package cloud.piranha.security.exousia;

import cloud.piranha.webapp.api.WebApplication;
import cloud.piranha.webapp.impl.DefaultAuthenticatedIdentity;
import cloud.piranha.webapp.impl.WebXmlManager;
import jakarta.security.jacc.PolicyConfiguration;
import jakarta.security.jacc.PolicyContextException;
import jakarta.servlet.ServletContainerInitializer;
import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletException;
import java.security.Permission;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.omnifaces.exousia.AuthorizationService;
import org.omnifaces.exousia.constraints.SecurityConstraint;
import org.omnifaces.exousia.mapping.SecurityRoleRef;

/* loaded from: input_file:cloud/piranha/security/exousia/AuthorizationPreInitializer.class */
public class AuthorizationPreInitializer implements ServletContainerInitializer {
    public static final String AUTHZ_SERVICE = AuthorizationPreInitializer.class.getName() + ".authz.service";
    public static final String AUTHZ_FACTORY_CLASS = AuthorizationPreInitializer.class.getName() + ".authz.factory.class";
    public static final String AUTHZ_POLICY_CLASS = AuthorizationPreInitializer.class.getName() + ".authz.module.class";
    public static final String UNCHECKED_PERMISSIONS = AuthorizationPreInitializer.class.getName() + ".unchecked.permissions";
    public static final String PERROLE_PERMISSIONS = AuthorizationPreInitializer.class.getName() + ".perrole.permissions";
    public static final String CONSTRAINTS = AuthorizationPreInitializer.class.getName() + ".constraints";
    public static final String SECURITY_ELEMENTS = AuthorizationPreInitializer.class.getName() + ".security.elements";
    public static final String SECURITY_ANNOTATIONS = "cloud.piranha.authorization.exousia.AuthorizationPreInitializer.security.annotations";
    PiranhaToExousiaConverter piranhaToExousiaConverter = new PiranhaToExousiaConverter();

    public void onStartup(Set<Class<?>> set, ServletContext servletContext) throws ServletException {
        WebApplication webApplication = (WebApplication) servletContext;
        AuthorizationService authorizationService = new AuthorizationService((Class) getAttribute(servletContext, AUTHZ_FACTORY_CLASS), (Class) getAttribute(servletContext, AUTHZ_POLICY_CLASS), webApplication.getServletContextId(), () -> {
            return AuthorizationPreFilter.localServletRequest.get();
        }, DefaultAuthenticatedIdentity::getCurrentSubject, new PiranhaPrincipalMapper());
        List join = SecurityConstraint.join(getConstraintsFromSecurityElements(servletContext), getConstraintsFromSecurityAnnotations(servletContext), (List) getOptionalAttribute(servletContext, CONSTRAINTS), getConstraintsFromWebXMl(webApplication));
        if (join != null) {
            Iterator it = join.iterator();
            while (it.hasNext()) {
                webApplication.getSecurityManager().declareRoles(((SecurityConstraint) it.next()).getRolesAllowed());
            }
        }
        if (hasPermissionsSet(webApplication)) {
            setPermissions(webApplication, authorizationService);
        } else {
            authorizationService.addConstraintsToPolicy(join != null ? join : Collections.emptyList(), webApplication.getSecurityManager().getRoles(), webApplication.getDenyUncoveredHttpMethods(), getSecurityRoleRefsFromWebXml(webApplication));
        }
        servletContext.setAttribute(AUTHZ_SERVICE, authorizationService);
        servletContext.addFilter(AuthorizationPreFilter.class.getSimpleName(), AuthorizationPreFilter.class).setAsyncSupported(true);
        webApplication.addFilterMapping(AuthorizationPreFilter.class.getSimpleName(), new String[]{"/*"});
    }

    private List<SecurityConstraint> getConstraintsFromSecurityElements(ServletContext servletContext) throws ServletException {
        return this.piranhaToExousiaConverter.getConstraintsFromSecurityElements((List) getOptionalAttribute(servletContext, SECURITY_ELEMENTS));
    }

    private List<SecurityConstraint> getConstraintsFromSecurityAnnotations(ServletContext servletContext) throws ServletException {
        return this.piranhaToExousiaConverter.getConstraintsFromSecurityAnnotations((List) getOptionalAttribute(servletContext, SECURITY_ANNOTATIONS));
    }

    private List<SecurityConstraint> getConstraintsFromWebXMl(WebApplication webApplication) throws ServletException {
        return this.piranhaToExousiaConverter.getConstraintsFromWebXml(((WebXmlManager) getAttribute(webApplication, WebXmlManager.KEY)).getWebXml());
    }

    public Map<String, List<SecurityRoleRef>> getSecurityRoleRefsFromWebXml(WebApplication webApplication) throws ServletException {
        return this.piranhaToExousiaConverter.getSecurityRoleRefsFromWebXml(webApplication.getServletRegistrations().keySet(), ((WebXmlManager) getAttribute(webApplication, WebXmlManager.KEY)).getWebXml());
    }

    private boolean hasPermissionsSet(ServletContext servletContext) throws ServletException {
        return (getOptionalAttribute(servletContext, UNCHECKED_PERMISSIONS) == null && getOptionalAttribute(servletContext, PERROLE_PERMISSIONS) == null) ? false : true;
    }

    private void setPermissions(ServletContext servletContext, AuthorizationService authorizationService) throws ServletException {
        PolicyConfiguration policyConfiguration = authorizationService.getPolicyConfiguration();
        try {
            List list = (List) getOptionalAttribute(servletContext, UNCHECKED_PERMISSIONS);
            if (list != null) {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    policyConfiguration.addToUncheckedPolicy((Permission) it.next());
                }
            }
            List<Map.Entry> list2 = (List) getOptionalAttribute(servletContext, PERROLE_PERMISSIONS);
            if (list2 != null) {
                for (Map.Entry entry : list2) {
                    policyConfiguration.addToRole((String) entry.getKey(), (Permission) entry.getValue());
                }
            }
            policyConfiguration.commit();
        } catch (PolicyContextException e) {
            throw new IllegalStateException((Throwable) e);
        }
    }

    private static <T> T getAttribute(ServletContext servletContext, String str) throws ServletException {
        T t = (T) getOptionalAttribute(servletContext, str);
        if (t == null) {
            throw new ServletException("Attribute " + str + " not specified");
        }
        return t;
    }

    private static <T> T getOptionalAttribute(ServletContext servletContext, String str) throws ServletException {
        return (T) servletContext.getAttribute(str);
    }
}
