package com.sun.enterprise.security.jacc;

import com.sun.enterprise.deployment.EjbDescriptor;
import com.sun.enterprise.deployment.MethodDescriptor;
import com.sun.enterprise.deployment.MethodPermission;
import com.sun.enterprise.deployment.RoleReference;
import jakarta.security.jacc.EJBMethodPermission;
import jakarta.security.jacc.EJBRoleRefPermission;
import jakarta.security.jacc.PolicyConfiguration;
import jakarta.security.jacc.PolicyContextException;
import java.lang.reflect.Method;
import java.security.Permissions;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.glassfish.security.common.Role;

/* loaded from: input_file:MICRO-INF/runtime/security-ee.jar:com/sun/enterprise/security/jacc/JaccEJBConstraintsTranslator.class */
public class JaccEJBConstraintsTranslator {
    private static final Logger _logger = Logger.getLogger("javax.enterprise.system.core.security");

    private JaccEJBConstraintsTranslator() {
    }

    public static void translateConstraintsToPermissions(EjbDescriptor ejbDescriptor, PolicyConfiguration policyConfiguration) throws PolicyContextException {
        createEJBMethodPermissions(ejbDescriptor, policyConfiguration);
        createEJBRoleRefPermissions(ejbDescriptor, policyConfiguration);
    }

    private static void createEJBMethodPermissions(EjbDescriptor ejbDescriptor, PolicyConfiguration policyConfiguration) throws PolicyContextException {
        String name = ejbDescriptor.getName();
        Permissions permissions = null;
        Permissions permissions2 = null;
        Map<String, Permissions> map = null;
        Map<MethodPermission, List<MethodDescriptor>> methodPermissionsFromDD = ejbDescriptor.getMethodPermissionsFromDD();
        if (methodPermissionsFromDD != null) {
            for (Map.Entry<MethodPermission, List<MethodDescriptor>> entry : methodPermissionsFromDD.entrySet()) {
                MethodPermission key = entry.getKey();
                for (MethodDescriptor methodDescriptor : entry.getValue()) {
                    EJBMethodPermission eJBMethodPermission = new EJBMethodPermission(name, methodDescriptor.getName().equals("*") ? null : methodDescriptor.getName(), methodDescriptor.getEjbClassSymbol(), methodDescriptor.getStyle() == 3 ? methodDescriptor.getParameterClassNames() : null);
                    map = addToRolePermissions(map, key, eJBMethodPermission);
                    permissions = addToUncheckedPermissions(permissions, key, eJBMethodPermission);
                    permissions2 = addToExcludedPermissions(permissions2, key, eJBMethodPermission);
                }
            }
        }
        for (MethodDescriptor methodDescriptor2 : ejbDescriptor.getMethodDescriptors()) {
            Method method = methodDescriptor2.getMethod(ejbDescriptor);
            if (method != null) {
                String ejbClassSymbol = methodDescriptor2.getEjbClassSymbol();
                if (ejbClassSymbol == null || ejbClassSymbol.equals("")) {
                    _logger.log(Level.SEVERE, "method_descriptor_not_defined", new Object[]{name, methodDescriptor2.getName(), methodDescriptor2.getParameterClassNames()});
                } else {
                    EJBMethodPermission eJBMethodPermission2 = new EJBMethodPermission(name, ejbClassSymbol, method);
                    for (MethodPermission methodPermission : ejbDescriptor.getMethodPermissionsFor(methodDescriptor2)) {
                        map = addToRolePermissions(map, methodPermission, eJBMethodPermission2);
                        permissions = addToUncheckedPermissions(permissions, methodPermission, eJBMethodPermission2);
                        permissions2 = addToExcludedPermissions(permissions2, methodPermission, eJBMethodPermission2);
                    }
                }
            }
        }
        if (permissions != null) {
            policyConfiguration.addToUncheckedPolicy(permissions);
        }
        if (permissions2 != null) {
            policyConfiguration.addToExcludedPolicy(permissions2);
        }
        if (map != null) {
            for (Map.Entry<String, Permissions> entry2 : map.entrySet()) {
                policyConfiguration.addToRole(entry2.getKey(), entry2.getValue());
            }
        }
    }

    private static void createEJBRoleRefPermissions(EjbDescriptor ejbDescriptor, PolicyConfiguration policyConfiguration) throws PolicyContextException {
        ArrayList arrayList = new ArrayList();
        Set<Role> roles = ejbDescriptor.getEjbBundleDescriptor().getRoles();
        Role role = new Role("**");
        boolean contains = roles.contains(role);
        String name = ejbDescriptor.getName();
        writeOutPermissionsForRoleRefRoles(ejbDescriptor.getRoleReferences(), arrayList, name, policyConfiguration);
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "JACC: Converting role-ref: Going through the list of roles not present in RoleRef elements and creating EJBRoleRefPermissions ");
        }
        writeOutPermissionsForNonRoleRefRoles(roles, arrayList, name, policyConfiguration);
        if (arrayList.contains(role) || contains) {
            return;
        }
        addAnyAuthenticatedUserRoleRef(policyConfiguration, name);
    }

    private static void writeOutPermissionsForRoleRefRoles(Collection<RoleReference> collection, List<Role> list, String str, PolicyConfiguration policyConfiguration) throws PolicyContextException {
        for (RoleReference roleReference : collection) {
            String roleName = roleReference.getRoleName();
            list.add(new Role(roleName));
            String name = roleReference.getSecurityRoleLink().getName();
            policyConfiguration.addToRole(name, new EJBRoleRefPermission(str, roleName));
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("JACC: Converting role-ref -> " + roleReference.toString() + " to permission with name(" + str + ") and actions (" + roleName + ") mapped to role (" + name + ")");
            }
        }
    }

    private static void writeOutPermissionsForNonRoleRefRoles(Collection<Role> collection, Collection<Role> collection2, String str, PolicyConfiguration policyConfiguration) throws PolicyContextException {
        for (Role role : collection) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("JACC: Converting role-ref: Looking at Role =  " + role.getName());
            }
            if (!collection2.contains(role)) {
                String name = role.getName();
                policyConfiguration.addToRole(name, new EJBRoleRefPermission(str, name));
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.fine("JACC: Converting role-ref: Role =  " + role.getName() + " is added as a permission with name(" + str + ") and actions (" + name + ") mapped to role (" + name + ")");
                }
            }
        }
    }

    private static void addAnyAuthenticatedUserRoleRef(PolicyConfiguration policyConfiguration, String str) throws PolicyContextException {
        policyConfiguration.addToRole("**", new EJBRoleRefPermission(str, "**"));
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine("JACC: Converting role-ref: Adding any authenticated user role-ref  to permission with name(" + str + ") and actions (" + "**" + ") mapped to role (" + "**" + ")");
        }
    }

    private static Map<String, Permissions> addToRolePermissions(Map<String, Permissions> map, MethodPermission methodPermission, EJBMethodPermission eJBMethodPermission) {
        if (methodPermission.isRoleBased()) {
            if (map == null) {
                map = new HashMap();
            }
            String name = methodPermission.getRole().getName();
            map.computeIfAbsent(name, str -> {
                return new Permissions();
            }).add(eJBMethodPermission);
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("JACC DD conversion: EJBMethodPermission ->(" + eJBMethodPermission.getName() + " " + eJBMethodPermission.getActions() + ")protected by role -> " + name);
            }
        }
        return map;
    }

    private static Permissions addToUncheckedPermissions(Permissions permissions, MethodPermission methodPermission, EJBMethodPermission eJBMethodPermission) {
        if (methodPermission.isUnchecked()) {
            if (permissions == null) {
                permissions = new Permissions();
            }
            permissions.add(eJBMethodPermission);
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("JACC DD conversion: EJBMethodPermission ->(" + eJBMethodPermission.getName() + " " + eJBMethodPermission.getActions() + ") is (unchecked)");
            }
        }
        return permissions;
    }

    private static Permissions addToExcludedPermissions(Permissions permissions, MethodPermission methodPermission, EJBMethodPermission eJBMethodPermission) {
        if (methodPermission.isExcluded()) {
            if (permissions == null) {
                permissions = new Permissions();
            }
            permissions.add(eJBMethodPermission);
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("JACC DD conversion: EJBMethodPermission ->(" + eJBMethodPermission.getName() + " " + eJBMethodPermission.getActions() + ") is (excluded)");
            }
        }
        return permissions;
    }
}
