package org.glassfish.exousia.constraints.transformer;

import jakarta.security.jacc.WebResourcePermission;
import jakarta.security.jacc.WebUserDataPermission;
import jakarta.servlet.annotation.ServletSecurity;
import java.security.Permission;
import java.security.Permissions;
import java.util.BitSet;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.glassfish.exousia.constraints.SecurityConstraint;
import org.glassfish.exousia.constraints.WebResourceCollection;
import org.glassfish.exousia.permissions.JakartaPermissions;

/* loaded from: input_file:MICRO-INF/runtime/exousia.jar:org/glassfish/exousia/constraints/transformer/ConstraintsToPermissionsTransformer.class */
public class ConstraintsToPermissionsTransformer {
    static final Logger logger = Logger.getLogger(ConstraintsToPermissionsTransformer.class.getName());
    static final String CLASS_NAME = ConstraintsToPermissionsTransformer.class.getSimpleName();
    private static final int DEFAULT_MAPPING = 0;
    private static final int EXTENSION_MAPPING = 1;
    private static final int PREFIX_MAPPING = 2;
    private static final int EXACT_MAPPING = 3;

    private ConstraintsToPermissionsTransformer() {
    }

    public static JakartaPermissions createResourceAndDataPermissions(Set<String> set, boolean z, List<SecurityConstraint> list) {
        if (logger.isLoggable(Level.FINE)) {
            logger.entering(ConstraintsToPermissionsTransformer.class.getSimpleName(), "createResourceAndDataPermissions");
            logger.log(Level.FINE, "Jakarta Authorization: constraint translation");
        }
        JakartaPermissions intermediatePatternsToPermissions = intermediatePatternsToPermissions(constraintsToIntermediatePatterns(set, list), z);
        logExcludedUncheckedPermissionsWritten(intermediatePatternsToPermissions.getExcluded(), intermediatePatternsToPermissions.getUnchecked());
        for (Map.Entry<String, Permissions> entry : intermediatePatternsToPermissions.getPerRole().entrySet()) {
            logPerRolePermissionsWritten(entry.getKey(), entry.getValue());
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.exiting(CLASS_NAME, "processConstraints");
        }
        return intermediatePatternsToPermissions;
    }

    private static Collection<PatternBuilder> constraintsToIntermediatePatterns(Set<String> set, List<SecurityConstraint> list) {
        if (logger.isLoggable(Level.FINE)) {
            logger.entering(CLASS_NAME, "parseConstraints");
        }
        HashMap hashMap = new HashMap();
        hashMap.put("/", new PatternBuilder("/"));
        for (SecurityConstraint securityConstraint : list) {
            logger.fine("Jakarta Authorization: constraint translation: begin parsing security constraint");
            Set<String> rolesAllowed = securityConstraint.getRolesAllowed();
            ServletSecurity.TransportGuarantee transportGuarantee = securityConstraint.getTransportGuarantee();
            for (WebResourceCollection webResourceCollection : securityConstraint.getWebResourceCollections()) {
                logger.fine("Jakarta Authorization: constraint translation: begin parsing web resource collection");
                Iterator<String> it = webResourceCollection.getUrlPatterns().iterator();
                while (it.hasNext()) {
                    String replaceAll = it.next().replaceAll(":", "%3A");
                    if (logger.isLoggable(Level.FINE)) {
                        logger.fine("Jakarta Authorization: constraint translation: process url pattern: " + replaceAll);
                    }
                    PatternBuilder patternBuilder = (PatternBuilder) hashMap.get(replaceAll);
                    if (patternBuilder == null) {
                        patternBuilder = new PatternBuilder(replaceAll);
                        for (Map.Entry entry : hashMap.entrySet()) {
                            String str = (String) entry.getKey();
                            int patternType = patternType(str);
                            switch (patternType(replaceAll)) {
                                case 0:
                                    if (patternType != 0) {
                                        patternBuilder.addQualifier(str);
                                        break;
                                    } else {
                                        break;
                                    }
                                case 1:
                                    if (patternType != 2 && (patternType != 3 || !implies(replaceAll, str))) {
                                        if (patternType == 0) {
                                            ((PatternBuilder) entry.getValue()).addQualifier(replaceAll);
                                            break;
                                        } else {
                                            break;
                                        }
                                    } else {
                                        patternBuilder.addQualifier(str);
                                        break;
                                    }
                                    break;
                                case 2:
                                    if ((patternType != 2 && patternType != 3) || !implies(replaceAll, str)) {
                                        if (patternType != 2 || !implies(str, replaceAll)) {
                                            if (patternType != 1 && patternType != 0) {
                                                break;
                                            } else {
                                                ((PatternBuilder) entry.getValue()).addQualifier(replaceAll);
                                                break;
                                            }
                                        } else {
                                            ((PatternBuilder) entry.getValue()).addQualifier(replaceAll);
                                            break;
                                        }
                                    } else {
                                        patternBuilder.addQualifier(str);
                                        break;
                                    }
                                    break;
                                case 3:
                                    if ((patternType != 2 && patternType != 1) || !implies(str, replaceAll)) {
                                        if (patternType == 0) {
                                            ((PatternBuilder) entry.getValue()).addQualifier(replaceAll);
                                            break;
                                        } else {
                                            break;
                                        }
                                    } else {
                                        ((PatternBuilder) entry.getValue()).addQualifier(replaceAll);
                                        break;
                                    }
                                    break;
                            }
                        }
                        hashMap.put(replaceAll, patternBuilder);
                    }
                    BitSet encodeMethodsToBits = MethodValue.encodeMethodsToBits(webResourceCollection.getHttpMethods());
                    patternBuilder.setMethodOutcomes(set, rolesAllowed, transportGuarantee, encodeMethodsToBits, encodeMethodsToBits.isEmpty() ? MethodValue.encodeMethodsToBits(webResourceCollection.getHttpMethodOmissions()) : null);
                    if (logger.isLoggable(Level.FINE)) {
                        logger.fine("Jakarta Authorization: constraint translation: end processing url pattern: " + replaceAll);
                    }
                }
                logger.fine("Jakarta Authorization: constraint translation: end parsing web resource collection");
            }
            logger.fine("Jakarta Authorization: constraint translation: end parsing security constraint");
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.exiting(CLASS_NAME, "parseConstraints");
        }
        return hashMap.values();
    }

    private static JakartaPermissions intermediatePatternsToPermissions(Collection<PatternBuilder> collection, boolean z) {
        logger.log(Level.FINE, () -> {
            return "Jakarta Authorization: constraint capture: begin processing qualified url patterns - uncovered http methods will be " + (z ? "denied" : "permitted");
        });
        JakartaPermissions jakartaPermissions = new JakartaPermissions();
        for (PatternBuilder patternBuilder : collection) {
            if (!patternBuilder.isIrrelevantByQualifier()) {
                String urlPatternSpec = patternBuilder.getUrlPatternSpec();
                if (logger.isLoggable(Level.FINE)) {
                    logger.fine("Jakarta Authorization: constraint capture: urlPattern: " + urlPatternSpec);
                }
                patternBuilder.handleUncovered(z);
                handleExcluded(jakartaPermissions.getExcluded(), patternBuilder, urlPatternSpec);
                handlePerRole(jakartaPermissions.getPerRole(), patternBuilder, urlPatternSpec);
                handleUnchecked(jakartaPermissions.getUnchecked(), patternBuilder, urlPatternSpec);
                handleConnections(jakartaPermissions.getUnchecked(), patternBuilder, urlPatternSpec);
            }
        }
        return jakartaPermissions;
    }

    private static void handleExcluded(Permissions permissions, PatternBuilder patternBuilder, String str) {
        String str2 = null;
        BitSet excludedMethods = patternBuilder.getExcludedMethods();
        if (patternBuilder.getOtherConstraint().isExcluded()) {
            BitSet methodSet = patternBuilder.getMethodSet();
            methodSet.andNot(excludedMethods);
            if (!methodSet.isEmpty()) {
                str2 = "!" + MethodValue.getActions(methodSet);
            }
        } else if (excludedMethods.isEmpty()) {
            return;
        } else {
            str2 = MethodValue.getActions(excludedMethods);
        }
        permissions.add(new WebResourcePermission(str, str2));
        permissions.add(new WebUserDataPermission(str, str2));
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Jakarta Authorization: constraint capture: adding excluded methods: " + str2);
        }
    }

    private static void handlePerRole(Map<String, Permissions> map, PatternBuilder patternBuilder, String str) {
        HashMap<String, BitSet> roleMap = patternBuilder.getRoleMap();
        List<String> list = null;
        if (!patternBuilder.getOtherConstraint().isExcluded() && patternBuilder.getOtherConstraint().isAuthConstrained()) {
            list = patternBuilder.getOtherConstraint().getRoles();
            for (String str2 : list) {
                BitSet methodSet = patternBuilder.getMethodSet();
                BitSet bitSet = roleMap.get(str2);
                if (bitSet != null) {
                    methodSet.andNot(bitSet);
                }
                String str3 = null;
                if (!methodSet.isEmpty()) {
                    str3 = "!" + MethodValue.getActions(methodSet);
                }
                addToRoleMap(map, str2, new WebResourcePermission(str, str3));
            }
        }
        if (patternBuilder.getMethodSet().isEmpty()) {
            return;
        }
        for (Map.Entry<String, BitSet> entry : roleMap.entrySet()) {
            String key = entry.getKey();
            if (list == null || !list.contains(key)) {
                BitSet value = entry.getValue();
                if (!value.isEmpty()) {
                    addToRoleMap(map, key, new WebResourcePermission(str, MethodValue.getActions(value)));
                }
            }
        }
    }

    private static void handleUnchecked(Permissions permissions, PatternBuilder patternBuilder, String str) {
        String str2 = null;
        BitSet noAuthMethods = patternBuilder.getNoAuthMethods();
        if (!patternBuilder.getOtherConstraint().isAuthConstrained()) {
            BitSet methodSet = patternBuilder.getMethodSet();
            methodSet.andNot(noAuthMethods);
            if (!methodSet.isEmpty()) {
                str2 = "!" + MethodValue.getActions(methodSet);
            }
        } else if (noAuthMethods.isEmpty()) {
            return;
        } else {
            str2 = MethodValue.getActions(noAuthMethods);
        }
        permissions.add(new WebResourcePermission(str, str2));
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Jakarta Authorization: constraint capture: adding unchecked (for authorization) methods: " + str2);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:18:0x00a3  */
    /* JADX WARN: Removed duplicated region for block: B:21:0x00d1  */
    /* JADX WARN: Removed duplicated region for block: B:24:0x00e0 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:25:0x00a8  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void handleConnections(java.security.Permissions r6, org.glassfish.exousia.constraints.transformer.PatternBuilder r7, java.lang.String r8) {
        /*
            Method dump skipped, instructions count: 231
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.glassfish.exousia.constraints.transformer.ConstraintsToPermissionsTransformer.handleConnections(java.security.Permissions, org.glassfish.exousia.constraints.transformer.PatternBuilder, java.lang.String):void");
    }

    static int patternType(Object obj) {
        String obj2 = obj.toString();
        if (obj2.startsWith("*.")) {
            return 1;
        }
        if (obj2.startsWith("/") && obj2.endsWith("/*")) {
            return 2;
        }
        return obj2.equals("/") ? 0 : 3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean implies(String str, String str2) {
        if (str.equals(str2)) {
            return true;
        }
        if (!str.startsWith("/") || !str.endsWith("/*")) {
            if (!str.startsWith("*.")) {
                return str.equals("/");
            }
            int lastIndexOf = str2.lastIndexOf(47);
            return lastIndexOf >= 0 && str2.lastIndexOf(46) > lastIndexOf && str2.endsWith(str.substring(1));
        }
        String substring = str.substring(0, str.length() - 2);
        int length = substring.length();
        if (length == 0) {
            return true;
        }
        return str2.startsWith(substring) && (str2.length() == length || str2.substring(length).startsWith("/"));
    }

    private static void addToRoleMap(Map<String, Permissions> map, String str, Permission permission) {
        map.computeIfAbsent(str, str2 -> {
            return new Permissions();
        }).add(permission);
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Jakarta Authorization: constraint capture: adding methods to role: " + str + " methods: " + permission.getActions());
        }
    }

    private static void logExcludedUncheckedPermissionsWritten(Permissions permissions, Permissions permissions2) {
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Jakarta Authorization: constraint capture: end processing qualified url patterns");
            Iterator it = Collections.list(permissions.elements()).iterator();
            while (it.hasNext()) {
                Permission permission = (Permission) it.next();
                logger.fine("Jakarta Authorization: permission(excluded) type: " + permissionType(permission) + " name: " + permission.getName() + " actions: " + permission.getActions());
            }
            Iterator it2 = Collections.list(permissions2.elements()).iterator();
            while (it2.hasNext()) {
                Permission permission2 = (Permission) it2.next();
                logger.fine("Jakarta Authorization: permission(unchecked) type: " + permissionType(permission2) + " name: " + permission2.getName() + " actions: " + permission2.getActions());
            }
        }
    }

    private static void logPerRolePermissionsWritten(String str, Permissions permissions) {
        if (logger.isLoggable(Level.FINE)) {
            Iterator it = Collections.list(permissions.elements()).iterator();
            while (it.hasNext()) {
                Permission permission = (Permission) it.next();
                logger.fine("Jakarta Authorization: permission(" + str + ") type: " + permissionType(permission) + " name: " + permission.getName() + " actions: " + permission.getActions());
            }
        }
    }

    private static String permissionType(Permission permission) {
        return permission instanceof WebResourcePermission ? "WRP  " : "WUDP ";
    }
}
