package weblogic.servlet.internal;

import com.bea.xml_.impl.jam.xml.JamXmlElements;
import java.util.Collection;
import java.util.Iterator;
import javax.servlet.HttpMethodConstraintElement;
import javax.servlet.ServletSecurityElement;
import javax.servlet.annotation.ServletSecurity;
import weblogic.descriptor.internal.AbstractDescriptorBean;
import weblogic.j2ee.descriptor.AuthConstraintBean;
import weblogic.j2ee.descriptor.SecurityConstraintBean;
import weblogic.j2ee.descriptor.SecurityRoleBean;
import weblogic.j2ee.descriptor.WebAppBean;
import weblogic.j2ee.descriptor.WebResourceCollectionBean;
import weblogic.servlet.internal.dd.UserDataConstraint;

/* loaded from: input_file:weblogic/servlet/internal/SecurityConstraintHelper.class */
public final class SecurityConstraintHelper {
    private static void checkRolesAllowed(ServletSecurity.EmptyRoleSemantic emptyRoleSemantic, String[] strArr) {
        if (strArr != null && strArr.length > 0 && emptyRoleSemantic == ServletSecurity.EmptyRoleSemantic.DENY) {
            throw new IllegalArgumentException("The default authorization semantic should not be specified when a non-empty array is specified for rolesAllowed");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void checkServletSecurityElement(ServletSecurityElement servletSecurityElement) {
        if (servletSecurityElement == null) {
            throw new IllegalArgumentException("Security Constraint can't be null");
        }
        checkRolesAllowed(servletSecurityElement.getEmptyRoleSemantic(), servletSecurityElement.getRolesAllowed());
        Collection<HttpMethodConstraintElement> httpMethodConstraints = servletSecurityElement.getHttpMethodConstraints();
        if (httpMethodConstraints != null) {
            for (HttpMethodConstraintElement httpMethodConstraintElement : httpMethodConstraints) {
                String methodName = httpMethodConstraintElement.getMethodName();
                if (methodName == null || methodName.length() == 0) {
                    throw new IllegalArgumentException("The name of an HTTP protocol method may not be null, or the empty string, and must be a legitimate HTTP Method name as defined by RFC 2616");
                }
                checkRolesAllowed(httpMethodConstraintElement.getEmptyRoleSemantic(), httpMethodConstraintElement.getRolesAllowed());
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static boolean isSecurityConstraintBeanFromDescriptor(SecurityConstraintBean securityConstraintBean) {
        String str = (String) ((AbstractDescriptorBean) securityConstraintBean).getMetaData("source");
        if (str == null) {
            return true;
        }
        return (str.equals(JamXmlElements.ANNOTATION) || str.equals("dynamic")) ? false : true;
    }

    private static void destorySecurityConstraintBean(WebAppBean webAppBean, SecurityConstraintBean securityConstraintBean, Collection<String> collection) {
        WebResourceCollectionBean[] webResourceCollections = securityConstraintBean.getWebResourceCollections();
        if (webResourceCollections == null) {
            return;
        }
        for (WebResourceCollectionBean webResourceCollectionBean : webResourceCollections) {
            String[] urlPatterns = webResourceCollectionBean.getUrlPatterns();
            if (urlPatterns != null) {
                for (String str : urlPatterns) {
                    if (collection.contains(str)) {
                        webAppBean.destroySecurityConstraint(securityConstraintBean);
                        return;
                    }
                }
            }
        }
    }

    static void destorySecurityConstraintBeans(WebAppBean webAppBean, Collection<String> collection) {
        SecurityConstraintBean[] securityConstraints = webAppBean.getSecurityConstraints();
        if (securityConstraints == null) {
            return;
        }
        for (SecurityConstraintBean securityConstraintBean : securityConstraints) {
            if (!isSecurityConstraintBeanFromDescriptor(securityConstraintBean)) {
                destorySecurityConstraintBean(webAppBean, securityConstraintBean, collection);
            }
        }
    }

    private static SecurityConstraintBean createSecurityConstraintBean(WebAppBean webAppBean, Collection<String> collection, String[] strArr, ServletSecurity.EmptyRoleSemantic emptyRoleSemantic, ServletSecurity.TransportGuarantee transportGuarantee, String str, boolean z) {
        SecurityConstraintBean createSecurityConstraint = webAppBean.createSecurityConstraint();
        WebResourceCollectionBean createWebResourceCollection = createSecurityConstraint.createWebResourceCollection();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            createWebResourceCollection.addUrlPattern(it.next());
        }
        if (strArr != null && strArr.length > 0) {
            AuthConstraintBean createAuthConstraint = createSecurityConstraint.createAuthConstraint();
            for (String str2 : strArr) {
                SecurityRoleBean[] securityRoles = webAppBean.getSecurityRoles();
                boolean z2 = false;
                int length = securityRoles.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (securityRoles[i].getRoleName().equals(str2)) {
                        z2 = true;
                        break;
                    }
                    i++;
                }
                if (!z2) {
                    webAppBean.createSecurityRole().setRoleName(str2);
                }
                createAuthConstraint.addRoleName(str2);
            }
        } else if (str == null && emptyRoleSemantic == ServletSecurity.EmptyRoleSemantic.PERMIT && z && webAppBean.isDenyUncoveredHttpMethods()) {
            createSecurityConstraint.createAuthConstraint();
        } else if (emptyRoleSemantic != ServletSecurity.EmptyRoleSemantic.PERMIT) {
            createSecurityConstraint.createAuthConstraint();
        }
        if (transportGuarantee != null) {
            createSecurityConstraint.createUserDataConstraint().setTransportGuarantee(transportGuarantee == ServletSecurity.TransportGuarantee.CONFIDENTIAL ? UserDataConstraint.CONFIDENTIAL : "NONE");
        }
        if (str != null) {
            createWebResourceCollection.addHttpMethod(str);
        }
        return createSecurityConstraint;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static void markSecurityConstraintBean(SecurityConstraintBean securityConstraintBean, boolean z) {
        if (z) {
            ((AbstractDescriptorBean) securityConstraintBean).setMetaData("source", JamXmlElements.ANNOTATION);
        } else {
            ((AbstractDescriptorBean) securityConstraintBean).setMetaData("source", "dynamic");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void processServletSecurityElement(WebAppBean webAppBean, Collection<String> collection, ServletSecurityElement servletSecurityElement, boolean z) {
        SecurityConstraintBean securityConstraintBean = null;
        Collection<HttpMethodConstraintElement> httpMethodConstraints = servletSecurityElement.getHttpMethodConstraints();
        if (!webAppBean.isDenyUncoveredHttpMethods() || httpMethodConstraints == null || httpMethodConstraints.size() == 0) {
            securityConstraintBean = createSecurityConstraintBean(webAppBean, collection, servletSecurityElement.getRolesAllowed(), servletSecurityElement.getEmptyRoleSemantic(), servletSecurityElement.getTransportGuarantee(), null, z);
            markSecurityConstraintBean(securityConstraintBean, z);
        }
        if (httpMethodConstraints != null) {
            for (HttpMethodConstraintElement httpMethodConstraintElement : httpMethodConstraints) {
                String methodName = httpMethodConstraintElement.getMethodName();
                markSecurityConstraintBean(createSecurityConstraintBean(webAppBean, collection, httpMethodConstraintElement.getRolesAllowed(), httpMethodConstraintElement.getEmptyRoleSemantic(), httpMethodConstraintElement.getTransportGuarantee(), methodName, z), z);
                if (securityConstraintBean != null) {
                    securityConstraintBean.getWebResourceCollections()[0].addHttpMethodOmission(methodName);
                }
            }
        }
    }
}
