package com.ibm.ws.jaxws.security.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.javaee.dd.common.SecurityRole;
import com.ibm.ws.javaee.dd.web.common.AuthConstraint;
import com.ibm.ws.javaee.dd.web.common.LoginConfig;
import com.ibm.ws.javaee.dd.web.common.SecurityConstraint;
import com.ibm.ws.javaee.dd.web.common.UserDataConstraint;
import com.ibm.ws.jaxws.metadata.JaxWsModuleInfo;
import com.ibm.ws.jaxws.metadata.JaxWsModuleType;
import com.ibm.ws.jaxws.metadata.ServiceSecurityInfo;
import com.ibm.ws.jaxws.webcontainer.JaxWsWebAppConfigurator;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.webcontainer.security.metadata.FormLoginConfiguration;
import com.ibm.ws.webcontainer.security.metadata.LoginConfigurationImpl;
import com.ibm.ws.webcontainer.security.metadata.SecurityConstraintCollection;
import com.ibm.ws.webcontainer.security.metadata.SecurityConstraintCollectionImpl;
import com.ibm.ws.webcontainer.security.metadata.SecurityMetadata;
import com.ibm.ws.webcontainer.security.metadata.WebResourceCollection;
import com.ibm.ws.webcontainer.webapp.WebAppConfigExtended;
import com.ibm.wsspi.webcontainer.webapp.WebAppConfig;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/jaxws/security/internal/JaxWsWebAppSecurityConfigurator.class */
public class JaxWsWebAppSecurityConfigurator implements JaxWsWebAppConfigurator {
    private static final TraceComponent tc = Tr.register(JaxWsWebAppSecurityConfigurator.class, JaxWsSecurityConstants.TR_GROUP, JaxWsSecurityConstants.TR_RESOURCE_BUNDLE);
    private static final String ALL_ROLES_MARKER = "*";
    static final long serialVersionUID = 5640040896311607225L;

    public void configure(JaxWsModuleInfo jaxWsModuleInfo, WebAppConfig webAppConfig) {
        SecurityMetadata securityMetadata = (SecurityMetadata) ((WebAppConfigExtended) webAppConfig).getMetaData().getSecurityMetaData();
        ServiceSecurityInfo serviceSecurityInfo = jaxWsModuleInfo.getServiceSecurityInfo();
        if (serviceSecurityInfo == null) {
            return;
        }
        List<String> roles = securityMetadata.getRoles();
        Iterator it = serviceSecurityInfo.getSecurityRoles().iterator();
        while (it.hasNext()) {
            String roleName = ((SecurityRole) it.next()).getRoleName();
            if (roleName != null && !roleName.equals(ALL_ROLES_MARKER) && !roles.contains(roleName)) {
                roles.add(roleName);
            }
        }
        LoginConfig loginConfig = serviceSecurityInfo.getLoginConfig();
        if (loginConfig != null) {
            if (jaxWsModuleInfo.getModuleType().equals(JaxWsModuleType.EJB)) {
                String authMethod = loginConfig.getAuthMethod();
                String realmName = loginConfig.getRealmName();
                if (authMethod != null || realmName != null) {
                    if ("CLIENT-CERT".equalsIgnoreCase(authMethod)) {
                        authMethod = "CLIENT_CERT";
                    }
                    if (authMethod == null) {
                        authMethod = "BASIC";
                    }
                    if ("BASIC".equals(authMethod) || "CLIENT_CERT".equals(authMethod)) {
                        securityMetadata.setLoginConfiguration(new LoginConfigurationImpl(authMethod, realmName, (FormLoginConfiguration) null));
                    } else {
                        Tr.warning(tc, "ibm.ws.bnd.auth.method.not.support", new Object[]{authMethod});
                    }
                }
            } else {
                Tr.warning(tc, "ibm.ws.bnd.login.config.in.war.is.ingnored", new Object[0]);
            }
        }
        ArrayList arrayList = new ArrayList();
        Iterator it2 = serviceSecurityInfo.getSecurityConstraints().iterator();
        while (it2.hasNext()) {
            arrayList.add(createSecurityConstraint((SecurityConstraint) it2.next(), roles));
        }
        SecurityConstraintCollection securityConstraintCollection = securityMetadata.getSecurityConstraintCollection();
        if (securityConstraintCollection != null) {
            securityConstraintCollection.addSecurityConstraints(arrayList);
        } else {
            securityMetadata.setSecurityConstraintCollection(new SecurityConstraintCollectionImpl(arrayList));
        }
    }

    private com.ibm.ws.webcontainer.security.metadata.SecurityConstraint createSecurityConstraint(SecurityConstraint securityConstraint, List<String> list) {
        return new com.ibm.ws.webcontainer.security.metadata.SecurityConstraint(createWebResourceCollections(securityConstraint), createRoles(securityConstraint, list), isSSLRequired(securityConstraint), isAccessPrecluded(securityConstraint), false, false);
    }

    private List<WebResourceCollection> createWebResourceCollections(SecurityConstraint securityConstraint) {
        ArrayList arrayList = new ArrayList();
        for (com.ibm.ws.javaee.dd.web.common.WebResourceCollection webResourceCollection : securityConstraint.getWebResourceCollections()) {
            arrayList.add(new WebResourceCollection(webResourceCollection.getURLPatterns(), webResourceCollection.getHTTPMethods(), webResourceCollection.getHTTPMethodOmissions()));
        }
        return arrayList;
    }

    private List<String> createRoles(SecurityConstraint securityConstraint, List<String> list) {
        List<String> arrayList = new ArrayList();
        AuthConstraint authConstraint = securityConstraint.getAuthConstraint();
        if (authConstraint != null) {
            arrayList = authConstraint.getRoleNames();
            if (arrayList.contains(ALL_ROLES_MARKER)) {
                arrayList = list;
            }
        }
        return arrayList;
    }

    private boolean isSSLRequired(SecurityConstraint securityConstraint) {
        boolean z = false;
        UserDataConstraint userDataConstraint = securityConstraint.getUserDataConstraint();
        if (userDataConstraint != null && userDataConstraint.getTransportGuarantee() != 0) {
            z = true;
        }
        return z;
    }

    private boolean isAccessPrecluded(SecurityConstraint securityConstraint) {
        List roleNames;
        boolean z = false;
        AuthConstraint authConstraint = securityConstraint.getAuthConstraint();
        if (authConstraint != null && ((roleNames = authConstraint.getRoleNames()) == null || roleNames.isEmpty())) {
            z = true;
        }
        return z;
    }
}
