package com.ibm.wbimonitor.kpi;

import com.ibm.wbimonitor.context.AuthorizationContext;
import com.ibm.wbimonitor.context.ServerContext;
import com.ibm.wbimonitor.kpi.spi.KpiAccessException;
import com.ibm.wbimonitor.kpi.spi.KpiClientConstants;
import com.ibm.wbimonitor.kpi.spi.beans.KpiBean;
import com.ibm.wbimonitor.log.LoggerConstants;
import com.ibm.wbimonitor.persistence.MonitorRepository;
import com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService;
import com.ibm.websphere.logging.WsLevel;
import com.ibm.ws.ffdc.FFDCFilter;
import java.text.MessageFormat;
import java.util.List;
import java.util.ResourceBundle;
import java.util.logging.Level;
import java.util.logging.Logger;

/* JADX WARN: Classes with same name are omitted:
  input_file:library_jars/com.ibm.wbimonitor.repository_6.2.0.jar:com/ibm/wbimonitor/kpi/KpiAuthorizationHelper.class
 */
/* loaded from: input_file:runtime/com.ibm.wbimonitor.repository_6.2.0.jar:com/ibm/wbimonitor/kpi/KpiAuthorizationHelper.class */
public class KpiAuthorizationHelper {
    public static final String COPYRIGHT = " Copyright IBM Corporation 2005, 2008.";
    private static final String className = KpiAuthorizationHelper.class.getName();
    private static ResourceBundle resourceBundle = ResourceBundle.getBundle(MessageBundleKeys.BUNDLE_NAME);
    protected static Logger logger = Logger.getLogger(KpiAuthorizationHelper.class.getName(), MessageBundleKeys.BUNDLE_NAME);

    private KpiAuthorizationHelper() {
    }

    private static void validateViewAccessAuthorization(KpiBean kpiBean, AuthorizationContext authorizationContext) throws KpiAccessException {
        if (logger.isLoggable(WsLevel.FINER)) {
            logger.logp(WsLevel.FINER, className, "validateViewAccessAuthorization", LoggerConstants.LEVEL_ENTRY_NAME);
        }
        if (kpiBean != null) {
            List<String> list = null;
            if (authorizationContext != null && authorizationContext.getUserRoles() != null && (kpiBean.getUserId() == null || kpiBean.getUserId().equals("") || kpiBean.getUserId().equals(authorizationContext.getUserDN()))) {
                list = authorizationContext.getUserRoles();
            }
            if (list == null) {
                try {
                    list = AuthorizationService.getUserRoles(kpiBean.getUserId());
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.wbimonitor.kpi.KpiAuthorizationHelper.validateViewAccessAuthorization", "67");
                    if (logger.isLoggable(WsLevel.FINEST)) {
                        logger.logp(WsLevel.FINEST, className, "validateViewAccessAuthorization", "Error retrieving the user's roles.  Probably means that the user " + kpiBean.getUserId() + "does not exist in the repository.");
                    }
                    Object[] objArr = {kpiBean.getUserId()};
                    if (logger.isLoggable(WsLevel.WARNING)) {
                        logger.logp(WsLevel.WARNING, className, "validateViewAccessAuthorization", "KP0066", objArr);
                    }
                    throw new KpiAccessException(MessageFormat.format(resourceBundle.getString("KP0066"), objArr));
                }
            }
            if (list == null || list.isEmpty()) {
                if (logger.isLoggable(WsLevel.FINEST)) {
                    logger.logp(WsLevel.FINEST, className, "validateViewAccessAuthorization", "The user does not have any roles.");
                }
                Object[] objArr2 = {kpiBean.getKpiId()};
                if (logger.isLoggable(WsLevel.WARNING)) {
                    logger.logp(WsLevel.WARNING, className, "validateViewAccessAuthorization", "KP0051", objArr2);
                }
                throw new KpiAccessException(MessageFormat.format(resourceBundle.getString("KP0051"), objArr2));
            }
            if (logger.isLoggable(WsLevel.FINEST)) {
                logger.logp(WsLevel.FINEST, className, "validateViewAccessAuthorization", "User Roles: " + list);
            }
            if (!list.contains("KPI-Administrator")) {
                if (kpiBean.getViewAccess().equals(KpiClientConstants.KPI_VIEW_ACCESS_PUBLIC)) {
                    if (!list.contains("Public-KPI-Administrator")) {
                        Object[] objArr3 = {kpiBean.getKpiId()};
                        if (logger.isLoggable(WsLevel.WARNING)) {
                            logger.logp(WsLevel.WARNING, className, "validateViewAccessAuthorization", "KP0052", objArr3);
                        }
                        throw new KpiAccessException(MessageFormat.format(resourceBundle.getString("KP0052"), objArr3));
                    }
                } else if (kpiBean.getViewAccess().equals(KpiClientConstants.KPI_VIEW_ACCESS_PERSONAL) && !list.contains("Public-KPI-Administrator") && !list.contains("Personal-KPI-Administrator")) {
                    Object[] objArr4 = {kpiBean.getKpiId()};
                    if (logger.isLoggable(WsLevel.WARNING)) {
                        logger.logp(WsLevel.WARNING, className, "validateViewAccessAuthorization", "KP0053", objArr4);
                    }
                    throw new KpiAccessException(MessageFormat.format(resourceBundle.getString("KP0053"), objArr4));
                }
            }
        }
        if (logger.isLoggable(Level.FINEST)) {
            logger.exiting(className, "validateViewAccessAuthorization");
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:11:0x0081. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:237:0x05d4  */
    /* JADX WARN: Removed duplicated region for block: B:238:0x05db  */
    /* JADX WARN: Removed duplicated region for block: B:245:0x064a  */
    /* JADX WARN: Removed duplicated region for block: B:247:? A[RETURN, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:33:0x0165  */
    /* JADX WARN: Removed duplicated region for block: B:36:0x017c  */
    /* JADX WARN: Removed duplicated region for block: B:55:0x05f9  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void validationCheckForModeledKpi(com.ibm.wbimonitor.kpi.spi.beans.KpiBean r7, com.ibm.wbimonitor.kpi.spi.beans.KpiBean r8, int r9, com.ibm.wbimonitor.context.AuthorizationContext r10) throws com.ibm.wbimonitor.kpi.spi.KpiAccessException {
        /*
            Method dump skipped, instructions count: 1622
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.wbimonitor.kpi.KpiAuthorizationHelper.validationCheckForModeledKpi(com.ibm.wbimonitor.kpi.spi.beans.KpiBean, com.ibm.wbimonitor.kpi.spi.beans.KpiBean, int, com.ibm.wbimonitor.context.AuthorizationContext):void");
    }

    public static void authorizationCheck(KpiBean kpiBean, KpiBean kpiBean2, int i, MonitorRepository monitorRepository, ServerContext serverContext) throws KpiAccessException {
        if (logger.isLoggable(WsLevel.FINER)) {
            logger.logp(WsLevel.FINER, className, "authorizationCheck", LoggerConstants.LEVEL_ENTRY_NAME);
        }
        AuthorizationContext authorizationContext = serverContext.getAuthorizationContext();
        if (!authorizationContext.isSecurityDisabled()) {
            validateViewAccessAuthorization(kpiBean, authorizationContext);
            if (!authorizationContext.getUserRoles().contains("KPI-Administrator")) {
                switch (i) {
                    case 1:
                        if (logger.isLoggable(WsLevel.FINEST)) {
                            logger.logp(WsLevel.FINEST, className, "authorizationCheck", "Validation Type = update");
                        }
                        String userId = kpiBean2.getUserId();
                        String userId2 = kpiBean.getUserId();
                        if (userId2 == null || userId2.equals("")) {
                            userId2 = authorizationContext.getUserDN();
                        }
                        if (userId == null || userId2 == null || !userId.equals(authorizationContext.getUserDN()) || !userId2.equals(authorizationContext.getUserDN())) {
                            Object[] objArr = {kpiBean2.getKpiId()};
                            if (logger.isLoggable(WsLevel.WARNING)) {
                                logger.logp(WsLevel.WARNING, className, "authorizationCheck", "KP0063", objArr);
                            }
                            throw new KpiAccessException(MessageFormat.format(resourceBundle.getString("KP0063"), objArr));
                        }
                        break;
                    case 2:
                        if (logger.isLoggable(WsLevel.FINEST)) {
                            logger.logp(WsLevel.FINEST, className, "authorizationCheck", "Validation Type = create");
                        }
                        String userId3 = kpiBean.getUserId();
                        if (userId3 == null || userId3.equals("")) {
                            userId3 = authorizationContext.getUserDN();
                        }
                        if (!userId3.equals(authorizationContext.getUserDN())) {
                            Object[] objArr2 = {kpiBean.getDisplayName()};
                            if (logger.isLoggable(WsLevel.WARNING)) {
                                logger.logp(WsLevel.WARNING, className, "authorizationCheck", "KP0064", objArr2);
                            }
                            throw new KpiAccessException(MessageFormat.format(resourceBundle.getString("KP0064"), objArr2));
                        }
                        break;
                    case 3:
                        if (logger.isLoggable(WsLevel.FINEST)) {
                            logger.logp(WsLevel.FINEST, className, "authorizationCheck", "Validation Type = delete");
                        }
                        if (!kpiBean2.getUserId().equals(authorizationContext.getUserDN())) {
                            Object[] objArr3 = {kpiBean2.getKpiId()};
                            if (logger.isLoggable(WsLevel.WARNING)) {
                                logger.logp(WsLevel.WARNING, className, "authorizationCheck", "KP0062", objArr3);
                            }
                            throw new KpiAccessException(MessageFormat.format(resourceBundle.getString("KP0062"), objArr3));
                        }
                        break;
                    case 4:
                        if (logger.isLoggable(WsLevel.FINEST)) {
                            logger.logp(WsLevel.FINEST, className, "authorizationCheck", "Update Type = access");
                        }
                        if ((kpiBean2.getUserId() == null || !kpiBean2.getUserId().equals(authorizationContext.getUserDN())) && !kpiBean2.getViewAccess().equals(KpiClientConstants.KPI_VIEW_ACCESS_PUBLIC)) {
                            Object[] objArr4 = {kpiBean2.getKpiId()};
                            if (logger.isLoggable(WsLevel.WARNING)) {
                                logger.logp(WsLevel.WARNING, className, "authorizationCheck", "KP0065", objArr4);
                            }
                            throw new KpiAccessException(MessageFormat.format(resourceBundle.getString("KP0065"), objArr4));
                        }
                        break;
                }
            }
        }
        if (logger.isLoggable(Level.FINEST)) {
            logger.exiting(className, "authorizationCheck");
        }
    }
}
