package org.wildfly.extension.undertow.security.jacc;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import org.eclipse.jgit.transport.RefSpec;
import org.jboss.as.security.service.JaccService;
import org.jboss.as.web.common.WarMetaData;
import org.jboss.metadata.javaee.spec.SecurityRoleRefMetaData;
import org.jboss.metadata.javaee.spec.SecurityRoleRefsMetaData;
import org.jboss.metadata.web.jboss.JBossServletMetaData;
import org.jboss.metadata.web.jboss.JBossWebMetaData;
import org.jboss.metadata.web.spec.SecurityConstraintMetaData;
import org.jboss.metadata.web.spec.UserDataConstraintMetaData;
import org.jboss.metadata.web.spec.WebResourceCollectionMetaData;
import org.jboss.metadata.web.spec.WebResourceCollectionsMetaData;

/* loaded from: input_file:m2repo/org/wildfly/wildfly-undertow/10.1.0.Final/wildfly-undertow-10.1.0.Final.jar:org/wildfly/extension/undertow/security/jacc/WarJACCService.class */
public class WarJACCService extends JaccService<WarMetaData> {
    private static final int PREFIX = 1;
    private static final int EXTENSION = 2;
    private static final int DEFAULT = 3;
    private static final int EXACT = 4;
    private static final String ANY_AUTHENTICATED_USER_ROLE = "**";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:m2repo/org/wildfly/wildfly-undertow/10.1.0.Final/wildfly-undertow-10.1.0.Final.jar:org/wildfly/extension/undertow/security/jacc/WarJACCService$PatternInfo.class */
    public static class PatternInfo {
        static final HashMap<String, Set<String>> ALL_TRANSPORTS = new HashMap<>();
        String pattern;
        String qpattern;
        int type;
        HashSet<String> excludedMethods;
        HashMap<String, Set<String>> roles;
        HashMap<String, Set<String>> transports;
        boolean isOverridden;
        boolean isMissingAuthConstraint;
        ArrayList<PatternInfo> qualifiers = new ArrayList<>();
        HashSet<String> allMethods = new HashSet<>();

        PatternInfo(String str, int i) {
            this.pattern = str;
            this.type = i;
        }

        void addExcludedMethods(List<String> list) {
            Collection collection = list;
            if (collection.size() == 0) {
                collection = WebResourceCollectionMetaData.ALL_HTTP_METHODS;
            }
            if (this.excludedMethods == null) {
                this.excludedMethods = new HashSet<>();
            }
            this.excludedMethods.addAll(collection);
            this.allMethods.addAll(collection);
        }

        public String[] getExcludedMethods() {
            String[] strArr = null;
            if (this.excludedMethods != null) {
                strArr = new String[this.excludedMethods.size()];
                this.excludedMethods.toArray(strArr);
            }
            return strArr;
        }

        public void addRoles(HashSet<String> hashSet, List<String> list) {
            Collection collection = list;
            if (collection.size() == 0) {
                collection = WebResourceCollectionMetaData.ALL_HTTP_METHODS;
            }
            this.allMethods.addAll(collection);
            if (this.roles == null) {
                this.roles = new HashMap<>();
            }
            Iterator<String> it = hashSet.iterator();
            while (it.hasNext()) {
                String next = it.next();
                Set<String> set = this.roles.get(next);
                if (set == null) {
                    set = new HashSet();
                    this.roles.put(next, set);
                }
                set.addAll(collection);
            }
        }

        public Iterator<Map.Entry<String, Set<String>>> getRoleMethods() {
            HashMap<String, Set<String>> hashMap = this.roles;
            if (hashMap == null) {
                hashMap = new HashMap<>(0);
            }
            return hashMap.entrySet().iterator();
        }

        void addTransport(String str, List<String> list) {
            Collection collection = list;
            if (collection.size() == 0) {
                collection = WebResourceCollectionMetaData.ALL_HTTP_METHODS;
            }
            if (this.transports == null) {
                this.transports = new HashMap<>();
            }
            Set<String> set = this.transports.get(str);
            if (set == null) {
                set = new HashSet();
                this.transports.put(str, set);
            }
            set.addAll(collection);
        }

        public Iterator<Map.Entry<String, Set<String>>> getTransportMethods() {
            HashMap<String, Set<String>> hashMap = this.transports;
            if (hashMap == null) {
                hashMap = ALL_TRANSPORTS;
            }
            return hashMap.entrySet().iterator();
        }

        public String[] getMissingMethods() {
            String[] strArr = new String[0];
            return this.allMethods.size() == 0 ? WebResourceCollectionMetaData.ALL_HTTP_METHOD_NAMES : WebResourceCollectionMetaData.getMissingHttpMethods(this.allMethods);
        }

        void addQualifier(PatternInfo patternInfo) {
            if (this.qualifiers.contains(patternInfo)) {
                return;
            }
            if (patternInfo.type == 1 && patternInfo.matches(this)) {
                this.isOverridden = true;
            }
            this.qualifiers.add(patternInfo);
        }

        public String getQualifiedPattern() {
            if (this.qpattern == null) {
                StringBuilder sb = new StringBuilder(this.pattern);
                for (int i = 0; i < this.qualifiers.size(); i++) {
                    sb.append(':');
                    sb.append(this.qualifiers.get(i).pattern);
                }
                this.qpattern = sb.toString();
            }
            return this.qpattern;
        }

        public int hashCode() {
            return this.pattern.hashCode();
        }

        public boolean equals(Object obj) {
            return this.pattern.equals(((PatternInfo) obj).pattern);
        }

        public boolean matches(PatternInfo patternInfo) {
            return this.pattern.regionMatches(0, patternInfo.pattern, 0, this.pattern.length() - 2);
        }

        public boolean isExtensionFor(PatternInfo patternInfo) {
            int lastIndexOf = patternInfo.pattern.lastIndexOf(46);
            int length = this.pattern.length() - 1;
            boolean z = false;
            if (lastIndexOf > 0) {
                z = this.pattern.regionMatches(1, patternInfo.pattern, lastIndexOf, length);
            }
            return z;
        }

        public String toString() {
            return "PatternInfo[pattern=" + this.pattern + ",type=" + this.type + ",isOverridden=" + this.isOverridden + ",qualifiers=" + this.qualifiers + "]";
        }

        static {
            ALL_TRANSPORTS.put("NONE", WebResourceCollectionMetaData.ALL_HTTP_METHODS);
        }
    }

    public WarJACCService(String str, WarMetaData warMetaData, Boolean bool) {
        super(str, warMetaData, bool);
    }

    @Override // org.jboss.as.security.service.JaccService
    public void createPermissions(WarMetaData warMetaData, PolicyConfiguration policyConfiguration) throws PolicyContextException {
        JBossWebMetaData mergedJBossWebMetaData = warMetaData.getMergedJBossWebMetaData();
        HashMap<String, PatternInfo> qualifyURLPatterns = qualifyURLPatterns(mergedJBossWebMetaData);
        List<SecurityConstraintMetaData> securityConstraints = mergedJBossWebMetaData.getSecurityConstraints();
        if (securityConstraints != null) {
            for (SecurityConstraintMetaData securityConstraintMetaData : securityConstraints) {
                WebResourceCollectionsMetaData resourceCollections = securityConstraintMetaData.getResourceCollections();
                UserDataConstraintMetaData userDataConstraint = securityConstraintMetaData.getUserDataConstraint();
                if (resourceCollections != null) {
                    if (securityConstraintMetaData.isExcluded() || securityConstraintMetaData.isUnchecked()) {
                        Iterator<WebResourceCollectionMetaData> it = resourceCollections.iterator();
                        while (it.hasNext()) {
                            WebResourceCollectionMetaData next = it.next();
                            List<String> httpMethods = next.getHttpMethods();
                            Iterator<String> it2 = next.getUrlPatterns().iterator();
                            while (it2.hasNext()) {
                                PatternInfo patternInfo = qualifyURLPatterns.get(it2.next());
                                if (securityConstraintMetaData.isExcluded()) {
                                    patternInfo.addExcludedMethods(httpMethods);
                                }
                                if (securityConstraintMetaData.isUnchecked()) {
                                    patternInfo.isMissingAuthConstraint = true;
                                }
                            }
                        }
                    } else {
                        Iterator<WebResourceCollectionMetaData> it3 = resourceCollections.iterator();
                        while (it3.hasNext()) {
                            WebResourceCollectionMetaData next2 = it3.next();
                            List<String> httpMethods2 = next2.getHttpMethods();
                            Iterator<String> it4 = next2.getUrlPatterns().iterator();
                            while (it4.hasNext()) {
                                PatternInfo patternInfo2 = qualifyURLPatterns.get(it4.next());
                                HashSet<String> hashSet = new HashSet<>();
                                securityConstraintMetaData.getAuthConstraint().getRoleNames();
                                for (String str : securityConstraintMetaData.getAuthConstraint().getRoleNames()) {
                                    if ("*".equals(str)) {
                                        hashSet.addAll(mergedJBossWebMetaData.getSecurityRoleNames());
                                    } else {
                                        hashSet.add(str);
                                    }
                                }
                                patternInfo2.addRoles(hashSet, httpMethods2);
                                if (userDataConstraint != null && userDataConstraint.getTransportGuarantee() != null) {
                                    patternInfo2.addTransport(userDataConstraint.getTransportGuarantee().name(), httpMethods2);
                                }
                            }
                        }
                    }
                }
            }
        }
        for (PatternInfo patternInfo3 : qualifyURLPatterns.values()) {
            String qualifiedPattern = patternInfo3.getQualifiedPattern();
            if (!patternInfo3.isOverridden) {
                String[] excludedMethods = patternInfo3.getExcludedMethods();
                if (excludedMethods != null) {
                    WebResourcePermission webResourcePermission = new WebResourcePermission(qualifiedPattern, excludedMethods);
                    WebUserDataPermission webUserDataPermission = new WebUserDataPermission(qualifiedPattern, excludedMethods, null);
                    policyConfiguration.addToExcludedPolicy(webResourcePermission);
                    policyConfiguration.addToExcludedPolicy(webUserDataPermission);
                    String str2 = "!" + getCommaSeparatedString(excludedMethods);
                    WebResourcePermission webResourcePermission2 = new WebResourcePermission(qualifiedPattern, str2);
                    WebUserDataPermission webUserDataPermission2 = new WebUserDataPermission(qualifiedPattern, str2);
                    policyConfiguration.addToUncheckedPolicy(webResourcePermission2);
                    policyConfiguration.addToUncheckedPolicy(webUserDataPermission2);
                }
                Iterator<Map.Entry<String, Set<String>>> roleMethods = patternInfo3.getRoleMethods();
                while (roleMethods.hasNext()) {
                    Map.Entry<String, Set<String>> next3 = roleMethods.next();
                    String key = next3.getKey();
                    Set<String> value = next3.getValue();
                    String[] strArr = (String[]) value.toArray(new String[value.size()]);
                    policyConfiguration.addToRole(key, new WebResourcePermission(qualifiedPattern, strArr));
                    if (strArr != null && strArr.length != 7) {
                        policyConfiguration.addToUncheckedPolicy(new WebResourcePermission(qualifiedPattern, "!" + getCommaSeparatedString(strArr)));
                    }
                }
                String[] missingMethods = patternInfo3.getMissingMethods();
                int length = missingMethods.length;
                Iterator<Map.Entry<String, Set<String>>> roleMethods2 = patternInfo3.getRoleMethods();
                if (length > 0 && !roleMethods2.hasNext()) {
                    policyConfiguration.addToUncheckedPolicy(new WebResourcePermission(qualifiedPattern, missingMethods));
                } else if (!roleMethods2.hasNext()) {
                    policyConfiguration.addToUncheckedPolicy(new WebResourcePermission(qualifiedPattern, (String) null));
                }
                if (patternInfo3.isMissingAuthConstraint) {
                    policyConfiguration.addToUncheckedPolicy(new WebResourcePermission(qualifiedPattern, (String) null));
                }
                Iterator<Map.Entry<String, Set<String>>> transportMethods = patternInfo3.getTransportMethods();
                while (transportMethods.hasNext()) {
                    Map.Entry<String, Set<String>> next4 = transportMethods.next();
                    String key2 = next4.getKey();
                    Set<String> value2 = next4.getValue();
                    String[] strArr2 = new String[value2.size()];
                    value2.toArray(strArr2);
                    policyConfiguration.addToUncheckedPolicy(new WebUserDataPermission(qualifiedPattern, strArr2, key2));
                    if ("NONE".equals(key2)) {
                        policyConfiguration.addToUncheckedPolicy(new WebUserDataPermission(qualifiedPattern, null));
                    } else {
                        policyConfiguration.addToUncheckedPolicy(new WebUserDataPermission(qualifiedPattern, "!" + getCommaSeparatedString(strArr2)));
                    }
                }
            }
        }
        Set<String> securityRoleNames = mergedJBossWebMetaData.getSecurityRoleNames();
        securityRoleNames.add("**");
        Iterator<JBossServletMetaData> it5 = mergedJBossWebMetaData.getServlets().iterator();
        while (it5.hasNext()) {
            JBossServletMetaData next5 = it5.next();
            HashSet<String> hashSet2 = new HashSet(securityRoleNames);
            String name = next5.getName();
            SecurityRoleRefsMetaData securityRoleRefs = next5.getSecurityRoleRefs();
            if (securityRoleRefs != null) {
                Iterator<SecurityRoleRefMetaData> it6 = securityRoleRefs.iterator();
                while (it6.hasNext()) {
                    SecurityRoleRefMetaData next6 = it6.next();
                    String roleLink = next6.getRoleLink();
                    String roleName = next6.getRoleName();
                    policyConfiguration.addToRole(roleLink, new WebRoleRefPermission(name, roleName));
                    hashSet2.remove(roleName);
                }
            }
            for (String str3 : hashSet2) {
                policyConfiguration.addToRole(str3, new WebRoleRefPermission(name, str3));
            }
        }
        for (String str4 : securityRoleNames) {
            policyConfiguration.addToRole(str4, new WebRoleRefPermission("", str4));
        }
    }

    static String getCommaSeparatedString(String[] strArr) {
        int length = strArr.length;
        Arrays.sort(strArr);
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < length; i++) {
            if (i > 0) {
                sb.append(",");
            }
            sb.append(strArr[i]);
        }
        return sb.toString();
    }

    static int getPatternType(String str) {
        int i = 4;
        if (str.startsWith("*.")) {
            i = 2;
        } else if (str.startsWith("/") && str.endsWith(RefSpec.WILDCARD_SUFFIX)) {
            i = 1;
        } else if (str.equals("/")) {
            i = 3;
        }
        return i;
    }

    static HashMap<String, PatternInfo> qualifyURLPatterns(JBossWebMetaData jBossWebMetaData) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        HashMap<String, PatternInfo> hashMap = new HashMap<>();
        PatternInfo patternInfo = null;
        List<SecurityConstraintMetaData> securityConstraints = jBossWebMetaData.getSecurityConstraints();
        if (securityConstraints != null) {
            Iterator<SecurityConstraintMetaData> it = securityConstraints.iterator();
            while (it.hasNext()) {
                WebResourceCollectionsMetaData resourceCollections = it.next().getResourceCollections();
                if (resourceCollections != null) {
                    Iterator<WebResourceCollectionMetaData> it2 = resourceCollections.iterator();
                    while (it2.hasNext()) {
                        for (String str : it2.next().getUrlPatterns()) {
                            int patternType = getPatternType(str);
                            if (hashMap.get(str) == null) {
                                PatternInfo patternInfo2 = new PatternInfo(str, patternType);
                                hashMap.put(str, patternInfo2);
                                switch (patternType) {
                                    case 1:
                                        arrayList.add(patternInfo2);
                                        break;
                                    case 2:
                                        arrayList2.add(patternInfo2);
                                        break;
                                    case 3:
                                        patternInfo = patternInfo2;
                                        break;
                                    case 4:
                                        arrayList3.add(patternInfo2);
                                        break;
                                }
                            }
                        }
                    }
                }
            }
        }
        for (int i = 0; i < arrayList.size(); i++) {
            PatternInfo patternInfo3 = (PatternInfo) arrayList.get(i);
            for (int i2 = 0; i2 < arrayList.size(); i2++) {
                if (i != i2) {
                    PatternInfo patternInfo4 = (PatternInfo) arrayList.get(i2);
                    if (patternInfo3.matches(patternInfo4)) {
                        patternInfo3.addQualifier(patternInfo4);
                    }
                }
            }
            Iterator it3 = arrayList3.iterator();
            while (it3.hasNext()) {
                PatternInfo patternInfo5 = (PatternInfo) it3.next();
                if (patternInfo3.matches(patternInfo5)) {
                    patternInfo3.addQualifier(patternInfo5);
                }
            }
        }
        Iterator it4 = arrayList2.iterator();
        while (it4.hasNext()) {
            PatternInfo patternInfo6 = (PatternInfo) it4.next();
            Iterator it5 = arrayList.iterator();
            while (it5.hasNext()) {
                patternInfo6.addQualifier((PatternInfo) it5.next());
            }
            Iterator it6 = arrayList3.iterator();
            while (it6.hasNext()) {
                PatternInfo patternInfo7 = (PatternInfo) it6.next();
                if (patternInfo6.isExtensionFor(patternInfo7)) {
                    patternInfo6.addQualifier(patternInfo7);
                }
            }
        }
        if (patternInfo == null) {
            patternInfo = new PatternInfo("/", 3);
            hashMap.put("/", patternInfo);
        }
        for (PatternInfo patternInfo8 : hashMap.values()) {
            if (patternInfo8 != patternInfo) {
                patternInfo.addQualifier(patternInfo8);
            }
        }
        return hashMap;
    }
}
