package weblogic.servlet.internal.dd.compliance;

import java.util.HashSet;
import java.util.Set;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpHead;
import org.apache.http.client.methods.HttpOptions;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpTrace;
import weblogic.ejb20.utils.ErrorCollectionException;
import weblogic.management.descriptors.webapp.AuthConstraintMBean;
import weblogic.management.descriptors.webapp.SecurityConstraintMBean;
import weblogic.management.descriptors.webapp.SecurityRoleMBean;
import weblogic.management.descriptors.webapp.UserDataConstraintMBean;
import weblogic.management.descriptors.webapp.WebResourceCollectionMBean;
import weblogic.servlet.internal.dd.UserDataConstraint;

/* loaded from: input_file:weblogic.jar:weblogic/servlet/internal/dd/compliance/SecurityConstraintComplianceChecker.class */
public class SecurityConstraintComplianceChecker extends BaseComplianceChecker {
    private Set resourceNames;

    @Override // weblogic.servlet.internal.dd.compliance.BaseComplianceChecker, weblogic.servlet.internal.dd.compliance.ComplianceChecker
    public void check(DeploymentInfo deploymentInfo) throws ErrorCollectionException {
        for (SecurityConstraintMBean securityConstraintMBean : deploymentInfo.getWebAppDescriptorMBean().getSecurityConstraints()) {
            checkSecurityConstraint(securityConstraintMBean, deploymentInfo);
        }
    }

    private void checkSecurityConstraint(SecurityConstraintMBean securityConstraintMBean, DeploymentInfo deploymentInfo) throws ErrorCollectionException {
        String displayName = securityConstraintMBean.getDisplayName();
        WebResourceCollectionMBean[] webResourceCollection = securityConstraintMBean.getWebResourceCollection();
        if (webResourceCollection != null) {
            for (WebResourceCollectionMBean webResourceCollectionMBean : webResourceCollection) {
                checkResourceCollection(webResourceCollectionMBean, deploymentInfo);
            }
        }
        UserDataConstraintMBean userDataConstraint = securityConstraintMBean.getUserDataConstraint();
        if (userDataConstraint != null) {
            String transportGuarantee = userDataConstraint.getTransportGuarantee();
            if (!isTransportGuaranteeValid(transportGuarantee)) {
                addDescriptorError(this.fmt.INVALID_TRANSPORT_GUARANTEE(transportGuarantee));
            }
        }
        AuthConstraintMBean authConstraint = securityConstraintMBean.getAuthConstraint();
        if (authConstraint != null) {
            SecurityRoleMBean[] securityRoles = deploymentInfo.getWebAppDescriptorMBean().getSecurityRoles();
            String[] strArr = null;
            if (securityRoles != null) {
                strArr = new String[securityRoles.length];
                for (int i = 0; i < securityRoles.length; i++) {
                    strArr[i] = securityRoles[i].getRoleName();
                }
            }
            SecurityRoleMBean[] roles = authConstraint.getRoles();
            if (roles != null) {
                for (SecurityRoleMBean securityRoleMBean : roles) {
                    String roleName = securityRoleMBean.getRoleName();
                    if (roleName == null || !"*".equals(roleName.trim())) {
                        boolean z = false;
                        for (String str : strArr) {
                            if (str.equals(roleName)) {
                                z = true;
                            }
                        }
                        if (!z) {
                            addDescriptorError(this.fmt.NO_SECURITY_ROLE_FOR_AUTH(roleName));
                        }
                    } else {
                        update(new StringBuffer().append("info : Since '*' is specified, all roles will be given access to the resource ").append(displayName != null ? new StringBuffer().append(": ").append(displayName).toString() : "").toString());
                    }
                }
            }
        }
        checkForExceptions();
    }

    private void checkResourceCollection(WebResourceCollectionMBean webResourceCollectionMBean, DeploymentInfo deploymentInfo) throws ErrorCollectionException {
        String resourceName = webResourceCollectionMBean.getResourceName();
        String[] urlPatterns = webResourceCollectionMBean.getUrlPatterns();
        webResourceCollectionMBean.getHttpMethods();
        if (!addResourceName(resourceName)) {
            addDescriptorError(this.fmt.DUPLICATE_RESOURCE_NAME(resourceName));
        }
        if (urlPatterns != null) {
            for (String str : urlPatterns) {
                validateURLPattern(resourceName, str, deploymentInfo);
            }
        }
        checkForExceptions();
    }

    private boolean addResourceName(String str) {
        if (this.resourceNames == null) {
            this.resourceNames = new HashSet();
        }
        return this.resourceNames.add(str);
    }

    private static boolean isHttpMethodValid(String str) {
        return HttpGet.METHOD_NAME.equals(str) || HttpPost.METHOD_NAME.equals(str) || HttpHead.METHOD_NAME.equals(str) || HttpTrace.METHOD_NAME.equals(str) || HttpOptions.METHOD_NAME.equals(str);
    }

    private static boolean isTransportGuaranteeValid(String str) {
        return UserDataConstraint.NONE.equals(str) || UserDataConstraint.INTEGRAL.equals(str) || UserDataConstraint.CONFIDENTIAL.equals(str);
    }

    private void validateURLPattern(String str, String str2, DeploymentInfo deploymentInfo) throws ErrorCollectionException {
        if (str2 == null || str2.length() == 0) {
            addDescriptorError(this.fmt.ILLEGAL_URL_PATTERN(str));
        }
    }
}
