package org.wings.plaf.css.dwr;

import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.directwebremoting.WebContextFactory;
import org.directwebremoting.extend.AccessControl;
import org.directwebremoting.extend.Creator;

/* loaded from: input_file:org/wings/plaf/css/dwr/SessionAccessControl.class */
public class SessionAccessControl implements AccessControl {
    private static final transient Log log = LogFactory.getLog(SessionAccessControl.class);
    private static final String PACKAGE_DWR_DENY = "org.directwebremoting.";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wings/plaf/css/dwr/SessionAccessControl$Policy.class */
    public static class Policy {
        boolean defaultAllow = false;
        List rules = new ArrayList();

        Policy() {
        }
    }

    public void addRoleRestriction(String str, String str2, String str3) {
        String str4 = str + '.' + str2;
        Set set = (Set) getRoleRestrictMap().get(str4);
        if (set == null) {
            set = new HashSet();
            getRoleRestrictMap().put(str4, set);
        }
        set.add(str3);
    }

    public void addIncludeRule(String str, String str2) {
        Policy policy = getPolicy(str);
        if (policy.defaultAllow) {
            if (policy.rules.size() > 0) {
                throw new IllegalArgumentException("ACL rules mixed includes/exluded for script: " + str);
            }
            policy.defaultAllow = false;
        }
        policy.rules.add(str2);
    }

    public void addExcludeRule(String str, String str2) {
        Policy policy = getPolicy(str);
        if (!policy.defaultAllow) {
            if (policy.rules.size() > 0) {
                throw new IllegalArgumentException("ACL rules mixed includes/exluded for script: " + str);
            }
            policy.defaultAllow = true;
        }
        policy.rules.add(str2);
    }

    private Set getRoleRestrictions(String str, String str2) {
        return (Set) getRoleRestrictMap().get(str + '.' + str2);
    }

    private boolean isExecutable(String str, String str2) {
        Policy policy = (Policy) getPolicyMap().get(str);
        if (policy == null) {
            return true;
        }
        String str3 = null;
        Iterator it = policy.rules.iterator();
        while (it.hasNext() && str3 == null) {
            String str4 = (String) it.next();
            if (str2.equals(str4)) {
                str3 = str4;
            }
        }
        if (!policy.defaultAllow || str3 == null) {
            return policy.defaultAllow || str3 != null;
        }
        return false;
    }

    private Policy getPolicy(String str) {
        Policy policy = (Policy) getPolicyMap().get(str);
        if (policy == null) {
            policy = new Policy();
            getPolicyMap().put(str, policy);
        }
        return policy;
    }

    private Map getAccessMap() {
        HttpSession session = WebContextFactory.get().getSession();
        Map map = (Map) session.getAttribute("AccessMap");
        if (map == null) {
            map = new WeakHashMap();
            session.setAttribute("AccessMap", map);
        }
        return map;
    }

    private Map getPolicyMap() {
        HttpSession session = WebContextFactory.get().getSession();
        Map map = (Map) session.getAttribute("PolicyMap");
        if (map == null) {
            map = new WeakHashMap();
            session.setAttribute("PolicyMap", map);
        }
        return map;
    }

    private Map getRoleRestrictMap() {
        HttpSession session = WebContextFactory.get().getSession();
        Map map = (Map) session.getAttribute("RoleRestrictMap");
        if (map == null) {
            map = new WeakHashMap();
            session.setAttribute("RoleRestrictMap", map);
        }
        return map;
    }

    public void assertExecutionIsPossible(Creator creator, String str, Method method) throws SecurityException {
        Set roleRestrictions = getRoleRestrictions(str, method.getName());
        if (roleRestrictions != null) {
            boolean z = false;
            HttpServletRequest httpServletRequest = WebContextFactory.get().getHttpServletRequest();
            if (httpServletRequest == null) {
                log.warn("Missing HttpServletRequest roles can not be checked");
            } else {
                Iterator it = roleRestrictions.iterator();
                while (it.hasNext() && !z) {
                    if (httpServletRequest.isUserInRole((String) it.next())) {
                        z = true;
                    }
                }
            }
            if (z) {
                return;
            }
            StringBuffer stringBuffer = new StringBuffer();
            Iterator it2 = roleRestrictions.iterator();
            while (it2.hasNext()) {
                stringBuffer.append((String) it2.next());
                if (it2.hasNext()) {
                    stringBuffer.append(", ");
                }
            }
            throw new SecurityException("DWR method invocation denied by J2EE role definition: " + stringBuffer.toString());
        }
    }

    public void assertIsDisplayable(Creator creator, String str, Method method) throws SecurityException {
        String name = method.getName();
        if (!Modifier.isPublic(method.getModifiers())) {
            throw new SecurityException("Denied DWR invocation of non-public method.");
        }
        if (!isExecutable(str, name)) {
            throw new SecurityException("Method access is denied by rules");
        }
        if (method.getDeclaringClass() == Object.class) {
            throw new SecurityException("Security denied a DWR call to an Method declared in class Object");
        }
        if (creator.getType().getName().startsWith(PACKAGE_DWR_DENY)) {
            throw new SecurityException("Security denied a DWR call to an Method declared in the DWR framework");
        }
        for (int i = 0; i < method.getParameterTypes().length; i++) {
            if (method.getParameterTypes()[i].getName().startsWith(PACKAGE_DWR_DENY)) {
                throw new SecurityException("Denied remote DWR invocation of a DWR framework method.");
            }
        }
    }
}
