package org.apache.tomee.catalina.security;

import jakarta.security.jacc.WebResourcePermission;
import jakarta.security.jacc.WebRoleRefPermission;
import jakarta.security.jacc.WebUserDataPermission;
import jakarta.servlet.ServletContext;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.catalina.Container;
import org.apache.catalina.Wrapper;
import org.apache.catalina.core.StandardContext;
import org.apache.openejb.assembler.classic.PolicyContext;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.hsqldb.Tokens;

/* loaded from: input_file:lib/tomee-catalina-9.1.0.jar:org/apache/tomee/catalina/security/TomcatSecurityConstaintsToJaccPermissionsTransformer.class */
public class TomcatSecurityConstaintsToJaccPermissionsTransformer {
    final StandardContext standardContext;
    private final List<SecurityConstraint> constraints;
    private final List<String> declaredRoles;
    private final boolean isDenyUncoveredHttpMethods;
    private final PolicyContext policyContext;
    private final Set<String> securityRoles = new HashSet();
    private final Map<String, URLPattern> uncheckedPatterns = new HashMap();
    private final Map<UncheckedItem, HTTPMethods> uncheckedResourcePatterns = new HashMap();
    private final Map<UncheckedItem, HTTPMethods> uncheckedUserPatterns = new HashMap();
    private final Map<String, URLPattern> excludedPatterns = new HashMap();
    private final Map<String, Map<String, URLPattern>> rolesPatterns = new HashMap();
    private final Set<URLPattern> allSet = new HashSet();
    private final Map<String, URLPattern> allMap = new HashMap();

    public TomcatSecurityConstaintsToJaccPermissionsTransformer(StandardContext standardContext) {
        this.standardContext = standardContext;
        this.constraints = new ArrayList(Arrays.asList(standardContext.findConstraints()));
        this.declaredRoles = Arrays.asList(standardContext.findSecurityRoles());
        this.isDenyUncoveredHttpMethods = standardContext.getDenyUncoveredHttpMethods();
        ServletContext servletContext = standardContext.getServletContext();
        this.policyContext = new PolicyContext(servletContext.getVirtualServerName() + " " + servletContext.getContextPath());
    }

    public PolicyContext createResourceAndDataPermissions() {
        this.securityRoles.addAll(this.declaredRoles);
        for (Container container : this.standardContext.findChildren()) {
            if (container instanceof Wrapper) {
                processRoleRefPermissions((Wrapper) container);
            }
        }
        addUnmappedJSPPermissions();
        analyzeSecurityConstraints();
        removeExcludedDups();
        buildPermissions();
        return this.policyContext;
    }

    private void analyzeSecurityConstraints() {
        for (SecurityConstraint securityConstraint : this.constraints) {
            Map<String, URLPattern> map = null;
            HashSet<String> hashSet = null;
            if (!securityConstraint.getAuthConstraint()) {
                map = this.uncheckedPatterns;
            } else if (securityConstraint.findAuthRoles().length == 0) {
                map = this.excludedPatterns;
            } else {
                hashSet = new HashSet(Arrays.asList(securityConstraint.findAuthRoles()));
                if (hashSet.remove("*")) {
                    hashSet.addAll(this.securityRoles);
                }
            }
            String userConstraint = securityConstraint.getUserConstraint() == null ? Tokens.T_NONE : securityConstraint.getUserConstraint();
            boolean z = map == null;
            if (securityConstraint.findCollections() != null) {
                for (SecurityCollection securityCollection : securityConstraint.findCollections()) {
                    for (String str : securityCollection.findPatterns()) {
                        if (z) {
                            for (String str2 : hashSet) {
                                Map<String, URLPattern> map2 = this.rolesPatterns.get(str2);
                                if (map2 == null) {
                                    map2 = new HashMap();
                                    this.rolesPatterns.put(str2, map2);
                                }
                                boolean z2 = false;
                                String[] findMethods = securityCollection.findMethods();
                                if (findMethods.length == 0) {
                                    z2 = true;
                                    findMethods = securityCollection.findOmittedMethods();
                                }
                                analyzeURLPattern(str, new HashSet(Arrays.asList(findMethods)), z2, userConstraint, map2);
                            }
                        } else {
                            boolean z3 = false;
                            String[] findMethods2 = securityCollection.findMethods();
                            if (findMethods2.length == 0) {
                                z3 = true;
                                findMethods2 = securityCollection.findOmittedMethods();
                            }
                            analyzeURLPattern(str, new HashSet(Arrays.asList(findMethods2)), z3, userConstraint, map);
                        }
                        URLPattern uRLPattern = this.allMap.get(str);
                        if (uRLPattern == null) {
                            boolean z4 = false;
                            String[] findMethods3 = securityCollection.findMethods();
                            if (findMethods3.length == 0) {
                                z4 = true;
                                findMethods3 = securityCollection.findOmittedMethods();
                            }
                            URLPattern uRLPattern2 = new URLPattern(str, new HashSet(Arrays.asList(findMethods3)), z4);
                            this.allSet.add(uRLPattern2);
                            this.allMap.put(str, uRLPattern2);
                        } else {
                            boolean z5 = false;
                            String[] findMethods4 = securityCollection.findMethods();
                            if (findMethods4.length == 0) {
                                z5 = true;
                                findMethods4 = securityCollection.findOmittedMethods();
                            }
                            uRLPattern.addMethods(new HashSet(Arrays.asList(findMethods4)), z5);
                        }
                    }
                }
            }
        }
    }

    private void analyzeURLPattern(String str, Set<String> set, boolean z, String str2, Map<String, URLPattern> map) {
        URLPattern uRLPattern = map.get(str);
        if (uRLPattern == null) {
            uRLPattern = new URLPattern(str, set, z);
            map.put(str, uRLPattern);
        } else {
            uRLPattern.addMethods(set, z);
        }
        uRLPattern.setTransport(str2);
    }

    private void removeExcludedDups() {
        for (Map.Entry<String, URLPattern> entry : this.excludedPatterns.entrySet()) {
            String key = entry.getKey();
            URLPattern value = entry.getValue();
            removeExcluded(key, value, this.uncheckedPatterns);
            Iterator<Map<String, URLPattern>> it = this.rolesPatterns.values().iterator();
            while (it.hasNext()) {
                removeExcluded(key, value, it.next());
            }
        }
    }

    private void removeExcluded(String str, URLPattern uRLPattern, Map<String, URLPattern> map) {
        URLPattern uRLPattern2 = map.get(str);
        if (uRLPattern2 == null || uRLPattern2.removeMethods(uRLPattern)) {
            return;
        }
        map.remove(str);
    }

    private void buildPermissions() {
        for (URLPattern uRLPattern : this.excludedPatterns.values()) {
            String qualifiedPattern = uRLPattern.getQualifiedPattern(this.allSet);
            String methods = uRLPattern.getMethods();
            this.policyContext.getExcludedPermissions().add(new WebResourcePermission(qualifiedPattern, methods));
            this.policyContext.getExcludedPermissions().add(new WebUserDataPermission(qualifiedPattern, methods));
        }
        for (Map.Entry<String, Map<String, URLPattern>> entry : this.rolesPatterns.entrySet()) {
            HashSet hashSet = new HashSet(entry.getValue().values());
            for (URLPattern uRLPattern2 : entry.getValue().values()) {
                String qualifiedPattern2 = uRLPattern2.getQualifiedPattern(hashSet);
                this.policyContext.addRole(entry.getKey(), new WebResourcePermission(qualifiedPattern2, uRLPattern2.getMethods()));
                addOrUpdatePattern(this.uncheckedUserPatterns, qualifiedPattern2, uRLPattern2.getHTTPMethods(), uRLPattern2.getTransport());
            }
        }
        for (URLPattern uRLPattern3 : this.uncheckedPatterns.values()) {
            String qualifiedPattern3 = uRLPattern3.getQualifiedPattern(this.allSet);
            HTTPMethods hTTPMethods = uRLPattern3.getHTTPMethods();
            addOrUpdatePattern(this.uncheckedResourcePatterns, qualifiedPattern3, hTTPMethods, 0);
            addOrUpdatePattern(this.uncheckedUserPatterns, qualifiedPattern3, hTTPMethods, uRLPattern3.getTransport());
        }
        for (URLPattern uRLPattern4 : this.allSet) {
            String qualifiedPattern4 = uRLPattern4.getQualifiedPattern(this.allSet);
            HTTPMethods complementedHTTPMethods = uRLPattern4.getComplementedHTTPMethods();
            if (!complementedHTTPMethods.isNone()) {
                addOrUpdatePattern(this.uncheckedResourcePatterns, qualifiedPattern4, complementedHTTPMethods, 0);
                addOrUpdatePattern(this.uncheckedUserPatterns, qualifiedPattern4, complementedHTTPMethods, 0);
            }
        }
        if (!this.allMap.containsKey("/")) {
            URLPattern uRLPattern5 = new URLPattern("/", Collections.emptySet(), false);
            String qualifiedPattern5 = uRLPattern5.getQualifiedPattern(this.allSet);
            HTTPMethods complementedHTTPMethods2 = uRLPattern5.getComplementedHTTPMethods();
            addOrUpdatePattern(this.uncheckedResourcePatterns, qualifiedPattern5, complementedHTTPMethods2, 0);
            addOrUpdatePattern(this.uncheckedUserPatterns, qualifiedPattern5, complementedHTTPMethods2, 0);
        }
        for (UncheckedItem uncheckedItem : this.uncheckedResourcePatterns.keySet()) {
            this.policyContext.getUncheckedPermissions().add(new WebResourcePermission(uncheckedItem.getName(), URLPattern.getMethodsWithTransport(this.uncheckedResourcePatterns.get(uncheckedItem), uncheckedItem.getTransportType())));
        }
        for (UncheckedItem uncheckedItem2 : this.uncheckedUserPatterns.keySet()) {
            this.policyContext.getUncheckedPermissions().add(new WebUserDataPermission(uncheckedItem2.getName(), URLPattern.getMethodsWithTransport(this.uncheckedUserPatterns.get(uncheckedItem2), uncheckedItem2.getTransportType())));
        }
    }

    private void addOrUpdatePattern(Map<UncheckedItem, HTTPMethods> map, String str, HTTPMethods hTTPMethods, int i) {
        UncheckedItem uncheckedItem = new UncheckedItem(str, i);
        HTTPMethods hTTPMethods2 = map.get(uncheckedItem);
        if (hTTPMethods2 != null) {
            map.put(uncheckedItem, hTTPMethods2.add(hTTPMethods));
        } else {
            map.put(uncheckedItem, new HTTPMethods(hTTPMethods, false));
        }
    }

    protected void processRoleRefPermissions(Wrapper wrapper) {
        String name = wrapper.getName();
        HashSet<String> hashSet = new HashSet(this.securityRoles);
        for (String str : wrapper.findSecurityReferences()) {
            this.policyContext.addRole(wrapper.findSecurityReference(str), new WebRoleRefPermission(name, str));
            hashSet.remove(str);
        }
        for (String str2 : hashSet) {
            this.policyContext.addRole(str2, new WebRoleRefPermission(name, str2));
        }
    }

    protected void addUnmappedJSPPermissions() {
        for (String str : this.securityRoles) {
            this.policyContext.addRole(str, new WebRoleRefPermission("", str));
        }
    }
}
