package com.sun.enterprise.security.ee.jmac;

import com.sun.enterprise.config.serverbeans.MessageSecurityConfig;
import com.sun.enterprise.config.serverbeans.ProviderConfig;
import com.sun.enterprise.config.serverbeans.RequestPolicy;
import com.sun.enterprise.config.serverbeans.ResponsePolicy;
import com.sun.enterprise.config.serverbeans.SecurityService;
import com.sun.logging.LogDomains;
import jakarta.security.auth.message.MessagePolicy;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.glassfish.api.admin.ServerEnvironment;
import org.glassfish.epicyro.config.factory.ConfigParser;
import org.glassfish.epicyro.data.AuthModuleConfig;
import org.glassfish.epicyro.data.AuthModulesLayerConfig;
import org.glassfish.internal.api.Globals;
import org.jvnet.hk2.config.types.Property;

/* loaded from: input_file:com/sun/enterprise/security/ee/jmac/ConfigDomainParser.class */
public class ConfigDomainParser implements ConfigParser {
    private static final Logger _logger = LogDomains.getLogger(ConfigDomainParser.class, "jakarta.enterprise.system.core.security");
    private static final Pattern PROPERTY_PATTERN = Pattern.compile("\\$\\{\\{(.*?)}}|\\$\\{(.*?)}");
    private final Map<String, AuthModulesLayerConfig> authModuleLayers = new HashMap();
    private final Set<String> layersWithDefault = new HashSet();

    @Override // org.glassfish.epicyro.config.factory.ConfigParser
    public void initialize(Object obj) throws IOException {
        if (obj == null && Globals.getDefaultHabitat() != null) {
            obj = Globals.getDefaultHabitat().getService((Class<Object>) SecurityService.class, ServerEnvironment.DEFAULT_INSTANCE_NAME, new Annotation[0]);
        }
        if (obj instanceof SecurityService) {
            processServerConfig((SecurityService) obj, this.authModuleLayers);
        }
    }

    @Override // org.glassfish.epicyro.config.factory.ConfigParser
    public Map<String, AuthModulesLayerConfig> getAuthModuleLayers() {
        return this.authModuleLayers;
    }

    @Override // org.glassfish.epicyro.config.factory.ConfigParser
    public Set<String> getLayersWithDefault() {
        return this.layersWithDefault;
    }

    private void processServerConfig(SecurityService securityService, Map<String, AuthModulesLayerConfig> map) throws IOException {
        List<MessageSecurityConfig> messageSecurityConfig = securityService.getMessageSecurityConfig();
        if (messageSecurityConfig != null) {
            for (MessageSecurityConfig messageSecurityConfig2 : messageSecurityConfig) {
                String parseInterceptEntry = parseInterceptEntry(messageSecurityConfig2, map);
                List<ProviderConfig> providerConfig = messageSecurityConfig2.getProviderConfig();
                if (providerConfig != null) {
                    Iterator<ProviderConfig> it = providerConfig.iterator();
                    while (it.hasNext()) {
                        parseIDEntry(it.next(), map, parseInterceptEntry);
                    }
                }
            }
        }
    }

    private String parseInterceptEntry(MessageSecurityConfig messageSecurityConfig, Map<String, AuthModulesLayerConfig> map) throws IOException {
        String authLayer = messageSecurityConfig.getAuthLayer();
        String defaultProvider = messageSecurityConfig.getDefaultProvider();
        String defaultClientProvider = messageSecurityConfig.getDefaultClientProvider();
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine("Intercept Entry: \n    intercept: " + authLayer + "\n    defaultServerID: " + defaultProvider + "\n    defaultClientID:  " + defaultClientProvider);
        }
        if (defaultProvider != null || defaultClientProvider != null) {
            this.layersWithDefault.add(authLayer);
        }
        if (map.get(authLayer) != null) {
            throw new IOException("found multiple MessageSecurityConfig entries with the same auth-layer");
        }
        map.put(authLayer, new AuthModulesLayerConfig(defaultClientProvider, defaultProvider, null));
        return authLayer;
    }

    private void parseIDEntry(ProviderConfig providerConfig, Map<String, AuthModulesLayerConfig> map, String str) throws IOException {
        String providerId = providerConfig.getProviderId();
        String providerType = providerConfig.getProviderType();
        String className = providerConfig.getClassName();
        MessagePolicy parsePolicy = parsePolicy(providerConfig.getRequestPolicy());
        MessagePolicy parsePolicy2 = parsePolicy(providerConfig.getResponsePolicy());
        Map<String, Object> moduleOptions = getModuleOptions(providerConfig);
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine("ID Entry: \n    module class: " + className + "\n    id: " + providerId + "\n    type: " + providerType + "\n    request policy: " + parsePolicy + "\n    response policy: " + parsePolicy2 + "\n    options: " + moduleOptions);
        }
        AuthModuleConfig authModuleConfig = new AuthModuleConfig(providerType, className, parsePolicy, parsePolicy2, moduleOptions);
        AuthModulesLayerConfig authModulesLayerConfig = map.get(str);
        if (authModulesLayerConfig == null) {
            throw new IOException("intercept entry for " + str + " must be specified before ID entries");
        }
        if (authModulesLayerConfig.getAuthModules() == null) {
            authModulesLayerConfig.setIdMap(new HashMap());
        }
        authModulesLayerConfig.getAuthModules().put(providerId, authModuleConfig);
    }

    private String expand(String str) {
        Matcher matcher = PROPERTY_PATTERN.matcher(str);
        StringBuilder sb = new StringBuilder();
        while (matcher.find()) {
            if (matcher.group(1) != null) {
                matcher.appendReplacement(sb, Matcher.quoteReplacement(matcher.group()));
            } else {
                String property = System.getProperty(matcher.group(2));
                if (property == null) {
                    throw new IllegalStateException("No system property for " + matcher.group(2));
                }
                matcher.appendReplacement(sb, Matcher.quoteReplacement(property));
            }
        }
        matcher.appendTail(sb);
        return sb.toString();
    }

    private MessagePolicy parsePolicy(RequestPolicy requestPolicy) {
        if (requestPolicy == null) {
            return null;
        }
        return org.glassfish.epicyro.config.helper.AuthMessagePolicy.getMessagePolicy(requestPolicy.getAuthSource(), requestPolicy.getAuthRecipient());
    }

    private MessagePolicy parsePolicy(ResponsePolicy responsePolicy) {
        if (responsePolicy == null) {
            return null;
        }
        return org.glassfish.epicyro.config.helper.AuthMessagePolicy.getMessagePolicy(responsePolicy.getAuthSource(), responsePolicy.getAuthRecipient());
    }

    private Map<String, Object> getModuleOptions(ProviderConfig providerConfig) {
        HashMap hashMap = new HashMap();
        List<Property> property = providerConfig.getProperty();
        if (property != null) {
            for (Property property2 : property) {
                try {
                    hashMap.put(property2.getName(), expand(property2.getValue()));
                } catch (IllegalStateException e) {
                    _logger.log(Level.FINE, "jmac.unexpandedproperty");
                    hashMap.put(property2.getName(), property2.getValue());
                }
            }
        }
        return hashMap;
    }
}
