package org.cipango.server.security;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.CopyOnWriteArraySet;
import org.cipango.server.SipRequest;
import org.cipango.server.servlet.SipServletHolder;
import org.eclipse.jetty.security.UserDataConstraint;
import org.eclipse.jetty.server.UserIdentity;

/* loaded from: input_file:org/cipango/server/security/ConstraintSecurityHandler.class */
public class ConstraintSecurityHandler extends SipSecurityHandler<RoleInfo> {
    private final List<ConstraintMapping> _constraintMappings = new CopyOnWriteArrayList();
    private final Set<String> _roles = new CopyOnWriteArraySet();
    private boolean _strict = true;
    private Map<String, Map<String, RoleInfo>> _servletsMap = new HashMap();

    public boolean isStrict() {
        return this._strict;
    }

    public void setStrict(boolean z) {
        this._strict = z;
    }

    public List<ConstraintMapping> getConstraintMappings() {
        return this._constraintMappings;
    }

    public Set<String> getRoles() {
        return this._roles;
    }

    public void setConstraintMappings(List<ConstraintMapping> list) {
        setConstraintMappings(list, null);
    }

    public void setConstraintMappings(List<ConstraintMapping> list, Set<String> set) {
        if (isStarted()) {
            throw new IllegalStateException("Started");
        }
        this._constraintMappings.clear();
        this._constraintMappings.addAll(list);
        if (set == null) {
            set = new HashSet();
            Iterator<ConstraintMapping> it = list.iterator();
            while (it.hasNext()) {
                String[] roles = it.next().getConstraint().getRoles();
                if (roles != null) {
                    for (String str : roles) {
                        if (!"*".equals(str)) {
                            set.add(str);
                        }
                    }
                }
            }
        }
        setRoles(set);
    }

    public void setRoles(Set<String> set) {
        if (isStarted()) {
            throw new IllegalStateException("Started");
        }
        this._roles.clear();
        this._roles.addAll(set);
    }

    public void addConstraintMapping(ConstraintMapping constraintMapping) {
        this._constraintMappings.add(constraintMapping);
        if (constraintMapping.getConstraint() == null || constraintMapping.getConstraint().getRoles() == null) {
            return;
        }
        for (String str : constraintMapping.getConstraint().getRoles()) {
            addRole(str);
        }
    }

    public void addRole(String str) {
        this._roles.add(str);
    }

    @Override // org.cipango.server.security.SipSecurityHandler
    protected void doStart() throws Exception {
        this._servletsMap.clear();
        if (this._constraintMappings != null) {
            Iterator<ConstraintMapping> it = this._constraintMappings.iterator();
            while (it.hasNext()) {
                processConstraintMapping(it.next());
            }
        }
        super.doStart();
    }

    @Override // org.cipango.server.security.SipSecurityHandler
    protected void doStop() throws Exception {
        this._servletsMap.clear();
        this._constraintMappings.clear();
        this._roles.clear();
        super.doStop();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.cipango.server.security.SipSecurityHandler
    public RoleInfo prepareConstraintInfo(SipServletHolder sipServletHolder, SipRequest sipRequest) {
        Map<String, RoleInfo> map = this._servletsMap.get(sipServletHolder.getName());
        if (map != null) {
            RoleInfo roleInfo = map.get(sipRequest.getMethod());
            if (roleInfo == null) {
                roleInfo = map.get(null);
            }
            return roleInfo;
        }
        Map<String, RoleInfo> map2 = this._servletsMap.get(null);
        if (map2 != null) {
            return map2.get(sipRequest.getMethod());
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.cipango.server.security.SipSecurityHandler
    public boolean checkUserDataPermissions(SipServletHolder sipServletHolder, SipRequest sipRequest, RoleInfo roleInfo) throws IOException {
        if (roleInfo == null) {
            return true;
        }
        if (roleInfo.isForbidden()) {
            return false;
        }
        UserDataConstraint userDataConstraint = roleInfo.getUserDataConstraint();
        if (userDataConstraint == null || userDataConstraint == UserDataConstraint.None || sipRequest.getConnection() == null) {
            return true;
        }
        sipRequest.getConnection().getConnector();
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.cipango.server.security.SipSecurityHandler
    public boolean isAuthMandatory(SipRequest sipRequest, RoleInfo roleInfo) {
        if (roleInfo == null) {
            return false;
        }
        return roleInfo.isChecked();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.cipango.server.security.SipSecurityHandler
    public boolean checkSipResourcePermissions(SipServletHolder sipServletHolder, SipRequest sipRequest, RoleInfo roleInfo, UserIdentity userIdentity) throws IOException {
        if (roleInfo == null || !roleInfo.isChecked() || roleInfo.isAnyRole()) {
            return true;
        }
        Iterator it = roleInfo.getRoles().iterator();
        while (it.hasNext()) {
            if (userIdentity.isUserInRole((String) it.next(), (UserIdentity.Scope) null)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.cipango.server.security.SipSecurityHandler
    public boolean isProxyMode(SipRequest sipRequest, RoleInfo roleInfo) {
        if (roleInfo == null) {
            return true;
        }
        return roleInfo.isProxyMode();
    }

    protected void processConstraintMapping(ConstraintMapping constraintMapping) {
        if (constraintMapping.getServletNames() == null) {
            Iterator<String> it = constraintMapping.getMethods().iterator();
            while (it.hasNext()) {
                processMapping(null, it.next(), constraintMapping.getConstraint());
            }
            return;
        }
        for (String str : constraintMapping.getServletNames()) {
            if (constraintMapping.getMethods() == null) {
                processMapping(str, null, constraintMapping.getConstraint());
            } else {
                Iterator<String> it2 = constraintMapping.getMethods().iterator();
                while (it2.hasNext()) {
                    processMapping(str, it2.next(), constraintMapping.getConstraint());
                }
            }
        }
    }

    private void processMapping(String str, String str2, Constraint constraint) {
        Map<String, RoleInfo> map = this._servletsMap.get(str);
        if (map == null) {
            map = new HashMap();
            this._servletsMap.put(str, map);
        }
        RoleInfo roleInfo = map.get(null);
        if (roleInfo == null || !roleInfo.isForbidden()) {
            RoleInfo roleInfo2 = map.get(str2);
            if (roleInfo2 == null) {
                roleInfo2 = new RoleInfo();
                map.put(str2, roleInfo2);
                if (roleInfo != null) {
                    roleInfo2.combine(roleInfo);
                }
            }
            if (roleInfo2.isForbidden()) {
                return;
            }
            boolean isForbidden = constraint.isForbidden();
            roleInfo2.setForbidden(isForbidden);
            if (isForbidden) {
                if (str2 == null) {
                    map.clear();
                    map.put(null, roleInfo2);
                    return;
                }
                return;
            }
            roleInfo2.setUserDataConstraint(UserDataConstraint.get(constraint.getDataConstraint()));
            roleInfo2.setProxyMode(constraint.isProxyMode());
            roleInfo2.setChecked(constraint.getAuthenticate());
            if (roleInfo2.isChecked()) {
                if (!constraint.isAnyRole()) {
                    for (String str3 : constraint.getRoles()) {
                        if (this._strict && !this._roles.contains(str3)) {
                            throw new IllegalArgumentException("Attempt to use undeclared role: " + str3 + ", known roles: " + this._roles);
                        }
                        roleInfo2.addRole(str3);
                    }
                } else if (this._strict) {
                    Iterator<String> it = this._roles.iterator();
                    while (it.hasNext()) {
                        roleInfo2.addRole(it.next());
                    }
                } else {
                    roleInfo2.setAnyRole(true);
                }
            }
            if (str2 == null) {
                for (Map.Entry<String, RoleInfo> entry : map.entrySet()) {
                    if (entry.getKey() != null) {
                        entry.getValue().combine(roleInfo2);
                    }
                }
            }
        }
    }

    public void dump(Appendable appendable, String str) throws IOException {
        dumpThis(appendable);
        dump(appendable, str, new Collection[]{Arrays.asList(getBeans(), Collections.singleton(this._roles), this._servletsMap.entrySet())});
    }
}
