package com.sun.enterprise.deployment.annotation.handlers;

import com.sun.enterprise.deployment.AuthorizationConstraintImpl;
import com.sun.enterprise.deployment.Role;
import com.sun.enterprise.deployment.SecurityConstraintImpl;
import com.sun.enterprise.deployment.UserDataConstraintImpl;
import com.sun.enterprise.deployment.WebBundleDescriptor;
import com.sun.enterprise.deployment.WebComponentDescriptor;
import com.sun.enterprise.deployment.WebResourceCollectionImpl;
import com.sun.enterprise.deployment.annotation.context.WebBundleContext;
import com.sun.enterprise.deployment.annotation.context.WebComponentContext;
import com.sun.enterprise.deployment.web.AuthorizationConstraint;
import com.sun.enterprise.deployment.web.SecurityConstraint;
import com.sun.enterprise.deployment.web.UserDataConstraint;
import com.sun.enterprise.deployment.web.WebResourceCollection;
import java.lang.annotation.Annotation;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import javax.servlet.annotation.HttpConstraint;
import javax.servlet.annotation.HttpMethodConstraint;
import javax.servlet.annotation.ServletSecurity;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import org.glassfish.apf.AnnotationInfo;
import org.glassfish.apf.AnnotationProcessorException;
import org.glassfish.apf.HandlerProcessingResult;
import org.glassfish.apf.ResultType;
import org.jvnet.hk2.annotations.Service;

@Service
/* loaded from: input_file:com/sun/enterprise/deployment/annotation/handlers/ServletSecurityHandler.class */
public class ServletSecurityHandler extends AbstractWebHandler {
    public Class<? extends Annotation> getAnnotationType() {
        return ServletSecurity.class;
    }

    @Override // com.sun.enterprise.deployment.annotation.handlers.AbstractWebHandler
    protected HandlerProcessingResult processAnnotation(AnnotationInfo annotationInfo, WebComponentContext[] webComponentContextArr) throws AnnotationProcessorException {
        HandlerProcessingResult handlerProcessingResult = null;
        for (WebComponentContext webComponentContext : webComponentContextArr) {
            handlerProcessingResult = processAnnotation(annotationInfo, webComponentContext.getDescriptor());
            if (handlerProcessingResult.getOverallResult() == ResultType.FAILED) {
                break;
            }
        }
        return handlerProcessingResult;
    }

    @Override // com.sun.enterprise.deployment.annotation.handlers.AbstractWebHandler
    protected HandlerProcessingResult processAnnotation(AnnotationInfo annotationInfo, WebBundleContext webBundleContext) throws AnnotationProcessorException {
        return getInvalidAnnotatedElementHandlerResult(annotationInfo.getProcessingContext().getHandler(), annotationInfo);
    }

    @Override // com.sun.enterprise.deployment.annotation.handlers.AbstractHandler
    public Class<? extends Annotation>[] getTypeDependencies() {
        return new Class[]{WebServlet.class};
    }

    private HandlerProcessingResult processAnnotation(AnnotationInfo annotationInfo, WebComponentDescriptor webComponentDescriptor) throws AnnotationProcessorException {
        Class cls = (Class) annotationInfo.getAnnotatedElement();
        if (!HttpServlet.class.isAssignableFrom(cls)) {
            log(Level.SEVERE, annotationInfo, localStrings.getLocalString("enterprise.deployment.annotation.handlers.needtoextend", "The Class {0} having annotation {1} need to be a derived class of {2}.", new Object[]{cls.getName(), SecurityConstraint.class.getName(), HttpServlet.class.getName()}));
            return getDefaultFailedResult();
        }
        Set<String> urlPatternsWithoutSecurityConstraint = getUrlPatternsWithoutSecurityConstraint(webComponentDescriptor);
        if (urlPatternsWithoutSecurityConstraint != null && urlPatternsWithoutSecurityConstraint.size() > 0) {
            WebBundleDescriptor webBundleDescriptor = webComponentDescriptor.getWebBundleDescriptor();
            ServletSecurity annotation = annotationInfo.getAnnotation();
            HttpConstraint value = annotation.value();
            WebResourceCollection next = createSecurityConstraint(webBundleDescriptor, urlPatternsWithoutSecurityConstraint, value.rolesAllowed(), value.value(), value.transportGuarantee(), null).getWebResourceCollections().iterator().next();
            for (HttpMethodConstraint httpMethodConstraint : annotation.httpMethodConstraints()) {
                String value2 = httpMethodConstraint.value();
                if (value2 == null || value2.length() == 0) {
                    return getDefaultFailedResult();
                }
                createSecurityConstraint(webBundleDescriptor, urlPatternsWithoutSecurityConstraint, httpMethodConstraint.rolesAllowed(), httpMethodConstraint.emptyRoleSemantic(), httpMethodConstraint.transportGuarantee(), value2);
                next.addHttpMethodOmission(value2);
            }
        }
        return getDefaultProcessedResult();
    }

    public static Set<String> getUrlPatternsWithoutSecurityConstraint(WebComponentDescriptor webComponentDescriptor) {
        HashSet hashSet = new HashSet(webComponentDescriptor.getUrlPatternsSet());
        WebBundleDescriptor webBundleDescriptor = webComponentDescriptor.getWebBundleDescriptor();
        webComponentDescriptor.getUrlPatternsSet();
        Enumeration<SecurityConstraint> securityConstraints = webBundleDescriptor.getSecurityConstraints();
        while (securityConstraints.hasMoreElements()) {
            Iterator<WebResourceCollection> it = securityConstraints.nextElement().getWebResourceCollections().iterator();
            while (it.hasNext()) {
                hashSet.removeAll(it.next().getUrlPatterns());
            }
        }
        return hashSet;
    }

    public static SecurityConstraint createSecurityConstraint(WebBundleDescriptor webBundleDescriptor, Set<String> set, String[] strArr, ServletSecurity.EmptyRoleSemantic emptyRoleSemantic, ServletSecurity.TransportGuarantee transportGuarantee, String str) {
        SecurityConstraintImpl securityConstraintImpl = new SecurityConstraintImpl();
        WebResourceCollectionImpl webResourceCollectionImpl = new WebResourceCollectionImpl();
        securityConstraintImpl.addWebResourceCollection((WebResourceCollection) webResourceCollectionImpl);
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            webResourceCollectionImpl.addUrlPattern(it.next());
        }
        AuthorizationConstraintImpl authorizationConstraintImpl = null;
        if (strArr != null && strArr.length > 0) {
            if (emptyRoleSemantic == ServletSecurity.EmptyRoleSemantic.DENY) {
                throw new IllegalArgumentException(localStrings.getLocalString("enterprise.deployment.annotation.handlers.denyWithRolesAllowed", "One cannot specify DENY with an non-empty array of rolesAllowed in @ServletSecurity / ServletSecurityElement"));
            }
            authorizationConstraintImpl = new AuthorizationConstraintImpl();
            for (String str2 : strArr) {
                webBundleDescriptor.addRole(new Role(str2));
                authorizationConstraintImpl.addSecurityRole(str2);
            }
        } else if (emptyRoleSemantic != ServletSecurity.EmptyRoleSemantic.PERMIT) {
            authorizationConstraintImpl = new AuthorizationConstraintImpl();
        }
        securityConstraintImpl.setAuthorizationConstraint((AuthorizationConstraint) authorizationConstraintImpl);
        UserDataConstraintImpl userDataConstraintImpl = new UserDataConstraintImpl();
        userDataConstraintImpl.setTransportGuarantee(transportGuarantee == ServletSecurity.TransportGuarantee.CONFIDENTIAL ? "CONFIDENTIAL" : "NONE");
        securityConstraintImpl.setUserDataConstraint((UserDataConstraint) userDataConstraintImpl);
        if (str != null) {
            webResourceCollectionImpl.addHttpMethod(str);
        }
        webBundleDescriptor.addSecurityConstraint((SecurityConstraint) securityConstraintImpl);
        return securityConstraintImpl;
    }

    @Override // com.sun.enterprise.deployment.annotation.handlers.AbstractWebHandler
    public /* bridge */ /* synthetic */ HandlerProcessingResult processAnnotation(AnnotationInfo annotationInfo) throws AnnotationProcessorException {
        return super.processAnnotation(annotationInfo);
    }
}
