package com.ibm.wps.ac.impl;

import com.ibm.portal.ObjectID;
import com.ibm.portal.ResourceType;
import com.ibm.wps.ac.ACManager;
import com.ibm.wps.ac.ACPrincipal;
import com.ibm.wps.ac.ActionSet;
import com.ibm.wps.ac.AuthorizationDataException;
import com.ibm.wps.ac.AuthorizationModelException;
import com.ibm.wps.ac.ExternalAuthorizationException;
import com.ibm.wps.ac.RoleData;
import com.ibm.wps.command.CommandException;
import com.ibm.wps.command.ac.DeleteRoleCommand;
import com.ibm.wps.command.ac.DeleteRoleMappingCommand;
import com.ibm.wps.command.ac.ModifySingleRoleBlockCommand;
import com.ibm.wps.command.ac.QueryRoleCommand;
import com.ibm.wps.datastore.PageInstance;
import com.ibm.wps.datastore.ac.ProtectedResourceRO;
import com.ibm.wps.logging.LogManager;
import com.ibm.wps.logging.Logger;
import com.ibm.wps.util.DataBackendException;
import com.ibm.wps.util.GeneralMessages;
import com.ibm.wps.util.ObjectIDConstants;
import com.ibm.wps.util.ObjectIDUtils;
import java.io.IOException;
import java.io.Writer;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:lib/wps.jar:com/ibm/wps/ac/impl/Optimizer.class */
public class Optimizer {
    private static final String COPYRIGHT = "Licensed Materials - Property of IBM, 5724-E76 and 5724-E77, (C) Copyright IBM Corp. 2001, 2003 - All Rights reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final Logger logger;
    private ResourceManager resourceManager;
    private RoleManager roleManager;
    private ACPrincipal xmlScriptingUser;
    private Writer reportWriter;
    static Class class$com$ibm$wps$ac$impl$Optimizer;

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optimizer(ResourceManager resourceManager, RoleManager roleManager) {
        this.resourceManager = resourceManager;
        this.roleManager = roleManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void optimize(Writer writer) throws AuthorizationDataException, ExternalAuthorizationException, AuthorizationModelException, CommandException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "optimize");
        }
        this.reportWriter = writer;
        this.xmlScriptingUser = ACManager.getAccessControl().getXmlAccessScriptingUser(ObjectIDConstants.ADMIN_USER);
        transformResourcesToPrivate();
        combineAllRoleDomains();
    }

    private void transformResourcesToPrivate() throws AuthorizationDataException, AuthorizationModelException, CommandException {
        try {
            for (ObjectID objectID : PageInstance.findAllImplicit()) {
                boolean z = true;
                ProtectedResourceRO resourceByExternalID = this.resourceManager.getResourceByExternalID(objectID);
                if (!resourceByExternalID.isPrivate() && !resourceByExternalID.isExternalized()) {
                    ACPrincipal isTransformPossible = isTransformPossible(objectID, null);
                    if (isTransformPossible != null) {
                        ArrayList arrayList = new ArrayList();
                        for (Collection childNodesByExternalID = this.resourceManager.getChildNodesByExternalID(objectID); childNodesByExternalID.size() > 0 && z; childNodesByExternalID = arrayList) {
                            Iterator it = childNodesByExternalID.iterator();
                            while (true) {
                                if (it.hasNext() && z) {
                                    ObjectID objectID2 = (ObjectID) it.next();
                                    ProtectedResourceRO resourceByExternalID2 = this.resourceManager.getResourceByExternalID(objectID2);
                                    if (resourceByExternalID2.isExternalized()) {
                                        z = false;
                                        break;
                                    } else if (!resourceByExternalID2.isPrivate() && resourceByExternalID2.getExternalOID().getResourceType().equals(ResourceType.CONTENT_NODE)) {
                                        isTransformPossible = isTransformPossible(objectID2, isTransformPossible);
                                        if (isTransformPossible == null) {
                                            z = false;
                                            break;
                                        }
                                        arrayList.addAll(this.resourceManager.getChildNodesByExternalID(objectID2));
                                    }
                                }
                            }
                        }
                        if (z) {
                            this.resourceManager.modifyState(objectID, true, isTransformPossible.getObjectID(), true);
                            writeMadePrivateReport(objectID, isTransformPossible);
                        }
                    }
                }
            }
        } catch (DataBackendException e) {
            throw new AuthorizationDataException(GeneralMessages.EXCEPTION_IN_1, new Object[]{"PageInstance.findAllImplicit()"}, e);
        }
    }

    private ACPrincipal isTransformPossible(ObjectID objectID, ACPrincipal aCPrincipal) throws AuthorizationDataException, AuthorizationModelException {
        Set keySet = this.roleManager.loadRoles(objectID).keySet();
        if (keySet.size() != 1) {
            if (keySet.size() == 0 && objectID.getResourceType().equals(ResourceType.PORTLET_ENTITY)) {
                return aCPrincipal;
            }
            return null;
        }
        RoleData roleData = (RoleData) keySet.iterator().next();
        Collection mappedPrincipals = roleData.getMappedPrincipals();
        if (!roleData.getActionSet().equals(ActionSet.MANAGER) || mappedPrincipals.size() != 1) {
            return null;
        }
        ACPrincipal aCPrincipal2 = (ACPrincipal) mappedPrincipals.iterator().next();
        if (aCPrincipal == null || aCPrincipal2.equals(aCPrincipal)) {
            return aCPrincipal2;
        }
        return null;
    }

    private void combineAllRoleDomains() throws AuthorizationDataException, CommandException {
        combineChildRoleDomains(this.resourceManager.getResourceByExternalID(ObjectIDConstants.AC_VIRTUAL_RESOURCE_PORTAL));
    }

    private void combineChildRoleDomains(ProtectedResourceRO protectedResourceRO) throws AuthorizationDataException, CommandException {
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.entry(Logger.TRACE_HIGH, "combineChildRoleDomains", new Object[]{new StringBuffer().append("parentResource: ").append(protectedResourceRO).toString()});
        }
        ProtectedResourceRO[] childResources = getChildResources(protectedResourceRO.getObjectID());
        Map inheritedRoleMappings = getInheritedRoleMappings(protectedResourceRO);
        for (int i = 0; i < childResources.length; i++) {
            if (!protectedResourceRO.getObjectID().equals(childResources[i].getObjectID())) {
                combineTwoRoleDomains(protectedResourceRO, childResources[i], inheritedRoleMappings);
            }
        }
        for (int i2 = 0; i2 < childResources.length; i2++) {
            if (!protectedResourceRO.getObjectID().equals(childResources[i2].getObjectID())) {
                combineChildRoleDomains(childResources[i2]);
            }
        }
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.exit(Logger.TRACE_HIGH, "combineChildRoleDomains");
        }
    }

    private void combineTwoRoleDomains(ProtectedResourceRO protectedResourceRO, ProtectedResourceRO protectedResourceRO2, Map map) throws AuthorizationDataException, CommandException {
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.entry(Logger.TRACE_HIGH, "combineTwoRoleDomains", new Object[]{protectedResourceRO, protectedResourceRO2});
        }
        if (protectedResourceRO.isExternalized() != protectedResourceRO2.isExternalized()) {
            if (logger.isLogging(Logger.TRACE_HIGH)) {
                logger.text(Logger.TRACE_HIGH, "combineTwoRoleDomains", new StringBuffer().append("Skipping child node due to externalization: ").append(protectedResourceRO2).toString());
            }
        } else {
            if (protectedResourceRO2.isPrivate()) {
                return;
            }
            for (int i = 0; i < ActionSetImpl.PREDEFINED_ACTION_SETS.length; i++) {
                combineTwoRoleDomainsForActionSet(protectedResourceRO, protectedResourceRO2, ActionSetImpl.PREDEFINED_ACTION_SETS[i], this.roleManager.loadRoles(protectedResourceRO2.getExternalOID()), (Set) map.get(ActionSetImpl.PREDEFINED_ACTION_SETS[i]));
            }
        }
    }

    private void combineTwoRoleDomainsForActionSet(ProtectedResourceRO protectedResourceRO, ProtectedResourceRO protectedResourceRO2, ActionSet actionSet, Map map, Set set) throws AuthorizationDataException, CommandException {
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.entry(Logger.TRACE_HIGH, "combineTwoRoleDomainsForActionSet", new Object[]{protectedResourceRO, protectedResourceRO2, actionSet});
        }
        Collection<?> mappedPrincipals = getMappedPrincipals(map, actionSet);
        if (set == null) {
            set = Collections.EMPTY_SET;
        }
        if (mappedPrincipals.size() == 0 && set.size() == 0) {
            doCombineRoleDomains(protectedResourceRO, protectedResourceRO2, actionSet);
            return;
        }
        if (set.size() == 0) {
            doRemoveRoleBlock(protectedResourceRO2, actionSet);
            return;
        }
        if (mappedPrincipals.containsAll(set)) {
            if (set.containsAll(mappedPrincipals)) {
                doCombineRoleDomains(protectedResourceRO, protectedResourceRO2, actionSet);
                return;
            }
            mappedPrincipals.retainAll(set);
            doRemoveRoleBlock(protectedResourceRO2, actionSet);
            doDeleteRoleMappings(protectedResourceRO2, actionSet, mappedPrincipals);
        }
    }

    private void doCombineRoleDomains(ProtectedResourceRO protectedResourceRO, ProtectedResourceRO protectedResourceRO2, ActionSet actionSet) throws CommandException {
        doRemoveRoleBlock(protectedResourceRO2, actionSet);
        if (protectedResourceRO2.isExternalized()) {
            return;
        }
        QueryRoleCommand queryRoleCommand = new QueryRoleCommand();
        queryRoleCommand.setUser(this.xmlScriptingUser);
        queryRoleCommand.setResource(protectedResourceRO2.getExternalOID());
        queryRoleCommand.setActionSet(actionSet);
        queryRoleCommand.execute();
        if (queryRoleCommand.exists()) {
            if (logger.isLogging(Logger.TRACE_LOW)) {
                logger.text(Logger.TRACE_LOW, "Deleting role:", new StringBuffer().append("\nresource: ").append(ObjectIDUtils.dump(protectedResourceRO2.getExternalOID())).append("\nactionSet: ").append(actionSet.getName()).toString());
            }
            DeleteRoleCommand deleteRoleCommand = new DeleteRoleCommand();
            deleteRoleCommand.setUser(this.xmlScriptingUser);
            deleteRoleCommand.setActionSet(actionSet);
            deleteRoleCommand.setResource(protectedResourceRO2.getExternalOID());
            deleteRoleCommand.execute();
            writeRoleDeletedReport(protectedResourceRO2.getExternalOID(), actionSet);
        }
    }

    private void doDeleteRoleMappings(ProtectedResourceRO protectedResourceRO, ActionSet actionSet, Collection collection) throws CommandException {
        if (protectedResourceRO.isExternalized()) {
            return;
        }
        if (logger.isLogging(Logger.TRACE_LOW)) {
            logger.text(Logger.TRACE_LOW, "Deleting redundant role mappings:", new StringBuffer().append("\nresource: ").append(ObjectIDUtils.dump(protectedResourceRO.getExternalOID())).append("\nactionSet: ").append(actionSet.getName()).append("\nprincipals: ").append(collection).toString());
        }
        DeleteRoleMappingCommand deleteRoleMappingCommand = new DeleteRoleMappingCommand();
        deleteRoleMappingCommand.setUser(this.xmlScriptingUser);
        deleteRoleMappingCommand.setActionSet(actionSet);
        deleteRoleMappingCommand.setResource(protectedResourceRO.getExternalOID());
        deleteRoleMappingCommand.setMappedPrincipals(collection);
        deleteRoleMappingCommand.execute();
        writeMappingsDeletedReport(protectedResourceRO.getExternalOID(), actionSet, collection);
    }

    private void doRemoveRoleBlock(ProtectedResourceRO protectedResourceRO, ActionSet actionSet) throws CommandException {
        if ((protectedResourceRO.getInheritanceFlags() & ((ActionSetImpl) actionSet).getFlagValue()) == 0) {
            if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                logger.text(Logger.TRACE_MEDIUM, "removeRoleBlock", new StringBuffer().append("skipping non existing block:").append(protectedResourceRO).append(", ").append(actionSet).toString());
                return;
            }
            return;
        }
        if (logger.isLogging(Logger.TRACE_LOW)) {
            logger.text(Logger.TRACE_LOW, "Removing role block:", new StringBuffer().append("\nresource: ").append(ObjectIDUtils.dump(protectedResourceRO.getExternalOID())).append("\nactionSet: ").append(actionSet.getName()).toString());
        }
        ModifySingleRoleBlockCommand modifySingleRoleBlockCommand = new ModifySingleRoleBlockCommand();
        modifySingleRoleBlockCommand.setUser(this.xmlScriptingUser);
        modifySingleRoleBlockCommand.setResource(protectedResourceRO.getExternalOID());
        modifySingleRoleBlockCommand.setNonInheritingActionSet(actionSet, false);
        modifySingleRoleBlockCommand.execute();
        writeRoleBlockDeletedReport(protectedResourceRO.getExternalOID(), actionSet);
    }

    private ProtectedResourceRO[] getChildResources(ObjectID objectID) throws AuthorizationDataException {
        return this.resourceManager.getSharedChildNodes(Arrays.asList(objectID));
    }

    private Map getInheritedRoleMappings(ProtectedResourceRO protectedResourceRO) throws AuthorizationDataException {
        HashMap hashMap = new HashMap(ActionSetImpl.PREDEFINED_ACTION_SETS.length);
        HashMap loadRoles = this.roleManager.loadRoles(protectedResourceRO.getExternalOID());
        for (int i = 0; i < ActionSetImpl.PREDEFINED_ACTION_SETS.length; i++) {
            Collection allMappedPrincipals = this.roleManager.loadInheritedRoleMappings(protectedResourceRO.getExternalOID(), (ActionSetImpl) ActionSetImpl.PREDEFINED_ACTION_SETS[i]).getAllMappedPrincipals();
            allMappedPrincipals.addAll(getMappedPrincipals(loadRoles, ActionSetImpl.PREDEFINED_ACTION_SETS[i]));
            hashMap.put(ActionSetImpl.PREDEFINED_ACTION_SETS[i], allMappedPrincipals);
        }
        return hashMap;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v14, types: [java.util.Collection] */
    private Collection getMappedPrincipals(Map map, ActionSet actionSet) throws AuthorizationDataException {
        Set set = Collections.EMPTY_SET;
        Iterator it = map.keySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            RoleData roleData = (RoleData) it.next();
            if (roleData.getActionSet().equals(actionSet)) {
                set = roleData.getMappedPrincipals();
                if (set == null) {
                    return Collections.EMPTY_SET;
                }
            }
        }
        return set;
    }

    private void writeRoleBlockDeletedReport(ObjectID objectID, ActionSet actionSet) throws CommandException {
        try {
            this.reportWriter.write("\n\nRole block removed: Domain root: ");
            this.reportWriter.write(ObjectIDUtils.dump(objectID));
            this.reportWriter.write(" ActionSet: ");
            this.reportWriter.write(actionSet.getName());
        } catch (IOException e) {
            handleIOException(e);
        }
    }

    private void writeRoleDeletedReport(ObjectID objectID, ActionSet actionSet) throws CommandException {
        try {
            this.reportWriter.write("\n\nRole deleted: ");
            writeRole(objectID, actionSet);
        } catch (IOException e) {
            handleIOException(e);
        }
    }

    private void writeMappingsDeletedReport(ObjectID objectID, ActionSet actionSet, Collection collection) throws CommandException {
        try {
            this.reportWriter.write("\n\nRole mappings deleted: ");
            writeRole(objectID, actionSet);
            this.reportWriter.write("\nPrincipals:");
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                ACPrincipal aCPrincipal = (ACPrincipal) it.next();
                this.reportWriter.write("\n");
                writePrincipal(aCPrincipal);
            }
        } catch (IOException e) {
            handleIOException(e);
        }
    }

    private void writeMadePrivateReport(ObjectID objectID, ACPrincipal aCPrincipal) throws CommandException {
        try {
            this.reportWriter.write("\n\nResoure tree switched to private: Root resource: ");
            this.reportWriter.write(ObjectIDUtils.dump(objectID));
            this.reportWriter.write(" New owner: ");
            writePrincipal(aCPrincipal);
        } catch (IOException e) {
            handleIOException(e);
        }
    }

    private void writePrincipal(ACPrincipal aCPrincipal) throws IOException {
        this.reportWriter.write(aCPrincipal.getName());
        this.reportWriter.write("(");
        this.reportWriter.write(ObjectIDUtils.dump(aCPrincipal.getObjectID()));
        this.reportWriter.write(")");
    }

    private void writeRole(ObjectID objectID, ActionSet actionSet) throws IOException {
        this.reportWriter.write("Domain root: ");
        this.reportWriter.write(ObjectIDUtils.dump(objectID));
        this.reportWriter.write(" ActionSet: ");
        this.reportWriter.write(actionSet.getName());
    }

    private void handleIOException(IOException iOException) throws CommandException {
        throw new CommandException(GeneralMessages.EXCEPTION_IN_1, new Object[]{"Optimizer stream access"}, iOException);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        LogManager logManager = LogManager.getLogManager();
        if (class$com$ibm$wps$ac$impl$Optimizer == null) {
            cls = class$("com.ibm.wps.ac.impl.Optimizer");
            class$com$ibm$wps$ac$impl$Optimizer = cls;
        } else {
            cls = class$com$ibm$wps$ac$impl$Optimizer;
        }
        logger = logManager.getLogger(cls);
    }
}
