package weblogic.servlet.internal.dd.compliance;

import java.util.HashSet;
import java.util.Set;
import weblogic.j2ee.descriptor.AuthConstraintBean;
import weblogic.j2ee.descriptor.SecurityConstraintBean;
import weblogic.j2ee.descriptor.SecurityRoleBean;
import weblogic.j2ee.descriptor.UserDataConstraintBean;
import weblogic.j2ee.descriptor.WebResourceCollectionBean;
import weblogic.servlet.internal.dd.UserDataConstraint;
import weblogic.utils.ErrorCollectionException;

/* loaded from: input_file:weblogic/servlet/internal/dd/compliance/SecurityConstraintComplianceChecker.class */
public class SecurityConstraintComplianceChecker extends BaseComplianceChecker {
    private Set resourceNames;

    @Override // weblogic.servlet.internal.dd.compliance.BaseComplianceChecker, weblogic.servlet.internal.dd.compliance.ComplianceChecker
    public void check(DeploymentInfo deploymentInfo) throws ErrorCollectionException {
        for (SecurityConstraintBean securityConstraintBean : deploymentInfo.getWebAppBean().getSecurityConstraints()) {
            checkSecurityConstraint(securityConstraintBean, deploymentInfo);
        }
    }

    private void checkSecurityConstraint(SecurityConstraintBean securityConstraintBean, DeploymentInfo deploymentInfo) throws ErrorCollectionException {
        String[] displayNames = securityConstraintBean.getDisplayNames();
        String str = null;
        if (displayNames != null && displayNames.length > 0) {
            str = displayNames[0];
        }
        WebResourceCollectionBean[] webResourceCollections = securityConstraintBean.getWebResourceCollections();
        if (webResourceCollections != null) {
            for (WebResourceCollectionBean webResourceCollectionBean : webResourceCollections) {
                checkResourceCollection(webResourceCollectionBean);
            }
        }
        UserDataConstraintBean userDataConstraint = securityConstraintBean.getUserDataConstraint();
        if (userDataConstraint != null) {
            String transportGuarantee = userDataConstraint.getTransportGuarantee();
            if (!isTransportGuaranteeValid(transportGuarantee)) {
                addDescriptorError(this.fmt.INVALID_TRANSPORT_GUARANTEE(transportGuarantee));
            }
        }
        AuthConstraintBean authConstraint = securityConstraintBean.getAuthConstraint();
        if (authConstraint != null) {
            SecurityRoleBean[] securityRoles = deploymentInfo.getWebAppBean().getSecurityRoles();
            String[] strArr = null;
            if (securityRoles != null) {
                strArr = new String[securityRoles.length];
                for (int i = 0; i < securityRoles.length; i++) {
                    strArr[i] = securityRoles[i].getRoleName();
                }
            }
            String[] roleNames = authConstraint.getRoleNames();
            if (roleNames != null) {
                for (String str2 : roleNames) {
                    if (str2 == null || !"*".equals(str2)) {
                        boolean z = false;
                        int i2 = 0;
                        while (true) {
                            if (i2 >= strArr.length) {
                                break;
                            }
                            if (strArr[i2].equals(str2)) {
                                z = true;
                                break;
                            }
                            i2++;
                        }
                        if (!z) {
                            addDescriptorError(this.fmt.NO_SECURITY_ROLE_FOR_AUTH(str2));
                        }
                    } else {
                        update("info : Since '*' is specified, all roles will be given access to the resource " + (str != null ? ": " + str : ""));
                    }
                }
            }
        }
        checkForExceptions();
    }

    private void checkResourceCollection(WebResourceCollectionBean webResourceCollectionBean) throws ErrorCollectionException {
        String webResourceName = webResourceCollectionBean.getWebResourceName();
        String[] urlPatterns = webResourceCollectionBean.getUrlPatterns();
        if (!addResourceName(webResourceName)) {
            addDescriptorError(this.fmt.DUPLICATE_RESOURCE_NAME(webResourceName));
        }
        if (urlPatterns != null) {
            for (String str : urlPatterns) {
                validateURLPattern(webResourceName, str);
            }
        }
        checkForExceptions();
    }

    private boolean addResourceName(String str) {
        if (this.resourceNames == null) {
            this.resourceNames = new HashSet();
        }
        return this.resourceNames.add(str);
    }

    private static boolean isTransportGuaranteeValid(String str) {
        return "NONE".equals(str) || UserDataConstraint.INTEGRAL.equals(str) || UserDataConstraint.CONFIDENTIAL.equals(str);
    }

    private void validateURLPattern(String str, String str2) {
        if (str2 == null || str2.length() == 0) {
            addDescriptorError(this.fmt.ILLEGAL_URL_PATTERN(str));
        }
    }
}
