package com.apusic.web.container;

import com.apusic.deploy.runtime.SecurityConstraint;
import com.apusic.deploy.runtime.ServletModel;
import com.apusic.deploy.runtime.WebModule;
import com.apusic.deploy.runtime.WebResource;
import com.apusic.security.Role;
import com.apusic.security.Security;
import com.apusic.util.SimpleCache;
import com.apusic.web.session.ManagerBase;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.HashMap;
import java.util.Map;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/apusic/web/container/ConstraintMapper.class */
public final class ConstraintMapper {
    private WebContainer container;
    private String contextId;
    private PolicyConfiguration pc;
    private static CodeSource codesource = new CodeSource((URL) null, (Certificate[]) null);
    private SimpleCache<Principal, ProtectionDomain> protectionDomainCache = SimpleCache.make(ManagerBase.SESSION_LIST_INIT_SIZE);
    private Policy policy = Policy.getPolicy();

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConstraintMapper(WebContainer webContainer) {
        this.container = webContainer;
        WebModule webModule = webContainer.getWebModule();
        this.contextId = webModule.getApplication().getName() + "#" + webModule.getContextRoot();
    }

    public void populate() throws PolicyContextException, ClassNotFoundException {
        this.pc = PolicyConfigurationFactory.getPolicyConfigurationFactory().getPolicyConfiguration(this.contextId, true);
        this.pc.linkConfiguration(this.container.getWebModule().getApplication().getPolicyConfiguration());
        convertConstraints(this.pc);
        convertRoleReferences(this.pc);
        this.pc.commit();
    }

    public void destroy() {
        if (this.pc != null) {
            try {
                this.pc.delete();
            } catch (Exception e) {
            }
            this.pc = null;
        }
    }

    private void convertConstraints(PolicyConfiguration policyConfiguration) throws PolicyContextException {
        Map<String, URLPattern> parseConstraints = parseConstraints();
        Permissions permissions = new Permissions();
        Permissions permissions2 = new Permissions();
        HashMap hashMap = new HashMap();
        for (URLPattern uRLPattern : parseConstraints.values()) {
            if (!uRLPattern.irrelevant) {
                String stringBuffer = uRLPattern.patternSpec.toString();
                String excludedActions = uRLPattern.getExcludedActions();
                if (excludedActions != null) {
                    permissions.add(new WebResourcePermission(stringBuffer, excludedActions));
                    permissions.add(new WebUserDataPermission(stringBuffer, excludedActions));
                }
                uRLPattern.fillPermissionsForTransport(permissions2);
                String uncheckedActions = uRLPattern.getUncheckedActions();
                if (uncheckedActions != null) {
                    permissions2.add(new WebResourcePermission(stringBuffer, uncheckedActions));
                }
                for (Map.Entry<String, String> entry : uRLPattern.getRoleActions().entrySet()) {
                    String key = entry.getKey();
                    String value = entry.getValue();
                    Permissions permissions3 = (Permissions) hashMap.get(key);
                    if (permissions3 == null) {
                        permissions3 = new Permissions();
                        hashMap.put(key, permissions3);
                    }
                    permissions3.add(new WebResourcePermission(stringBuffer, value));
                }
            }
        }
        policyConfiguration.addToExcludedPolicy(permissions);
        policyConfiguration.addToUncheckedPolicy(permissions2);
        for (String str : hashMap.keySet()) {
            policyConfiguration.addToRole(str, (PermissionCollection) hashMap.get(str));
        }
    }

    private Map<String, URLPattern> parseConstraints() {
        WebModule webModule = this.container.getWebModule();
        HashMap hashMap = new HashMap();
        hashMap.put("/", new URLPattern("/"));
        for (SecurityConstraint securityConstraint : webModule.getSecurityConstraints()) {
            for (WebResource webResource : securityConstraint.getWebResources()) {
                for (String str : webResource.getUrlPatterns()) {
                    if (!str.startsWith("/") && !str.startsWith("*")) {
                        str = "/" + str;
                    }
                    URLPattern uRLPattern = (URLPattern) hashMap.get(str);
                    if (uRLPattern == null) {
                        uRLPattern = new URLPattern(str);
                        hashMap.put(str, uRLPattern);
                    }
                    boolean[] zArr = new boolean[1];
                    String[] resultHttpMethods = webResource.getResultHttpMethods(zArr);
                    String[] allowedRoles = securityConstraint.getAllowedRoles();
                    if (securityConstraint.needAuth()) {
                        if (allowedRoles == null || allowedRoles.length == 0) {
                            uRLPattern.addExcludedMethods(resultHttpMethods, zArr[0]);
                        } else {
                            uRLPattern.addRoleForMethods(webModule.getSecurityRoles(), allowedRoles, resultHttpMethods, zArr[0]);
                        }
                    }
                    uRLPattern.setTransportTypeForMethods(securityConstraint.getTransportGuarantee(), resultHttpMethods, zArr[0]);
                }
            }
        }
        for (String str2 : hashMap.keySet()) {
            URLPattern uRLPattern2 = (URLPattern) hashMap.get(str2);
            for (String str3 : hashMap.keySet()) {
                if (!str2.equals(str3)) {
                    int i = ((URLPattern) hashMap.get(str3)).patternType;
                    switch (uRLPattern2.patternType) {
                        case 1:
                            if (i != 1 && i != 0) {
                                break;
                            } else if (URLPattern.matches(str2, str3)) {
                                uRLPattern2.addQualifier(str3);
                                break;
                            } else {
                                break;
                            }
                            break;
                        case 2:
                            if (i == 1 || (i == 0 && URLPattern.matches(str2, str3))) {
                                uRLPattern2.addQualifier(str3);
                                break;
                            }
                            break;
                        case 3:
                            if (i != 3) {
                                uRLPattern2.addQualifier(str3);
                                break;
                            } else {
                                break;
                            }
                    }
                }
            }
        }
        return hashMap;
    }

    private void convertRoleReferences(PolicyConfiguration policyConfiguration) throws PolicyContextException {
        WebModule webModule = this.container.getWebModule();
        for (ServletModel servletModel : webModule.getServletList()) {
            String name = servletModel.getName();
            for (String str : servletModel.getRoleReferences().keySet()) {
                policyConfiguration.addToRole(servletModel.getRoleLink(str), new WebRoleRefPermission(name, str));
            }
            for (Role role : webModule.getSecurityRoles()) {
                String name2 = role.getName();
                policyConfiguration.addToRole(name2, new WebRoleRefPermission(name, name2));
            }
        }
        for (Role role2 : webModule.getSecurityRoles()) {
            String name3 = role2.getName();
            policyConfiguration.addToRole(name3, new WebRoleRefPermission("", name3));
        }
    }

    public boolean checkUserDataPermission(HttpServletRequest httpServletRequest) {
        return checkPermission(new WebUserDataPermission(httpServletRequest), null);
    }

    public boolean checkResourcePermission(HttpServletRequest httpServletRequest) {
        return checkPermission(new WebResourcePermission(httpServletRequest), Security.getCurrentUser());
    }

    public boolean checkRoleRefPermission(String str, String str2, Principal principal) {
        if (str == null) {
            str = "";
        }
        return checkPermission(new WebRoleRefPermission(str, str2), principal);
    }

    private boolean checkPermission(Permission permission, Principal principal) {
        boolean z;
        String str = null;
        try {
            ProtectionDomain cachedProtectionDomain = getCachedProtectionDomain(principal);
            str = setPolicyContext(this.contextId);
            z = this.policy.implies(cachedProtectionDomain, permission);
        } catch (Throwable th) {
            z = false;
        }
        setPolicyContext(str);
        return z;
    }

    private ProtectionDomain getCachedProtectionDomain(Principal principal) {
        ProtectionDomain protectionDomain = this.protectionDomainCache.get(principal);
        if (protectionDomain == null) {
            protectionDomain = principal == null ? new ProtectionDomain(codesource, null) : new ProtectionDomain(codesource, null, null, new Principal[]{principal});
            this.protectionDomainCache.put(principal, protectionDomain);
        }
        return protectionDomain;
    }

    private static String setPolicyContext(final String str) {
        String contextID = PolicyContext.getContextID();
        if (System.getSecurityManager() == null) {
            PolicyContext.setContextID(str);
        } else {
            AccessController.doPrivileged(new PrivilegedAction() { // from class: com.apusic.web.container.ConstraintMapper.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    PolicyContext.setContextID(str);
                    return null;
                }
            });
        }
        return contextID;
    }
}
