package org.apache.tomcat.util.descriptor.web;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.HttpConstraintElement;
import javax.servlet.HttpMethodConstraintElement;
import javax.servlet.ServletSecurityElement;
import javax.servlet.annotation.ServletSecurity;
import org.apache.juli.logging.Log;
import org.apache.tomcat.util.res.StringManager;

/* loaded from: input_file:org/apache/tomcat/util/descriptor/web/SecurityConstraint.class */
public class SecurityConstraint implements Serializable {
    private static final long serialVersionUID = 1;
    public static final String ROLE_ALL_ROLES = "*";
    public static final String ROLE_ALL_AUTHENTICATED_USERS = "**";
    private static final StringManager sm = StringManager.getManager(Constants.PACKAGE_NAME);
    private boolean allRoles = false;
    private boolean authenticatedUsers = false;
    private boolean authConstraint = false;
    private String[] authRoles = new String[0];
    private SecurityCollection[] collections = new SecurityCollection[0];
    private String displayName = null;
    private String userConstraint = "NONE";

    public boolean getAllRoles() {
        return this.allRoles;
    }

    public boolean getAuthenticatedUsers() {
        return this.authenticatedUsers;
    }

    public boolean getAuthConstraint() {
        return this.authConstraint;
    }

    public void setAuthConstraint(boolean z) {
        this.authConstraint = z;
    }

    public String getDisplayName() {
        return this.displayName;
    }

    public void setDisplayName(String str) {
        this.displayName = str;
    }

    public String getUserConstraint() {
        return this.userConstraint;
    }

    public void setUserConstraint(String str) {
        if (str != null) {
            this.userConstraint = str;
        }
    }

    public void treatAllAuthenticatedUsersAsApplicationRole() {
        if (this.authenticatedUsers) {
            this.authenticatedUsers = false;
            String[] strArr = new String[this.authRoles.length + 1];
            for (int i = 0; i < this.authRoles.length; i++) {
                strArr[i] = this.authRoles[i];
            }
            strArr[this.authRoles.length] = ROLE_ALL_AUTHENTICATED_USERS;
            this.authRoles = strArr;
            this.authConstraint = true;
        }
    }

    public void addAuthRole(String str) {
        if (str == null) {
            return;
        }
        if (ROLE_ALL_ROLES.equals(str)) {
            this.allRoles = true;
            return;
        }
        if (ROLE_ALL_AUTHENTICATED_USERS.equals(str)) {
            this.authenticatedUsers = true;
            return;
        }
        String[] strArr = new String[this.authRoles.length + 1];
        for (int i = 0; i < this.authRoles.length; i++) {
            strArr[i] = this.authRoles[i];
        }
        strArr[this.authRoles.length] = str;
        this.authRoles = strArr;
        this.authConstraint = true;
    }

    public void addCollection(SecurityCollection securityCollection) {
        if (securityCollection == null) {
            return;
        }
        SecurityCollection[] securityCollectionArr = new SecurityCollection[this.collections.length + 1];
        for (int i = 0; i < this.collections.length; i++) {
            securityCollectionArr[i] = this.collections[i];
        }
        securityCollectionArr[this.collections.length] = securityCollection;
        this.collections = securityCollectionArr;
    }

    public boolean findAuthRole(String str) {
        if (str == null) {
            return false;
        }
        for (int i = 0; i < this.authRoles.length; i++) {
            if (str.equals(this.authRoles[i])) {
                return true;
            }
        }
        return false;
    }

    public String[] findAuthRoles() {
        return this.authRoles;
    }

    public SecurityCollection findCollection(String str) {
        if (str == null) {
            return null;
        }
        for (int i = 0; i < this.collections.length; i++) {
            if (str.equals(this.collections[i].getName())) {
                return this.collections[i];
            }
        }
        return null;
    }

    public SecurityCollection[] findCollections() {
        return this.collections;
    }

    public boolean included(String str, String str2) {
        if (str2 == null) {
            return false;
        }
        for (int i = 0; i < this.collections.length; i++) {
            if (this.collections[i].findMethod(str2)) {
                for (String str3 : this.collections[i].findPatterns()) {
                    if (matchPattern(str, str3)) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    public void removeAuthRole(String str) {
        if (str == null) {
            return;
        }
        if (ROLE_ALL_ROLES.equals(str)) {
            this.allRoles = false;
            return;
        }
        if (ROLE_ALL_AUTHENTICATED_USERS.equals(str)) {
            this.authenticatedUsers = false;
            return;
        }
        int i = -1;
        int i2 = 0;
        while (true) {
            if (i2 >= this.authRoles.length) {
                break;
            }
            if (this.authRoles[i2].equals(str)) {
                i = i2;
                break;
            }
            i2++;
        }
        if (i >= 0) {
            int i3 = 0;
            String[] strArr = new String[this.authRoles.length - 1];
            for (int i4 = 0; i4 < this.authRoles.length; i4++) {
                if (i4 != i) {
                    int i5 = i3;
                    i3++;
                    strArr[i5] = this.authRoles[i4];
                }
            }
            this.authRoles = strArr;
        }
    }

    public void removeCollection(SecurityCollection securityCollection) {
        if (securityCollection == null) {
            return;
        }
        int i = -1;
        int i2 = 0;
        while (true) {
            if (i2 >= this.collections.length) {
                break;
            }
            if (this.collections[i2].equals(securityCollection)) {
                i = i2;
                break;
            }
            i2++;
        }
        if (i >= 0) {
            int i3 = 0;
            SecurityCollection[] securityCollectionArr = new SecurityCollection[this.collections.length - 1];
            for (int i4 = 0; i4 < this.collections.length; i4++) {
                if (i4 != i) {
                    int i5 = i3;
                    i3++;
                    securityCollectionArr[i5] = this.collections[i4];
                }
            }
            this.collections = securityCollectionArr;
        }
    }

    public String toString() {
        StringBuilder sb = new StringBuilder("SecurityConstraint[");
        for (int i = 0; i < this.collections.length; i++) {
            if (i > 0) {
                sb.append(", ");
            }
            sb.append(this.collections[i].getName());
        }
        sb.append("]");
        return sb.toString();
    }

    private boolean matchPattern(String str, String str2) {
        if (str == null || str.length() == 0) {
            str = "/";
        }
        if (str2 == null || str2.length() == 0) {
            str2 = "/";
        }
        if (str.equals(str2)) {
            return true;
        }
        if (!str2.startsWith("/") || !str2.endsWith("/*")) {
            if (!str2.startsWith("*.")) {
                return str2.equals("/");
            }
            int lastIndexOf = str.lastIndexOf(47);
            return lastIndexOf >= 0 && str.lastIndexOf(46) > lastIndexOf && str.endsWith(str2.substring(1));
        }
        String substring = str2.substring(0, str2.length() - 2);
        if (substring.length() == 0) {
            return true;
        }
        if (str.endsWith("/")) {
            str = str.substring(0, str.length() - 1);
        }
        while (!substring.equals(str)) {
            int lastIndexOf2 = str.lastIndexOf(47);
            if (lastIndexOf2 <= 0) {
                return false;
            }
            str = str.substring(0, lastIndexOf2);
        }
        return true;
    }

    public static SecurityConstraint[] createConstraints(ServletSecurityElement servletSecurityElement, String str) {
        HashSet hashSet = new HashSet();
        for (HttpMethodConstraintElement httpMethodConstraintElement : servletSecurityElement.getHttpMethodConstraints()) {
            SecurityConstraint createConstraint = createConstraint(httpMethodConstraintElement, str, true);
            createConstraint.findCollections()[0].addMethod(httpMethodConstraintElement.getMethodName());
            hashSet.add(createConstraint);
        }
        SecurityConstraint createConstraint2 = createConstraint(servletSecurityElement, str, false);
        if (createConstraint2 != null) {
            SecurityCollection securityCollection = createConstraint2.findCollections()[0];
            Iterator it = servletSecurityElement.getMethodNames().iterator();
            while (it.hasNext()) {
                securityCollection.addOmittedMethod((String) it.next());
            }
            hashSet.add(createConstraint2);
        }
        return (SecurityConstraint[]) hashSet.toArray(new SecurityConstraint[hashSet.size()]);
    }

    private static SecurityConstraint createConstraint(HttpConstraintElement httpConstraintElement, String str, boolean z) {
        SecurityConstraint securityConstraint = new SecurityConstraint();
        SecurityCollection securityCollection = new SecurityCollection();
        boolean z2 = z;
        if (httpConstraintElement.getTransportGuarantee() != ServletSecurity.TransportGuarantee.NONE) {
            securityConstraint.setUserConstraint(httpConstraintElement.getTransportGuarantee().name());
            z2 = true;
        }
        if (httpConstraintElement.getRolesAllowed().length > 0) {
            for (String str2 : httpConstraintElement.getRolesAllowed()) {
                securityConstraint.addAuthRole(str2);
            }
            z2 = true;
        }
        if (httpConstraintElement.getEmptyRoleSemantic() != ServletSecurity.EmptyRoleSemantic.PERMIT) {
            securityConstraint.setAuthConstraint(true);
            z2 = true;
        }
        if (!z2) {
            return null;
        }
        securityCollection.addPattern(str);
        securityConstraint.addCollection(securityCollection);
        return securityConstraint;
    }

    public static SecurityConstraint[] findUncoveredHttpMethods(SecurityConstraint[] securityConstraintArr, boolean z, Log log) {
        HashSet hashSet = new HashSet();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        ArrayList arrayList = new ArrayList();
        for (SecurityConstraint securityConstraint : securityConstraintArr) {
            for (SecurityCollection securityCollection : securityConstraint.findCollections()) {
                String[] findPatterns = securityCollection.findPatterns();
                String[] findMethods = securityCollection.findMethods();
                String[] findOmittedMethods = securityCollection.findOmittedMethods();
                if (findMethods.length == 0 && findOmittedMethods.length == 0) {
                    for (String str : findPatterns) {
                        hashSet.add(str);
                    }
                } else {
                    List asList = findOmittedMethods.length != 0 ? Arrays.asList(findOmittedMethods) : null;
                    for (String str2 : findPatterns) {
                        if (!hashSet.contains(str2)) {
                            if (findMethods.length == 0) {
                                Set set = (Set) hashMap2.get(str2);
                                if (set == null) {
                                    HashSet hashSet2 = new HashSet();
                                    hashMap2.put(str2, hashSet2);
                                    hashSet2.addAll(asList);
                                } else {
                                    set.retainAll(asList);
                                }
                            } else {
                                Set set2 = (Set) hashMap.get(str2);
                                if (set2 == null) {
                                    set2 = new HashSet();
                                    hashMap.put(str2, set2);
                                }
                                for (String str3 : findMethods) {
                                    set2.add(str3);
                                }
                            }
                        }
                    }
                }
            }
        }
        for (Map.Entry entry : hashMap.entrySet()) {
            String str4 = (String) entry.getKey();
            if (hashSet.contains(str4)) {
                hashMap2.remove(str4);
            } else {
                Set set3 = (Set) hashMap2.remove(str4);
                Set set4 = (Set) entry.getValue();
                if (set3 == null) {
                    StringBuilder sb = new StringBuilder();
                    Iterator it = set4.iterator();
                    while (it.hasNext()) {
                        sb.append((String) it.next());
                        sb.append(' ');
                    }
                    if (z) {
                        log.info(sm.getString("securityConstraint.uncoveredHttpMethodFix", new Object[]{str4, sb.toString().trim()}));
                        SecurityCollection securityCollection2 = new SecurityCollection();
                        Iterator it2 = set4.iterator();
                        while (it2.hasNext()) {
                            securityCollection2.addOmittedMethod((String) it2.next());
                        }
                        securityCollection2.addPattern(str4);
                        securityCollection2.setName("deny-uncovered-http-methods");
                        SecurityConstraint securityConstraint2 = new SecurityConstraint();
                        securityConstraint2.setAuthConstraint(true);
                        securityConstraint2.addCollection(securityCollection2);
                        arrayList.add(securityConstraint2);
                    } else {
                        log.error(sm.getString("securityConstraint.uncoveredHttpMethod", new Object[]{str4, sb.toString().trim()}));
                    }
                } else {
                    set3.removeAll(set4);
                    handleOmittedMethods(set3, str4, z, arrayList, log);
                }
            }
        }
        for (Map.Entry entry2 : hashMap2.entrySet()) {
            String str5 = (String) entry2.getKey();
            if (!hashSet.contains(str5)) {
                handleOmittedMethods((Set) entry2.getValue(), str5, z, arrayList, log);
            }
        }
        return (SecurityConstraint[]) arrayList.toArray(new SecurityConstraint[arrayList.size()]);
    }

    private static void handleOmittedMethods(Set<String> set, String str, boolean z, List<SecurityConstraint> list, Log log) {
        if (set.size() > 0) {
            StringBuilder sb = new StringBuilder();
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                sb.append(it.next());
                sb.append(' ');
            }
            if (!z) {
                log.error(sm.getString("securityConstraint.uncoveredHttpOmittedMethod", new Object[]{str, sb.toString().trim()}));
                return;
            }
            log.info(sm.getString("securityConstraint.uncoveredHttpOmittedMethodFix", new Object[]{str, sb.toString().trim()}));
            SecurityCollection securityCollection = new SecurityCollection();
            Iterator<String> it2 = set.iterator();
            while (it2.hasNext()) {
                securityCollection.addMethod(it2.next());
            }
            securityCollection.addPattern(str);
            securityCollection.setName("deny-uncovered-http-methods");
            SecurityConstraint securityConstraint = new SecurityConstraint();
            securityConstraint.setAuthConstraint(true);
            securityConstraint.addCollection(securityCollection);
            list.add(securityConstraint);
        }
    }
}
