package weblogic.servlet.security.internal;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Set;
import weblogic.j2ee.descriptor.SecurityConstraintBean;
import weblogic.management.DeploymentException;
import weblogic.security.service.ResourceCreationException;
import weblogic.security.service.URLResource;
import weblogic.servlet.HTTPLogger;
import weblogic.servlet.internal.dd.UserDataConstraint;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:weblogic/servlet/security/internal/ResourceConstraint.class */
public final class ResourceConstraint {
    private final String id;
    private final String httpMethod;
    private int transportGuarantee;
    private String[] roles;
    private boolean unrestricted;
    private boolean forbidden = false;
    private boolean loginRequired = false;

    public ResourceConstraint(String str, String str2, SecurityConstraintBean securityConstraintBean) {
        this.transportGuarantee = 0;
        this.roles = null;
        this.unrestricted = false;
        this.id = str;
        this.httpMethod = str2;
        if (securityConstraintBean.getAuthConstraint() != null) {
            this.roles = securityConstraintBean.getAuthConstraint().getRoleNames();
        } else {
            this.unrestricted = true;
        }
        if (securityConstraintBean.getUserDataConstraint() != null) {
            this.transportGuarantee = getTransportGuarantee(securityConstraintBean.getUserDataConstraint().getTransportGuarantee());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isForbidden() {
        return this.forbidden;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isUnrestricted() {
        return this.unrestricted;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isLoginRequired() {
        return this.loginRequired;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getTransportGuarantee() {
        return this.transportGuarantee;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getHttpMethod() {
        return this.httpMethod;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getRoles() {
        return this.roles;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getResourceId() {
        return this.id;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addRoles(String[] strArr) {
        String[] strArr2 = new String[this.roles.length + strArr.length];
        ArrayList arrayList = new ArrayList(Arrays.asList(this.roles));
        arrayList.addAll(Arrays.asList(strArr));
        arrayList.toArray(strArr2);
        this.roles = strArr2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setTransportGuarantee(int i) {
        this.transportGuarantee = i;
    }

    public void deploy(WebAppSecurityWLS webAppSecurityWLS) throws DeploymentException {
        URLResource uRLResource = new URLResource(webAppSecurityWLS.getContext().getApplicationId(), webAppSecurityWLS.getContext().getContextPath(), this.id, this.httpMethod, (String) null);
        try {
            if (this.unrestricted) {
                webAppSecurityWLS.getAuthManager().deployUncheckedPolicy(webAppSecurityWLS.getAuthMgrHandle(), uRLResource);
                return;
            }
            if (this.roles == null || this.roles.length < 1) {
                this.forbidden = true;
                webAppSecurityWLS.getAuthManager().deployExcludedPolicy(webAppSecurityWLS.getAuthMgrHandle(), uRLResource);
                return;
            }
            int i = 0;
            while (true) {
                if (i >= this.roles.length) {
                    break;
                }
                if (!this.roles[i].equals("*")) {
                    i++;
                } else {
                    if (webAppSecurityWLS.getContext().getConfigManager().isAllowAllRoles()) {
                        this.loginRequired = true;
                        if (webAppSecurityWLS.isFullSecurityDelegationRequired()) {
                            webAppSecurityWLS.getAuthManager().deployUncheckedPolicy(webAppSecurityWLS.getAuthMgrHandle(), uRLResource);
                            return;
                        }
                        return;
                    }
                    Set roles = webAppSecurityWLS.getRoles();
                    if (roles.size() == 0) {
                        this.forbidden = true;
                        webAppSecurityWLS.getAuthManager().deployExcludedPolicy(webAppSecurityWLS.getAuthMgrHandle(), uRLResource);
                        return;
                    } else {
                        this.roles = new String[roles.size()];
                        roles.toArray(this.roles);
                    }
                }
            }
            webAppSecurityWLS.getAuthManager().deployPolicy(webAppSecurityWLS.getAuthMgrHandle(), uRLResource, this.roles);
        } catch (ResourceCreationException e) {
            this.forbidden = true;
            if (uRLResource == null) {
                HTTPLogger.logCouldNotDeployPolicy(this.id, e);
            } else {
                HTTPLogger.logCouldNotDeployPolicy(uRLResource.toString(), e);
            }
            throw new DeploymentException(e);
        }
    }

    private static int getTransportGuarantee(String str) {
        if (str == null) {
            return 0;
        }
        if (UserDataConstraint.INTEGRAL.equalsIgnoreCase(str)) {
            return 1;
        }
        return UserDataConstraint.CONFIDENTIAL.equalsIgnoreCase(str) ? 2 : 0;
    }
}
