HttpConstraint;
import javax.servlet.annotation.HttpMethodConstraint;
import javax.servlet.annotation.ServletSecurity;
import org.apache.geronimo.deployment.xmlbeans.XmlBeansUtil;
import org.apache.geronimo.kernel.util.JarUtils;
import org.apache.geronimo.schema.SchemaConversionUtils;
import org.apache.geronimo.security.jacc.ComponentPermissions;
import org.apache.geronimo.xbeans.javaee6.AuthConstraintType;
import org.apache.geronimo.xbeans.javaee6.RoleNameType;
import org.apache.geronimo.xbeans.javaee6.SecurityConstraintType;
import org.apache.geronimo.xbeans.javaee6.SecurityRoleRefType;
import org.apache.geronimo.xbeans.javaee6.SecurityRoleType;
import org.apache.geronimo.xbeans.javaee6.ServletMappingType;
import org.apache.geronimo.xbeans.javaee6.ServletType;
import org.apache.geronimo.xbeans.javaee6.UrlPatternType;
import org.apache.geronimo.xbeans.javaee6.WebAppType;
import org.apache.geronimo.xbeans.javaee6.WebResourceCollectionType;
import org.apache.xbean.osgi.bundle.util.BundleUtils;
import org.apache.xmlbeans.XmlException;
import org.apache.xmlbeans.XmlObject;
import org.osgi.framework.Bundle;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/geronimo/web/security/SpecSecurityBuilder.class */
public class SpecSecurityBuilder {
    private static final Logger logger = LoggerFactory.getLogger(SpecSecurityBuilder.class);
    private final Set<String> securityRoles;
    private final Map<String, URLPattern> uncheckedPatterns;
    private final Map<UncheckedItem, HTTPMethods> uncheckedResourcePatterns;
    private final Map<UncheckedItem, HTTPMethods> uncheckedUserPatterns;
    private final Map<String, URLPattern> excludedPatterns;
    private final Map<String, URLPattern> rolesPatterns;
    private final Set<URLPattern> allSet;
    private final Map<String, URLPattern> allMap;
    private final RecordingPolicyConfiguration policyConfiguration;
    private WebAppType initialWebApp;
    private Bundle bundle;
    private boolean annotationScanRequired;
    private Set<String> urlPatternsConfiguredInDeploymentPlans;
    private WebAppType dynamicSecurityWebApp;
    private WebAppType annotationSecurityWebApp;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/geronimo/web/security/SpecSecurityBuilder$RecordingPolicyConfiguration.class */
    public static class RecordingPolicyConfiguration implements PolicyConfiguration {
        private final PermissionCollection excludedPermissions;
        private final PermissionCollection uncheckedPermissions;
        private final Map<String, PermissionCollection> rolePermissions;
        private final StringBuilder audit;

        private RecordingPolicyConfiguration(boolean z) {
            this.excludedPermissions = new Permissions();
            this.uncheckedPermissions = new Permissions();
            this.rolePermissions = new HashMap();
            if (z) {
                this.audit = new StringBuilder();
            } else {
                this.audit = null;
            }
        }

        public String getContextID() throws PolicyContextException {
            return null;
        }

        public void addToRole(String str, PermissionCollection permissionCollection) {
            throw new IllegalStateException("not implemented");
        }

        public void addToRole(String str, Permission permission) throws PolicyContextException {
            if (this.audit != null) {
                this.audit.append("Role: ").append(str).append(" -> ").append(permission).append('\n');
            }
            PermissionCollection permissionCollection = this.rolePermissions.get(str);
            if (permissionCollection == null) {
                permissionCollection = new Permissions();
                this.rolePermissions.put(str, permissionCollection);
            }
            permissionCollection.add(permission);
        }

        public void addToUncheckedPolicy(PermissionCollection permissionCollection) {
            throw new IllegalStateException("not implemented");
        }

        public void addToUncheckedPolicy(Permission permission) throws PolicyContextException {
            if (this.audit != null) {
                this.audit.append("Unchecked -> ").append(permission).append('\n');
            }
            this.uncheckedPermissions.add(permission);
        }

        public void addToExcludedPolicy(PermissionCollection permissionCollection) {
            throw new IllegalStateException("not implemented");
        }

        public void addToExcludedPolicy(Permission permission) throws PolicyContextException {
            if (this.audit != null) {
                this.audit.append("Excluded -> ").append(permission).append('\n');
            }
            this.excludedPermissions.add(permission);
        }

        public void removeRole(String str) throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public void removeUncheckedPolicy() throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public void removeExcludedPolicy() throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public void linkConfiguration(PolicyConfiguration policyConfiguration) throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public void delete() throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public void commit() throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public boolean inService() throws PolicyContextException {
            throw new IllegalStateException("not implemented");
        }

        public ComponentPermissions getComponentPermissions() {
            return new ComponentPermissions(this.excludedPermissions, this.uncheckedPermissions, this.rolePermissions);
        }

        public String getAudit() {
            return this.audit == null ? "no audit kept" : this.audit.toString();
        }
    }

    public SpecSecurityBuilder(WebAppType webAppType) {
        this(webAppType, (Bundle) null, false);
    }

    public SpecSecurityBuilder(WebAppType webAppType, Bundle bundle, boolean z) {
        this.securityRoles = new HashSet();
        this.uncheckedPatterns = new HashMap();
        this.uncheckedResourcePatterns = new HashMap();
        this.uncheckedUserPatterns = new HashMap();
        this.excludedPatterns = new HashMap();
        this.rolesPatterns = new HashMap();
        this.allSet = new HashSet();
        this.allMap = new HashMap();
        this.policyConfiguration = new RecordingPolicyConfiguration(true);
        this.urlPatternsConfiguredInDeploymentPlans = new HashSet();
        this.initialWebApp = webAppType;
        if (z && bundle == null) {
            throw new IllegalArgumentException("Bundle parameter could not be null while annotation scanning is required");
        }
        this.bundle = bundle;
        this.annotationScanRequired = z;
        initialize();
    }

    public SpecSecurityBuilder(Bundle bundle, boolean z) {
        this.securityRoles = new HashSet();
        this.uncheckedPatterns = new HashMap();
        this.uncheckedResourcePatterns = new HashMap();
        this.uncheckedUserPatterns = new HashMap();
        this.excludedPatterns = new HashMap();
        this.rolesPatterns = new HashMap();
        this.allSet = new HashSet();
        this.allMap = new HashMap();
        this.policyConfiguration = new RecordingPolicyConfiguration(true);
        this.urlPatternsConfiguredInDeploymentPlans = new HashSet();
        this.bundle = bundle;
        this.annotationScanRequired = z;
        URL entry = BundleUtils.getEntry(bundle, "WEB-INF/web.xml");
        if (entry == null) {
            this.initialWebApp = WebAppType.Factory.newInstance();
        } else {
            try {
                this.initialWebApp = SchemaConversionUtils.convertToServletSchema(XmlBeansUtil.parse(JarUtils.readAll(entry))).getWebApp();
            } catch (XmlException e) {
                throw new IllegalArgumentException("Error parsing web.xml for " + bundle.getSymbolicName(), e);
            } catch (Exception e2) {
                throw new IllegalArgumentException("Error reading web.xml for " + bundle.getSymbolicName(), e2);
            }
        }
        initialize();
    }

    public SpecSecurityBuilder(Bundle bundle, String str, boolean z) {
        this.securityRoles = new HashSet();
        this.uncheckedPatterns = new HashMap();
        this.uncheckedResourcePatterns = new HashMap();
        this.uncheckedUserPatterns = new HashMap();
        this.excludedPatterns = new HashMap();
        this.rolesPatterns = new HashMap();
        this.allSet = new HashSet();
        this.allMap = new HashMap();
        this.policyConfiguration = new RecordingPolicyConfiguration(true);
        this.urlPatternsConfiguredInDeploymentPlans = new HashSet();
        this.bundle = bundle;
        this.annotationScanRequired = z;
        if (str == null || str.length() == 0) {
            this.initialWebApp = WebAppType.Factory.newInstance();
        } else {
            try {
                this.initialWebApp = SchemaConversionUtils.convertToServletSchema(XmlBeansUtil.parse(str)).getWebApp();
            } catch (XmlException e) {
                throw new IllegalArgumentException("Error parsing web.xml for " + bundle.getSymbolicName(), e);
            } catch (Exception e2) {
                throw new IllegalArgumentException("Error reading web.xml for " + bundle.getSymbolicName(), e2);
            }
        }
        initialize();
    }

    public void declareRoles(String... strArr) {
        for (String str : strArr) {
            if (str == null || str.trim().length() == 0) {
                throw new IllegalArgumentException("RoleName of null value or empty string is not allowed in declareRoles method");
            }
            this.securityRoles.add(str.trim());
        }
    }

    public Set<String> setServletSecurity(ServletSecurityElement servletSecurityElement, Collection<String> collection) {
        Collection<String> collection2;
        if (this.dynamicSecurityWebApp == null) {
            this.dynamicSecurityWebApp = WebAppType.Factory.newInstance();
        }
        HashSet hashSet = new HashSet();
        for (String str : collection) {
            if (this.urlPatternsConfiguredInDeploymentPlans.contains(str)) {
                hashSet.add(str);
            }
        }
        if (hashSet.size() == 0) {
            collection2 = collection;
        } else {
            HashSet hashSet2 = new HashSet();
            hashSet2.addAll(collection);
            hashSet2.removeAll(hashSet);
            collection2 = hashSet2;
        }
        if (this.annotationSecurityWebApp != null) {
            overrideSecurityConstraints(this.annotationSecurityWebApp, collection2);
        }
        overrideSecurityConstraints(this.dynamicSecurityWebApp, collection2);
        if (servletSecurityElement.getHttpMethodConstraints().size() > 0) {
            for (HttpMethodConstraintElement httpMethodConstraintElement : servletSecurityElement.getHttpMethodConstraints()) {
                addNewHTTPMethodSecurityConstraint(this.dynamicSecurityWebApp, httpMethodConstraintElement.getRolesAllowed(), httpMethodConstraintElement.getTransportGuarantee(), httpMethodConstraintElement.getEmptyRoleSemantic(), httpMethodConstraintElement.getMethodName(), collection2);
                declareRoles(httpMethodConstraintElement.getRolesAllowed());
            }
        }
        addNewHTTPSecurityConstraint(this.dynamicSecurityWebApp, servletSecurityElement.getRolesAllowed(), servletSecurityElement.getTransportGuarantee(), servletSecurityElement.getEmptyRoleSemantic(), (String[]) servletSecurityElement.getMethodNames().toArray(new String[0]), collection2);
        declareRoles(servletSecurityElement.getRolesAllowed());
        return hashSet;
    }

    private void overrideSecurityConstraints(WebAppType webAppType, Collection<String> collection) {
        for (SecurityConstraintType securityConstraintType : webAppType.getSecurityConstraintArray()) {
            int i = 0;
            for (WebResourceCollectionType webResourceCollectionType : securityConstraintType.getWebResourceCollectionArray()) {
                HashSet hashSet = new HashSet();
                for (UrlPatternType urlPatternType : webResourceCollectionType.getUrlPatternArray()) {
                    if (!collection.contains(urlPatternType.getStringValue())) {
                        hashSet.add(urlPatternType.getStringValue());
                    }
                }
                if (hashSet.size() == 0) {
                    securityConstraintType.removeWebResourceCollection(i);
                } else {
                    if (hashSet.size() < webResourceCollectionType.getUrlPatternArray().length) {
                        int length = webResourceCollectionType.getUrlPatternArray().length;
                        for (int i2 = 0; i2 < length; i2++) {
                            webResourceCollectionType.removeUrlPattern(0);
                        }
                        Iterator it = hashSet.iterator();
                        while (it.hasNext()) {
                            webResourceCollectionType.addNewUrlPattern().setStringValue((String) it.next());
                        }
                    }
                    i++;
                }
            }
        }
    }

    public ComponentPermissions buildSpecSecurityConfig() {
        if (this.dynamicSecurityWebApp != null) {
            for (XmlObject xmlObject : this.dynamicSecurityWebApp.getSecurityConstraintArray()) {
                this.initialWebApp.addNewSecurityConstraint().set(xmlObject);
            }
        }
        if (this.annotationSecurityWebApp != null) {
            for (XmlObject xmlObject2 : this.annotationSecurityWebApp.getSecurityConstraintArray()) {
                this.initialWebApp.addNewSecurityConstraint().set(xmlObject2);
            }
        }
        collectRoleNames(this.initialWebApp.getSecurityRoleArray());
        try {
            for (ServletType servletType : this.initialWebApp.getServletArray()) {
                processRoleRefPermissions(servletType);
            }
            addUnmappedJSPPermissions();
            analyzeSecurityConstraints(this.initialWebApp.getSecurityConstraintArray());
            removeExcludedDups();
            return buildComponentPermissions();
        } catch (PolicyContextException e) {
            throw new IllegalStateException("Should not happen", e);
        }
    }

    private void analyzeSecurityConstraints(SecurityConstraintType[] securityConstraintTypeArr) {
        for (SecurityConstraintType securityConstraintType : securityConstraintTypeArr) {
            Map<String, URLPattern> map = securityConstraintType.isSetAuthConstraint() ? securityConstraintType.getAuthConstraint().getRoleNameArray().length == 0 ? this.excludedPatterns : this.rolesPatterns : this.uncheckedPatterns;
            String upperCase = securityConstraintType.isSetUserDataConstraint() ? securityConstraintType.getUserDataConstraint().getTransportGuarantee().getStringValue().trim().toUpperCase() : "";
            for (WebResourceCollectionType webResourceCollectionType : securityConstraintType.getWebResourceCollectionArray()) {
                HashSet hashSet = new HashSet();
                boolean z = true;
                if (webResourceCollectionType.getHttpMethodArray().length > 0) {
                    z = false;
                    for (String str : webResourceCollectionType.getHttpMethodArray()) {
                        if (str != null) {
                            hashSet.add(str.trim());
                        }
                    }
                } else if (webResourceCollectionType.getHttpMethodOmissionArray().length > 0) {
                    for (String str2 : webResourceCollectionType.getHttpMethodOmissionArray()) {
                        if (str2 != null) {
                            hashSet.add(str2.trim());
                        }
                    }
                }
                for (UrlPatternType urlPatternType : webResourceCollectionType.getUrlPatternArray()) {
                    String trim = urlPatternType.getStringValue().trim();
                    URLPattern uRLPattern = map.get(trim);
                    if (uRLPattern == null) {
                        uRLPattern = new URLPattern(trim, hashSet, z);
                        map.put(trim, uRLPattern);
                    } else {
                        uRLPattern.addMethods(hashSet, z);
                    }
                    URLPattern uRLPattern2 = this.allMap.get(trim);
                    if (uRLPattern2 == null) {
                        URLPattern uRLPattern3 = new URLPattern(trim, hashSet, z);
                        this.allSet.add(uRLPattern3);
                        this.allMap.put(trim, uRLPattern3);
                    } else {
                        uRLPattern2.addMethods(hashSet, z);
                    }
                    if (map == this.rolesPatterns) {
                        for (RoleNameType roleNameType : securityConstraintType.getAuthConstraint().getRoleNameArray()) {
                            String trim2 = roleNameType.getStringValue().trim();
                            if (trim2.equals("*")) {
                                uRLPattern.addAllRoles(this.securityRoles);
                            } else {
                                uRLPattern.addRole(trim2);
                            }
                        }
                    }
                    uRLPattern.setTransport(upperCase);
                }
            }
        }
    }

    private void removeExcludedDups() {
        for (Map.Entry<String, URLPattern> entry : this.excludedPatterns.entrySet()) {
            String key = entry.getKey();
            URLPattern value = entry.getValue();
            removeExcluded(key, value, this.uncheckedPatterns);
            removeExcluded(key, value, this.rolesPatterns);
        }
    }

    private void removeExcluded(String str, URLPattern uRLPattern, Map<String, URLPattern> map) {
        URLPattern uRLPattern2 = map.get(str);
        if (uRLPattern2 == null || uRLPattern2.removeMethods(uRLPattern)) {
            return;
        }
        map.remove(str);
    }

    private ComponentPermissions buildComponentPermissions() throws PolicyContextException {
        for (URLPattern uRLPattern : this.excludedPatterns.values()) {
            String qualifiedPattern = uRLPattern.getQualifiedPattern(this.allSet);
            String methods = uRLPattern.getMethods();
            this.policyConfiguration.addToExcludedPolicy((Permission) new WebResourcePermission(qualifiedPattern, methods));
            this.policyConfiguration.addToExcludedPolicy((Permission) new WebUserDataPermission(qualifiedPattern, methods));
        }
        for (URLPattern uRLPattern2 : this.rolesPatterns.values()) {
            String qualifiedPattern2 = uRLPattern2.getQualifiedPattern(this.allSet);
            Permission webResourcePermission = new WebResourcePermission(qualifiedPattern2, uRLPattern2.getMethods());
            Iterator<String> it = uRLPattern2.getRoles().iterator();
            while (it.hasNext()) {
                this.policyConfiguration.addToRole(it.next(), webResourcePermission);
            }
            addOrUpdatePattern(this.uncheckedUserPatterns, qualifiedPattern2, uRLPattern2.getHTTPMethods(), uRLPattern2.getTransport());
        }
        for (URLPattern uRLPattern3 : this.uncheckedPatterns.values()) {
            String qualifiedPattern3 = uRLPattern3.getQualifiedPattern(this.allSet);
            HTTPMethods hTTPMethods = uRLPattern3.getHTTPMethods();
            addOrUpdatePattern(this.uncheckedResourcePatterns, qualifiedPattern3, hTTPMethods, 0);
            addOrUpdatePattern(this.uncheckedUserPatterns, qualifiedPattern3, hTTPMethods, uRLPattern3.getTransport());
        }
        for (URLPattern uRLPattern4 : this.allSet) {
            String qualifiedPattern4 = uRLPattern4.getQualifiedPattern(this.allSet);
            HTTPMethods complementedHTTPMethods = uRLPattern4.getComplementedHTTPMethods();
            if (!complementedHTTPMethods.isNone()) {
                addOrUpdatePattern(this.uncheckedResourcePatterns, qualifiedPattern4, complementedHTTPMethods, 0);
                addOrUpdatePattern(this.uncheckedUserPatterns, qualifiedPattern4, complementedHTTPMethods, 0);
            }
        }
        if (!this.allMap.containsKey("/")) {
            URLPattern uRLPattern5 = new URLPattern("/", Collections.EMPTY_SET, false);
            String qualifiedPattern5 = uRLPattern5.getQualifiedPattern(this.allSet);
            HTTPMethods complementedHTTPMethods2 = uRLPattern5.getComplementedHTTPMethods();
            addOrUpdatePattern(this.uncheckedResourcePatterns, qualifiedPattern5, complementedHTTPMethods2, 0);
            addOrUpdatePattern(this.uncheckedUserPatterns, qualifiedPattern5, complementedHTTPMethods2, 0);
        }
        for (UncheckedItem uncheckedItem : this.uncheckedResourcePatterns.keySet()) {
            this.policyConfiguration.addToUncheckedPolicy((Permission) new WebResourcePermission(uncheckedItem.getName(), URLPattern.getMethodsWithTransport(this.uncheckedResourcePatterns.get(uncheckedItem), uncheckedItem.getTransportType())));
        }
        for (UncheckedItem uncheckedItem2 : this.uncheckedUserPatterns.keySet()) {
            this.policyConfiguration.addToUncheckedPolicy((Permission) new WebUserDataPermission(uncheckedItem2.getName(), URLPattern.getMethodsWithTransport(this.uncheckedUserPatterns.get(uncheckedItem2), uncheckedItem2.getTransportType())));
        }
        return this.policyConfiguration.getComponentPermissions();
    }

    private void addOrUpdatePattern(Map<UncheckedItem, HTTPMethods> map, String str, HTTPMethods hTTPMethods, int i) {
        UncheckedItem uncheckedItem = new UncheckedItem(str, i);
        HTTPMethods hTTPMethods2 = map.get(uncheckedItem);
        if (hTTPMethods2 != null) {
            map.put(uncheckedItem, hTTPMethods2.add(hTTPMethods));
        } else {
            map.put(uncheckedItem, new HTTPMethods(hTTPMethods, false));
        }
    }

    protected void processRoleRefPermissions(ServletType servletType) throws PolicyContextException {
        String trim = servletType.getServletName().getStringValue().trim();
        SecurityRoleRefType[] securityRoleRefArray = servletType.getSecurityRoleRefArray();
        HashSet<String> hashSet = new HashSet(this.securityRoles);
        for (SecurityRoleRefType securityRoleRefType : securityRoleRefArray) {
            String trim2 = securityRoleRefType.getRoleName().getStringValue().trim();
            this.policyConfiguration.addToRole(securityRoleRefType.getRoleLink().getStringValue().trim(), (Permission) new WebRoleRefPermission(trim, trim2));
            hashSet.remove(trim2);
        }
        for (String str : hashSet) {
            this.policyConfiguration.addToRole(str, (Permission) new WebRoleRefPermission(trim, str));
        }
    }

    protected void addUnmappedJSPPermissions() throws PolicyContextException {
        for (String str : this.securityRoles) {
            this.policyConfiguration.addToRole(str, (Permission) new WebRoleRefPermission("", str));
        }
    }

    protected void collectRoleNames(SecurityRoleType[] securityRoleTypeArr) {
        for (SecurityRoleType securityRoleType : securityRoleTypeArr) {
            this.securityRoles.add(securityRoleType.getRoleName().getStringValue().trim());
        }
    }

    private void initialize() {
        for (SecurityConstraintType securityConstraintType : this.initialWebApp.getSecurityConstraintArray()) {
            for (WebResourceCollectionType webResourceCollectionType : securityConstraintType.getWebResourceCollectionArray()) {
                for (UrlPatternType urlPatternType : webResourceCollectionType.getUrlPatternArray()) {
                    this.urlPatternsConfiguredInDeploymentPlans.add(urlPatternType.getStringValue());
                }
            }
        }
        if (this.annotationScanRequired) {
            this.annotationSecurityWebApp = WebAppType.Factory.newInstance();
            scanServletConstraintAnnotations();
        }
    }

    private void scanServletConstraintAnnotations() {
        ServletSecurity annotation;
        try {
            Map<String, Set<String>> genetateServletClassUrlPatternsMap = genetateServletClassUrlPatternsMap();
            for (ServletType servletType : this.initialWebApp.getServletArray()) {
                if (servletType.getServletClass() != null && !servletType.getServletClass().getStringValue().isEmpty()) {
                    String stringValue = servletType.getServletClass().getStringValue();
                    Class loadClass = this.bundle.loadClass(stringValue);
                    if (Servlet.class.isAssignableFrom(loadClass) && (annotation = loadClass.getAnnotation(ServletSecurity.class)) != null) {
                        Set<String> set = genetateServletClassUrlPatternsMap.get(stringValue);
                        if (set != null && !set.isEmpty()) {
                            HttpConstraint value = annotation.value();
                            if (annotation.httpMethodConstraints().length > 0) {
                                String[] strArr = new String[annotation.httpMethodConstraints().length];
                                int i = 0;
                                for (HttpMethodConstraint httpMethodConstraint : annotation.httpMethodConstraints()) {
                                    String trim = httpMethodConstraint.value().trim();
                                    int i2 = i;
                                    i++;
                                    strArr[i2] = trim;
                                    addNewHTTPMethodSecurityConstraint(this.annotationSecurityWebApp, httpMethodConstraint.rolesAllowed(), httpMethodConstraint.transportGuarantee(), httpMethodConstraint.emptyRoleSemantic(), trim, set);
                                }
                                addNewHTTPSecurityConstraint(this.annotationSecurityWebApp, value.rolesAllowed(), value.transportGuarantee(), value.value(), strArr, set);
                            } else {
                                addNewHTTPSecurityConstraint(this.annotationSecurityWebApp, value.rolesAllowed(), value.transportGuarantee(), value.value(), new String[0], set);
                            }
                        } else if (logger.isDebugEnabled()) {
                            logger.debug("No url pattern for the servlet class " + stringValue + " is found in the deployment plan, SecurityConstraint annotation is ignored");
                        }
                    }
                }
            }
        } catch (ClassNotFoundException e) {
            logger.error("Fail to load class", e);
        }
    }

    private SecurityConstraintType addNewSecurityConstraint(WebAppType webAppType, String[] strArr, ServletSecurity.TransportGuarantee transportGuarantee, ServletSecurity.EmptyRoleSemantic emptyRoleSemantic) {
        if (strArr.length <= 0 && !transportGuarantee.equals(ServletSecurity.TransportGuarantee.CONFIDENTIAL) && !emptyRoleSemantic.equals(ServletSecurity.EmptyRoleSemantic.DENY)) {
            return null;
        }
        SecurityConstraintType addNewSecurityConstraint = webAppType.addNewSecurityConstraint();
        if (transportGuarantee.equals(ServletSecurity.TransportGuarantee.CONFIDENTIAL)) {
            addNewSecurityConstraint.addNewUserDataConstraint().addNewTransportGuarantee().setStringValue(ServletSecurity.TransportGuarantee.CONFIDENTIAL.name());
        }
        if (emptyRoleSemantic.equals(ServletSecurity.EmptyRoleSemantic.DENY)) {
            addNewSecurityConstraint.addNewAuthConstraint();
        } else {
            AuthConstraintType addNewAuthConstraint = addNewSecurityConstraint.addNewAuthConstraint();
            for (String str : strArr) {
                addNewAuthConstraint.addNewRoleName().setStringValue(str);
            }
        }
        return addNewSecurityConstraint;
    }

    private SecurityConstraintType addNewHTTPSecurityConstraint(WebAppType webAppType, String[] strArr, ServletSecurity.TransportGuarantee transportGuarantee, ServletSecurity.EmptyRoleSemantic emptyRoleSemantic, String[] strArr2, Collection<String> collection) {
        SecurityConstraintType addNewSecurityConstraint = addNewSecurityConstraint(webAppType, strArr, transportGuarantee, emptyRoleSemantic);
        if (strArr2.length > 0 || addNewSecurityConstraint != null) {
            if (addNewSecurityConstraint == null) {
                addNewSecurityConstraint = webAppType.addNewSecurityConstraint();
            }
            WebResourceCollectionType addNewWebResourceCollection = addNewSecurityConstraint.getWebResourceCollectionArray().length == 0 ? addNewSecurityConstraint.addNewWebResourceCollection() : addNewSecurityConstraint.getWebResourceCollectionArray(0);
            for (String str : strArr2) {
                addNewWebResourceCollection.addNewHttpMethodOmission().setStringValue(str);
            }
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                addNewWebResourceCollection.addNewUrlPattern().setStringValue(it.next());
            }
        }
        return addNewSecurityConstraint;
    }

    private SecurityConstraintType addNewHTTPMethodSecurityConstraint(WebAppType webAppType, String[] strArr, ServletSecurity.TransportGuarantee transportGuarantee, ServletSecurity.EmptyRoleSemantic emptyRoleSemantic, String str, Collection<String> collection) {
        SecurityConstraintType addNewSecurityConstraint = addNewSecurityConstraint(webAppType, strArr, transportGuarantee, emptyRoleSemantic);
        if (addNewSecurityConstraint == null) {
            addNewSecurityConstraint = webAppType.addNewSecurityConstraint();
        }
        WebResourceCollectionType addNewWebResourceCollection = addNewSecurityConstraint.getWebResourceCollectionArray().length == 0 ? addNewSecurityConstraint.addNewWebResourceCollection() : addNewSecurityConstraint.getWebResourceCollectionArray(0);
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            addNewWebResourceCollection.addNewUrlPattern().setStringValue(it.next());
        }
        addNewWebResourceCollection.addNewHttpMethod().setStringValue(str);
        return addNewSecurityConstraint;
    }

    private Map<String, Set<String>> genetateServletClassUrlPatternsMap() {
        HashMap hashMap = new HashMap();
        for (ServletMappingType servletMappingType : this.initialWebApp.getServletMappingArray()) {
            String stringValue = servletMappingType.getServletName().getStringValue();
            Set set = (Set) hashMap.get(stringValue);
            if (set == null) {
                set = new HashSet();
                hashMap.put(stringValue, set);
            }
            for (UrlPatternType urlPatternType : servletMappingType.getUrlPatternArray()) {
                if (!this.urlPatternsConfiguredInDeploymentPlans.contains(urlPatternType.getStringValue())) {
                    set.add(urlPatternType.getStringValue());
                }
            }
        }
        HashMap hashMap2 = new HashMap();
        for (ServletType servletType : this.initialWebApp.getServletArray()) {
            if (servletType.getServletClass() != null && !servletType.getServletClass().getStringValue().isEmpty()) {
                String stringValue2 = servletType.getServletClass().getStringValue();
                Set set2 = (Set) hashMap2.get(servletType.getServletClass().getStringValue());
                if (set2 == null) {
                    set2 = new HashSet();
                    hashMap2.put(stringValue2, set2);
                }
                Set set3 = (Set) hashMap.get(servletType.getServletName().getStringValue());
                if (set3 != null) {
                    set2.addAll(set3);
                }
            }
        }
        return hashMap2;
    }

    public void clear() {
        this.securityRoles.clear();
        this.uncheckedPatterns.clear();
        this.uncheckedResourcePatterns.clear();
        this.uncheckedUserPatterns.clear();
        this.excludedPatterns.clear();
        this.rolesPatterns.clear();
        this.allSet.clear();
        this.allMap.clear();
        this.initialWebApp = null;
        this.bundle = null;
        this.urlPatternsConfiguredInDeploymentPlans = null;
        this.dynamicSecurityWebApp = null;
        this.annotationSecurityWebApp = null;
    }
}
