package org.apache.geronimo.jetty;

import java.io.IOException;
import java.net.MalformedURLException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import javax.servlet.UnavailableException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.geronimo.security.GeronimoSecurityException;
import org.apache.geronimo.security.RealmPrincipal;
import org.apache.geronimo.security.deploy.Principal;
import org.apache.geronimo.security.deploy.Realm;
import org.apache.geronimo.security.deploy.Role;
import org.apache.geronimo.security.deploy.Security;
import org.apache.geronimo.security.jacc.RoleMappingConfiguration;
import org.apache.geronimo.security.util.ConfigurationUtil;
import org.apache.geronimo.security.util.URLPattern;
import org.mortbay.jetty.servlet.XMLConfiguration;
import org.mortbay.xml.XmlParser;

/* loaded from: input_file:org/apache/geronimo/jetty/JettyXMLConfiguration.class */
public class JettyXMLConfiguration extends XMLConfiguration {
    private static Log log;
    private Set securityRoles;
    private Map uncheckedPatterns;
    private Map excludedPatterns;
    private Map rolesPatterns;
    private Set allSet;
    private Map allMap;
    private Set allRoles;
    private Map roleRefs;
    static Class class$org$apache$geronimo$jetty$JettyXMLConfiguration;

    public JettyXMLConfiguration(JettyWebAppContext jettyWebAppContext) {
        super(jettyWebAppContext);
        this.securityRoles = new HashSet();
        this.uncheckedPatterns = new HashMap();
        this.excludedPatterns = new HashMap();
        this.rolesPatterns = new HashMap();
        this.allSet = new HashSet();
        this.allMap = new HashMap();
        this.allRoles = new HashSet();
        this.roleRefs = new HashMap();
    }

    protected void initialize(XmlParser.Node node) throws ClassNotFoundException, UnavailableException {
        super.initialize(node);
        Iterator it = this.allRoles.iterator();
        while (it.hasNext()) {
            ((URLPattern) it.next()).addAllRoles(this.securityRoles);
        }
    }

    protected void initServlet(XmlParser.Node node) throws ClassNotFoundException, UnavailableException, IOException, MalformedURLException {
        super.initServlet(node);
        String string = node.getString("servlet-name", false, true);
        if (string == null) {
            string = node.getString("servlet-class", false, true);
        }
        Iterator it = node.iterator("security-role-ref");
        while (it.hasNext()) {
            XmlParser.Node node2 = (XmlParser.Node) it.next();
            String string2 = node2.getString("role-name", false, true);
            String string3 = node2.getString("role-link", false, true);
            if (string2 == null || string2.length() <= 0 || string3 == null || string3.length() <= 0) {
                log.warn(new StringBuffer().append("Ignored invalid security-role-ref element: servlet-name=").append(string).append(", ").append(node2).toString());
            } else {
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("link role ").append(string2).append(" to ").append(string3).append(" for ").append(this).toString());
                }
                Set set = (Set) this.roleRefs.get(string3);
                if (set == null) {
                    set = new HashSet();
                    this.roleRefs.put(string3, set);
                }
                set.add(new WebRoleRefPermission(string, string2));
            }
        }
    }

    protected void initSecurityConstraint(XmlParser.Node node) {
        super.initSecurityConstraint(node);
        XmlParser.Node node2 = node.get("auth-constraint");
        Map map = node2 == null ? this.uncheckedPatterns : node2.size() == 0 ? this.excludedPatterns : this.rolesPatterns;
        XmlParser.Node node3 = node.get("user-data-constraint");
        String upperCase = node3 != null ? node3.get("transport-guarantee").toString(false, true).toUpperCase() : "";
        Iterator it = node.iterator("web-resource-collection");
        while (it.hasNext()) {
            XmlParser.Node node4 = (XmlParser.Node) it.next();
            Iterator it2 = node4.iterator("url-pattern");
            while (it2.hasNext()) {
                String node5 = ((XmlParser.Node) it2.next()).toString(false, true);
                URLPattern uRLPattern = (URLPattern) map.get(node5);
                if (uRLPattern == null) {
                    uRLPattern = new URLPattern(node5);
                    map.put(node5, uRLPattern);
                }
                URLPattern uRLPattern2 = (URLPattern) this.allMap.get(node5);
                if (uRLPattern2 == null) {
                    uRLPattern2 = new URLPattern(node5);
                    this.allSet.add(uRLPattern2);
                    this.allMap.put(node5, uRLPattern2);
                }
                boolean z = true;
                Iterator it3 = node4.iterator("http-method");
                while (it3.hasNext()) {
                    String node6 = ((XmlParser.Node) it2.next()).toString(false, true);
                    uRLPattern.addMethod(node6);
                    uRLPattern2.addMethod(node6);
                    z = false;
                }
                if (z) {
                    uRLPattern.addMethod("");
                    uRLPattern2.addMethod("");
                }
                if (map == this.rolesPatterns) {
                    Iterator it4 = node2.iterator("role-name");
                    while (it4.hasNext()) {
                        String node7 = ((XmlParser.Node) it4.next()).toString(false, true);
                        if (node7.equals("*")) {
                            this.allRoles.add(uRLPattern);
                        } else {
                            uRLPattern.addRole(node7);
                        }
                    }
                }
                uRLPattern.setTransport(upperCase);
            }
        }
    }

    protected void initSecurityRole(XmlParser.Node node) {
        super.initSecurityRole(node);
        this.securityRoles.add(node.get("role-name").toString(false, true));
    }

    public void configure(PolicyConfiguration policyConfiguration, Security security) throws GeronimoSecurityException {
        try {
            Iterator it = this.excludedPatterns.keySet().iterator();
            while (it.hasNext()) {
                URLPattern uRLPattern = (URLPattern) this.excludedPatterns.get(it.next());
                String qualifiedPattern = uRLPattern.getQualifiedPattern(this.allSet);
                String methods = uRLPattern.getMethods();
                policyConfiguration.addToExcludedPolicy(new WebResourcePermission(qualifiedPattern, methods));
                policyConfiguration.addToExcludedPolicy(new WebUserDataPermission(qualifiedPattern, methods));
            }
            Iterator it2 = this.rolesPatterns.keySet().iterator();
            while (it2.hasNext()) {
                URLPattern uRLPattern2 = (URLPattern) this.rolesPatterns.get(it2.next());
                WebResourcePermission webResourcePermission = new WebResourcePermission(uRLPattern2.getQualifiedPattern(this.allSet), uRLPattern2.getMethods());
                Iterator it3 = uRLPattern2.getRoles().iterator();
                while (it3.hasNext()) {
                    policyConfiguration.addToRole((String) it3.next(), webResourcePermission);
                }
            }
            Iterator it4 = this.uncheckedPatterns.keySet().iterator();
            while (it4.hasNext()) {
                URLPattern uRLPattern3 = (URLPattern) this.uncheckedPatterns.get(it4.next());
                policyConfiguration.addToUncheckedPolicy(new WebResourcePermission(uRLPattern3.getQualifiedPattern(this.allSet), uRLPattern3.getMethods()));
            }
            Iterator it5 = this.rolesPatterns.keySet().iterator();
            while (it5.hasNext()) {
                URLPattern uRLPattern4 = (URLPattern) this.rolesPatterns.get(it5.next());
                policyConfiguration.addToUncheckedPolicy(new WebUserDataPermission(uRLPattern4.getQualifiedPattern(this.allSet), uRLPattern4.getMethodsWithTransport()));
            }
            Iterator it6 = this.uncheckedPatterns.keySet().iterator();
            while (it6.hasNext()) {
                URLPattern uRLPattern5 = (URLPattern) this.uncheckedPatterns.get(it6.next());
                policyConfiguration.addToUncheckedPolicy(new WebUserDataPermission(uRLPattern5.getQualifiedPattern(this.allSet), uRLPattern5.getMethodsWithTransport()));
            }
            for (URLPattern uRLPattern6 : this.allSet) {
                String qualifiedPattern2 = uRLPattern6.getQualifiedPattern(this.allSet);
                String complementedMethods = uRLPattern6.getComplementedMethods();
                if (complementedMethods.length() != 0) {
                    policyConfiguration.addToUncheckedPolicy(new WebResourcePermission(qualifiedPattern2, complementedMethods));
                    policyConfiguration.addToUncheckedPolicy(new WebUserDataPermission(qualifiedPattern2, complementedMethods));
                }
            }
            URLPattern uRLPattern7 = new URLPattern("/");
            if (!this.allSet.contains(uRLPattern7)) {
                String qualifiedPattern3 = uRLPattern7.getQualifiedPattern(this.allSet);
                String complementedMethods2 = uRLPattern7.getComplementedMethods();
                policyConfiguration.addToUncheckedPolicy(new WebResourcePermission(qualifiedPattern3, complementedMethods2));
                policyConfiguration.addToUncheckedPolicy(new WebUserDataPermission(qualifiedPattern3, complementedMethods2));
            }
            JettyWebAppJACCContext jettyWebAppJACCContext = (JettyWebAppJACCContext) getWebApplicationContext();
            RoleMappingConfiguration roleMappingConfiguration = (RoleMappingConfiguration) policyConfiguration;
            for (Role role : security.getRoleMappings()) {
                String roleName = role.getRoleName();
                if (!this.securityRoles.contains(roleName)) {
                    throw new GeronimoSecurityException("Role does not exist in this configuration");
                }
                Subject subject = new Subject();
                for (Realm realm : role.getRealms()) {
                    HashSet hashSet = new HashSet();
                    for (Principal principal : realm.getPrincipals()) {
                        RealmPrincipal generateRealmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal, realm.getRealmName());
                        if (generateRealmPrincipal == null) {
                            throw new GeronimoSecurityException("Unable to create realm principal");
                        }
                        hashSet.add(generateRealmPrincipal);
                        if (principal.isDesignatedRunAs()) {
                            subject.getPrincipals().add(generateRealmPrincipal);
                        }
                    }
                    roleMappingConfiguration.addRoleMapping(roleName, hashSet);
                }
                if (subject.getPrincipals().size() > 0) {
                    jettyWebAppJACCContext.setRoleDesignate(roleName, subject);
                }
            }
            for (String str : this.roleRefs.keySet()) {
                Iterator it7 = ((Set) this.roleRefs.get(str)).iterator();
                while (it7.hasNext()) {
                    policyConfiguration.addToRole(str, (WebRoleRefPermission) it7.next());
                }
            }
        } catch (ClassCastException e) {
            throw new GeronimoSecurityException("Policy configuration object does not implement RoleMappingConfiguration", e.getCause());
        } catch (PolicyContextException e2) {
            throw new GeronimoSecurityException(e2);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$geronimo$jetty$JettyXMLConfiguration == null) {
            cls = class$("org.apache.geronimo.jetty.JettyXMLConfiguration");
            class$org$apache$geronimo$jetty$JettyXMLConfiguration = cls;
        } else {
            cls = class$org$apache$geronimo$jetty$JettyXMLConfiguration;
        }
        log = LogFactory.getLog(cls);
    }
}
