package org.jboss.aspects.security;

import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javassist.CtConstructor;
import javassist.CtField;
import javassist.CtMethod;
import javassist.NotFoundException;
import javax.naming.InitialContext;
import org.jboss.aop.Advisor;
import org.jboss.aop.metadata.ClassMetaDataBinding;
import org.jboss.aop.metadata.ClassMetaDataLoader;
import org.jboss.aop.util.PayloadKey;
import org.jboss.aop.util.XmlHelper;
import org.jboss.security.AnybodyPrincipal;
import org.jboss.security.NobodyPrincipal;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.spi.RFC2617Digest;
import org.w3c.dom.Element;

/* loaded from: input_file:org/jboss/aspects/security/SecurityClassMetaDataLoader.class */
public class SecurityClassMetaDataLoader implements ClassMetaDataLoader {
    @Override // org.jboss.aop.metadata.ClassMetaDataLoader
    public ClassMetaDataBinding importMetaData(Element element, String str, String str2, String str3) throws Exception {
        SecurityClassMetaDataBinding securityClassMetaDataBinding = new SecurityClassMetaDataBinding(this, str, str2, str3);
        ArrayList loadSecurityRoles = loadSecurityRoles(element);
        ArrayList loadMethodPermissions = loadMethodPermissions(element);
        ArrayList loadMethodExcludeList = loadMethodExcludeList(element);
        HashMap loadFieldPermissions = loadFieldPermissions(element);
        ArrayList loadFieldExcludeList = loadFieldExcludeList(element);
        ArrayList loadConstructorPermissions = loadConstructorPermissions(element);
        ArrayList loadConstructorExcludeList = loadConstructorExcludeList(element);
        String loadRunAs = loadRunAs(element);
        String optionalChildContent = XmlHelper.getOptionalChildContent(element, "security-domain");
        if (optionalChildContent == null) {
            throw new RuntimeException("you must define a security-domain");
        }
        securityClassMetaDataBinding.setSecurityDomain(optionalChildContent);
        securityClassMetaDataBinding.setSecurityRoles(loadSecurityRoles);
        securityClassMetaDataBinding.setMethodPermissions(loadMethodPermissions);
        securityClassMetaDataBinding.setMethodExcludeList(loadMethodExcludeList);
        securityClassMetaDataBinding.setFieldPermissions(loadFieldPermissions);
        securityClassMetaDataBinding.setFieldExcludeList(loadFieldExcludeList);
        securityClassMetaDataBinding.setConstructorPermissions(loadConstructorPermissions);
        securityClassMetaDataBinding.setConstructorExcludeList(loadConstructorExcludeList);
        securityClassMetaDataBinding.setRunAs(loadRunAs);
        return securityClassMetaDataBinding;
    }

    @Override // org.jboss.aop.metadata.ClassMetaDataLoader
    public void bind(Advisor advisor, ClassMetaDataBinding classMetaDataBinding, Method[] methodArr, Field[] fieldArr, Constructor[] constructorArr) throws Exception {
        SecurityClassMetaDataBinding securityClassMetaDataBinding = (SecurityClassMetaDataBinding) classMetaDataBinding;
        try {
            Object lookup = new InitialContext().lookup("java:/jaas/" + securityClassMetaDataBinding.getSecurityDomain());
            advisor.getDefaultMetaData().addMetaData("security", "authentication-manager", lookup, PayloadKey.TRANSIENT);
            advisor.getDefaultMetaData().addMetaData("security", "realm-mapping", lookup, PayloadKey.TRANSIENT);
            for (int i = 0; i < methodArr.length; i++) {
                Set methodPermissions = getMethodPermissions(methodArr[i], securityClassMetaDataBinding);
                if (methodPermissions != null) {
                    advisor.getMethodMetaData().addMethodMetaData(methodArr[i], "security", "roles", methodPermissions, PayloadKey.TRANSIENT);
                }
            }
            for (int i2 = 0; i2 < fieldArr.length; i2++) {
                Set fieldPermissions = getFieldPermissions(fieldArr[i2], securityClassMetaDataBinding);
                if (fieldPermissions != null) {
                    advisor.getFieldMetaData().addFieldMetaData(fieldArr[i2], "security", "roles", fieldPermissions, PayloadKey.TRANSIENT);
                }
            }
            for (int i3 = 0; i3 < constructorArr.length; i3++) {
                Set constructorPermissions = getConstructorPermissions(constructorArr[i3], securityClassMetaDataBinding);
                if (constructorPermissions != null) {
                    advisor.getConstructorMetaData().addConstructorMetaData(constructorArr[i3], "security", "roles", constructorPermissions, PayloadKey.TRANSIENT);
                }
            }
            if (securityClassMetaDataBinding.getRunAs() != null) {
                advisor.getDefaultMetaData().addMetaData("security", "run-as", new SimplePrincipal(securityClassMetaDataBinding.getRunAs()), PayloadKey.TRANSIENT);
            }
        } catch (Exception e) {
            throw new RuntimeException("failed to load security domain: " + securityClassMetaDataBinding.getSecurityDomain(), e);
        }
    }

    public Set getMethodPermissions(Method method, SecurityClassMetaDataBinding securityClassMetaDataBinding) {
        HashSet hashSet = new HashSet();
        Iterator it = securityClassMetaDataBinding.getMethodExcludeList().iterator();
        while (it.hasNext()) {
            if (((SecurityMethodConfig) it.next()).patternMatches(method)) {
                hashSet.add(NobodyPrincipal.NOBODY_PRINCIPAL);
                return hashSet;
            }
        }
        Iterator it2 = securityClassMetaDataBinding.getMethodPermissions().iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            SecurityMethodConfig securityMethodConfig = (SecurityMethodConfig) it2.next();
            if (securityMethodConfig.patternMatches(method)) {
                if (securityMethodConfig.isUnchecked()) {
                    hashSet.clear();
                    hashSet.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
                    break;
                }
                Iterator it3 = securityMethodConfig.getRoles().iterator();
                while (it3.hasNext()) {
                    hashSet.add(new SimplePrincipal((String) it3.next()));
                }
            }
        }
        if (hashSet.isEmpty()) {
            hashSet = null;
        }
        return hashSet;
    }

    public Set getFieldPermissions(Field field, SecurityClassMetaDataBinding securityClassMetaDataBinding) {
        String name = field.getName();
        HashSet hashSet = new HashSet();
        Iterator it = securityClassMetaDataBinding.getFieldExcludeList().iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (str.equals("*") || str.equals(name)) {
                hashSet.add(NobodyPrincipal.NOBODY_PRINCIPAL);
                return hashSet;
            }
        }
        Iterator it2 = securityClassMetaDataBinding.getFieldPermissions().keySet().iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            String str2 = (String) it2.next();
            if (str2.equals("*") || str2.equals(name)) {
                Object obj = securityClassMetaDataBinding.getFieldPermissions().get(str2);
                if (obj instanceof Boolean) {
                    hashSet.clear();
                    hashSet.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
                    break;
                }
                Iterator it3 = ((Set) obj).iterator();
                while (it3.hasNext()) {
                    hashSet.add(new SimplePrincipal((String) it3.next()));
                }
            }
        }
        if (hashSet.isEmpty()) {
            hashSet = null;
        }
        return hashSet;
    }

    protected String loadRunAs(Element element) throws Exception {
        Element optionalChild = XmlHelper.getOptionalChild(element, "security-identity");
        if (optionalChild == null) {
            return null;
        }
        Element optionalChild2 = XmlHelper.getOptionalChild(optionalChild, "use-caller-identity");
        Element optionalChild3 = XmlHelper.getOptionalChild(optionalChild, "run-as");
        if (optionalChild2 == null && optionalChild3 == null) {
            throw new RuntimeException("security-identity: either use-caller-identity or run-as must be specified");
        }
        if (optionalChild2 != null && optionalChild3 != null) {
            throw new RuntimeException("security-identity: only one of use-caller-identity or run-as can be specified");
        }
        String str = null;
        if (optionalChild3 != null) {
            str = XmlHelper.getElementContent(XmlHelper.getUniqueChild(optionalChild3, "role-name"));
        }
        return str;
    }

    protected ArrayList loadSecurityRoles(Element element) throws Exception {
        ArrayList arrayList = new ArrayList();
        Iterator childrenByTagName = XmlHelper.getChildrenByTagName(element, "security-role");
        while (childrenByTagName.hasNext()) {
            try {
                arrayList.add(XmlHelper.getUniqueChildContent((Element) childrenByTagName.next(), "role-name"));
            } catch (Exception e) {
                throw new RuntimeException("Error in metadata for security-role: ", e);
            }
        }
        return arrayList;
    }

    protected ArrayList loadMethodPermissions(Element element) throws Exception {
        ArrayList arrayList = new ArrayList();
        Iterator childrenByTagName = XmlHelper.getChildrenByTagName(element, "method-permission");
        while (childrenByTagName.hasNext()) {
            Element element2 = (Element) childrenByTagName.next();
            boolean z = false;
            HashSet hashSet = null;
            if (XmlHelper.getOptionalChild(element2, "unchecked") != null) {
                z = true;
            } else {
                hashSet = new HashSet();
                Iterator childrenByTagName2 = XmlHelper.getChildrenByTagName(element2, "role-name");
                while (childrenByTagName2.hasNext()) {
                    hashSet.add(XmlHelper.getElementContent((Element) childrenByTagName2.next()));
                }
                if (hashSet.size() == 0) {
                    throw new RuntimeException("An unchecked element in security metadata or one or more role-name elements must be specified in method-permission");
                }
            }
            Iterator childrenByTagName3 = XmlHelper.getChildrenByTagName(element2, RFC2617Digest.METHOD);
            while (childrenByTagName3.hasNext()) {
                SecurityMethodConfig securityMethodConfig = new SecurityMethodConfig();
                securityMethodConfig.importXml((Element) childrenByTagName3.next());
                if (z) {
                    securityMethodConfig.setUnchecked();
                    arrayList.add(0, securityMethodConfig);
                } else {
                    securityMethodConfig.setRoles(hashSet);
                    arrayList.add(securityMethodConfig);
                }
            }
        }
        return arrayList;
    }

    protected ArrayList loadMethodExcludeList(Element element) throws Exception {
        ArrayList arrayList = new ArrayList();
        Element optionalChild = XmlHelper.getOptionalChild(element, "exclude-list");
        if (optionalChild != null) {
            Iterator childrenByTagName = XmlHelper.getChildrenByTagName(optionalChild, RFC2617Digest.METHOD);
            while (childrenByTagName.hasNext()) {
                Element element2 = (Element) childrenByTagName.next();
                SecurityMethodConfig securityMethodConfig = new SecurityMethodConfig();
                securityMethodConfig.importXml(element2);
                securityMethodConfig.setExcluded();
                arrayList.add(securityMethodConfig);
            }
        }
        return arrayList;
    }

    protected HashMap loadFieldPermissions(Element element) throws Exception {
        HashMap hashMap = new HashMap();
        Iterator childrenByTagName = XmlHelper.getChildrenByTagName(element, "field-permission");
        while (childrenByTagName.hasNext()) {
            Element element2 = (Element) childrenByTagName.next();
            boolean z = false;
            HashSet hashSet = null;
            if (XmlHelper.getOptionalChild(element2, "unchecked") != null) {
                z = true;
            } else {
                hashSet = new HashSet();
                Iterator childrenByTagName2 = XmlHelper.getChildrenByTagName(element2, "role-name");
                while (childrenByTagName2.hasNext()) {
                    hashSet.add(XmlHelper.getElementContent((Element) childrenByTagName2.next()));
                }
                if (hashSet.size() == 0) {
                    throw new RuntimeException("An unchecked element in security metadata or one or more role-name elements must be specified in field-permission");
                }
            }
            Iterator childrenByTagName3 = XmlHelper.getChildrenByTagName(element2, "field");
            while (childrenByTagName3.hasNext()) {
                String elementContent = XmlHelper.getElementContent(XmlHelper.getUniqueChild((Element) childrenByTagName3.next(), "field-name"));
                if (z) {
                    hashMap.put(elementContent, Boolean.TRUE);
                } else {
                    Object obj = hashMap.get(elementContent);
                    if (obj == null || !(obj instanceof Boolean)) {
                        if (obj != null) {
                            ((Set) obj).addAll(hashSet);
                        } else {
                            hashMap.put(elementContent, new HashSet(hashSet));
                        }
                    }
                }
            }
        }
        return hashMap;
    }

    protected ArrayList loadFieldExcludeList(Element element) throws Exception {
        ArrayList arrayList = new ArrayList();
        Element optionalChild = XmlHelper.getOptionalChild(element, "exclude-list");
        if (optionalChild != null) {
            Iterator childrenByTagName = XmlHelper.getChildrenByTagName(optionalChild, "field");
            while (childrenByTagName.hasNext()) {
                arrayList.add(XmlHelper.getElementContent(XmlHelper.getUniqueChild((Element) childrenByTagName.next(), "field-name")));
            }
        }
        return arrayList;
    }

    protected ArrayList loadConstructorPermissions(Element element) throws Exception {
        ArrayList arrayList = new ArrayList();
        Iterator childrenByTagName = XmlHelper.getChildrenByTagName(element, "constructor-permission");
        while (childrenByTagName.hasNext()) {
            Element element2 = (Element) childrenByTagName.next();
            boolean z = false;
            HashSet hashSet = null;
            if (XmlHelper.getOptionalChild(element2, "unchecked") != null) {
                z = true;
            } else {
                hashSet = new HashSet();
                Iterator childrenByTagName2 = XmlHelper.getChildrenByTagName(element2, "role-name");
                while (childrenByTagName2.hasNext()) {
                    hashSet.add(XmlHelper.getElementContent((Element) childrenByTagName2.next()));
                }
                if (hashSet.size() == 0) {
                    throw new RuntimeException("An unchecked element in security metadata or one or more role-name elements must be specified in constructor-permission");
                }
            }
            Iterator childrenByTagName3 = XmlHelper.getChildrenByTagName(element2, "constructor");
            while (childrenByTagName3.hasNext()) {
                SecurityConstructorConfig securityConstructorConfig = new SecurityConstructorConfig();
                securityConstructorConfig.importXml((Element) childrenByTagName3.next());
                if (z) {
                    securityConstructorConfig.setUnchecked();
                    arrayList.add(0, securityConstructorConfig);
                } else {
                    securityConstructorConfig.setRoles(hashSet);
                    arrayList.add(securityConstructorConfig);
                }
            }
        }
        return arrayList;
    }

    protected ArrayList loadConstructorExcludeList(Element element) throws Exception {
        ArrayList arrayList = new ArrayList();
        Element optionalChild = XmlHelper.getOptionalChild(element, "exclude-list");
        if (optionalChild != null) {
            Iterator childrenByTagName = XmlHelper.getChildrenByTagName(optionalChild, "constructor");
            while (childrenByTagName.hasNext()) {
                Element element2 = (Element) childrenByTagName.next();
                SecurityConstructorConfig securityConstructorConfig = new SecurityConstructorConfig();
                securityConstructorConfig.importXml(element2);
                securityConstructorConfig.setExcluded();
                arrayList.add(securityConstructorConfig);
            }
        }
        return arrayList;
    }

    public Set getConstructorPermissions(Constructor constructor, SecurityClassMetaDataBinding securityClassMetaDataBinding) {
        HashSet hashSet = new HashSet();
        Iterator it = securityClassMetaDataBinding.getConstructorExcludeList().iterator();
        while (it.hasNext()) {
            if (((SecurityConstructorConfig) it.next()).patternMatches(constructor)) {
                hashSet.add(NobodyPrincipal.NOBODY_PRINCIPAL);
                return hashSet;
            }
        }
        Iterator it2 = securityClassMetaDataBinding.getConstructorPermissions().iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            SecurityConstructorConfig securityConstructorConfig = (SecurityConstructorConfig) it2.next();
            if (securityConstructorConfig.patternMatches(constructor)) {
                if (securityConstructorConfig.isUnchecked()) {
                    hashSet.clear();
                    hashSet.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
                    break;
                }
                Iterator it3 = securityConstructorConfig.getRoles().iterator();
                while (it3.hasNext()) {
                    hashSet.add(new SimplePrincipal((String) it3.next()));
                }
            }
        }
        if (hashSet.isEmpty()) {
            hashSet = null;
        }
        return hashSet;
    }

    @Override // org.jboss.aop.metadata.ClassMetaDataLoader
    public void bind(Advisor advisor, ClassMetaDataBinding classMetaDataBinding, CtMethod[] ctMethodArr, CtField[] ctFieldArr, CtConstructor[] ctConstructorArr) throws Exception {
        SecurityClassMetaDataBinding securityClassMetaDataBinding = (SecurityClassMetaDataBinding) classMetaDataBinding;
        for (int i = 0; i < ctMethodArr.length; i++) {
            if (getMethodPermissions(ctMethodArr[i], securityClassMetaDataBinding)) {
                advisor.getMethodMetaData().addMethodMetaData(ctMethodArr[i], "security", "roles", Boolean.TRUE, PayloadKey.TRANSIENT);
            }
        }
        for (int i2 = 0; i2 < ctFieldArr.length; i2++) {
            if (getFieldPermissions(ctFieldArr[i2], securityClassMetaDataBinding)) {
                advisor.getFieldMetaData().addFieldMetaData(ctFieldArr[i2].getName(), "security", "roles", Boolean.TRUE, PayloadKey.TRANSIENT);
            }
        }
        for (int i3 = 0; i3 < ctConstructorArr.length; i3++) {
            if (getConstructorPermissions(ctConstructorArr[i3], securityClassMetaDataBinding)) {
                advisor.getConstructorMetaData().addConstructorMetaData(ctConstructorArr[i3].getMethodInfo2().getDescriptor(), "security", "roles", Boolean.TRUE, PayloadKey.TRANSIENT);
            }
        }
    }

    public boolean getMethodPermissions(CtMethod ctMethod, SecurityClassMetaDataBinding securityClassMetaDataBinding) throws Exception {
        Iterator it = securityClassMetaDataBinding.getMethodExcludeList().iterator();
        while (it.hasNext()) {
            if (((SecurityMethodConfig) it.next()).patternMatches(ctMethod)) {
                return true;
            }
        }
        Iterator it2 = securityClassMetaDataBinding.getMethodPermissions().iterator();
        while (it2.hasNext()) {
            if (((SecurityMethodConfig) it2.next()).patternMatches(ctMethod)) {
                return true;
            }
        }
        return false;
    }

    public boolean getFieldPermissions(CtField ctField, SecurityClassMetaDataBinding securityClassMetaDataBinding) {
        String name = ctField.getName();
        Iterator it = securityClassMetaDataBinding.getFieldExcludeList().iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (str.equals("*") || str.equals(name)) {
                return true;
            }
        }
        for (String str2 : securityClassMetaDataBinding.getFieldPermissions().keySet()) {
            if (str2.equals("*") || str2.equals(name)) {
                return true;
            }
        }
        return false;
    }

    public boolean getConstructorPermissions(CtConstructor ctConstructor, SecurityClassMetaDataBinding securityClassMetaDataBinding) throws NotFoundException {
        Iterator it = securityClassMetaDataBinding.getConstructorExcludeList().iterator();
        while (it.hasNext()) {
            if (((SecurityConstructorConfig) it.next()).patternMatches(ctConstructor)) {
                return true;
            }
        }
        Iterator it2 = securityClassMetaDataBinding.getConstructorPermissions().iterator();
        while (it2.hasNext()) {
            if (((SecurityConstructorConfig) it2.next()).patternMatches(ctConstructor)) {
                return true;
            }
        }
        return false;
    }
}
