package com.sun.enterprise.security.web.integration;

import com.sun.enterprise.deployment.WebBundleDescriptor;
import com.sun.enterprise.deployment.WebComponentDescriptor;
import com.sun.enterprise.deployment.web.AuthorizationConstraint;
import com.sun.enterprise.deployment.web.SecurityConstraint;
import com.sun.enterprise.deployment.web.SecurityRoleReference;
import com.sun.enterprise.deployment.web.UserDataConstraint;
import com.sun.enterprise.deployment.web.WebResourceCollection;
import com.sun.enterprise.security.perms.PermissionsProcessor;
import java.security.Permission;
import java.security.Permissions;
import java.util.ArrayList;
import java.util.BitSet;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import org.glassfish.security.common.Role;

/* loaded from: input_file:com/sun/enterprise/security/web/integration/WebPermissionUtil.class */
public class WebPermissionUtil {
    static Logger logger = LogUtils.getLogger();
    private static final int PT_DEFAULT = 0;
    private static final int PT_EXTENSION = 1;
    private static final int PT_PREFIX = 2;
    private static final int PT_EXACT = 3;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int patternType(Object obj) {
        String obj2 = obj.toString();
        if (obj2.startsWith("*.")) {
            return 1;
        }
        if (obj2.startsWith("/") && obj2.endsWith("/*")) {
            return 2;
        }
        return obj2.equals("/") ? 0 : 3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean implies(String str, String str2) {
        if (str.equals(str2)) {
            return true;
        }
        if (!str.startsWith("/") || !str.endsWith("/*")) {
            if (!str.startsWith("*.")) {
                return str.equals("/");
            }
            int lastIndexOf = str2.lastIndexOf(47);
            return lastIndexOf >= 0 && str2.lastIndexOf(46) > lastIndexOf && str2.endsWith(str.substring(1));
        }
        String substring = str.substring(0, str.length() - 2);
        int length = substring.length();
        if (length == 0) {
            return true;
        }
        return str2.startsWith(substring) && (str2.length() == length || str2.substring(length).startsWith("/"));
    }

    public static HashMap parseConstraints(WebBundleDescriptor webBundleDescriptor) {
        if (logger.isLoggable(Level.FINE)) {
            logger.entering("WebPermissionUtil", "parseConstraints");
        }
        Set<Role> roles = webBundleDescriptor.getRoles();
        HashMap hashMap = new HashMap();
        hashMap.put("/", new MapValue("/"));
        Enumeration securityConstraints = webBundleDescriptor.getSecurityConstraints();
        while (securityConstraints.hasMoreElements()) {
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "JACC: constraint translation: begin parsing security constraint");
            }
            SecurityConstraint securityConstraint = (SecurityConstraint) securityConstraints.nextElement();
            AuthorizationConstraint authorizationConstraint = securityConstraint.getAuthorizationConstraint();
            UserDataConstraint userDataConstraint = securityConstraint.getUserDataConstraint();
            for (WebResourceCollection webResourceCollection : securityConstraint.getWebResourceCollections()) {
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, "JACC: constraint translation: begin parsing web resource collection");
                }
                for (String str : webResourceCollection.getUrlPatterns()) {
                    if (str != null) {
                        str = str.replaceAll(":", "%3A");
                    }
                    if (logger.isLoggable(Level.FINE)) {
                        logger.log(Level.FINE, "JACC: constraint translation: process url: " + str);
                    }
                    MapValue mapValue = (MapValue) hashMap.get(str);
                    if (mapValue == null) {
                        mapValue = new MapValue(str);
                        for (Map.Entry entry : hashMap.entrySet()) {
                            String str2 = (String) entry.getKey();
                            int patternType = patternType(str2);
                            switch (patternType(str)) {
                                case 0:
                                    if (patternType != 0) {
                                        mapValue.addQualifier(str2);
                                        break;
                                    } else {
                                        break;
                                    }
                                case 1:
                                    if (patternType != 2 && (patternType != 3 || !implies(str, str2))) {
                                        if (patternType == 0) {
                                            ((MapValue) entry.getValue()).addQualifier(str);
                                            break;
                                        } else {
                                            break;
                                        }
                                    } else {
                                        mapValue.addQualifier(str2);
                                        break;
                                    }
                                    break;
                                case 2:
                                    if ((patternType != 2 && patternType != 3) || !implies(str, str2)) {
                                        if (patternType != 2 || !implies(str2, str)) {
                                            if (patternType != 1 && patternType != 0) {
                                                break;
                                            } else {
                                                ((MapValue) entry.getValue()).addQualifier(str);
                                                break;
                                            }
                                        } else {
                                            ((MapValue) entry.getValue()).addQualifier(str);
                                            break;
                                        }
                                    } else {
                                        mapValue.addQualifier(str2);
                                        break;
                                    }
                                    break;
                                case 3:
                                    if ((patternType != 2 && patternType != 1) || !implies(str2, str)) {
                                        if (patternType == 0) {
                                            ((MapValue) entry.getValue()).addQualifier(str);
                                            break;
                                        } else {
                                            break;
                                        }
                                    } else {
                                        ((MapValue) entry.getValue()).addQualifier(str);
                                        break;
                                    }
                                    break;
                            }
                        }
                        hashMap.put(str, mapValue);
                    }
                    BitSet methodArrayToSet = MethodValue.methodArrayToSet(webResourceCollection.getHttpMethodsAsArray());
                    mapValue.setMethodOutcomes(roles, authorizationConstraint, userDataConstraint, methodArrayToSet, methodArrayToSet.isEmpty() ? MethodValue.methodArrayToSet(webResourceCollection.getHttpMethodOmissionsAsArray()) : null);
                    if (logger.isLoggable(Level.FINE)) {
                        logger.log(Level.FINE, "JACC: constraint translation: end processing url: " + str);
                    }
                }
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, "JACC: constraint translation: end parsing web resource collection");
                }
            }
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "JACC: constraint translation: end parsing security constraint");
            }
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.exiting("WebPermissionUtil", "parseConstraints");
        }
        return hashMap;
    }

    static void handleExcluded(Permissions permissions, MapValue mapValue, String str) {
        String str2 = null;
        BitSet excludedMethods = mapValue.getExcludedMethods();
        if (mapValue.otherConstraint.isExcluded()) {
            BitSet methodSet = mapValue.getMethodSet();
            methodSet.andNot(excludedMethods);
            if (!methodSet.isEmpty()) {
                str2 = "!" + MethodValue.getActions(methodSet);
            }
        } else if (excludedMethods.isEmpty()) {
            return;
        } else {
            str2 = MethodValue.getActions(excludedMethods);
        }
        permissions.add(new WebResourcePermission(str, str2));
        permissions.add(new WebUserDataPermission(str, str2));
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "JACC: constraint capture: adding excluded methods: " + str2);
        }
    }

    static Permissions addToRoleMap(HashMap<String, Permissions> hashMap, String str, Permission permission) {
        Permissions permissions = hashMap.get(str);
        if (permissions == null) {
            permissions = new Permissions();
            hashMap.put(str, permissions);
        }
        permissions.add(permission);
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "JACC: constraint capture: adding methods to role: " + str + " methods: " + permission.getActions());
        }
        return permissions;
    }

    static void handleRoles(HashMap<String, Permissions> hashMap, MapValue mapValue, String str) {
        HashMap<String, BitSet> roleMap = mapValue.getRoleMap();
        List<String> list = null;
        if (!mapValue.otherConstraint.isExcluded() && mapValue.otherConstraint.isAuthConstrained()) {
            list = mapValue.otherConstraint.roleList;
            for (String str2 : list) {
                BitSet methodSet = mapValue.getMethodSet();
                BitSet bitSet = roleMap.get(str2);
                if (bitSet != null) {
                    methodSet.andNot(bitSet);
                }
                String str3 = null;
                if (!methodSet.isEmpty()) {
                    str3 = "!" + MethodValue.getActions(methodSet);
                }
                addToRoleMap(hashMap, str2, new WebResourcePermission(str, str3));
            }
        }
        if (mapValue.getMethodSet().isEmpty()) {
            return;
        }
        for (Map.Entry<String, BitSet> entry : roleMap.entrySet()) {
            String key = entry.getKey();
            if (list == null || !list.contains(key)) {
                BitSet value = entry.getValue();
                if (!value.isEmpty()) {
                    addToRoleMap(hashMap, key, new WebResourcePermission(str, MethodValue.getActions(value)));
                }
            }
        }
    }

    static void handleNoAuth(Permissions permissions, MapValue mapValue, String str) {
        String str2 = null;
        BitSet noAuthMethods = mapValue.getNoAuthMethods();
        if (!mapValue.otherConstraint.isAuthConstrained()) {
            BitSet methodSet = mapValue.getMethodSet();
            methodSet.andNot(noAuthMethods);
            if (!methodSet.isEmpty()) {
                str2 = "!" + MethodValue.getActions(methodSet);
            }
        } else if (noAuthMethods.isEmpty()) {
            return;
        } else {
            str2 = MethodValue.getActions(noAuthMethods);
        }
        permissions.add(new WebResourcePermission(str, str2));
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "JACC: constraint capture: adding unchecked (for authorization) methods: " + str2);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:18:0x00b2  */
    /* JADX WARN: Removed duplicated region for block: B:21:0x00f0  */
    /* JADX WARN: Removed duplicated region for block: B:24:0x0117 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:25:0x00b7  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    static void handleConnections(java.security.Permissions r6, com.sun.enterprise.security.web.integration.MapValue r7, java.lang.String r8) {
        /*
            Method dump skipped, instructions count: 286
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.enterprise.security.web.integration.WebPermissionUtil.handleConnections(java.security.Permissions, com.sun.enterprise.security.web.integration.MapValue, java.lang.String):void");
    }

    public static void removePolicyStatements(PolicyConfiguration policyConfiguration, WebBundleDescriptor webBundleDescriptor) throws PolicyContextException {
        policyConfiguration.removeUncheckedPolicy();
        policyConfiguration.removeExcludedPolicy();
        Iterator it = webBundleDescriptor.getRoles().iterator();
        while (it.hasNext()) {
            policyConfiguration.removeRole(((Role) it.next()).getName());
        }
        policyConfiguration.removeRole(PermissionsProcessor.CURRENT_FOLDER);
        policyConfiguration.removeRole(PermissionsProcessor.CURRENT_FOLDER);
    }

    public static void processConstraints(WebBundleDescriptor webBundleDescriptor, PolicyConfiguration policyConfiguration) throws PolicyContextException {
        if (logger.isLoggable(Level.FINE)) {
            logger.entering("WebPermissionUtil", "processConstraints");
            logger.log(Level.FINE, "JACC: constraint translation: CODEBASE = " + policyConfiguration.getContextID());
        }
        HashMap parseConstraints = parseConstraints(webBundleDescriptor);
        HashMap hashMap = new HashMap();
        Permissions permissions = new Permissions();
        Permissions permissions2 = new Permissions();
        boolean isDenyUncoveredHttpMethods = webBundleDescriptor.isDenyUncoveredHttpMethods();
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "JACC: constraint capture: begin processing qualified url patterns - uncovered http methods will be " + (isDenyUncoveredHttpMethods ? "denied" : "permitted"));
        }
        for (MapValue mapValue : parseConstraints.values()) {
            if (!mapValue.irrelevantByQualifier) {
                String stringBuffer = mapValue.urlPatternSpec.toString();
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, "JACC: constraint capture: urlPattern: " + stringBuffer);
                }
                mapValue.handleUncoveredMethods(isDenyUncoveredHttpMethods);
                handleExcluded(permissions, mapValue, stringBuffer);
                handleRoles(hashMap, mapValue, stringBuffer);
                handleNoAuth(permissions2, mapValue, stringBuffer);
                handleConnections(permissions2, mapValue, stringBuffer);
            }
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "JACC: constraint capture: end processing qualified url patterns");
            Enumeration<Permission> elements = permissions.elements();
            while (elements.hasMoreElements()) {
                Permission nextElement = elements.nextElement();
                logger.log(Level.FINE, "JACC: permission(excluded) type: " + (nextElement instanceof WebResourcePermission ? "WRP  " : "WUDP ") + " name: " + nextElement.getName() + " actions: " + nextElement.getActions());
            }
            Enumeration<Permission> elements2 = permissions2.elements();
            while (elements2.hasMoreElements()) {
                Permission nextElement2 = elements2.nextElement();
                logger.log(Level.FINE, "JACC: permission(unchecked) type: " + (nextElement2 instanceof WebResourcePermission ? "WRP  " : "WUDP ") + " name: " + nextElement2.getName() + " actions: " + nextElement2.getActions());
            }
        }
        policyConfiguration.addToExcludedPolicy(permissions);
        policyConfiguration.addToUncheckedPolicy(permissions2);
        for (Map.Entry entry : hashMap.entrySet()) {
            String str = (String) entry.getKey();
            Permissions permissions3 = (Permissions) entry.getValue();
            policyConfiguration.addToRole(str, permissions3);
            if (logger.isLoggable(Level.FINE)) {
                Enumeration<Permission> elements3 = permissions3.elements();
                while (elements3.hasMoreElements()) {
                    Permission nextElement3 = elements3.nextElement();
                    logger.log(Level.FINE, "JACC: permission(" + str + ") type: " + (nextElement3 instanceof WebResourcePermission ? "WRP  " : "WUDP ") + " name: " + nextElement3.getName() + " actions: " + nextElement3.getActions());
                }
            }
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.exiting("WebPermissionUtil", "processConstraints");
        }
    }

    public static void createWebRoleRefPermission(WebBundleDescriptor webBundleDescriptor, PolicyConfiguration policyConfiguration) throws PolicyContextException {
        if (logger.isLoggable(Level.FINE)) {
            logger.entering("WebPermissionUtil", "createWebRoleRefPermission");
            logger.log(Level.FINE, "JACC: role-reference translation: Processing WebRoleRefPermission : CODEBASE = " + policyConfiguration.getContextID());
        }
        ArrayList arrayList = new ArrayList();
        Set<Role> roles = webBundleDescriptor.getRoles();
        Role role = new Role("**");
        boolean contains = roles.contains(role);
        for (WebComponentDescriptor webComponentDescriptor : webBundleDescriptor.getWebComponentDescriptors()) {
            String canonicalName = webComponentDescriptor.getCanonicalName();
            Enumeration securityRoleReferences = webComponentDescriptor.getSecurityRoleReferences();
            while (securityRoleReferences.hasMoreElements()) {
                SecurityRoleReference securityRoleReference = (SecurityRoleReference) securityRoleReferences.nextElement();
                if (securityRoleReference != null) {
                    String roleName = securityRoleReference.getRoleName();
                    WebRoleRefPermission webRoleRefPermission = new WebRoleRefPermission(canonicalName, roleName);
                    arrayList.add(new Role(roleName));
                    policyConfiguration.addToRole(securityRoleReference.getSecurityRoleLink().getName(), webRoleRefPermission);
                    if (logger.isLoggable(Level.FINE)) {
                        logger.log(Level.FINE, "JACC: role-reference translation: RoleRefPermission created with name(servlet-name)  = " + canonicalName + " and action(Role-name tag) = " + roleName + " added to role(role-link tag) = " + securityRoleReference.getSecurityRoleLink().getName());
                    }
                }
            }
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "JACC: role-reference translation: Going through the list of roles not present in RoleRef elements and creating WebRoleRefPermissions ");
            }
            for (Role role2 : roles) {
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, "JACC: role-reference translation: Looking at Role =  " + role2.getName());
                }
                if (!arrayList.contains(role2)) {
                    String name = role2.getName();
                    WebRoleRefPermission webRoleRefPermission2 = new WebRoleRefPermission(canonicalName, name);
                    policyConfiguration.addToRole(name, webRoleRefPermission2);
                    if (logger.isLoggable(Level.FINE)) {
                        logger.log(Level.FINE, "JACC: role-reference translation: RoleRef  = " + name + " is added for servlet-resource = " + canonicalName);
                        logger.log(Level.FINE, "JACC: role-reference translation: Permission added for above role-ref =" + webRoleRefPermission2.getName() + " " + webRoleRefPermission2.getActions());
                    }
                }
            }
            if (!arrayList.contains(role) && !contains) {
                addAnyAuthenticatedUserRoleRef(policyConfiguration, canonicalName);
            }
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.exiting("WebPermissionUtil", "createWebRoleRefPermission");
        }
        for (Role role3 : roles) {
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "JACC: role-reference translation: Looking at Role =  " + role3.getName());
            }
            String name2 = role3.getName();
            WebRoleRefPermission webRoleRefPermission3 = new WebRoleRefPermission("", name2);
            policyConfiguration.addToRole(name2, webRoleRefPermission3);
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "JACC: role-reference translation: RoleRef  = " + name2 + " is added for jsp's that can't be mapped to servlets");
                logger.log(Level.FINE, "JACC: role-reference translation: Permission added for above role-ref =" + webRoleRefPermission3.getName() + " " + webRoleRefPermission3.getActions());
            }
        }
        if (contains) {
            return;
        }
        addAnyAuthenticatedUserRoleRef(policyConfiguration, "");
    }

    private static void addAnyAuthenticatedUserRoleRef(PolicyConfiguration policyConfiguration, String str) throws PolicyContextException {
        WebRoleRefPermission webRoleRefPermission = new WebRoleRefPermission(str, "**");
        policyConfiguration.addToRole("**", webRoleRefPermission);
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "JACC: any authenticated user role-reference translation: Permission added for role-ref =" + webRoleRefPermission.getName() + " " + webRoleRefPermission.getActions());
        }
    }
}
