package org.apache.geronimo.security.deployment;

import java.security.Principal;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import org.apache.geronimo.gbean.AbstractName;
import org.apache.geronimo.gbean.GBeanData;
import org.apache.geronimo.kernel.Naming;
import org.apache.geronimo.security.DomainPrincipal;
import org.apache.geronimo.security.RealmPrincipal;
import org.apache.geronimo.security.deploy.DefaultPrincipal;
import org.apache.geronimo.security.deploy.DistinguishedName;
import org.apache.geronimo.security.deploy.LoginDomainPrincipalInfo;
import org.apache.geronimo.security.deploy.PrincipalInfo;
import org.apache.geronimo.security.deploy.RealmPrincipalInfo;
import org.apache.geronimo.security.deploy.Role;
import org.apache.geronimo.security.deploy.Security;
import org.apache.geronimo.security.jaas.NamedUsernamePasswordCredential;
import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
import org.apache.geronimo.security.util.ConfigurationUtil;
import org.apache.geronimo.xbeans.geronimo.security.GerDefaultPrincipalType;
import org.apache.geronimo.xbeans.geronimo.security.GerDistinguishedNameType;
import org.apache.geronimo.xbeans.geronimo.security.GerLoginDomainPrincipalType;
import org.apache.geronimo.xbeans.geronimo.security.GerNamedUsernamePasswordCredentialType;
import org.apache.geronimo.xbeans.geronimo.security.GerPrincipalType;
import org.apache.geronimo.xbeans.geronimo.security.GerRealmPrincipalType;
import org.apache.geronimo.xbeans.geronimo.security.GerRoleMappingsType;
import org.apache.geronimo.xbeans.geronimo.security.GerRoleType;
import org.apache.geronimo.xbeans.geronimo.security.GerSecurityType;

/* loaded from: input_file:lib/geronimo-security-builder-1.1.jar:org/apache/geronimo/security/deployment/SecurityBuilder.class */
public class SecurityBuilder {
    public static SecurityConfiguration buildSecurityConfiguration(GerSecurityType gerSecurityType, ClassLoader classLoader) {
        return buildSecurityConfiguration(buildSecurityConfig(gerSecurityType), classLoader);
    }

    public static SecurityConfiguration buildSecurityConfiguration(Security security, ClassLoader classLoader) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = new HashMap();
        buildRolePrincipalMap(security, hashMap, hashMap3, classLoader);
        invertMap(hashMap3, hashMap2);
        return new SecurityConfiguration(hashMap2, hashMap, security.getDefaultPrincipal(), security.getDefaultRole(), security.isDoAsCurrentCaller(), security.isUseContextHandler());
    }

    private static Map invertMap(Map map, Map map2) {
        for (Map.Entry entry : map.entrySet()) {
            String str = (String) entry.getKey();
            for (Principal principal : (Set) entry.getValue()) {
                HashSet hashSet = (HashSet) map2.get(principal);
                if (hashSet == null) {
                    hashSet = new HashSet();
                    map2.put(principal, hashSet);
                }
                hashSet.add(str);
            }
        }
        return map2;
    }

    public static void buildRolePrincipalMap(Security security, Map map, Map map2, ClassLoader classLoader) {
        for (Role role : security.getRoleMappings().values()) {
            String roleName = role.getRoleName();
            Subject subject = new Subject();
            HashSet hashSet = new HashSet();
            for (RealmPrincipalInfo realmPrincipalInfo : role.getRealmPrincipals()) {
                RealmPrincipal generateRealmPrincipal = ConfigurationUtil.generateRealmPrincipal(realmPrincipalInfo.getRealm(), realmPrincipalInfo.getDomain(), realmPrincipalInfo, classLoader);
                hashSet.add(generateRealmPrincipal);
                if (realmPrincipalInfo.isDesignatedRunAs()) {
                    subject.getPrincipals().add(generateRealmPrincipal);
                }
            }
            for (LoginDomainPrincipalInfo loginDomainPrincipalInfo : role.getLoginDomainPrincipals()) {
                DomainPrincipal generateDomainPrincipal = ConfigurationUtil.generateDomainPrincipal(loginDomainPrincipalInfo.getDomain(), loginDomainPrincipalInfo, classLoader);
                hashSet.add(generateDomainPrincipal);
                if (loginDomainPrincipalInfo.isDesignatedRunAs()) {
                    subject.getPrincipals().add(generateDomainPrincipal);
                }
            }
            for (PrincipalInfo principalInfo : role.getPrincipals()) {
                Principal generatePrincipal = ConfigurationUtil.generatePrincipal(principalInfo, classLoader);
                hashSet.add(generatePrincipal);
                if (principalInfo.isDesignatedRunAs()) {
                    subject.getPrincipals().add(generatePrincipal);
                }
            }
            for (DistinguishedName distinguishedName : role.getDistinguishedNames()) {
                X500Principal generateX500Principal = ConfigurationUtil.generateX500Principal(distinguishedName.getName());
                hashSet.add(generateX500Principal);
                if (distinguishedName.isDesignatedRunAs()) {
                    subject.getPrincipals().add(generateX500Principal);
                }
            }
            Set set = (Set) map2.get(roleName);
            if (set == null) {
                set = new HashSet();
                map2.put(roleName, set);
            }
            set.addAll(hashSet);
            if (subject.getPrincipals().size() > 0) {
                map.put(roleName, subject);
            }
        }
    }

    private static Security buildSecurityConfig(GerSecurityType gerSecurityType) {
        if (gerSecurityType == null) {
            return null;
        }
        Security security = new Security();
        security.setDoAsCurrentCaller(gerSecurityType.getDoasCurrentCaller());
        security.setUseContextHandler(gerSecurityType.getUseContextHandler());
        if (gerSecurityType.isSetDefaultRole()) {
            security.setDefaultRole(gerSecurityType.getDefaultRole().trim());
        }
        if (gerSecurityType.isSetRoleMappings()) {
            GerRoleMappingsType roleMappings = gerSecurityType.getRoleMappings();
            for (int i = 0; i < roleMappings.sizeOfRoleArray(); i++) {
                GerRoleType roleArray = roleMappings.getRoleArray(i);
                Role role = new Role();
                String trim = roleArray.getRoleName().trim();
                role.setRoleName(trim);
                for (int i2 = 0; i2 < roleArray.sizeOfRealmPrincipalArray(); i2++) {
                    role.getRealmPrincipals().add(buildRealmPrincipal(roleArray.getRealmPrincipalArray(i2)));
                }
                for (int i3 = 0; i3 < roleArray.sizeOfLoginDomainPrincipalArray(); i3++) {
                    role.getLoginDomainPrincipals().add(buildDomainPrincipal(roleArray.getLoginDomainPrincipalArray(i3)));
                }
                for (int i4 = 0; i4 < roleArray.sizeOfPrincipalArray(); i4++) {
                    role.getPrincipals().add(buildPrincipal(roleArray.getPrincipalArray(i4)));
                }
                for (int i5 = 0; i5 < roleArray.sizeOfDistinguishedNameArray(); i5++) {
                    GerDistinguishedNameType distinguishedNameArray = roleArray.getDistinguishedNameArray(i5);
                    role.getDistinguishedNames().add(new DistinguishedName(distinguishedNameArray.getName().trim(), distinguishedNameArray.getDesignatedRunAs()));
                }
                security.getRoleMappings().put(trim, role);
            }
        }
        security.setDefaultPrincipal(buildDefaultPrincipal(gerSecurityType.getDefaultPrincipal()));
        return security;
    }

    public static DefaultPrincipal buildDefaultPrincipal(GerDefaultPrincipalType gerDefaultPrincipalType) {
        DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
        defaultPrincipal.setPrincipal(buildPrincipal(gerDefaultPrincipalType.getPrincipal()));
        GerNamedUsernamePasswordCredentialType[] namedUsernamePasswordCredentialArray = gerDefaultPrincipalType.getNamedUsernamePasswordCredentialArray();
        if (namedUsernamePasswordCredentialArray.length > 0) {
            HashSet hashSet = new HashSet();
            for (GerNamedUsernamePasswordCredentialType gerNamedUsernamePasswordCredentialType : namedUsernamePasswordCredentialArray) {
                hashSet.add(new NamedUsernamePasswordCredential(gerNamedUsernamePasswordCredentialType.getUsername().trim(), gerNamedUsernamePasswordCredentialType.getPassword().trim().toCharArray(), gerNamedUsernamePasswordCredentialType.getName().trim()));
            }
            defaultPrincipal.setNamedUserPasswordCredentials(hashSet);
        }
        return defaultPrincipal;
    }

    public static RealmPrincipalInfo buildRealmPrincipal(GerRealmPrincipalType gerRealmPrincipalType) {
        return new RealmPrincipalInfo(gerRealmPrincipalType.getDomainName().trim(), gerRealmPrincipalType.getRealmName().trim(), gerRealmPrincipalType.getClass1().trim(), gerRealmPrincipalType.getName().trim(), gerRealmPrincipalType.isSetDesignatedRunAs());
    }

    public static LoginDomainPrincipalInfo buildDomainPrincipal(GerLoginDomainPrincipalType gerLoginDomainPrincipalType) {
        return new LoginDomainPrincipalInfo(gerLoginDomainPrincipalType.getDomainName().trim(), gerLoginDomainPrincipalType.getClass1().trim(), gerLoginDomainPrincipalType.getName().trim(), gerLoginDomainPrincipalType.isSetDesignatedRunAs());
    }

    public static PrincipalInfo buildPrincipal(GerPrincipalType gerPrincipalType) {
        return new PrincipalInfo(gerPrincipalType.getClass1().trim(), gerPrincipalType.getName().trim(), gerPrincipalType.isSetDesignatedRunAs());
    }

    public static GBeanData configureRoleMapper(Naming naming, AbstractName abstractName, SecurityConfiguration securityConfiguration) {
        GBeanData gBeanData = new GBeanData(naming.createChildName(abstractName, "RoleMapper", "RoleMapper"), ApplicationPrincipalRoleConfigurationManager.GBEAN_INFO);
        gBeanData.setAttribute("principalRoleMap", securityConfiguration.getPrincipalRoleMap());
        return gBeanData;
    }

    public static GBeanData configureApplicationPolicyManager(Naming naming, AbstractName abstractName, Map map, SecurityConfiguration securityConfiguration) {
        GBeanData gBeanData = new GBeanData(naming.createChildName(abstractName, "JACCManager", "JACCManager"), ApplicationPolicyConfigurationManager.GBEAN_INFO);
        gBeanData.setAttribute("contextIdToPermissionsMap", map);
        gBeanData.setAttribute("roleDesignates", securityConfiguration.getRoleDesignates());
        return gBeanData;
    }
}
