package org.eclipse.jetty.security;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.CopyOnWriteArraySet;
import org.eclipse.jetty.http.PathMap;
import org.eclipse.jetty.server.AbstractHttpConnection;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Response;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.StringMap;
import org.eclipse.jetty.util.TypeUtil;

/* loaded from: classes.dex */
public class ConstraintSecurityHandler extends SecurityHandler {
    private final List<ConstraintMapping> _constraintMappings = new CopyOnWriteArrayList();
    private final Set<String> _roles = new CopyOnWriteArraySet();
    private final PathMap _constraintMap = new PathMap();
    private boolean _strict = true;

    private void configureRoleInfo(RoleInfo roleInfo, ConstraintMapping constraintMapping) {
        roleInfo.setForbidden(constraintMapping._constraint.isForbidden());
        roleInfo.setUserDataConstraint(UserDataConstraint.get(constraintMapping._constraint.getDataConstraint()));
        if (roleInfo.isForbidden()) {
            return;
        }
        roleInfo.setChecked(constraintMapping._constraint.getAuthenticate());
        if (roleInfo.isChecked()) {
            if (constraintMapping._constraint.isAnyRole()) {
                if (!this._strict) {
                    roleInfo.setAnyRole$1385ff();
                    return;
                }
                Iterator<String> it = this._roles.iterator();
                while (it.hasNext()) {
                    roleInfo.addRole(it.next());
                }
                return;
            }
            for (String str : constraintMapping._constraint.getRoles()) {
                if (this._strict && !this._roles.contains(str)) {
                    throw new IllegalArgumentException("Attempt to use undeclared role: " + str + ", known roles: " + this._roles);
                }
                roleInfo.addRole(str);
            }
        }
    }

    @Override // org.eclipse.jetty.security.SecurityHandler
    protected final boolean checkUserDataPermissions$4f5fc46f(Request request, Response response, Object obj) throws IOException {
        if (obj == null) {
            return true;
        }
        RoleInfo roleInfo = (RoleInfo) obj;
        if (roleInfo.isForbidden()) {
            return false;
        }
        UserDataConstraint userDataConstraint = roleInfo.getUserDataConstraint();
        if (userDataConstraint == null || userDataConstraint == UserDataConstraint.None) {
            return true;
        }
        Connector connector = AbstractHttpConnection.getCurrentConnection().getConnector();
        if (userDataConstraint == UserDataConstraint.Integral) {
            if (connector.getIntegralPort() > 0) {
                String integralScheme = connector.getIntegralScheme();
                int integralPort = connector.getIntegralPort();
                String str = ("https".equalsIgnoreCase(integralScheme) && integralPort == 443) ? "https://" + request.getServerName() + request.getRequestURI() : integralScheme + "://" + request.getServerName() + ":" + integralPort + request.getRequestURI();
                if (request.getQueryString() != null) {
                    str = str + "?" + request.getQueryString();
                }
                response.setContentLength(0);
                response.sendRedirect(str);
            } else {
                response.sendError(403, "!Integral");
            }
            request.setHandled(true);
            return false;
        }
        if (userDataConstraint != UserDataConstraint.Confidential) {
            throw new IllegalArgumentException("Invalid dataConstraint value: " + userDataConstraint);
        }
        if (connector.isConfidential(request)) {
            return true;
        }
        if (connector.getConfidentialPort() > 0) {
            String confidentialScheme = connector.getConfidentialScheme();
            int confidentialPort = connector.getConfidentialPort();
            String str2 = ("https".equalsIgnoreCase(confidentialScheme) && confidentialPort == 443) ? "https://" + request.getServerName() + request.getRequestURI() : confidentialScheme + "://" + request.getServerName() + ":" + confidentialPort + request.getRequestURI();
            if (request.getQueryString() != null) {
                str2 = str2 + "?" + request.getQueryString();
            }
            response.setContentLength(0);
            response.sendRedirect(str2);
        } else {
            response.sendError(403, "!Confidential");
        }
        request.setHandled(true);
        return false;
    }

    @Override // org.eclipse.jetty.security.SecurityHandler
    protected final boolean checkWebResourcePermissions$2d96a907(Request request, Object obj, UserIdentity userIdentity) throws IOException {
        if (obj == null) {
            return true;
        }
        RoleInfo roleInfo = (RoleInfo) obj;
        if (!roleInfo.isChecked()) {
            return true;
        }
        if (roleInfo.isAnyRole() && request.getAuthType() != null) {
            return true;
        }
        Iterator<String> it = roleInfo.getRoles().iterator();
        while (it.hasNext()) {
            it.next();
            userIdentity.isUserInRole$1c575d05();
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.jetty.security.SecurityHandler, org.eclipse.jetty.server.handler.HandlerWrapper, org.eclipse.jetty.server.handler.AbstractHandler, org.eclipse.jetty.util.component.AggregateLifeCycle, org.eclipse.jetty.util.component.AbstractLifeCycle
    public final void doStart() throws Exception {
        Map map;
        this._constraintMap.clear();
        if (this._constraintMappings != null) {
            for (ConstraintMapping constraintMapping : this._constraintMappings) {
                Map map2 = (Map) this._constraintMap.get(constraintMapping._pathSpec);
                if (map2 == null) {
                    StringMap stringMap = new StringMap();
                    this._constraintMap.put(constraintMapping._pathSpec, stringMap);
                    map = stringMap;
                } else {
                    map = map2;
                }
                RoleInfo roleInfo = (RoleInfo) map.get(null);
                if (roleInfo == null || !roleInfo.isForbidden()) {
                    if (constraintMapping._methodOmissions == null || constraintMapping._methodOmissions.length <= 0) {
                        String str = constraintMapping._method;
                        RoleInfo roleInfo2 = (RoleInfo) map.get(str);
                        if (roleInfo2 == null) {
                            roleInfo2 = new RoleInfo();
                            map.put(str, roleInfo2);
                            if (roleInfo != null) {
                                roleInfo2.combine(roleInfo);
                            }
                        }
                        if (!roleInfo2.isForbidden()) {
                            configureRoleInfo(roleInfo2, constraintMapping);
                            if (roleInfo2.isForbidden()) {
                                if (str == null) {
                                    map.clear();
                                    map.put(null, roleInfo2);
                                }
                            } else if (str == null) {
                                for (Map.Entry entry : map.entrySet()) {
                                    if (entry.getKey() != null) {
                                        ((RoleInfo) entry.getValue()).combine(roleInfo2);
                                    }
                                }
                            }
                        }
                    } else {
                        for (String str2 : constraintMapping._methodOmissions) {
                            RoleInfo roleInfo3 = (RoleInfo) map.get(str2 + ".omission");
                            if (roleInfo3 == null) {
                                roleInfo3 = new RoleInfo();
                                map.put(str2 + ".omission", roleInfo3);
                            }
                            configureRoleInfo(roleInfo3, constraintMapping);
                        }
                    }
                }
            }
        }
        super.doStart();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.jetty.security.SecurityHandler, org.eclipse.jetty.server.handler.HandlerWrapper, org.eclipse.jetty.server.handler.AbstractHandler, org.eclipse.jetty.util.component.AggregateLifeCycle, org.eclipse.jetty.util.component.AbstractLifeCycle
    public final void doStop() throws Exception {
        this._constraintMap.clear();
        this._constraintMappings.clear();
        this._roles.clear();
        super.doStop();
    }

    @Override // org.eclipse.jetty.server.handler.AbstractHandlerContainer, org.eclipse.jetty.util.component.AggregateLifeCycle, org.eclipse.jetty.util.component.Dumpable
    public final void dump(Appendable appendable, String str) throws IOException {
        dumpThis(appendable);
        dump(appendable, str, Collections.singleton(getLoginService()), Collections.singleton(getIdentityService()), Collections.singleton(getAuthenticator()), Collections.singleton(this._roles), this._constraintMap.entrySet(), getBeans(), TypeUtil.asList(getHandlers()));
    }

    @Override // org.eclipse.jetty.security.SecurityHandler
    protected final boolean isAuthMandatory$183e42a5(Object obj) {
        if (obj == null) {
            return false;
        }
        return ((RoleInfo) obj).isChecked();
    }

    @Override // org.eclipse.jetty.security.SecurityHandler
    protected final Object prepareConstraintInfo(String str, Request request) {
        Map map = (Map) this._constraintMap.match(str);
        if (map == null) {
            return null;
        }
        String method = request.getMethod();
        RoleInfo roleInfo = (RoleInfo) map.get(method);
        if (roleInfo != null) {
            return roleInfo;
        }
        ArrayList arrayList = new ArrayList();
        RoleInfo roleInfo2 = (RoleInfo) map.get(null);
        if (roleInfo2 != null) {
            arrayList.add(roleInfo2);
        }
        for (Map.Entry entry : map.entrySet()) {
            if (entry.getKey() != null && ((String) entry.getKey()).contains(".omission") && !(method + ".omission").equals(entry.getKey())) {
                arrayList.add(entry.getValue());
            }
        }
        if (arrayList.size() == 1) {
            return (RoleInfo) arrayList.get(0);
        }
        RoleInfo roleInfo3 = new RoleInfo();
        roleInfo3.setUserDataConstraint(UserDataConstraint.None);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            roleInfo3.combine((RoleInfo) it.next());
        }
        return roleInfo3;
    }
}
