package io.undertow.servlet.handlers.security;

import io.undertow.servlet.UndertowServletLogger;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.SecurityConstraint;
import io.undertow.servlet.api.SecurityInfo;
import io.undertow.servlet.api.SingleConstraintMatch;
import io.undertow.servlet.api.TransportGuaranteeType;
import io.undertow.servlet.api.WebResourceCollection;
import io.undertow.util.Methods;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.eclipse.jgit.transport.RefSpec;

/* JADX WARN: Classes with same name are omitted:
  input_file:m2repo/io/undertow/undertow-servlet/2.1.6.Final/undertow-servlet-2.1.6.Final.jar:io/undertow/servlet/handlers/security/SecurityPathMatches.class
 */
/* loaded from: input_file:m2repo/io/undertow/undertow-servlet/2.1.3.Final/undertow-servlet-2.1.3.Final.jar:io/undertow/servlet/handlers/security/SecurityPathMatches.class */
public class SecurityPathMatches {
    private static Set<String> KNOWN_METHODS;
    private final boolean denyUncoveredHttpMethods;
    private final PathSecurityInformation defaultPathSecurityInformation;
    private final Map<String, PathSecurityInformation> exactPathRoleInformation;
    private final Map<String, PathSecurityInformation> prefixPathRoleInformation;
    private final Map<String, PathSecurityInformation> extensionRoleInformation;

    /* JADX WARN: Classes with same name are omitted:
      input_file:m2repo/io/undertow/undertow-servlet/2.1.6.Final/undertow-servlet-2.1.6.Final.jar:io/undertow/servlet/handlers/security/SecurityPathMatches$Builder.class
     */
    /* loaded from: input_file:m2repo/io/undertow/undertow-servlet/2.1.3.Final/undertow-servlet-2.1.3.Final.jar:io/undertow/servlet/handlers/security/SecurityPathMatches$Builder.class */
    public static class Builder {
        private final DeploymentInfo deploymentInfo;
        private final PathSecurityInformation defaultPathSecurityInformation;
        private final Map<String, PathSecurityInformation> exactPathRoleInformation;
        private final Map<String, PathSecurityInformation> prefixPathRoleInformation;
        private final Map<String, PathSecurityInformation> extensionRoleInformation;

        private Builder(DeploymentInfo deploymentInfo) {
            this.defaultPathSecurityInformation = new PathSecurityInformation();
            this.exactPathRoleInformation = new HashMap();
            this.prefixPathRoleInformation = new HashMap();
            this.extensionRoleInformation = new HashMap();
            this.deploymentInfo = deploymentInfo;
        }

        public void addSecurityConstraint(SecurityConstraint securityConstraint) {
            SecurityInformation securityInformation = new SecurityInformation(expandRolesAllowed(securityConstraint.getRolesAllowed()), securityConstraint.getTransportGuaranteeType(), securityConstraint.getEmptyRoleSemantic());
            for (WebResourceCollection webResourceCollection : securityConstraint.getWebResourceCollections()) {
                if (webResourceCollection.getUrlPatterns().isEmpty()) {
                    setupPathSecurityInformation(this.defaultPathSecurityInformation, securityInformation, webResourceCollection);
                }
                for (String str : webResourceCollection.getUrlPatterns()) {
                    if (str.endsWith(RefSpec.WILDCARD_SUFFIX)) {
                        String substring = str.substring(0, str.length() - 2);
                        PathSecurityInformation pathSecurityInformation = this.prefixPathRoleInformation.get(substring);
                        if (pathSecurityInformation == null) {
                            Map<String, PathSecurityInformation> map = this.prefixPathRoleInformation;
                            PathSecurityInformation pathSecurityInformation2 = new PathSecurityInformation();
                            pathSecurityInformation = pathSecurityInformation2;
                            map.put(substring, pathSecurityInformation2);
                        }
                        setupPathSecurityInformation(pathSecurityInformation, securityInformation, webResourceCollection);
                    } else if (str.startsWith("*.")) {
                        String substring2 = str.substring(2, str.length());
                        PathSecurityInformation pathSecurityInformation3 = this.extensionRoleInformation.get(substring2);
                        if (pathSecurityInformation3 == null) {
                            Map<String, PathSecurityInformation> map2 = this.extensionRoleInformation;
                            PathSecurityInformation pathSecurityInformation4 = new PathSecurityInformation();
                            pathSecurityInformation3 = pathSecurityInformation4;
                            map2.put(substring2, pathSecurityInformation4);
                        }
                        setupPathSecurityInformation(pathSecurityInformation3, securityInformation, webResourceCollection);
                    } else {
                        PathSecurityInformation pathSecurityInformation5 = this.exactPathRoleInformation.get(str);
                        if (pathSecurityInformation5 == null) {
                            Map<String, PathSecurityInformation> map3 = this.exactPathRoleInformation;
                            PathSecurityInformation pathSecurityInformation6 = new PathSecurityInformation();
                            pathSecurityInformation5 = pathSecurityInformation6;
                            map3.put(str, pathSecurityInformation6);
                        }
                        setupPathSecurityInformation(pathSecurityInformation5, securityInformation, webResourceCollection);
                    }
                }
            }
        }

        private Set<String> expandRolesAllowed(Set<String> set) {
            HashSet hashSet = new HashSet(set);
            if (hashSet.contains("*")) {
                hashSet.remove("*");
                hashSet.addAll(this.deploymentInfo.getSecurityRoles());
            }
            return hashSet;
        }

        private void setupPathSecurityInformation(PathSecurityInformation pathSecurityInformation, SecurityInformation securityInformation, WebResourceCollection webResourceCollection) {
            if (webResourceCollection.getHttpMethods().isEmpty() && webResourceCollection.getHttpMethodOmissions().isEmpty()) {
                pathSecurityInformation.defaultRequiredRoles.add(securityInformation);
                return;
            }
            if (webResourceCollection.getHttpMethods().isEmpty()) {
                if (webResourceCollection.getHttpMethodOmissions().isEmpty()) {
                    return;
                }
                pathSecurityInformation.excludedMethodRoles.add(new ExcludedMethodRoles(webResourceCollection.getHttpMethodOmissions(), securityInformation));
                return;
            }
            for (String str : webResourceCollection.getHttpMethods()) {
                List<SecurityInformation> list = pathSecurityInformation.perMethodRequiredRoles.get(str);
                if (list == null) {
                    Map<String, List<SecurityInformation>> map = pathSecurityInformation.perMethodRequiredRoles;
                    ArrayList arrayList = new ArrayList();
                    list = arrayList;
                    map.put(str, arrayList);
                }
                list.add(securityInformation);
            }
        }

        public SecurityPathMatches build() {
            return new SecurityPathMatches(this.deploymentInfo.isDenyUncoveredHttpMethods(), this.defaultPathSecurityInformation, this.exactPathRoleInformation, this.prefixPathRoleInformation, this.extensionRoleInformation);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:m2repo/io/undertow/undertow-servlet/2.1.6.Final/undertow-servlet-2.1.6.Final.jar:io/undertow/servlet/handlers/security/SecurityPathMatches$ExcludedMethodRoles.class
     */
    /* loaded from: input_file:m2repo/io/undertow/undertow-servlet/2.1.3.Final/undertow-servlet-2.1.3.Final.jar:io/undertow/servlet/handlers/security/SecurityPathMatches$ExcludedMethodRoles.class */
    public static final class ExcludedMethodRoles {
        final Set<String> methods;
        final SecurityInformation securityInformation;

        ExcludedMethodRoles(Set<String> set, SecurityInformation securityInformation) {
            this.methods = set;
            this.securityInformation = securityInformation;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:m2repo/io/undertow/undertow-servlet/2.1.6.Final/undertow-servlet-2.1.6.Final.jar:io/undertow/servlet/handlers/security/SecurityPathMatches$PathSecurityInformation.class
     */
    /* loaded from: input_file:m2repo/io/undertow/undertow-servlet/2.1.3.Final/undertow-servlet-2.1.3.Final.jar:io/undertow/servlet/handlers/security/SecurityPathMatches$PathSecurityInformation.class */
    public static class PathSecurityInformation {
        final List<SecurityInformation> defaultRequiredRoles;
        final Map<String, List<SecurityInformation>> perMethodRequiredRoles;
        final List<ExcludedMethodRoles> excludedMethodRoles;

        private PathSecurityInformation() {
            this.defaultRequiredRoles = new ArrayList();
            this.perMethodRequiredRoles = new HashMap();
            this.excludedMethodRoles = new ArrayList();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:m2repo/io/undertow/undertow-servlet/2.1.6.Final/undertow-servlet-2.1.6.Final.jar:io/undertow/servlet/handlers/security/SecurityPathMatches$RuntimeMatch.class
     */
    /* loaded from: input_file:m2repo/io/undertow/undertow-servlet/2.1.3.Final/undertow-servlet-2.1.3.Final.jar:io/undertow/servlet/handlers/security/SecurityPathMatches$RuntimeMatch.class */
    public static final class RuntimeMatch {
        TransportGuaranteeType type;
        final List<SingleConstraintMatch> constraints;
        boolean uncovered;

        private RuntimeMatch() {
            this.type = TransportGuaranteeType.NONE;
            this.constraints = new ArrayList();
            this.uncovered = true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:m2repo/io/undertow/undertow-servlet/2.1.6.Final/undertow-servlet-2.1.6.Final.jar:io/undertow/servlet/handlers/security/SecurityPathMatches$SecurityInformation.class
     */
    /* loaded from: input_file:m2repo/io/undertow/undertow-servlet/2.1.3.Final/undertow-servlet-2.1.3.Final.jar:io/undertow/servlet/handlers/security/SecurityPathMatches$SecurityInformation.class */
    public static final class SecurityInformation {
        final Set<String> roles;
        final TransportGuaranteeType transportGuaranteeType;
        final SecurityInfo.EmptyRoleSemantic emptyRoleSemantic;

        private SecurityInformation(Set<String> set, TransportGuaranteeType transportGuaranteeType, SecurityInfo.EmptyRoleSemantic emptyRoleSemantic) {
            this.emptyRoleSemantic = emptyRoleSemantic;
            this.roles = new HashSet(set);
            this.transportGuaranteeType = transportGuaranteeType;
        }
    }

    private SecurityPathMatches(boolean z, PathSecurityInformation pathSecurityInformation, Map<String, PathSecurityInformation> map, Map<String, PathSecurityInformation> map2, Map<String, PathSecurityInformation> map3) {
        this.denyUncoveredHttpMethods = z;
        this.defaultPathSecurityInformation = pathSecurityInformation;
        this.exactPathRoleInformation = map;
        this.prefixPathRoleInformation = map2;
        this.extensionRoleInformation = map3;
    }

    public boolean isEmpty() {
        return this.defaultPathSecurityInformation.excludedMethodRoles.isEmpty() && this.defaultPathSecurityInformation.perMethodRequiredRoles.isEmpty() && this.defaultPathSecurityInformation.defaultRequiredRoles.isEmpty() && this.exactPathRoleInformation.isEmpty() && this.prefixPathRoleInformation.isEmpty() && this.extensionRoleInformation.isEmpty();
    }

    public SecurityPathMatch getSecurityInfo(String str, String str2) {
        RuntimeMatch runtimeMatch = new RuntimeMatch();
        handleMatch(str2, this.defaultPathSecurityInformation, runtimeMatch);
        PathSecurityInformation pathSecurityInformation = this.exactPathRoleInformation.get(str);
        PathSecurityInformation pathSecurityInformation2 = null;
        if (pathSecurityInformation != null) {
            handleMatch(str2, pathSecurityInformation, runtimeMatch);
            return new SecurityPathMatch(runtimeMatch.type, mergeConstraints(runtimeMatch));
        }
        PathSecurityInformation pathSecurityInformation3 = this.prefixPathRoleInformation.get(str);
        if (pathSecurityInformation3 != null) {
            handleMatch(str2, pathSecurityInformation3, runtimeMatch);
            return new SecurityPathMatch(runtimeMatch.type, mergeConstraints(runtimeMatch));
        }
        int i = -1;
        boolean z = false;
        for (int length = str.length() - 1; length >= 0; length--) {
            char charAt = str.charAt(length);
            if (charAt == '?') {
                PathSecurityInformation pathSecurityInformation4 = this.exactPathRoleInformation.get(str.substring(0, length));
                if (pathSecurityInformation4 != null) {
                    handleMatch(str2, pathSecurityInformation4, runtimeMatch);
                    return new SecurityPathMatch(runtimeMatch.type, mergeConstraints(runtimeMatch));
                }
                i = length;
                z = false;
            } else if (charAt == '/') {
                z = true;
                PathSecurityInformation pathSecurityInformation5 = this.prefixPathRoleInformation.get(str.substring(0, length));
                if (pathSecurityInformation5 != null) {
                    handleMatch(str2, pathSecurityInformation5, runtimeMatch);
                    return new SecurityPathMatch(runtimeMatch.type, mergeConstraints(runtimeMatch));
                }
            } else if (charAt == '.' && !z) {
                z = true;
                pathSecurityInformation2 = this.extensionRoleInformation.get(i == -1 ? str.substring(length + 1, str.length()) : str.substring(length + 1, i));
            }
        }
        if (pathSecurityInformation2 == null) {
            return new SecurityPathMatch(runtimeMatch.type, mergeConstraints(runtimeMatch));
        }
        handleMatch(str2, pathSecurityInformation2, runtimeMatch);
        return new SecurityPathMatch(runtimeMatch.type, mergeConstraints(runtimeMatch));
    }

    private SingleConstraintMatch mergeConstraints(RuntimeMatch runtimeMatch) {
        if (runtimeMatch.uncovered && this.denyUncoveredHttpMethods) {
            return new SingleConstraintMatch(SecurityInfo.EmptyRoleSemantic.DENY, Collections.emptySet());
        }
        HashSet hashSet = new HashSet();
        for (SingleConstraintMatch singleConstraintMatch : runtimeMatch.constraints) {
            if (singleConstraintMatch.getRequiredRoles().isEmpty()) {
                return new SingleConstraintMatch(singleConstraintMatch.getEmptyRoleSemantic(), Collections.emptySet());
            }
            hashSet.addAll(singleConstraintMatch.getRequiredRoles());
        }
        return new SingleConstraintMatch(SecurityInfo.EmptyRoleSemantic.PERMIT, hashSet);
    }

    private void handleMatch(String str, PathSecurityInformation pathSecurityInformation, RuntimeMatch runtimeMatch) {
        for (SecurityInformation securityInformation : pathSecurityInformation.defaultRequiredRoles) {
            transport(runtimeMatch, securityInformation.transportGuaranteeType);
            runtimeMatch.constraints.add(new SingleConstraintMatch(securityInformation.emptyRoleSemantic, securityInformation.roles));
            if (securityInformation.emptyRoleSemantic == SecurityInfo.EmptyRoleSemantic.DENY || !securityInformation.roles.isEmpty()) {
                runtimeMatch.uncovered = false;
            }
        }
        List<SecurityInformation> list = pathSecurityInformation.perMethodRequiredRoles.get(str);
        if (list != null) {
            runtimeMatch.uncovered = false;
            for (SecurityInformation securityInformation2 : list) {
                transport(runtimeMatch, securityInformation2.transportGuaranteeType);
                runtimeMatch.constraints.add(new SingleConstraintMatch(securityInformation2.emptyRoleSemantic, securityInformation2.roles));
            }
        }
        for (ExcludedMethodRoles excludedMethodRoles : pathSecurityInformation.excludedMethodRoles) {
            if (!excludedMethodRoles.methods.contains(str)) {
                runtimeMatch.uncovered = false;
                transport(runtimeMatch, excludedMethodRoles.securityInformation.transportGuaranteeType);
                runtimeMatch.constraints.add(new SingleConstraintMatch(excludedMethodRoles.securityInformation.emptyRoleSemantic, excludedMethodRoles.securityInformation.roles));
            }
        }
    }

    private void transport(RuntimeMatch runtimeMatch, TransportGuaranteeType transportGuaranteeType) {
        if (transportGuaranteeType.ordinal() > runtimeMatch.type.ordinal()) {
            runtimeMatch.type = transportGuaranteeType;
        }
    }

    public void logWarningsAboutUncoveredMethods() {
        if (this.denyUncoveredHttpMethods) {
            return;
        }
        logWarningsAboutUncoveredMethods(this.exactPathRoleInformation, "", "");
        logWarningsAboutUncoveredMethods(this.prefixPathRoleInformation, "", RefSpec.WILDCARD_SUFFIX);
        logWarningsAboutUncoveredMethods(this.extensionRoleInformation, "*.", "");
    }

    private void logWarningsAboutUncoveredMethods(Map<String, PathSecurityInformation> map, String str, String str2) {
        for (Map.Entry<String, PathSecurityInformation> entry : map.entrySet()) {
            if (!entry.getValue().perMethodRequiredRoles.isEmpty() || !entry.getValue().excludedMethodRoles.isEmpty()) {
                HashSet hashSet = new HashSet(KNOWN_METHODS);
                Iterator<String> it = entry.getValue().perMethodRequiredRoles.keySet().iterator();
                while (it.hasNext()) {
                    hashSet.remove(it.next());
                }
                Iterator it2 = hashSet.iterator();
                while (it2.hasNext()) {
                    String str3 = (String) it2.next();
                    Iterator<ExcludedMethodRoles> it3 = entry.getValue().excludedMethodRoles.iterator();
                    while (true) {
                        if (it3.hasNext()) {
                            if (!it3.next().methods.contains(str3)) {
                                it2.remove();
                                break;
                            }
                        } else {
                            break;
                        }
                    }
                }
                if (!hashSet.isEmpty()) {
                    UndertowServletLogger.ROOT_LOGGER.unsecuredMethodsOnPath(str + entry.getKey() + str2, hashSet);
                }
            }
        }
    }

    public static Builder builder(DeploymentInfo deploymentInfo) {
        return new Builder(deploymentInfo);
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add("GET");
        hashSet.add("POST");
        hashSet.add("PUT");
        hashSet.add("DELETE");
        hashSet.add("OPTIONS");
        hashSet.add("HEAD");
        hashSet.add("TRACE");
        hashSet.add(Methods.CONNECT_STRING);
        KNOWN_METHODS = Collections.unmodifiableSet(hashSet);
    }
}
