package org.omnifaces.exousia.permissions;

import java.security.Permission;
import java.security.Permissions;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebRoleRefPermission;
import org.omnifaces.exousia.constraints.transformer.ConstraintsToPermissionsTransformer;

/* loaded from: input_file:org/omnifaces/exousia/permissions/RolesToPermissionsTransformer.class */
public class RolesToPermissionsTransformer {
    public static final String ANY_AUTHENTICATED_CALLER_ROLE = "**";
    static final Logger logger = Logger.getLogger(ConstraintsToPermissionsTransformer.class.getName());
    private static final String CLASS_NAME = ConstraintsToPermissionsTransformer.class.getSimpleName();

    public static Map<String, Permissions> createWebRoleRefPermission(Set<String> set, Collection<String> collection) throws PolicyContextException {
        if (logger.isLoggable(Level.FINE)) {
            logger.entering(CLASS_NAME, "createWebRoleRefPermission");
            logger.log(Level.FINE, "Jakarta Authorization: role-reference translation: Processing WebRoleRefPermission : CODEBASE = ");
        }
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        boolean contains = set.contains("**");
        for (String str : collection) {
            addPermissionsForRoleRefRoles(Collections.emptyList(), arrayList, str, hashMap);
            if (logger.isLoggable(Level.FINE)) {
                logger.fine("JACC: role-reference translation: Going through the list of roles not present in RoleRef elements and creating WebRoleRefPermissions ");
            }
            addPermissionsForNonRoleRefRoles(set, arrayList, str, hashMap);
            if (!arrayList.contains("**") && !contains) {
                addAnyAuthenticatedUserRoleRef(hashMap, str);
            }
        }
        addGlobalPermissionsForAllRoles(set, hashMap);
        if (!contains) {
            addAnyAuthenticatedUserRoleRef(hashMap, "");
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.exiting(CLASS_NAME, "createWebRoleRefPermission");
        }
        return hashMap;
    }

    private static void addGlobalPermissionsForAllRoles(Collection<String> collection, Map<String, Permissions> map) {
        for (String str : collection) {
            if (logger.isLoggable(Level.FINE)) {
                logger.fine("Jakarta Authorization: role-reference translation: Looking at Role =  " + str);
            }
            addToRoleMap(map, str, new WebRoleRefPermission("", str));
            if (logger.isLoggable(Level.FINE)) {
                logger.fine("Jakarta Authorization: role-reference translation: RoleRef  = " + str + " is added for jsp's that can't be mapped to servlets");
                logger.fine("Jakarta Authorization: role-reference translation: Permission added for above role-ref =" + str + " ");
            }
        }
    }

    private static void addPermissionsForRoleRefRoles(Collection<String> collection, Collection<String> collection2, String str, Map<String, Permissions> map) {
        for (String str2 : collection) {
            if (str2 != null) {
                collection2.add(str2);
                addToRoleMap(map, str2, new WebRoleRefPermission(str, str2));
                if (logger.isLoggable(Level.FINE)) {
                    logger.fine("Jakarta Authorization: role-reference translation: RoleRefPermission created with name (servlet-name) = " + str + " and action (role-name tag) = " + str2 + " added to role (role-link tag) = " + str2);
                }
            }
        }
    }

    private static void addPermissionsForNonRoleRefRoles(Collection<String> collection, Collection<String> collection2, String str, Map<String, Permissions> map) {
        for (String str2 : collection) {
            if (logger.isLoggable(Level.FINE)) {
                logger.fine("Jakarta Authorization: role-reference translation: Looking at Role =  " + str2);
            }
            if (!collection2.contains(str2)) {
                addToRoleMap(map, str2, new WebRoleRefPermission(str, str2));
                if (logger.isLoggable(Level.FINE)) {
                    logger.fine("Jakarta Authorization: role-reference translation: RoleRef  = " + str2 + " is added for servlet-resource = " + str);
                    logger.fine("Jakarta Authorization: role-reference translation: Permission added for above role-ref =" + str + " " + str2);
                }
            }
        }
    }

    private static void addAnyAuthenticatedUserRoleRef(Map<String, Permissions> map, String str) throws PolicyContextException {
        addToRoleMap(map, "**", new WebRoleRefPermission(str, "**"));
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Jakarta Authorization: any authenticated user role-reference translation: Permission added for role-ref =" + str + " **");
        }
    }

    private static void addToRoleMap(Map<String, Permissions> map, String str, Permission permission) {
        map.computeIfAbsent(str, str2 -> {
            return new Permissions();
        }).add(permission);
    }
}
