package com.sun.web.security;

import com.sun.enterprise.deployment.Role;
import com.sun.enterprise.deployment.SecurityRoleDescriptor;
import com.sun.enterprise.deployment.WebBundleDescriptor;
import com.sun.enterprise.deployment.WebComponentDescriptor;
import com.sun.enterprise.deployment.web.AuthorizationConstraint;
import com.sun.enterprise.deployment.web.SecurityConstraint;
import com.sun.enterprise.deployment.web.SecurityRoleReference;
import com.sun.enterprise.deployment.web.UserDataConstraint;
import com.sun.enterprise.deployment.web.WebResourceCollection;
import com.sun.logging.LogDomains;
import java.security.Permission;
import java.security.Permissions;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;

/* loaded from: input_file:119167-06/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/web/security/WebPermissionUtil.class */
public class WebPermissionUtil {
    private static final int PT_DEFAULT = 0;
    private static final int PT_EXTENSION = 1;
    private static final int PT_PREFIX = 2;
    private static final int PT_EXACT = 3;
    private static Logger logger = Logger.getLogger(LogDomains.SECURITY_LOGGER);
    private static ArrayList skippableList = new ArrayList();

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int patternType(Object obj) {
        String obj2 = obj.toString();
        if (obj2.startsWith("*.")) {
            return 1;
        }
        if (obj2.startsWith("/") && obj2.endsWith("/*")) {
            return 2;
        }
        return obj2.equals("/") ? 0 : 3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean implies(String str, String str2) {
        if (str.equals(str2)) {
            return true;
        }
        if (!str.startsWith("/") || !str.endsWith("/*")) {
            if (!str.startsWith("*.")) {
                return str.equals("/");
            }
            int lastIndexOf = str2.lastIndexOf(47);
            return lastIndexOf >= 0 && str2.lastIndexOf(46) > lastIndexOf && str2.endsWith(str.substring(1));
        }
        String substring = str.substring(0, str.length() - 2);
        int length = substring.length();
        if (length == 0) {
            return true;
        }
        return str2.startsWith(substring) && (str2.length() == length || str2.substring(length).startsWith("/"));
    }

    public static HashMap parseConstraints(WebBundleDescriptor webBundleDescriptor) {
        if (logger.isLoggable(Level.FINE)) {
            logger.entering("WebPermissionUtil", "parseConstraints");
        }
        HashMap hashMap = new HashMap();
        hashMap.put("/", new MapValue("/"));
        Enumeration securityConstraints = webBundleDescriptor.getSecurityConstraints();
        while (securityConstraints.hasMoreElements()) {
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "JACC: constraint translation: begin parsing security constraint");
            }
            SecurityConstraint securityConstraint = (SecurityConstraint) securityConstraints.nextElement();
            AuthorizationConstraint authorizationConstraint = securityConstraint.getAuthorizationConstraint();
            UserDataConstraint userDataConstraint = securityConstraint.getUserDataConstraint();
            Enumeration webResourceCollections = securityConstraint.getWebResourceCollections();
            while (webResourceCollections.hasMoreElements()) {
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, "JACC: constraint translation: begin parsing web resource collection");
                }
                WebResourceCollection webResourceCollection = (WebResourceCollection) webResourceCollections.nextElement();
                Enumeration urlPatterns = webResourceCollection.getUrlPatterns();
                while (urlPatterns.hasMoreElements()) {
                    String str = (String) urlPatterns.nextElement();
                    if (logger.isLoggable(Level.FINE)) {
                        logger.log(Level.FINE, new StringBuffer().append("JACC: constraint translation: process url: ").append(str).toString());
                    }
                    MapValue mapValue = (MapValue) hashMap.get(str);
                    if (mapValue == null) {
                        mapValue = new MapValue(str);
                        for (String str2 : hashMap.keySet()) {
                            int patternType = patternType(str2);
                            switch (patternType(str)) {
                                case 0:
                                    if (patternType != 0) {
                                        mapValue.addQualifier(str2);
                                        break;
                                    } else {
                                        break;
                                    }
                                case 1:
                                    if (patternType != 2 && (patternType != 3 || !implies(str, str2))) {
                                        if (patternType == 0) {
                                            ((MapValue) hashMap.get(str2)).addQualifier(str);
                                            break;
                                        } else {
                                            break;
                                        }
                                    } else {
                                        mapValue.addQualifier(str2);
                                        break;
                                    }
                                    break;
                                case 2:
                                    if ((patternType != 2 && patternType != 3) || !implies(str, str2)) {
                                        if (patternType != 2 || !implies(str2, str)) {
                                            if (patternType != 1 && patternType != 0) {
                                                break;
                                            } else {
                                                ((MapValue) hashMap.get(str2)).addQualifier(str);
                                                break;
                                            }
                                        } else {
                                            ((MapValue) hashMap.get(str2)).addQualifier(str);
                                            break;
                                        }
                                    } else {
                                        mapValue.addQualifier(str2);
                                        break;
                                    }
                                case 3:
                                    if ((patternType != 2 && patternType != 1) || !implies(str2, str)) {
                                        if (patternType == 0) {
                                            ((MapValue) hashMap.get(str2)).addQualifier(str);
                                            break;
                                        } else {
                                            break;
                                        }
                                    } else {
                                        ((MapValue) hashMap.get(str2)).addQualifier(str);
                                        break;
                                    }
                            }
                        }
                        hashMap.put(str, mapValue);
                    }
                    int methodArrayToSet = MapValue.methodArrayToSet(webResourceCollection.getHttpMethodsAsArray());
                    if (logger.isLoggable(Level.FINE)) {
                        logger.log(Level.FINE, new StringBuffer().append("JACC: constraint translation: methods of collection: ").append(methodArrayToSet).toString());
                    }
                    if (authorizationConstraint == null) {
                        if (logger.isLoggable(Level.FINE)) {
                            logger.log(Level.FINE, new StringBuffer().append("JACC: constraint translation: collection is unchecked for authorization at methods: ").append(methodArrayToSet).toString());
                        }
                        mapValue.setPredefinedOutcomeOnMethods(methodArrayToSet, true);
                    } else {
                        Enumeration securityRoles = authorizationConstraint.getSecurityRoles();
                        if (securityRoles.hasMoreElements()) {
                            while (securityRoles.hasMoreElements()) {
                                SecurityRoleDescriptor securityRoleDescriptor = (SecurityRoleDescriptor) securityRoles.nextElement();
                                mapValue.setRoleOnMethods(securityRoleDescriptor.getName(), methodArrayToSet, webBundleDescriptor);
                                if (logger.isLoggable(Level.FINE)) {
                                    logger.log(Level.FINE, new StringBuffer().append("JACC: constraint translation: collection is athorized to: ").append(securityRoleDescriptor.getName()).append(" at methods: ").append(methodArrayToSet).toString());
                                }
                            }
                        } else {
                            if (logger.isLoggable(Level.FINE)) {
                                logger.log(Level.FINE, new StringBuffer().append("JACC: constraint translation: collection is exclude at methods: ").append(methodArrayToSet).toString());
                            }
                            mapValue.setPredefinedOutcomeOnMethods(methodArrayToSet, false);
                        }
                    }
                    if (userDataConstraint == null) {
                        if (logger.isLoggable(Level.FINE)) {
                            logger.log(Level.FINE, new StringBuffer().append("JACC: constraint translation: collection requires no transport guarantee at methods: ").append(methodArrayToSet).toString());
                        }
                        mapValue.setConnectOnMethods(null, methodArrayToSet);
                    } else {
                        if (logger.isLoggable(Level.FINE)) {
                            logger.log(Level.FINE, new StringBuffer().append("JACC: constraint translation: collection requires transport guarantee: ").append(userDataConstraint.getTransportGuarantee()).append(" at methods: ").append(methodArrayToSet).toString());
                        }
                        mapValue.setConnectOnMethods(userDataConstraint.getTransportGuarantee(), methodArrayToSet);
                    }
                    if (logger.isLoggable(Level.FINE)) {
                        logger.log(Level.FINE, new StringBuffer().append("JACC: constraint translation: end processing url: ").append(str).toString());
                    }
                }
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, "JACC: constraint translation: end parsing web resource collection");
                }
            }
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "JACC: constraint translation: end parsing security constraint");
            }
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.exiting("WebPermissionUtil", "parseConstraints");
        }
        return hashMap;
    }

    public static void processConstraints(WebBundleDescriptor webBundleDescriptor, PolicyConfiguration policyConfiguration) throws PolicyContextException {
        if (logger.isLoggable(Level.FINE)) {
            logger.entering("WebPermissionUtil", "processConstraints");
            logger.log(Level.FINE, new StringBuffer().append("JACC: constraint translation: CODEBASE = ").append(policyConfiguration.getContextID()).toString());
        }
        HashMap parseConstraints = parseConstraints(webBundleDescriptor);
        HashMap hashMap = new HashMap();
        Permissions permissions = new Permissions();
        Permissions permissions2 = new Permissions();
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "JACC: constraint capture: begin processing qualified url patterns");
        }
        for (MapValue mapValue : parseConstraints.values()) {
            if (!mapValue.irrelevantByQualifier) {
                String stringBuffer = mapValue.urlPatternSpec.toString();
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, new StringBuffer().append("JACC: constraint capture: urlPattern: ").append(stringBuffer).toString());
                }
                String[] methodsWithPredefinedOutcome = mapValue.getMethodsWithPredefinedOutcome(false);
                if (methodsWithPredefinedOutcome != null) {
                    if (logger.isLoggable(Level.FINE)) {
                        logger.log(Level.FINE, new StringBuffer().append("JACC: constraint capture: adding excluded methods: ").append(MapValue.methodArrayToSet(methodsWithPredefinedOutcome)).toString());
                    }
                    permissions.add(new WebResourcePermission(stringBuffer, methodsWithPredefinedOutcome));
                    permissions.add(new WebUserDataPermission(stringBuffer, methodsWithPredefinedOutcome, null));
                }
                String[] methodsWithPredefinedOutcome2 = mapValue.getMethodsWithPredefinedOutcome(true);
                if (methodsWithPredefinedOutcome2 != null) {
                    if (logger.isLoggable(Level.FINE)) {
                        logger.log(Level.FINE, new StringBuffer().append("JACC: constraint capture: adding unchecked (for authorization) methods: ").append(MapValue.methodArrayToSet(methodsWithPredefinedOutcome2)).toString());
                    }
                    permissions2.add(new WebResourcePermission(stringBuffer, methodsWithPredefinedOutcome2));
                }
                for (int i = 0; i < MethodValue.connectKeys.length; i++) {
                    String[] connectMap = mapValue.getConnectMap(1 << i);
                    if (connectMap != null) {
                        if (logger.isLoggable(Level.FINE)) {
                            logger.log(Level.FINE, new StringBuffer().append("JACC: constraint capture: adding methods that accept connections with protection: ").append(MethodValue.connectKeys[i]).append(" methods: ").append(MapValue.methodArrayToSet(connectMap)).toString());
                        }
                        permissions2.add(new WebUserDataPermission(stringBuffer, connectMap, (String) MethodValue.connectKeys[i]));
                    }
                }
                HashMap roleMap = mapValue.getRoleMap();
                for (String str : roleMap.keySet()) {
                    String[] methodArray = MapValue.getMethodArray(((Integer) roleMap.get(str)).intValue());
                    if (logger.isLoggable(Level.FINE)) {
                        logger.log(Level.FINE, new StringBuffer().append("JACC: constraint capture: adding methods that may be called by role: ").append(str).append(" methods: ").append(MapValue.methodArrayToSet(methodArray)).toString());
                    }
                    Permissions permissions3 = (Permissions) hashMap.get(str);
                    if (permissions3 == null) {
                        permissions3 = new Permissions();
                        hashMap.put(str, permissions3);
                    }
                    permissions3.add(new WebResourcePermission(stringBuffer, methodArray));
                }
            }
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "JACC: constraint capture: end processing qualified url patterns");
            Enumeration<Permission> elements = permissions.elements();
            while (elements.hasMoreElements()) {
                Permission nextElement = elements.nextElement();
                logger.log(Level.FINE, new StringBuffer().append("JACC: permission(excluded) type: ").append(nextElement instanceof WebResourcePermission ? "WRP  " : "WUDP ").append(" name: ").append(nextElement.getName()).append(" actions: ").append(nextElement.getActions()).toString());
            }
            Enumeration<Permission> elements2 = permissions2.elements();
            while (elements2.hasMoreElements()) {
                Permission nextElement2 = elements2.nextElement();
                logger.log(Level.FINE, new StringBuffer().append("JACC: permission(unchecked) type: ").append(nextElement2 instanceof WebResourcePermission ? "WRP  " : "WUDP ").append(" name: ").append(nextElement2.getName()).append(" actions: ").append(nextElement2.getActions()).toString());
            }
        }
        policyConfiguration.addToExcludedPolicy(permissions);
        policyConfiguration.addToUncheckedPolicy(permissions2);
        for (String str2 : hashMap.keySet()) {
            Permissions permissions4 = (Permissions) hashMap.get(str2);
            policyConfiguration.addToRole(str2, permissions4);
            if (logger.isLoggable(Level.FINE)) {
                Enumeration<Permission> elements3 = permissions4.elements();
                while (elements3.hasMoreElements()) {
                    Permission nextElement3 = elements3.nextElement();
                    logger.log(Level.FINE, new StringBuffer().append("JACC: permission(").append(str2).append(") type: ").append(nextElement3 instanceof WebResourcePermission ? "WRP  " : "WUDP ").append(" name: ").append(nextElement3.getName()).append(" actions: ").append(nextElement3.getActions()).toString());
                }
            }
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.exiting("WebPermissionUtil", "processConstraints");
        }
    }

    public static void createWebRoleRefPermission(WebBundleDescriptor webBundleDescriptor, PolicyConfiguration policyConfiguration) throws PolicyContextException {
        if (logger.isLoggable(Level.FINE)) {
            logger.entering("WebPermissionUtil", "createWebRoleRefPermission");
            logger.log(Level.FINE, new StringBuffer().append("JACC: role-reference translation: Processing WebRoleRefPermission : CODEBASE = ").append(policyConfiguration.getContextID()).toString());
        }
        ArrayList arrayList = new ArrayList();
        Set<Role> roles = webBundleDescriptor.getRoles();
        Enumeration webComponentDescriptors = webBundleDescriptor.getWebComponentDescriptors();
        while (webComponentDescriptors.hasMoreElements()) {
            WebComponentDescriptor webComponentDescriptor = (WebComponentDescriptor) webComponentDescriptors.nextElement();
            String canonicalName = webComponentDescriptor.getCanonicalName();
            Enumeration securityRoleReferences = webComponentDescriptor.getSecurityRoleReferences();
            while (securityRoleReferences.hasMoreElements()) {
                SecurityRoleReference securityRoleReference = (SecurityRoleReference) securityRoleReferences.nextElement();
                if (securityRoleReference != null) {
                    String rolename = securityRoleReference.getRolename();
                    Permission webRoleRefPermission = new WebRoleRefPermission(canonicalName, rolename);
                    arrayList.add(new Role(rolename));
                    policyConfiguration.addToRole(securityRoleReference.getSecurityRoleLink().getName(), webRoleRefPermission);
                    if (logger.isLoggable(Level.FINE)) {
                        logger.log(Level.FINE, new StringBuffer().append("JACC: role-reference translation: RoleRefPermission created with name(servlet-name)  = ").append(canonicalName).append(" and action(Role-name tag) = ").append(rolename).append(" added to role(role-link tag) = ").append(securityRoleReference.getSecurityRoleLink().getName()).toString());
                    }
                }
            }
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "JACC: role-reference translation: Going through the list of roles not present in RoleRef elements and creating WebRoleRefPermissions ");
            }
            for (Role role : roles) {
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, new StringBuffer().append("JACC: role-reference translation: Looking at Role =  ").append(role.getName()).toString());
                }
                if (!arrayList.contains(role)) {
                    String name = role.getName();
                    WebRoleRefPermission webRoleRefPermission2 = new WebRoleRefPermission(canonicalName, name);
                    policyConfiguration.addToRole(name, webRoleRefPermission2);
                    if (logger.isLoggable(Level.FINE)) {
                        logger.log(Level.FINE, new StringBuffer().append("JACC: role-reference translation: RoleRef  = ").append(name).append(" is added for servlet-resource = ").append(canonicalName).toString());
                        logger.log(Level.FINE, new StringBuffer().append("JACC: role-reference translation: Permission added for above role-ref =").append(webRoleRefPermission2.getName()).append(" ").append(webRoleRefPermission2.getActions()).toString());
                    }
                }
            }
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.exiting("WebPermissionUtil", "createWebRoleRefPermission");
        }
        for (Role role2 : roles) {
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, new StringBuffer().append("JACC: role-reference translation: Looking at Role =  ").append(role2.getName()).toString());
            }
            String name2 = role2.getName();
            WebRoleRefPermission webRoleRefPermission3 = new WebRoleRefPermission("", name2);
            policyConfiguration.addToRole(name2, webRoleRefPermission3);
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, new StringBuffer().append("JACC: role-reference translation: RoleRef  = ").append(name2).append(" is added for jsp's that can't be mapped to servlets").toString());
                logger.log(Level.FINE, new StringBuffer().append("JACC: role-reference translation: Permission added for above role-ref =").append(webRoleRefPermission3.getName()).append(" ").append(webRoleRefPermission3.getActions()).toString());
            }
        }
    }

    static {
        skippableList.add("meta-inf");
        skippableList.add("web-inf");
        skippableList.add("tld");
        skippableList.add(".com.sun.deployment.backend.lock");
    }
}
