package com.ibm.ws.amm.merge.servlet;

import com.ibm.ws.security.util.Constants;
import com.ibm.wsspi.amm.merge.AbstractMergeAction;
import com.ibm.wsspi.amm.merge.MergeException;
import com.ibm.wsspi.amm.scan.AnnotationScanner;
import com.ibm.wsspi.amm.scan.ClassAnnotationTarget;
import com.ibm.wsspi.amm.scan.util.info.AnnotationInfo;
import com.ibm.wsspi.amm.scan.util.info.AnnotationValue;
import com.ibm.wsspi.amm.scan.util.info.ClassInfo;
import com.ibm.wsspi.amm.validate.ValidationException;
import com.ibm.wsspi.security.audit.AuditOutcome;
import java.lang.annotation.Annotation;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import javax.servlet.annotation.ServletSecurity;
import org.eclipse.emf.ecore.EObject;
import org.eclipse.jst.j2ee.common.CommonFactory;
import org.eclipse.jst.j2ee.common.SecurityRole;
import org.eclipse.jst.j2ee.commonarchivecore.internal.MergeData;
import org.eclipse.jst.j2ee.webapplication.WebApp;
import org.eclipse.jst.j2ee.webapplication.WebFragment;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ws/amm/merge/servlet/ServletSecurityMergeAction.class */
public class ServletSecurityMergeAction extends AbstractMergeAction {
    private static final String CLASS_NAME = "ServletSecurityMergeAction";
    public static final String VALUE = "value";
    public static final String HTTPMETHODCONSTRAINTS = "httpMethodConstraints";
    public static final String EMPTYROLESEMANTIC = "emptyRoleSemantic";
    public static final String ROLESALLOWED = "rolesAllowed";
    public static final String TRANSPORTGUARANTEE = "transportGuarantee";
    public static final String transportGuaranteeCONFIDENTIAL = "CONFIDENTIAL";
    public static final String transportGuaranteeNONE = "NONE";

    @Override // com.ibm.wsspi.amm.merge.AbstractMergeAction
    public Class<? extends Annotation> getAnnotationClass() {
        return ServletSecurity.class;
    }

    @Override // com.ibm.wsspi.amm.merge.AbstractMergeAction
    public boolean isClassTargetsSupported() {
        return true;
    }

    @Override // com.ibm.wsspi.amm.merge.MergeAction
    public Class<? extends EObject>[] getApplicableTypes() {
        return new Class[]{WebApp.class, WebFragment.class};
    }

    @Override // com.ibm.wsspi.amm.merge.AbstractMergeAction
    public boolean requiresValidation() {
        return true;
    }

    @Override // com.ibm.wsspi.amm.merge.AbstractMergeAction
    public void mergeClassTarget(MergeData mergeData, AnnotationScanner annotationScanner, ClassAnnotationTarget classAnnotationTarget) throws MergeException, ValidationException {
        ClassInfo applicableClass = classAnnotationTarget.getApplicableClass();
        if (logger.isLoggable(Level.FINER)) {
            logger.logp(Level.FINER, CLASS_NAME, "mergeClassTarget", "ENTER [ {0} ]", applicableClass.getName());
        }
        AnnotationInfo annotation = applicableClass.getAnnotation(getAnnotationClass());
        WebApp webApp = (WebApp) mergeData.getDeploymentDescriptor();
        if (logger.isLoggable(Level.FINER)) {
            logger.logp(Level.FINER, CLASS_NAME, "mergeClassTarget", "WebApp initial roles [ {0} ]", webApp.getSecurityRoles());
        }
        AnnotationValue value = annotation.getValue("value");
        if (value != null) {
            AnnotationInfo annotationValue = value.getAnnotationValue();
            if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, CLASS_NAME, "mergeClassTarget", "HttpContraint [ {0} ]", annotationValue);
            }
            AnnotationValue value2 = annotationValue.getValue(ROLESALLOWED);
            if (value2 != null) {
                List<? extends AnnotationValue> arrayValue = value2.getArrayValue();
                ArrayList arrayList = new ArrayList();
                Iterator<? extends AnnotationValue> it = arrayValue.iterator();
                while (it.hasNext()) {
                    String stringValue = it.next().getStringValue();
                    arrayList.add(stringValue);
                    if (logger.isLoggable(Level.FINER)) {
                        logger.logp(Level.FINER, CLASS_NAME, "mergeClassTarget", "HttpConstraint role allowed [ {0} ]", stringValue);
                    }
                }
                addSecurityRoles(webApp, arrayList, "ServletSecurity HttpConstraint annotation on servlet " + applicableClass.getName());
            }
        }
        AnnotationValue value3 = annotation.getValue(HTTPMETHODCONSTRAINTS);
        String str = "ServletSecurity HttpMethodConstraint annotation on servlet " + applicableClass.getName();
        if (value3 != null) {
            List<? extends AnnotationValue> arrayValue2 = value3.getArrayValue();
            ArrayList arrayList2 = new ArrayList();
            Iterator<? extends AnnotationValue> it2 = arrayValue2.iterator();
            while (it2.hasNext()) {
                AnnotationInfo annotationValue2 = it2.next().getAnnotationValue();
                if (logger.isLoggable(Level.FINER)) {
                    logger.logp(Level.FINER, CLASS_NAME, "mergeClassTarget", "Method constraint [ {0} ]", annotationValue2);
                }
                AnnotationValue value4 = annotationValue2.getValue(ROLESALLOWED);
                if (value4 != null) {
                    Iterator<? extends AnnotationValue> it3 = value4.getArrayValue().iterator();
                    while (it3.hasNext()) {
                        String stringValue2 = it3.next().getStringValue();
                        arrayList2.add(stringValue2);
                        if (logger.isLoggable(Level.FINER)) {
                            logger.logp(Level.FINER, CLASS_NAME, "mergeClassTarget", "Method role allowed [ {0} ]", stringValue2);
                        }
                    }
                    addSecurityRoles(webApp, arrayList2, str);
                    arrayList2.clear();
                }
            }
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.logp(Level.FINER, CLASS_NAME, "mergeClassTarget", "WebApp final roles [ {0} ]", webApp.getSecurityRoles());
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.logp(Level.FINER, CLASS_NAME, "mergeClassTarget", AuditOutcome.S_RETURN);
        }
    }

    private void addSecurityRoles(WebApp webApp, List<String> list, String str) {
        String str2;
        for (String str3 : list) {
            if (webApp.containsSecurityRole(str3)) {
                str2 = "Role [ {0} ] already present; not added";
            } else if (str3.equals(Constants.ALL_AUTHENTICATED_ROLE)) {
                str2 = "Implicit role [ {0} ]; not added";
            } else {
                str2 = "Role [ {0} ]; added";
                SecurityRole createSecurityRole = CommonFactory.eINSTANCE.createSecurityRole();
                createSecurityRole.setRoleName(str3);
                createSecurityRole.setDescription(str);
                webApp.getSecurityRoles().add(createSecurityRole);
            }
            if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, CLASS_NAME, "addSecurityRole", str2, str3);
            }
        }
    }
}
