package com.ibm.wps.ac.impl;

import com.ibm.portal.Identifiable;
import com.ibm.portal.ObjectID;
import com.ibm.portal.ResourceType;
import com.ibm.wps.ac.ACManager;
import com.ibm.wps.ac.ACPrincipal;
import com.ibm.wps.ac.Action;
import com.ibm.wps.ac.ActionSet;
import com.ibm.wps.ac.AuthorizationDataException;
import com.ibm.wps.ac.Entitlements;
import com.ibm.wps.ac.ExternalAuthorizationException;
import com.ibm.wps.ac.PermissionCollection;
import com.ibm.wps.ac.PrincipalNotFoundException;
import com.ibm.wps.ac.cache.ACCacheManager;
import com.ibm.wps.datastore.ac.ProtectedResourceBaseRO;
import com.ibm.wps.datastore.ac.ProtectedResourceRO;
import com.ibm.wps.logging.LogManager;
import com.ibm.wps.logging.Logger;
import com.ibm.wps.services.ac.AccessControl;
import com.ibm.wps.services.ac.VirtualResources;
import com.ibm.wps.services.datastore.DataStore;
import com.ibm.wps.services.datastore.Transaction;
import com.ibm.wps.util.ObjectIDConstants;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Stack;

/* loaded from: input_file:lib/wps.jar:com/ibm/wps/ac/impl/Engine.class */
public final class Engine {
    private static final String COPYRIGHT = "Licensed Materials - Property of IBM, 5724-E76 and 5724-E77, (C) Copyright IBM Corp. 2001, 2003 - All Rights reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private RoleManager roleManager;
    private ResourceManager resourceManager;
    private ACCacheManager cacheManager;
    private static final List VIRTUAL_USERS_RESOURCE_LIST = Collections.unmodifiableList(Arrays.asList(ObjectIDConstants.AC_VIRTUAL_RESOURCE_USERS));
    private static final Logger logger;
    boolean enableNestedGroups;
    boolean enableResourceGroupPermissions;
    private boolean isLogging = false;
    private static final int CONTEXT_CHECK_RESULT_SUCCESS = 0;
    private static final int CONTEXT_CHECK_RESULT_FAILED = 1;
    private static final int CONTEXT_CHECK_RESULT_UNDEFINED = 2;
    static Class class$com$ibm$wps$ac$impl$Engine;

    public Engine(ResourceManager resourceManager, RoleManager roleManager, ACCacheManager aCCacheManager, boolean z, boolean z2) {
        this.enableNestedGroups = true;
        this.enableResourceGroupPermissions = true;
        this.resourceManager = resourceManager;
        this.roleManager = roleManager;
        this.cacheManager = aCCacheManager;
        this.enableNestedGroups = z;
        this.enableResourceGroupPermissions = z2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection filterResources(ACPrincipal aCPrincipal, ResourceType resourceType, Collection collection, ActionSet actionSet) throws AuthorizationDataException, ExternalAuthorizationException {
        this.isLogging = logger.isLogging(Logger.TRACE_HIGH);
        if (((ActionSetImpl) actionSet).isEmpty()) {
            return new ArrayList(collection);
        }
        Map permissionMap = ((EntitlementsImpl) getCheckEntitlements(aCPrincipal, resourceType, collection)).getPermissionMap();
        ArrayList arrayList = new ArrayList(permissionMap.size());
        if (IdentifiableHelper.isCollectionOfIdentifiableObjects(collection)) {
            for (Object obj : collection) {
                checkAddObject(permissionMap.get(((Identifiable) obj).getObjectID()), arrayList, actionSet, obj);
            }
        } else {
            for (Object obj2 : collection) {
                checkAddObject(permissionMap.get(obj2), arrayList, actionSet, obj2);
            }
        }
        return arrayList;
    }

    private void checkAddObject(Object obj, List list, ActionSet actionSet, Object obj2) {
        if (obj == null || !((ActionSet) obj).implies(actionSet)) {
            return;
        }
        list.add(obj2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Entitlements getCheckEntitlements(ACPrincipal aCPrincipal, ResourceType resourceType, Collection collection) throws ExternalAuthorizationException, AuthorizationDataException {
        this.isLogging = logger.isLogging(Logger.TRACE_HIGH);
        return isScriptingUser(aCPrincipal) ? createFullEntitlemts(resourceType, collection, ActionSet.ADMIN) : resourceType != ResourceType.USER ? ((EntitlementsImpl) getEntitlements(aCPrincipal, resourceType, null)).createFiltered(collection) : getUserCheckEntitlements(aCPrincipal, collection);
    }

    private Entitlements getUserCheckEntitlements(ACPrincipal aCPrincipal, Collection collection) throws ExternalAuthorizationException, AuthorizationDataException {
        if (this.isLogging) {
            logger.entry(Logger.TRACE_HIGH, "getUserCheckEntitlements", aCPrincipal, collection);
        }
        if (isScriptingUser(aCPrincipal)) {
            return createFullEntitlemts(ResourceType.USER, collection, ActionSet.ADMIN);
        }
        Entitlements virtualResourceUsersEntitlements = getVirtualResourceUsersEntitlements(aCPrincipal, collection);
        Entitlements[] groupEntitlements = getGroupEntitlements(aCPrincipal);
        AccessControl accessControl = ACManager.getAccessControl();
        boolean isCollectionOfIdentifiableObjects = IdentifiableHelper.isCollectionOfIdentifiableObjects(collection);
        ACPrincipal[] aCPrincipalArr = new ACPrincipal[collection.size()];
        Collection[] collectionArr = new Collection[aCPrincipalArr.length];
        int i = 0;
        if (isCollectionOfIdentifiableObjects) {
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                ObjectID objectID = ((Identifiable) it.next()).getObjectID();
                if (ObjectIDConstants.ANONYMOUS_USER.equals(objectID)) {
                    addPermissionsOnAnonymousUser(aCPrincipal, virtualResourceUsersEntitlements);
                }
                aCPrincipalArr[i] = accessControl.createPrincipal(objectID);
                collectionArr[i] = retrieveEnclosingGroups(aCPrincipalArr[i], true);
                i++;
            }
        } else {
            Iterator it2 = collection.iterator();
            while (it2.hasNext()) {
                ObjectID objectID2 = (ObjectID) it2.next();
                if (ObjectIDConstants.ANONYMOUS_USER.equals(objectID2)) {
                    addPermissionsOnAnonymousUser(aCPrincipal, virtualResourceUsersEntitlements);
                }
                aCPrincipalArr[i] = accessControl.createPrincipal(objectID2);
                collectionArr[i] = retrieveEnclosingGroups(aCPrincipalArr[i], true);
                i++;
            }
        }
        for (Entitlements entitlements : groupEntitlements) {
            Map permissionMap = ((EntitlementsImpl) entitlements).getPermissionMap();
            for (int i2 = 0; i2 < aCPrincipalArr.length; i2++) {
                if (collectionArr[i2] != null) {
                    Iterator it3 = collectionArr[i2].iterator();
                    while (it3.hasNext()) {
                        ActionSet actionSet = (ActionSet) permissionMap.get(((ACPrincipal) it3.next()).getObjectID());
                        if (actionSet != null) {
                            virtualResourceUsersEntitlements.add(aCPrincipalArr[i2].getObjectID(), actionSet);
                        }
                    }
                }
            }
        }
        if (this.isLogging) {
            logger.exit(Logger.TRACE_HIGH, "getUserCheckEntitlements", virtualResourceUsersEntitlements);
        }
        return virtualResourceUsersEntitlements;
    }

    private Entitlements getVirtualResourceUsersEntitlements(ACPrincipal aCPrincipal, Collection collection) throws AuthorizationDataException {
        ActionSet actionSet = (ActionSet) ((EntitlementsImpl) getCheckEntitlements(aCPrincipal, ResourceType.VIRTUAL, VIRTUAL_USERS_RESOURCE_LIST)).permissionMap.get(ObjectIDConstants.AC_VIRTUAL_RESOURCE_USERS);
        return actionSet != null ? createFullEntitlemts(ResourceType.USER, collection, actionSet) : new EntitlementsImpl(ResourceType.USER);
    }

    private void addPermissionsOnAnonymousUser(ACPrincipal aCPrincipal, Entitlements entitlements) throws AuthorizationDataException {
        ActionSet actionSet = (ActionSet) ((EntitlementsImpl) getCheckEntitlements(aCPrincipal, ResourceType.VIRTUAL, VIRTUAL_USERS_RESOURCE_LIST)).permissionMap.get(ObjectIDConstants.AC_VIRTUAL_RESOURCE_USERS);
        if (actionSet != null) {
            entitlements.add(ObjectIDConstants.ANONYMOUS_USER, actionSet);
        }
    }

    private Entitlements[] getGroupEntitlements(ACPrincipal aCPrincipal) throws ExternalAuthorizationException, AuthorizationDataException {
        Collection groupAccessResourceTypes = this.resourceManager.getGroupAccessResourceTypes();
        Entitlements[] entitlementsArr = new Entitlements[groupAccessResourceTypes.size()];
        int i = 0;
        Iterator it = groupAccessResourceTypes.iterator();
        while (it.hasNext()) {
            entitlementsArr[i] = getEntitlements(aCPrincipal, (ResourceType) it.next(), null);
            i++;
        }
        return entitlementsArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Entitlements getEntitlements(ACPrincipal aCPrincipal, ResourceType resourceType, AccessControlUserContextImpl accessControlUserContextImpl) throws ExternalAuthorizationException, AuthorizationDataException {
        Entitlements entitlements;
        this.isLogging = logger.isLogging(Logger.TRACE_HIGH);
        if (accessControlUserContextImpl != null && (entitlements = accessControlUserContextImpl.getEntitlements(resourceType)) != null) {
            if (this.isLogging) {
                logger.text(Logger.TRACE_HIGH, "getEntitlements", "Reusing entitlements from context");
            }
            return entitlements;
        }
        if (isScriptingUser(aCPrincipal)) {
            Entitlements createFullEntitlemts = createFullEntitlemts(resourceType, (Collection) null, ActionSet.ADMIN);
            if (accessControlUserContextImpl != null) {
                accessControlUserContextImpl.putEntitlements(createFullEntitlemts);
            }
            return createFullEntitlemts;
        }
        Collection retrieveEnclosingGroups = retrieveEnclosingGroups(aCPrincipal, accessControlUserContextImpl);
        EntitlementsImpl entitlementsImpl = new EntitlementsImpl(resourceType);
        entitlementsImpl.add(retrieveExplicitEntitlements(aCPrincipal, resourceType));
        Entitlements entitlements2 = null;
        if (retrieveEnclosingGroups != null) {
            Iterator it = retrieveEnclosingGroups.iterator();
            while (it.hasNext()) {
                entitlements2 = retrieveExplicitEntitlements((ACPrincipal) it.next(), resourceType);
                entitlementsImpl.add(entitlements2);
            }
        }
        if (entitlements2 != null) {
            entitlements2.setReadOnly();
        }
        entitlementsImpl.setReadOnly();
        if (accessControlUserContextImpl != null) {
            accessControlUserContextImpl.putEntitlements(entitlementsImpl);
        }
        return entitlementsImpl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Entitlements getFilteredEntitlements(ACPrincipal aCPrincipal, ResourceType resourceType, ObjectID objectID) throws ExternalAuthorizationException, AuthorizationDataException {
        this.isLogging = logger.isLogging(Logger.TRACE_HIGH);
        Entitlements entitlements = getEntitlements(aCPrincipal, resourceType, null);
        if (this.isLogging) {
            logger.text(Logger.TRACE_HIGH, "getFilteredEntitlements", new StringBuffer().append("Entitlements: ").append(entitlements).toString());
        }
        EntitlementsImpl entitlementsImpl = new EntitlementsImpl(resourceType);
        Map permissionMap = ((EntitlementsImpl) entitlements).getPermissionMap();
        ArrayList arrayList = new ArrayList(1);
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    arrayList.add(this.resourceManager.getResourceByExternalID(objectID).getObjectID());
                    ProtectedResourceRO[] childNodes = this.resourceManager.getChildNodes(arrayList);
                    if (isScriptingUser(aCPrincipal)) {
                        return createFullEntitlemts(resourceType, childNodes);
                    }
                    if (this.isLogging) {
                        logger.text(Logger.TRACE_HIGH, "getFilteredEntitlements", new StringBuffer().append("childNodes: ").append(Arrays.asList(childNodes)).toString());
                    }
                    for (ProtectedResourceRO protectedResourceRO : childNodes) {
                        com.ibm.wps.util.ObjectID externalOID = protectedResourceRO.getExternalOID();
                        Object obj = permissionMap.get(externalOID);
                        if (obj != null) {
                            entitlementsImpl.add(externalOID, (ActionSet) obj);
                        }
                    }
                    return entitlementsImpl;
                } catch (AuthorizationDataException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasExplicitPermission(ACPrincipal aCPrincipal, PermissionCollection permissionCollection) throws ExternalAuthorizationException, AuthorizationDataException {
        this.isLogging = logger.isLogging(Logger.TRACE_HIGH);
        if (isScriptingUser(aCPrincipal)) {
            return true;
        }
        PermissionCollectionImpl permissionCollectionImpl = (PermissionCollectionImpl) permissionCollection;
        if (permissionCollectionImpl.getShortcutPermissions() != null) {
            Iterator it = permissionCollectionImpl.getShortcutPermissions().iterator();
            while (it.hasNext()) {
                if (hasExplicitPermission(aCPrincipal, (PermissionCollection) it.next())) {
                    return true;
                }
            }
        }
        Map permissionMap = permissionCollectionImpl.getPermissionMap();
        boolean z = false;
        for (ObjectID objectID : permissionMap.keySet()) {
            z = checkExplicitPermission(aCPrincipal, objectID, (ActionSet) permissionMap.get(objectID), null, null);
            if (!z) {
                break;
            }
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasPermission(ACPrincipal aCPrincipal, PermissionCollection permissionCollection, AccessControlUserContextImpl accessControlUserContextImpl) throws ExternalAuthorizationException, AuthorizationDataException {
        this.isLogging = logger.isLogging(Logger.TRACE_HIGH);
        if (isScriptingUser(aCPrincipal)) {
            return true;
        }
        PermissionCollectionImpl permissionCollectionImpl = (PermissionCollectionImpl) permissionCollection;
        Map permissionMap = permissionCollectionImpl.getPermissionMap();
        Collection retrieveEnclosingGroups = retrieveEnclosingGroups(aCPrincipal, accessControlUserContextImpl);
        if (checkNonExplicitShortcutPermissions(aCPrincipal, retrieveEnclosingGroups, permissionCollectionImpl, accessControlUserContextImpl)) {
            return true;
        }
        return hasPermission(aCPrincipal, accessControlUserContextImpl, permissionMap, retrieveEnclosingGroups);
    }

    private boolean hasPermission(ACPrincipal aCPrincipal, AccessControlUserContextImpl accessControlUserContextImpl, Map map, Collection collection) throws ExternalAuthorizationException, AuthorizationDataException {
        boolean z = true;
        for (Map.Entry entry : map.entrySet()) {
            z = checkPermission(aCPrincipal, collection, (ObjectID) entry.getKey(), (ActionSet) entry.getValue(), accessControlUserContextImpl);
            if (!z) {
                return false;
            }
        }
        return z;
    }

    private boolean checkNonExplicitShortcutPermissions(ACPrincipal aCPrincipal, Collection collection, PermissionCollectionImpl permissionCollectionImpl, AccessControlUserContextImpl accessControlUserContextImpl) throws AuthorizationDataException {
        if (this.isLogging) {
            logger.entry(Logger.TRACE_HIGH, "checkNonExplicitShortcutPermissions", new Object[]{aCPrincipal, collection, permissionCollectionImpl});
        }
        if (permissionCollectionImpl.getShortcutPermissions() == null) {
            if (!this.isLogging) {
                return false;
            }
            logger.text(Logger.TRACE_HIGH, "checkNonExplicitShortcutPermissions", "no shortcut permissions defined");
            return false;
        }
        Iterator it = permissionCollectionImpl.getShortcutPermissions().iterator();
        while (it.hasNext()) {
            if (hasPermission(aCPrincipal, accessControlUserContextImpl, ((PermissionCollectionImpl) it.next()).getPermissionMap(), collection)) {
                return true;
            }
        }
        return false;
    }

    private boolean checkPermission(ACPrincipal aCPrincipal, Collection collection, ObjectID objectID, ActionSet actionSet, AccessControlUserContextImpl accessControlUserContextImpl) throws ExternalAuthorizationException, AuthorizationDataException {
        if (accessControlUserContextImpl != null) {
            if (this.isLogging) {
                logger.text(Logger.TRACE_HIGH, "checkPermission", "Reusing context for permission check");
            }
            int checkPermission = checkPermission(objectID, actionSet, accessControlUserContextImpl);
            if (checkPermission == 0) {
                return true;
            }
            if (checkPermission == 1) {
                return false;
            }
        }
        if (collection != null) {
            ActionSetImpl actionSetImpl = new ActionSetImpl(Collections.EMPTY_LIST);
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                if (checkExplicitPermission((ACPrincipal) it.next(), objectID, actionSet, actionSetImpl, accessControlUserContextImpl)) {
                    return true;
                }
                actionSet = actionSetImpl;
            }
        }
        return checkExplicitPermission(aCPrincipal, objectID, actionSet, null, accessControlUserContextImpl);
    }

    private int checkPermission(ObjectID objectID, ActionSet actionSet, AccessControlUserContextImpl accessControlUserContextImpl) {
        if (this.isLogging) {
            logger.entry(Logger.TRACE_HIGH, "checkPermission", new Object[]{objectID, actionSet, accessControlUserContextImpl});
        }
        int i = 2;
        Entitlements entitlements = accessControlUserContextImpl.getEntitlements(objectID.getResourceType());
        if (entitlements != null) {
            i = entitlements.implies(objectID, actionSet) ? 0 : 1;
        }
        if (this.isLogging) {
            logger.exit(Logger.TRACE_HIGH, "checkPermission", i);
        }
        return i;
    }

    private boolean checkExplicitPermission(ACPrincipal aCPrincipal, ObjectID objectID, ActionSet actionSet, ActionSet actionSet2, AccessControlUserContextImpl accessControlUserContextImpl) throws AuthorizationDataException, ExternalAuthorizationException {
        Entitlements retrieveExplicitEntitlements;
        boolean implies;
        if (this.isLogging) {
            logger.entry(Logger.TRACE_HIGH, "checkExplicitPermission", new Object[]{aCPrincipal, objectID, actionSet, actionSet2});
        }
        ResourceType resourceType = objectID.getResourceType();
        if (resourceType == ResourceType.USER) {
            implies = checkExplicitUserPermission(aCPrincipal, objectID, actionSet, actionSet2);
        } else {
            if (accessControlUserContextImpl != null) {
                retrieveExplicitEntitlements = accessControlUserContextImpl.getExplicitEntitlements(aCPrincipal, resourceType);
                if (retrieveExplicitEntitlements == null) {
                    retrieveExplicitEntitlements = retrieveExplicitEntitlements(aCPrincipal, resourceType);
                    accessControlUserContextImpl.putExplicitEntitlements(aCPrincipal, resourceType, retrieveExplicitEntitlements);
                } else if (this.isLogging) {
                    logger.text(Logger.TRACE_HIGH, "checkExplicitPermission", "reusing explicit entitlements from context.");
                }
            } else {
                retrieveExplicitEntitlements = retrieveExplicitEntitlements(aCPrincipal, resourceType);
            }
            implies = retrieveExplicitEntitlements.implies(objectID, actionSet, actionSet2);
        }
        if (this.isLogging) {
            logger.exit(Logger.TRACE_HIGH, "checkExplicitPermission", implies);
        }
        return implies;
    }

    private boolean checkExplicitUserPermission(ACPrincipal aCPrincipal, ObjectID objectID, ActionSet actionSet, ActionSet actionSet2) throws ExternalAuthorizationException, AuthorizationDataException {
        if (checkExplicitPermission(aCPrincipal, ACManager.getAccessControl().getVirtualResourceOID(VirtualResources.USERS), actionSet, actionSet2, null)) {
            return true;
        }
        if (actionSet2 != null) {
            actionSet = actionSet2;
        }
        if (aCPrincipal.getObjectID().equals(objectID) && ((ActionSetImpl) ActionSetImpl.USER_ITSELF).implies(actionSet, actionSet2)) {
            return true;
        }
        if (actionSet2 != null) {
            actionSet = actionSet2;
        }
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(objectID);
        return getUserCheckEntitlements(aCPrincipal, arrayList).implies(objectID, actionSet, actionSet2);
    }

    private Entitlements retrieveExplicitEntitlements(ACPrincipal aCPrincipal, ResourceType resourceType) throws ExternalAuthorizationException, AuthorizationDataException {
        if (this.isLogging) {
            logger.entry(Logger.TRACE_HIGH, "retrieveExplicitEntitlements", aCPrincipal, resourceType);
        }
        EntitlementsImpl explicitEntitlements = this.cacheManager.getExplicitEntitlements(aCPrincipal.getObjectID(), resourceType);
        if (explicitEntitlements != null) {
            if (this.isLogging) {
                logger.exit(Logger.TRACE_HIGH, "retrieveExplicitEntitlements", "using existing cache entry");
            }
            return explicitEntitlements;
        }
        ArrayList arrayList = new ArrayList(64);
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                transaction.begin();
                EntitlementsImpl entitlementsImpl = new EntitlementsImpl(resourceType);
                Map initialInheritanceData = this.roleManager.getInitialInheritanceData(aCPrincipal, resourceType, arrayList);
                if (initialInheritanceData != null && initialInheritanceData.size() > 0) {
                    retrieveInheritanceData(initialInheritanceData, resourceType);
                }
                resolveInheritance(initialInheritanceData);
                Iterator it = initialInheritanceData.values().iterator();
                while (it.hasNext()) {
                    ((InheritanceData) it.next()).updateEntitlements(entitlementsImpl);
                }
                addTraversalPermissions(arrayList, resourceType, entitlementsImpl);
                addOwnerPermissions(aCPrincipal, resourceType, entitlementsImpl);
                addResourceGroupPermissions(resourceType, entitlementsImpl);
                this.cacheManager.putExplicitEntitlements(aCPrincipal.getObjectID(), resourceType, entitlementsImpl);
                if (this.isLogging) {
                    logger.exit(Logger.TRACE_HIGH, "retrieveExplicitEntitlements", entitlementsImpl);
                }
                return entitlementsImpl;
            } catch (AuthorizationDataException e) {
                transaction.setRollbackOnly();
                throw e;
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    private void resolveInheritance(Map map) {
        Stack stack = new Stack();
        Iterator it = map.values().iterator();
        while (it.hasNext()) {
            resolveInheritanceData((InheritanceData) it.next(), stack);
        }
        if (this.isLogging) {
            logger.exit(Logger.TRACE_HIGH, "resolveInheritance", new StringBuffer().append("inheritanceDataMap: ").append(map).toString());
        }
    }

    private void resolveInheritanceData(InheritanceData inheritanceData, Stack stack) {
        stack.push(inheritanceData);
        for (InheritanceData parentData = inheritanceData.getParentData(); parentData != null && !parentData.isResolved(); parentData = parentData.getParentData()) {
            stack.push(parentData);
        }
        while (!stack.empty()) {
            ((InheritanceData) stack.pop()).resolve();
        }
    }

    private void retrieveInheritanceData(Map map, ResourceType resourceType) throws AuthorizationDataException {
        SuperType superType = SuperType.getSuperType(resourceType);
        Set types = superType.getTypes();
        ArrayList arrayList = new ArrayList(map.keySet().size());
        arrayList.addAll(map.keySet());
        ProtectedResourceRO[] sharedChildNodes = this.resourceManager.getSharedChildNodes(arrayList);
        while (sharedChildNodes.length != 0) {
            ArrayList arrayList2 = new ArrayList(sharedChildNodes.length);
            for (int i = 0; i < sharedChildNodes.length; i++) {
                InheritanceData inheritanceData = (InheritanceData) map.get(sharedChildNodes[i].getParentOID());
                InheritanceData inheritanceData2 = (InheritanceData) map.get(sharedChildNodes[i].getObjectID());
                if (inheritanceData2 == null) {
                    ProtectedResourceRO node = inheritanceData.getNode();
                    if (node.getResourceType() != ResourceType.VIRTUAL || (superType.contains(node.getExternalOID()) && types.contains(sharedChildNodes[i].getResourceType()))) {
                        map.put(sharedChildNodes[i].getObjectID(), new InheritanceData(inheritanceData, sharedChildNodes[i]));
                        arrayList2.add(sharedChildNodes[i].getObjectID());
                    }
                } else if (!inheritanceData2.getNode().getExternalOID().equals(ObjectIDConstants.AC_VIRTUAL_RESOURCE_PORTAL)) {
                    inheritanceData2.setParentData(inheritanceData);
                }
            }
            sharedChildNodes = this.resourceManager.getSharedChildNodes(arrayList2);
        }
        if (this.isLogging) {
            logger.exit(Logger.TRACE_HIGH, "retrieveInheritanceData", new StringBuffer().append("inheritanceDataMap.keySet().size():").append(map.keySet().size()).toString());
        }
    }

    private void addTraversalPermissions(Collection collection, ResourceType resourceType, EntitlementsImpl entitlementsImpl) throws AuthorizationDataException {
        if (this.isLogging) {
            logger.entry(Logger.TRACE_HIGH, "addTraversalPermissions", collection);
        }
        if (!this.resourceManager.isTraversableResourceType(resourceType)) {
            if (this.isLogging) {
                logger.text(Logger.TRACE_HIGH, "addTraversalPermissions", new StringBuffer().append("Skipping type: ").append(resourceType).toString());
                return;
            }
            return;
        }
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    Iterator it = collection.iterator();
                    while (it.hasNext()) {
                        addTraversalPermissions((ProtectedResourceBaseRO) it.next(), resourceType, entitlementsImpl);
                    }
                    if (this.isLogging) {
                        logger.exit(Logger.TRACE_HIGH, "addTraversalPermissions", new StringBuffer().append("entitlements: ").append(entitlementsImpl).toString());
                    }
                } catch (AuthorizationDataException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    private void addTraversalPermissions(ProtectedResourceBaseRO protectedResourceBaseRO, ResourceType resourceType, EntitlementsImpl entitlementsImpl) throws AuthorizationDataException {
        if (protectedResourceBaseRO == null || !this.resourceManager.isTraversableResourceType(protectedResourceBaseRO.getExternalOID().getResourceType())) {
            return;
        }
        while (true) {
            int encoded = ((ActionImpl) Action.TRAVERSE).getEncoded();
            protectedResourceBaseRO = this.resourceManager.getResource(protectedResourceBaseRO.getParentOID());
            if (protectedResourceBaseRO == null || !this.resourceManager.isTraversableResourceType(protectedResourceBaseRO.getExternalOID().getResourceType())) {
                return;
            }
            if (protectedResourceBaseRO.getExternalOID().getResourceType() == resourceType) {
                if (entitlementsImpl.implies(protectedResourceBaseRO.getExternalOID(), Action.TRAVERSE)) {
                    return;
                } else {
                    entitlementsImpl.add(protectedResourceBaseRO.getExternalOID(), encoded);
                }
            }
        }
    }

    private void addOwnerPermissions(ACPrincipal aCPrincipal, ResourceType resourceType, Entitlements entitlements) throws AuthorizationDataException {
        if (this.isLogging) {
            logger.entry(Logger.TRACE_HIGH, "addOwnerPermissions", aCPrincipal, resourceType);
        }
        ProtectedResourceBaseRO[] resourcesByOwner = this.resourceManager.getResourcesByOwner(aCPrincipal.getObjectID(), resourceType);
        for (int i = 0; i < resourcesByOwner.length; i++) {
            entitlements.add(resourcesByOwner[i].getExternalOID(), this.resourceManager.getOwnerActionSet(resourcesByOwner[i]));
        }
        if (this.isLogging) {
            logger.exit(Logger.TRACE_HIGH, "addOwnerPermissions", entitlements);
        }
    }

    private void addResourceGroupPermissions(ResourceType resourceType, EntitlementsImpl entitlementsImpl) throws AuthorizationDataException {
        if (this.resourceManager.isGroupAccessResourceType(resourceType)) {
            if (!this.enableResourceGroupPermissions || !this.enableNestedGroups) {
                if (this.isLogging) {
                    logger.text(Logger.TRACE_HIGH, "addResourceGroupPermissions", "Skipping resourceGroupPermissions due to configuration setting");
                    return;
                }
                return;
            }
            if (this.isLogging) {
                logger.entry(Logger.TRACE_HIGH, "addResourceGroupPermissions", resourceType, entitlementsImpl);
            }
            ArrayList<ObjectID> arrayList = new ArrayList(entitlementsImpl.getObjectIDs());
            ArrayList arrayList2 = new ArrayList();
            Map permissionMap = entitlementsImpl.getPermissionMap();
            AccessControl accessControl = ACManager.getAccessControl();
            for (ObjectID objectID : arrayList) {
                if (this.isLogging) {
                    logger.text(Logger.TRACE_HIGH, "addResourceGroupPermissions", "loop1");
                }
                try {
                    ACPrincipal createPrincipal = accessControl.createPrincipal(objectID);
                    if (this.isLogging) {
                        logger.text(Logger.TRACE_HIGH, "addResourceGroupPermissions", new StringBuffer().append("currentPrincipal:").append(createPrincipal).toString());
                    }
                    Collection<ACPrincipal> retrieveGroupMembers = retrieveGroupMembers(createPrincipal);
                    if (retrieveGroupMembers != null) {
                        if (this.isLogging) {
                            logger.text(Logger.TRACE_HIGH, "addResourceGroupPermissions", new StringBuffer().append("groupMembers:").append(retrieveGroupMembers).toString());
                        }
                        ActionSet actionSet = (ActionSet) permissionMap.get(createPrincipal.getObjectID());
                        if (actionSet != null) {
                            for (ACPrincipal aCPrincipal : retrieveGroupMembers) {
                                if (aCPrincipal.getObjectID().getResourceType() == resourceType) {
                                    entitlementsImpl.add(aCPrincipal.getObjectID(), actionSet);
                                }
                            }
                        }
                    }
                } catch (PrincipalNotFoundException e) {
                    e.printStackTrace();
                    arrayList2.add(objectID);
                }
            }
            Iterator it = arrayList2.iterator();
            while (it.hasNext()) {
                entitlementsImpl.permissionMap.remove((ObjectID) it.next());
            }
            if (this.isLogging) {
                logger.exit(Logger.TRACE_HIGH, "addResourceGroupPermissions", new StringBuffer().append("entitlements: ").append(entitlementsImpl).toString());
            }
        }
    }

    private List toObjectIDCollection(ProtectedResourceRO[] protectedResourceROArr) {
        ArrayList arrayList = new ArrayList(protectedResourceROArr.length);
        for (ProtectedResourceRO protectedResourceRO : protectedResourceROArr) {
            arrayList.add(protectedResourceRO.getObjectID());
        }
        return arrayList;
    }

    private Collection retrieveEnclosingGroups(ACPrincipal aCPrincipal, AccessControlUserContextImpl accessControlUserContextImpl) throws AuthorizationDataException {
        Collection retrieveEnclosingGroups;
        if (accessControlUserContextImpl != null) {
            retrieveEnclosingGroups = accessControlUserContextImpl.getEnclosingGroups();
            if (retrieveEnclosingGroups == null) {
                retrieveEnclosingGroups = retrieveEnclosingGroups(aCPrincipal, false);
                accessControlUserContextImpl.setEnclosingGroups(retrieveEnclosingGroups);
            } else if (this.isLogging) {
                logger.text(Logger.TRACE_HIGH, "retrieveEnclosingGroups", "Reusing groups from context");
            }
        } else {
            retrieveEnclosingGroups = retrieveEnclosingGroups(aCPrincipal, false);
        }
        return retrieveEnclosingGroups;
    }

    private Collection retrieveEnclosingGroups(ACPrincipal aCPrincipal, boolean z) throws AuthorizationDataException {
        ACPrincipalBaseImpl aCPrincipalBaseImpl = (ACPrincipalBaseImpl) aCPrincipal;
        Collection nestedGroups = z ? (this.enableNestedGroups && this.enableResourceGroupPermissions) ? aCPrincipalBaseImpl.getNestedGroups() : aCPrincipalBaseImpl.getGroups() : this.enableNestedGroups ? aCPrincipalBaseImpl.getNestedGroups() : aCPrincipalBaseImpl.getGroups();
        if (aCPrincipalBaseImpl.isVirtualPrincipal()) {
            return nestedGroups;
        }
        if (nestedGroups == null) {
            nestedGroups = new ArrayList(2);
        }
        if (aCPrincipal.getObjectID().getResourceType() == ResourceType.USER) {
            nestedGroups.add(ACManager.getAccessControl().getAllAuthenticatedUserGroup());
            nestedGroups.add(ACManager.getAccessControl().getAllUserGroups());
        } else {
            nestedGroups.add(ACManager.getAccessControl().getAllUserGroups());
        }
        if (this.isLogging) {
            logger.exit(Logger.TRACE_HIGH, "retrieveEnclosingGroups", new StringBuffer().append(" for ").append(aCPrincipal).append(": ").append(nestedGroups).toString());
        }
        return nestedGroups;
    }

    private Collection retrieveGroupMembers(ACPrincipal aCPrincipal) throws AuthorizationDataException {
        return this.enableNestedGroups ? ((ACPrincipalBaseImpl) aCPrincipal).getNestedMembers() : ((ACPrincipalBaseImpl) aCPrincipal).getMembers();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection loadRoleDomain(ObjectID objectID, ActionSetImpl actionSetImpl) throws AuthorizationDataException {
        this.isLogging = logger.isLogging(Logger.TRACE_HIGH);
        this.roleManager.loadRoleInstance(objectID, actionSetImpl);
        int i = 0;
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        arrayList2.add(objectID);
        if (this.resourceManager.getResourceByExternalID(objectID).isPrivate()) {
            arrayList.add(objectID);
            return arrayList;
        }
        while (arrayList2 != null) {
            i++;
            for (int i2 = 0; i2 < arrayList2.size(); i2++) {
                ObjectID objectID2 = (ObjectID) arrayList2.get(i2);
                arrayList.add(objectID2);
                ProtectedResourceRO resourceByExternalID = this.resourceManager.getResourceByExternalID(objectID2);
                if ((resourceByExternalID.getPropagationFlags() & actionSetImpl.getFlagValue()) != actionSetImpl.getFlagValue()) {
                    arrayList3.add(resourceByExternalID.getObjectID());
                }
            }
            arrayList2.clear();
            ProtectedResourceRO[] childNodes = this.resourceManager.getChildNodes(arrayList3);
            if (i == 1) {
                if (childNodes.length != 0) {
                    for (int i3 = 0; i3 < childNodes.length; i3++) {
                        if ((childNodes[i3].getInheritanceFlags() & actionSetImpl.getFlagValue()) != actionSetImpl.getFlagValue() && !arrayList3.contains(childNodes[i3].getObjectID()) && !childNodes[i3].isPrivate()) {
                            arrayList2.add(childNodes[i3].getExternalOID());
                        }
                    }
                    arrayList3.clear();
                } else {
                    arrayList2 = null;
                }
            } else if (childNodes.length != 0) {
                for (int i4 = 0; i4 < childNodes.length; i4++) {
                    if ((childNodes[i4].getInheritanceFlags() & actionSetImpl.getFlagValue()) != actionSetImpl.getFlagValue() && !childNodes[i4].isPrivate()) {
                        arrayList2.add(childNodes[i4].getExternalOID());
                    }
                }
                arrayList3.clear();
            } else {
                arrayList2 = null;
            }
        }
        return arrayList;
    }

    private boolean isScriptingUser(ACPrincipal aCPrincipal) {
        return ((ACPrincipalBaseImpl) aCPrincipal).isXmlAccessScriptingUser();
    }

    private Entitlements createFullEntitlemts(ResourceType resourceType, ProtectedResourceRO[] protectedResourceROArr) {
        if (this.isLogging) {
            logger.entry(Logger.TRACE_HIGH, "createFullEntitlemts", resourceType, Arrays.asList(protectedResourceROArr));
        }
        EntitlementsImpl entitlementsImpl = new EntitlementsImpl(resourceType);
        for (ProtectedResourceRO protectedResourceRO : protectedResourceROArr) {
            entitlementsImpl.add(protectedResourceRO.getExternalOID(), ActionSet.ADMIN);
        }
        if (this.isLogging) {
            logger.exit(Logger.TRACE_HIGH, "createFullEntitlemts", entitlementsImpl);
        }
        return entitlementsImpl;
    }

    private Entitlements createFullEntitlemts(ResourceType resourceType, Collection collection, ActionSet actionSet) {
        if (this.isLogging) {
            logger.entry(Logger.TRACE_HIGH, "createFullEntitlemts", resourceType, collection);
        }
        EntitlementsImpl entitlementsImpl = new EntitlementsImpl(resourceType);
        boolean isCollectionOfIdentifiableObjects = IdentifiableHelper.isCollectionOfIdentifiableObjects(collection);
        if (collection == null) {
            return null;
        }
        if (isCollectionOfIdentifiableObjects) {
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                entitlementsImpl.add(((Identifiable) it.next()).getObjectID(), actionSet);
            }
        } else {
            Iterator it2 = collection.iterator();
            while (it2.hasNext()) {
                entitlementsImpl.add((ObjectID) it2.next(), actionSet);
            }
        }
        if (this.isLogging) {
            logger.exit(Logger.TRACE_HIGH, "createFullEntitlemts", entitlementsImpl);
        }
        return entitlementsImpl;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        LogManager logManager = LogManager.getLogManager();
        if (class$com$ibm$wps$ac$impl$Engine == null) {
            cls = class$("com.ibm.wps.ac.impl.Engine");
            class$com$ibm$wps$ac$impl$Engine = cls;
        } else {
            cls = class$com$ibm$wps$ac$impl$Engine;
        }
        logger = logManager.getLogger(cls);
    }
}
