package winstone.auth;

import java.util.HashSet;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.w3c.dom.Node;
import uk.nhs.interoperability.transport.ITKTransportRoute;
import winstone.Logger;
import winstone.Mapping;
import winstone.WebAppConfiguration;

/* loaded from: input_file:winstone/auth/SecurityConstraint.class */
public class SecurityConstraint {
    final String ELEM_DISPLAY_NAME = "display-name";
    final String ELEM_WEB_RESOURCES = "web-resource-collection";
    final String ELEM_WEB_RESOURCE_NAME = "web-resource-name";
    final String ELEM_URL_PATTERN = "url-pattern";
    final String ELEM_HTTP_METHOD = "http-method";
    final String ELEM_AUTH_CONSTRAINT = "auth-constraint";
    final String ELEM_ROLE_NAME = "role-name";
    final String ELEM_USER_DATA_CONSTRAINT = "user-data-constraint";
    final String ELEM_TRANSPORT_GUARANTEE = "transport-guarantee";
    final String GUARANTEE_NONE = ITKTransportRoute.NO_WRAPPER;
    private String displayName;
    private String[] methodSets;
    private Mapping[] urlPatterns;
    private String[] rolesAllowed;
    private boolean needsSSL;

    public SecurityConstraint(Node node, Set set, int i) {
        this.needsSSL = false;
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        for (int i2 = 0; i2 < node.getChildNodes().getLength(); i2++) {
            Node item = node.getChildNodes().item(i2);
            if (item.getNodeType() == 1) {
                if (item.getNodeName().equals("display-name")) {
                    this.displayName = WebAppConfiguration.getTextFromNode(item);
                } else if (item.getNodeName().equals("web-resource-collection")) {
                    String str = null;
                    for (int i3 = 0; i3 < item.getChildNodes().getLength(); i3++) {
                        Node item2 = item.getChildNodes().item(i3);
                        if (item2.getNodeType() == 1) {
                            String nodeName = item2.getNodeName();
                            if (nodeName.equals("url-pattern")) {
                                hashSet.add(Mapping.createFromURL("Security", WebAppConfiguration.getTextFromNode(item2)));
                            } else if (nodeName.equals("http-method")) {
                                str = new StringBuffer().append(str == null ? "." : str).append(WebAppConfiguration.getTextFromNode(item2)).append(".").toString();
                            }
                        }
                    }
                    hashSet2.add(str == null ? ".ALL." : str);
                } else if (item.getNodeName().equals("auth-constraint")) {
                    for (int i4 = 0; i4 < item.getChildNodes().getLength(); i4++) {
                        Node item3 = item.getChildNodes().item(i4);
                        if (item3.getNodeType() == 1 && item3.getNodeName().equals("role-name")) {
                            String textFromNode = WebAppConfiguration.getTextFromNode(item3);
                            if (textFromNode.equals(Mapping.STAR)) {
                                hashSet3.addAll(set);
                            } else {
                                hashSet3.add(textFromNode);
                            }
                        }
                    }
                } else if (item.getNodeName().equals("user-data-constraint")) {
                    for (int i5 = 0; i5 < item.getChildNodes().getLength(); i5++) {
                        Node item4 = item.getChildNodes().item(i5);
                        if (item4.getNodeType() == 1 && item4.getNodeName().equals("transport-guarantee")) {
                            this.needsSSL = !WebAppConfiguration.getTextFromNode(item4).equalsIgnoreCase(ITKTransportRoute.NO_WRAPPER);
                        }
                    }
                }
            }
        }
        this.urlPatterns = (Mapping[]) hashSet.toArray(new Mapping[0]);
        this.methodSets = (String[]) hashSet2.toArray(new String[0]);
        this.rolesAllowed = (String[]) hashSet3.toArray(new String[0]);
        if (this.displayName == null) {
            this.displayName = BaseAuthenticationHandler.AUTH_RESOURCES.getString("SecurityConstraint.DefaultName", new StringBuffer().append("").append(i).toString());
        }
    }

    public boolean isAllowed(HttpServletRequest httpServletRequest) {
        for (int i = 0; i < this.rolesAllowed.length; i++) {
            if (httpServletRequest.isUserInRole(this.rolesAllowed[i])) {
                Logger.log(Logger.FULL_DEBUG, BaseAuthenticationHandler.AUTH_RESOURCES, "SecurityConstraint.Passed", new String[]{this.displayName, this.rolesAllowed[i]});
                return true;
            }
        }
        Logger.log(Logger.FULL_DEBUG, BaseAuthenticationHandler.AUTH_RESOURCES, "SecurityConstraint.Failed", this.displayName);
        return false;
    }

    public boolean isApplicable(String str, String str2) {
        for (int i = 0; i < this.urlPatterns.length; i++) {
            if (this.urlPatterns[i].match(str, null, null) && methodCheck(str2, this.methodSets[i])) {
                return true;
            }
        }
        return false;
    }

    private boolean methodCheck(String str, String str2) {
        return str2.equals(".ALL.") || str2.indexOf(new StringBuffer().append(".").append(str.toUpperCase()).append(".").toString()) != -1;
    }

    public boolean needsSSL() {
        return this.needsSSL;
    }

    public String getName() {
        return this.displayName;
    }
}
