package io.undertow.servlet.core;

import io.undertow.security.idm.Account;
import io.undertow.servlet.api.AuthorizationManager;
import io.undertow.servlet.api.Deployment;
import io.undertow.servlet.api.SecurityInfo;
import io.undertow.servlet.api.SecurityRoleRef;
import io.undertow.servlet.api.ServletInfo;
import io.undertow.servlet.api.SingleConstraintMatch;
import io.undertow.servlet.api.TransportGuaranteeType;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:BOOT-INF/lib/undertow-servlet-1.3.28.Final.jar:io/undertow/servlet/core/DefaultAuthorizationManager.class */
public class DefaultAuthorizationManager implements AuthorizationManager {
    public static final DefaultAuthorizationManager INSTANCE = new DefaultAuthorizationManager();

    private DefaultAuthorizationManager() {
    }

    @Override // io.undertow.servlet.api.AuthorizationManager
    public boolean isUserInRole(String str, Account account, ServletInfo servletInfo, HttpServletRequest httpServletRequest, Deployment deployment) {
        Set<String> set = deployment.getDeploymentInfo().getPrincipalVersusRolesMap().get(account.getPrincipal().getName());
        for (SecurityRoleRef securityRoleRef : servletInfo.getSecurityRoleRefs()) {
            if (securityRoleRef.getRole().equals(str)) {
                if (set == null || !set.contains(securityRoleRef.getLinkedRole())) {
                    return account.getRoles().contains(securityRoleRef.getLinkedRole());
                }
                return true;
            }
        }
        if (set == null || !set.contains(str)) {
            return account.getRoles().contains(str);
        }
        return true;
    }

    @Override // io.undertow.servlet.api.AuthorizationManager
    public boolean canAccessResource(List<SingleConstraintMatch> list, Account account, ServletInfo servletInfo, HttpServletRequest httpServletRequest, Deployment deployment) {
        if (list == null || list.isEmpty()) {
            return true;
        }
        for (SingleConstraintMatch singleConstraintMatch : list) {
            boolean z = false;
            Set<String> requiredRoles = singleConstraintMatch.getRequiredRoles();
            if (requiredRoles.isEmpty() && singleConstraintMatch.getEmptyRoleSemantic() != SecurityInfo.EmptyRoleSemantic.DENY) {
                z = true;
            } else if (account != null) {
                if (!requiredRoles.contains("**")) {
                    Set<String> set = deployment.getDeploymentInfo().getPrincipalVersusRolesMap().get(account.getPrincipal().getName());
                    Iterator<String> it = requiredRoles.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        String next = it.next();
                        if (set != null && set.contains(next)) {
                            z = true;
                            break;
                        }
                        if (account.getRoles().contains(next)) {
                            z = true;
                            break;
                        }
                    }
                } else {
                    z = true;
                }
            }
            if (!z) {
                return false;
            }
        }
        return true;
    }

    @Override // io.undertow.servlet.api.AuthorizationManager
    public TransportGuaranteeType transportGuarantee(TransportGuaranteeType transportGuaranteeType, TransportGuaranteeType transportGuaranteeType2, HttpServletRequest httpServletRequest) {
        return transportGuaranteeType2;
    }
}
