package org.apache.marmotta.platform.security.model;

import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.marmotta.commons.collections.CollectionUtils;
import org.apache.marmotta.platform.security.util.SubnetInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/marmotta/platform/security/model/SecurityConstraint.class */
public class SecurityConstraint implements Comparable<SecurityConstraint> {
    private static Logger log = LoggerFactory.getLogger(SecurityConstraint.class);
    private Type type;
    private String name;
    private String urlPattern;
    private Set<SubnetInfo> hostPatterns;
    private boolean enabled;
    private Set<String> roles;
    private Set<HTTPMethods> methods;
    private int priority;

    /* loaded from: input_file:org/apache/marmotta/platform/security/model/SecurityConstraint$Type.class */
    public enum Type {
        PERMISSION,
        RESTRICTION
    }

    public SecurityConstraint(Type type, String str, String str2, boolean z) {
        this.enabled = true;
        this.priority = 1;
        this.type = type;
        this.name = str;
        this.enabled = z;
        this.urlPattern = str2;
        this.roles = new HashSet();
        this.methods = new HashSet();
        this.hostPatterns = new HashSet();
    }

    public SecurityConstraint(Type type, String str, String str2, boolean z, int i) {
        this(type, str, str2, z);
        this.priority = i;
    }

    public boolean matches(HttpServletRequest httpServletRequest) {
        return this.enabled && matchesMethod(httpServletRequest) && matchesAddress(httpServletRequest) && matchesUrl(httpServletRequest) && matchesRoles(httpServletRequest);
    }

    private boolean matchesMethod(HttpServletRequest httpServletRequest) {
        if (this.methods.size() == 0) {
            return true;
        }
        HTTPMethods parse = HTTPMethods.parse(httpServletRequest.getMethod());
        if (parse != null) {
            return this.methods.contains(parse);
        }
        log.warn("request did not contain a supported HTTP method");
        return false;
    }

    private boolean matchesUrl(HttpServletRequest httpServletRequest) {
        try {
            URL url = new URL(httpServletRequest.getRequestURL().toString());
            String contextPath = httpServletRequest.getContextPath();
            if (url.getPath().startsWith(contextPath)) {
                return url.getPath().substring(contextPath.length()).matches(this.urlPattern);
            }
            return false;
        } catch (MalformedURLException e) {
            log.error("the request URL {} was invalid", httpServletRequest.getRequestURL().toString());
            return false;
        }
    }

    private boolean matchesAddress(HttpServletRequest httpServletRequest) {
        if (this.hostPatterns.size() == 0) {
            return true;
        }
        for (SubnetInfo subnetInfo : this.hostPatterns) {
            if (subnetInfo.getHostAddress().equals(httpServletRequest.getRemoteAddr()) || subnetInfo.isInRange(httpServletRequest.getRemoteAddr())) {
                return true;
            }
        }
        return false;
    }

    private boolean matchesRoles(HttpServletRequest httpServletRequest) {
        if (this.roles.size() == 0) {
            return true;
        }
        Set set = (Set) httpServletRequest.getAttribute("user.roles");
        if (set == null) {
            return false;
        }
        Iterator<String> it = this.roles.iterator();
        while (it.hasNext()) {
            if (set.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    @Override // java.lang.Comparable
    public int compareTo(SecurityConstraint securityConstraint) {
        if (this.priority > securityConstraint.priority) {
            return -1;
        }
        return securityConstraint.priority > this.priority ? 1 : 0;
    }

    public String getName() {
        return this.name;
    }

    public void setName(String str) {
        this.name = str;
    }

    public String getUrlPattern() {
        return this.urlPattern;
    }

    public void setUrlPattern(String str) {
        this.urlPattern = str;
    }

    public Set<SubnetInfo> getHostPatterns() {
        return this.hostPatterns;
    }

    public void setHostPatterns(Set<SubnetInfo> set) {
        this.hostPatterns = set;
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    public Set<String> getRoles() {
        return this.roles;
    }

    public void setRoles(Set<String> set) {
        this.roles = set;
    }

    public Set<HTTPMethods> getMethods() {
        return this.methods;
    }

    public void setMethods(Set<HTTPMethods> set) {
        this.methods = set;
    }

    public int getPriority() {
        return this.priority;
    }

    public void setPriority(int i) {
        this.priority = i;
    }

    public String toString() {
        String str;
        String str2 = "security constraint " + this.name + ":";
        String str3 = this.type == Type.PERMISSION ? str2 + " allow " : str2 + " deny ";
        if (this.methods.size() > 0) {
            str3 = str3 + "{" + CollectionUtils.fold(this.methods, ",") + "} of ";
        }
        String str4 = str3 + this.urlPattern;
        if (this.hostPatterns.size() > 0) {
            str4 = str4 + " from " + CollectionUtils.fold(this.hostPatterns, new CollectionUtils.StringSerializer<SubnetInfo>() { // from class: org.apache.marmotta.platform.security.model.SecurityConstraint.1
                public String serialize(SubnetInfo subnetInfo) {
                    return subnetInfo.getCidrSignature();
                }
            }, ",");
        }
        String str5 = str4 + ": ";
        if (this.enabled) {
            str = str5 + " enabled";
            if (this.roles.size() > 0) {
                str = str + " to " + CollectionUtils.fold(this.roles, ", ");
            }
        } else {
            str = str5 + " unrestricted";
        }
        return str;
    }

    public Type getType() {
        return this.type;
    }

    public void setType(Type type) {
        this.type = type;
    }
}
