package com.ibm.wps.ac.impl;

import com.ibm.portal.ObjectID;
import com.ibm.portal.ResourceType;
import com.ibm.wps.ac.ACManager;
import com.ibm.wps.ac.ACPrincipal;
import com.ibm.wps.ac.AccessControlMessages;
import com.ibm.wps.ac.ActionSet;
import com.ibm.wps.ac.AuthorizationDataException;
import com.ibm.wps.ac.AuthorizationModelException;
import com.ibm.wps.ac.CannotModifyRoleMappingsForExternalizedResourceException;
import com.ibm.wps.ac.ExternalAuthorizationException;
import com.ibm.wps.ac.NotAllowedException;
import com.ibm.wps.ac.RoleData;
import com.ibm.wps.ac.RoleInstanceNotFoundException;
import com.ibm.wps.ac.RoleMap;
import com.ibm.wps.ac.cache.ACCacheManager;
import com.ibm.wps.ac.factories.ACAdministrationPermissionFactory;
import com.ibm.wps.ac.internal.AccessControlConfig;
import com.ibm.wps.datastore.ac.ActionSetDescriptor;
import com.ibm.wps.datastore.ac.LinkUserToRole;
import com.ibm.wps.datastore.ac.ProtectedResource;
import com.ibm.wps.datastore.ac.ProtectedResourceRO;
import com.ibm.wps.datastore.ac.RoleInstance;
import com.ibm.wps.datastore.ac.RoleInstanceRO;
import com.ibm.wps.logging.LogManager;
import com.ibm.wps.logging.Logger;
import com.ibm.wps.util.ConcurrentModificationException;
import com.ibm.wps.util.DataBackendException;
import com.ibm.wps.util.ObjectIDConstants;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:lib/wps.jar:com/ibm/wps/ac/impl/RoleManager.class */
public class RoleManager {
    private static final String COPYRIGHT = "Licensed Materials - Property of IBM, 5724-E76 and 5724-E77, (C) Copyright IBM Corp. 2001, 2003 - All Rights reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final int INITIAL_SIZE = 32;
    private ResourceManager resourceManager;
    private ExternalAccessControlManager externalManager = null;
    private static final Logger logger;
    private static final RoleInstance[] EMPTY_ROLE_INSTANCE_ARRAY;
    private ACAdministrationPermissionFactory permissionFactory;
    private RoleManagerDataAccess roleManagerDataAccess;
    private ACCacheManager cacheManager;
    private ActionSetManager actionSetManager;
    static Class class$com$ibm$wps$ac$impl$RoleManager;

    public RoleManager(ResourceManager resourceManager, ACCacheManager aCCacheManager, ActionSetManager actionSetManager) throws AuthorizationDataException {
        this.resourceManager = resourceManager;
        this.cacheManager = aCCacheManager;
        this.roleManagerDataAccess = new RoleManagerDataAccess(aCCacheManager, resourceManager);
        this.actionSetManager = actionSetManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setResolveGroupMembership(boolean z) {
        this.roleManagerDataAccess.setResolveGroupMembership(z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deleteRole(ProtectedResourceRO protectedResourceRO, RoleInstance roleInstance, ObjectID objectID, ActionSetImpl actionSetImpl, Collection collection) throws AuthorizationDataException, ExternalAuthorizationException, NotAllowedException {
        try {
            if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                logger.entry(Logger.TRACE_MEDIUM, "deleteRole", new Object[]{protectedResourceRO, roleInstance, objectID, actionSetImpl, collection});
            }
            this.externalManager.roleDeleted(protectedResourceRO, roleInstance);
            roleInstance.delete();
            this.cacheManager.roleMappingModified(protectedResourceRO.getExternalOID(), actionSetImpl, collection);
            if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                logger.exit(Logger.TRACE_MEDIUM, "deleteRole");
            }
        } catch (ConcurrentModificationException e) {
            logger.text(100, "deleteRole", "Exception occured during deletion of a role", new Object[]{objectID, actionSetImpl}, e);
            throw new AuthorizationDataException(AccessControlMessages.ROLE_INSTANCE_DELETION_ERROR_2, new Object[]{new Integer(actionSetImpl.getFlagValue()), objectID}, e);
        } catch (DataBackendException e2) {
            logger.text(100, "deleteRole", "Exception occured during deletion of a role", new Object[]{objectID, actionSetImpl}, e2);
            throw new AuthorizationDataException(AccessControlMessages.ROLE_INSTANCE_DELETION_ERROR_2, new Object[]{new Integer(actionSetImpl.getFlagValue()), objectID}, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deleteAllRolesOnResource(ProtectedResource protectedResource) throws AuthorizationDataException {
        try {
            if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                logger.entry(Logger.TRACE_MEDIUM, "deleteAllRolesOnResource", new Object[]{protectedResource});
            }
            for (RoleInstance roleInstance : loadRoleInstancesOnResources(new com.ibm.wps.util.ObjectID[]{protectedResource.getObjectID()})) {
                roleInstance.delete();
            }
            if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                logger.exit(Logger.TRACE_MEDIUM, "deleteAllRolesOnResource");
            }
            this.cacheManager.roleMappingModified(protectedResource.getExternalOID(), null, null);
        } catch (ConcurrentModificationException e) {
            logger.text(100, "deleteRole", "Exception occured during deletion of all roles on a resource", new Object[]{protectedResource.getExternalOID()}, e);
            throw new AuthorizationDataException(AccessControlMessages.DELETE_ALL_ROLES_ERROR_1, new Object[]{protectedResource.getExternalOID()}, e);
        } catch (DataBackendException e2) {
            logger.text(100, "deleteRole", "Exception occured during deletion of all roles on a resource", new Object[]{protectedResource.getExternalOID()}, e2);
            throw new AuthorizationDataException(AccessControlMessages.DELETE_ALL_ROLES_ERROR_1, new Object[]{protectedResource.getExternalOID()}, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void createRoleMapping(RoleData roleData) throws AuthorizationDataException, AuthorizationModelException, ExternalAuthorizationException {
        RoleInstance createRole;
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "createRoleMapping", new Object[]{roleData});
        }
        try {
            if (AccessControlConfig.isExternalizationActivated()) {
                ProtectedResourceRO resourceByExternalID = this.resourceManager.getResourceByExternalID(roleData.getResourceID());
                if (resourceByExternalID.isExternalized()) {
                    throw new CannotModifyRoleMappingsForExternalizedResourceException(AccessControlMessages.CREATE_ROLE_MAPPING_ERROR_2, new Object[]{resourceByExternalID.getName(), resourceByExternalID.getObjectID()});
                }
            }
            createRole = loadRoleInstance(roleData.getResourceID(), (ActionSetImpl) roleData.getActionSet());
        } catch (RoleInstanceNotFoundException e) {
            createRole = createRole(roleData.getResourceID(), (ActionSetImpl) roleData.getActionSet(), null);
        }
        createRoleMapping(createRole, roleData.getMappedPrincipals(), roleData.getResourceID());
        this.cacheManager.roleMappingModified(roleData.getResourceID(), roleData.getActionSet(), roleData.getMappedPrincipals());
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.exit(Logger.TRACE_MEDIUM, "createRoleMapping");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void createRoleMapping(RoleInstance roleInstance, Collection collection, ObjectID objectID) throws AuthorizationDataException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "createRoleMapping", new Object[]{roleInstance, collection, objectID});
        }
        try {
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                ObjectID objectID2 = ((ACPrincipal) it.next()).getObjectID();
                if (LinkUserToRole.find((com.ibm.wps.util.ObjectID) objectID2, roleInstance.getObjectID()) == null) {
                    new LinkUserToRole((com.ibm.wps.util.ObjectID) objectID2, roleInstance.getObjectID()).store();
                } else if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                    logger.text(Logger.TRACE_MEDIUM, "createRoleMapping", new StringBuffer().append("Skipping existing link: ").append(objectID2).append(", ").append(roleInstance.getObjectID()).append(", ").append(LinkUserToRole.find((com.ibm.wps.util.ObjectID) objectID2, roleInstance.getObjectID())).toString());
                }
            }
            if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                logger.exit(Logger.TRACE_MEDIUM, "createRoleMapping");
            }
        } catch (ConcurrentModificationException e) {
            logger.text(100, "createRoleMapping", "Exception occured during creation of a role mapping", new Object[]{roleInstance, collection}, e);
            throw new AuthorizationDataException(AccessControlMessages.ROLE_MAPPING_CREATION_ERROR_3, new Object[]{roleInstance.getActionSetOID(), roleInstance.getProtectedResourceOID(), collection}, e);
        } catch (DataBackendException e2) {
            logger.text(100, "createRoleMapping", "Exception occured during creation of a role mapping", new Object[]{roleInstance, collection}, e2);
            throw new AuthorizationDataException(AccessControlMessages.ROLE_MAPPING_CREATION_ERROR_3, new Object[]{roleInstance.getActionSetOID(), roleInstance.getProtectedResourceOID(), collection}, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deleteRoleMapping(RoleData roleData) throws AuthorizationDataException, AuthorizationModelException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "deleteRoleMapping", new Object[]{roleData});
        }
        try {
            RoleInstance loadRoleInstance = loadRoleInstance(roleData.getResourceID(), (ActionSetImpl) roleData.getActionSet());
            if (checkUnDeletableRole(roleData.getResourceID(), roleData.getActionSet())) {
                Collection<?> loadMappedPrincipals = loadMappedPrincipals(loadRoleInstance);
                if (roleData.getMappedPrincipals().size() >= loadMappedPrincipals.size() && roleData.getMappedPrincipals().containsAll(loadMappedPrincipals)) {
                    throw new UnsupportedOperationException("It is not possible to delete the last mapped principal of the Role Administrator@Portal");
                }
            }
            if (AccessControlConfig.isExternalizationActivated()) {
                ProtectedResourceRO resourceByExternalID = this.resourceManager.getResourceByExternalID(roleData.getResourceID());
                if (resourceByExternalID.isExternalized()) {
                    throw new CannotModifyRoleMappingsForExternalizedResourceException(AccessControlMessages.CREATE_ROLE_MAPPING_ERROR_2, new Object[]{resourceByExternalID.getName(), resourceByExternalID.getObjectID()});
                }
            }
            Iterator it = roleData.getMappedPrincipals().iterator();
            while (it.hasNext()) {
                LinkUserToRole.delete((com.ibm.wps.util.ObjectID) ((ACPrincipal) it.next()).getObjectID(), loadRoleInstance.getObjectID());
            }
            this.cacheManager.roleMappingModified(roleData.getResourceID(), roleData.getActionSet(), roleData.getMappedPrincipals());
            if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                logger.exit(Logger.TRACE_MEDIUM, "deleteRoleMapping");
            }
        } catch (ConcurrentModificationException e) {
            logger.text(100, "deleteRoleMapping", "Exception occured during deletion of a role mapping", new Object[]{roleData}, e);
            throw new AuthorizationDataException(AccessControlMessages.ROLE_MAPPING_DELETION_ERROR_3, new Object[]{new Integer(((ActionSetImpl) roleData.getActionSet()).getFlagValue()), roleData.getResourceID(), roleData.getMappedPrincipals()}, e);
        } catch (DataBackendException e2) {
            logger.text(100, "deleteRoleMapping", "Exception occured during deletion of a role mapping", new Object[]{roleData}, e2);
            throw new AuthorizationDataException(AccessControlMessages.ROLE_MAPPING_DELETION_ERROR_3, new Object[]{new Integer(((ActionSetImpl) roleData.getActionSet()).getFlagValue()), roleData.getResourceID(), roleData.getMappedPrincipals()}, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RoleInstance createRole(ObjectID objectID, ActionSetImpl actionSetImpl, String str) throws AuthorizationDataException, ExternalAuthorizationException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "createRole", new Object[]{objectID, actionSetImpl});
        }
        try {
            ProtectedResourceRO resourceByExternalID = this.resourceManager.getResourceByExternalID(objectID);
            ActionSetDescriptor actionSetDescriptor = (ActionSetDescriptor) this.actionSetManager.getActionSetToActionSetDescriptorMap().get(actionSetImpl);
            RoleInstance roleInstance = new RoleInstance(resourceByExternalID.getObjectID(), actionSetDescriptor.getObjectID());
            roleInstance.setName(buildRoleName(objectID, resourceByExternalID, actionSetDescriptor).toString());
            roleInstance.setResourceType(objectID.getResourceType());
            roleInstance.setAlias(str);
            roleInstance.store();
            this.externalManager.roleCreated(resourceByExternalID, roleInstance);
            if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                logger.exit(Logger.TRACE_MEDIUM, "createRole", roleInstance);
            }
            return roleInstance;
        } catch (ConcurrentModificationException e) {
            logger.text(100, "createRole", "Exception occured during creation of a role", new Object[]{objectID, actionSetImpl}, e);
            throw new AuthorizationDataException(AccessControlMessages.ROLE_INSTANCE_CREATION_ERROR_2, new Object[]{new Integer(actionSetImpl.getFlagValue()), objectID}, e);
        } catch (DataBackendException e2) {
            logger.text(100, "createRole", "Exception occured during creation of a role", new Object[]{objectID, actionSetImpl}, e2);
            throw new AuthorizationDataException(AccessControlMessages.ROLE_INSTANCE_CREATION_ERROR_2, new Object[]{new Integer(actionSetImpl.getFlagValue()), objectID}, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void modifyRole(ObjectID objectID, ActionSetImpl actionSetImpl, String str) throws AuthorizationDataException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "modifyRole", new Object[]{objectID, actionSetImpl});
        }
        try {
            ProtectedResourceRO resourceByExternalID = this.resourceManager.getResourceByExternalID(objectID);
            RoleInstance loadRole = this.roleManagerDataAccess.loadRole(resourceByExternalID.getObjectID(), ((ActionSetDescriptor) this.actionSetManager.getActionSetToActionSetDescriptorMap().get(actionSetImpl)).getObjectID());
            if (loadRole == null) {
                throw new RoleInstanceNotFoundException(AccessControlMessages.ROLE_INSTANCE_LOAD_ERROR_2, new Object[]{objectID, actionSetImpl});
            }
            loadRole.setAlias(str);
            loadRole.store();
            if (resourceByExternalID.isExternalized()) {
                this.cacheManager.roleMappingModified(objectID, actionSetImpl, null);
            }
            if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                logger.exit(Logger.TRACE_MEDIUM, "modifyRole", loadRole);
            }
        } catch (ConcurrentModificationException e) {
            logger.text(100, "modifyRole", "Exception occured during modification of a role", new Object[]{objectID, actionSetImpl}, e);
            throw new AuthorizationDataException(AccessControlMessages.ROLE_INSTANCE_MODIFICATION_ERROR_2, new Object[]{actionSetImpl, objectID}, e);
        } catch (DataBackendException e2) {
            logger.text(100, "modifyRole", "Exception occured during modifaction of a role", new Object[]{objectID, actionSetImpl}, e2);
            throw new AuthorizationDataException(AccessControlMessages.ROLE_INSTANCE_MODIFICATION_ERROR_2, new Object[]{actionSetImpl, objectID}, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deleteAllRoleMappings(RoleInstance roleInstance) throws AuthorizationDataException, AuthorizationModelException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "deleteAllRoleMappings", new Object[]{roleInstance});
        }
        try {
            if (AccessControlConfig.isExternalizationActivated()) {
                ProtectedResourceRO resource = this.resourceManager.getResource(roleInstance.getProtectedResourceOID());
                if (resource.isExternalized()) {
                    throw new CannotModifyRoleMappingsForExternalizedResourceException(AccessControlMessages.CREATE_ROLE_MAPPING_ERROR_2, new Object[]{resource.getName(), resource.getObjectID()});
                }
            }
            LinkUserToRole.delete(roleInstance.getObjectID());
            if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                logger.exit(Logger.TRACE_MEDIUM, "deleteAllRoleMappings");
            }
        } catch (ConcurrentModificationException e) {
            logger.text(100, "deleteRoleMapping", "Exception occured during deletion of all role mappings for a role", new Object[]{roleInstance}, e);
            throw new AuthorizationDataException(AccessControlMessages.ALL_ROLE_MAPPING_DELETION_ERROR_2, new Object[]{roleInstance.getActionSetOID(), roleInstance.getProtectedResourceOID()}, e);
        } catch (DataBackendException e2) {
            logger.text(100, "deleteRoleMapping", "Exception occured during deletion of all role mappings for a role", new Object[]{roleInstance}, e2);
            throw new AuthorizationDataException(AccessControlMessages.ALL_ROLE_MAPPING_DELETION_ERROR_2, new Object[]{roleInstance.getActionSetOID(), roleInstance.getProtectedResourceOID()}, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map getInitialInheritanceData(ACPrincipal aCPrincipal, ResourceType resourceType, List list) throws ExternalAuthorizationException, AuthorizationDataException {
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.entry(Logger.TRACE_HIGH, "getInitialInheritanceData", aCPrincipal, resourceType);
        }
        RoleInstanceRO[] loadRolesForPrincipal = loadRolesForPrincipal(aCPrincipal, resourceType);
        ProtectedResourceRO[] nodesByRoleInstances = this.resourceManager.getNodesByRoleInstances(loadRolesForPrincipal);
        Map nodeMap = toNodeMap(nodesByRoleInstances, resourceType);
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.text(Logger.TRACE_HIGH, "getInitialInheritanceData", new StringBuffer().append("nodeMap: ").append(nodeMap).toString());
        }
        HashMap hashMap = new HashMap(nodesByRoleInstances.length);
        for (int i = 0; i < loadRolesForPrincipal.length; i++) {
            ProtectedResourceRO protectedResourceRO = (ProtectedResourceRO) nodeMap.get(loadRolesForPrincipal[i].getProtectedResourceOID());
            if (protectedResourceRO != null) {
                ActionSetImpl actionSetImpl = (ActionSetImpl) this.actionSetManager.getOidToActionSetMap().get(loadRolesForPrincipal[i].getActionSetOID());
                com.ibm.wps.util.ObjectID objectID = protectedResourceRO.getObjectID();
                InheritanceData inheritanceData = (InheritanceData) hashMap.get(objectID);
                if (inheritanceData == null) {
                    hashMap.put(objectID, new InheritanceData(protectedResourceRO, actionSetImpl));
                    list.add(protectedResourceRO);
                } else {
                    inheritanceData.addActionSet(actionSetImpl);
                }
            }
        }
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.exit(Logger.TRACE_HIGH, "getInitialInheritanceData", hashMap);
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void loadRole(RoleDataImpl roleDataImpl) throws AuthorizationDataException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "loadRole", roleDataImpl);
        }
        ProtectedResourceRO resourceByExternalID = this.resourceManager.getResourceByExternalID(roleDataImpl.getResourceID());
        roleDataImpl.setExternalized(resourceByExternalID.isExternalized());
        RoleInstance loadRoleInstance = loadRoleInstance(resourceByExternalID, (ActionSetImpl) roleDataImpl.getActionSet());
        roleDataImpl.setName(loadRoleInstance.getName());
        roleDataImpl.setAlias(loadRoleInstance.getAlias());
        roleDataImpl.setMappedPrincipals(loadMappedPrincipals(loadRoleInstance));
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.exit(Logger.TRACE_MEDIUM, "loadRole", roleDataImpl);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection loadMappedPrincipals(RoleInstance roleInstance) throws AuthorizationDataException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "loadMappedPrincipals", roleInstance);
        }
        try {
            LinkUserToRole[] findAllByRoleInstanceOID = LinkUserToRole.findAllByRoleInstanceOID(roleInstance.getObjectID());
            ArrayList arrayList = new ArrayList(findAllByRoleInstanceOID.length);
            if (findAllByRoleInstanceOID.length != 0) {
                for (LinkUserToRole linkUserToRole : findAllByRoleInstanceOID) {
                    arrayList.add(ACManager.getAccessControl().createPrincipal(linkUserToRole.getPrincipalID()));
                }
            }
            if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                logger.exit(Logger.TRACE_MEDIUM, "loadMappedPrincipals", arrayList);
            }
            return arrayList;
        } catch (DataBackendException e) {
            logger.text(100, "loadMappedPrincipals", "Exception occured while loading the mapped principals of a role", new Object[]{roleInstance}, e);
            throw new AuthorizationDataException(AccessControlMessages.ROLE_RETRIEVE_MAPPED_PRINCIPALS_2, new Object[]{roleInstance.getObjectID(), roleInstance.getName()}, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RoleMap loadInheritedRoleMappings(ObjectID objectID, ActionSetImpl actionSetImpl) throws AuthorizationDataException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "loadInheritedRoleMappings", objectID, actionSetImpl);
        }
        RoleMapImpl roleMapImpl = new RoleMapImpl(actionSetImpl);
        ACNodeImpl loadACNodeByExternalOID = this.resourceManager.loadACNodeByExternalOID(objectID);
        if (!loadACNodeByExternalOID.isPrivate()) {
            while (loadACNodeByExternalOID != null) {
                int flagValue = actionSetImpl.getFlagValue();
                if ((loadACNodeByExternalOID.getInheritanceFlags() & flagValue) == flagValue) {
                    break;
                }
                ACNodeImpl aCNodeImpl = (ACNodeImpl) loadACNodeByExternalOID.getParentNode();
                if (loadACNodeByExternalOID.getObjectID().equals(aCNodeImpl.getObjectID()) || (aCNodeImpl.getPropagationFlags() & flagValue) == flagValue) {
                    break;
                }
                ObjectID externalOID = aCNodeImpl.getExternalOID();
                try {
                    roleMapImpl.setPrincipalMapping(aCNodeImpl.getExternalOID(), loadMappedPrincipals(loadRoleInstance(aCNodeImpl.getExternalOID(), actionSetImpl)));
                } catch (RoleInstanceNotFoundException e) {
                }
                loadACNodeByExternalOID = this.resourceManager.loadACNodeByExternalOID(externalOID);
            }
        }
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.exit(Logger.TRACE_MEDIUM, "loadInheritedRoleMappings", roleMapImpl);
        }
        return roleMapImpl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RoleInstance loadRoleInstance(ObjectID objectID, ActionSetImpl actionSetImpl) throws AuthorizationDataException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "findRoleInstance", new Object[]{objectID, actionSetImpl});
        }
        RoleInstance loadRoleInstance = loadRoleInstance(this.resourceManager.getResourceByExternalID(objectID), actionSetImpl);
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.exit(Logger.TRACE_MEDIUM, "findRoleInstance", loadRoleInstance);
        }
        return loadRoleInstance;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RoleInstance loadRoleInstance(ProtectedResourceRO protectedResourceRO, ActionSetImpl actionSetImpl) throws AuthorizationDataException {
        try {
            RoleInstance find = RoleInstance.find(protectedResourceRO.getObjectID(), ((ActionSetDescriptor) this.actionSetManager.getActionSetToActionSetDescriptorMap().get(actionSetImpl)).getObjectID());
            if (find == null) {
                throw new RoleInstanceNotFoundException(AccessControlMessages.ROLE_INSTANCE_LOAD_ERROR_2, new Object[]{new Integer(actionSetImpl.getFlagValue()), protectedResourceRO.getExternalOID()});
            }
            return find;
        } catch (DataBackendException e) {
            logger.text(100, "findRoleInstance", "Exception occured while loading a roleinstance", new Object[]{protectedResourceRO.getExternalOID(), actionSetImpl}, e);
            throw new AuthorizationDataException(AccessControlMessages.ROLE_INSTANCE_LOAD_ERROR_2, new Object[]{new Integer(actionSetImpl.getFlagValue()), protectedResourceRO.getExternalOID()}, e);
        }
    }

    RoleInstanceRO[] loadRolesForPrincipal(ACPrincipal aCPrincipal, ResourceType resourceType) throws AuthorizationDataException {
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.entry(Logger.TRACE_HIGH, "loadRolesForPrincipal", aCPrincipal, resourceType);
        }
        RoleInstanceRO[] rolesForPrincipal = this.roleManagerDataAccess.getRolesForPrincipal(aCPrincipal, resourceType);
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.exit(Logger.TRACE_HIGH, "loadRolesForPrincipal", Arrays.asList(rolesForPrincipal));
        }
        return rolesForPrincipal;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection loadRolesForPrincipalOnResource(ACPrincipal aCPrincipal, ObjectID objectID) throws AuthorizationDataException {
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.entry(Logger.TRACE_HIGH, "loadRolesForPrincipal", aCPrincipal, objectID);
        }
        com.ibm.wps.util.ObjectID objectID2 = this.resourceManager.getResourceByExternalID(objectID).getObjectID();
        RoleInstanceRO[] rolesForPrincipal = this.roleManagerDataAccess.getRolesForPrincipal(aCPrincipal, objectID.getResourceType());
        ArrayList arrayList = new ArrayList(rolesForPrincipal.length);
        for (int i = 0; i < rolesForPrincipal.length; i++) {
            if (rolesForPrincipal[i].getProtectedResourceOID().equals(objectID2)) {
                arrayList.add((ActionSet) this.actionSetManager.getOidToActionSetMap().get(rolesForPrincipal[i].getActionSetOID()));
            }
        }
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.exit(Logger.TRACE_HIGH, "loadRolesForPrincipal", arrayList);
        }
        return arrayList;
    }

    private Collection loadRolesOnResource(ProtectedResourceRO protectedResourceRO) throws AuthorizationDataException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "loadRolesOnResource", protectedResourceRO);
        }
        try {
            RoleInstance[] findAllByProtectedResources = RoleInstance.findAllByProtectedResources(new ProtectedResourceRO[]{protectedResourceRO});
            ArrayList arrayList = new ArrayList(findAllByProtectedResources.length);
            for (int i = 0; i < findAllByProtectedResources.length; i++) {
                arrayList.add(new RoleDataImpl((ActionSetImpl) this.actionSetManager.getOidToActionSetMap().get(findAllByProtectedResources[i].getActionSetOID()), protectedResourceRO.getExternalOID(), findAllByProtectedResources[i].getName(), findAllByProtectedResources[i].getAlias(), protectedResourceRO.isExternalized()));
            }
            if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                logger.exit(Logger.TRACE_MEDIUM, "loadRolesOnResource", arrayList);
            }
            return arrayList;
        } catch (DataBackendException e) {
            logger.text(100, "findRoleInstance", "Exception occured while loading all roleinstances for a resource", new Object[]{protectedResourceRO}, e);
            throw new AuthorizationDataException(AccessControlMessages.ROLE_INSTANCE_LOAD_ERROR_2, new Object[]{protectedResourceRO.getExternalOID(), protectedResourceRO.getResourceType()}, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HashMap loadRoles(ObjectID objectID) throws AuthorizationDataException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "loadRoles", new Object[]{objectID});
        }
        try {
            ProtectedResourceRO resourceByExternalID = this.resourceManager.getResourceByExternalID(objectID);
            RoleInstance[] findAllByProtectedResourceOIDs = RoleInstance.findAllByProtectedResourceOIDs(new com.ibm.wps.util.ObjectID[]{resourceByExternalID.getObjectID()});
            HashMap hashMap = new HashMap(findAllByProtectedResourceOIDs.length);
            for (RoleInstance roleInstance : findAllByProtectedResourceOIDs) {
                Collection loadMappedPrincipals = loadMappedPrincipals(roleInstance);
                RoleDataImpl roleDataImpl = new RoleDataImpl(getActionSet(roleInstance.getActionSetOID()), objectID, roleInstance.getName(), roleInstance.getAlias(), resourceByExternalID.isExternalized());
                roleDataImpl.setMappedPrincipals(loadMappedPrincipals);
                hashMap.put(roleDataImpl, loadMappedPrincipals);
            }
            if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                logger.exit(Logger.TRACE_MEDIUM, "loadRoleInstancesOnResources", findAllByProtectedResourceOIDs);
            }
            return hashMap;
        } catch (DataBackendException e) {
            logger.text(100, "findRoleInstance", "Exception occured while loading all roleinstances for Resource OIDs", new Object[]{objectID}, e);
            throw new AuthorizationDataException(AccessControlMessages.ROLE_INSTANCE_LOAD_ALL_ERROR_1, new Object[]{objectID}, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RoleInstance[] loadRoleInstancesOnResources(com.ibm.wps.util.ObjectID[] objectIDArr) throws AuthorizationDataException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "loadRoleInstancesOnResources", new Object[]{objectIDArr});
        }
        try {
            RoleInstance[] findAllByProtectedResourceOIDs = RoleInstance.findAllByProtectedResourceOIDs(objectIDArr);
            if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                logger.exit(Logger.TRACE_MEDIUM, "loadRoleInstancesOnResources", findAllByProtectedResourceOIDs);
            }
            return findAllByProtectedResourceOIDs;
        } catch (DataBackendException e) {
            logger.text(100, "findRoleInstance", "Exception occured while loading all roleinstances for Resource OIDs", new Object[]{objectIDArr}, e);
            throw new AuthorizationDataException(AccessControlMessages.ROLE_INSTANCE_LOAD_ALL_ERROR_1, new Object[]{objectIDArr}, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection loadAssignedRoles(ObjectID objectID, ResourceType resourceType, ActionSetImpl actionSetImpl) throws AuthorizationDataException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "loadAssignedRoles", objectID);
        }
        try {
            LinkUserToRole[] findAllByPrincipalOID = LinkUserToRole.findAllByPrincipalOID((com.ibm.wps.util.ObjectID) objectID);
            ArrayList arrayList = new ArrayList(findAllByPrincipalOID.length);
            for (RoleInstance roleInstance : RoleInstance.find(findAllByPrincipalOID)) {
                ActionSetImpl actionSetImpl2 = (ActionSetImpl) this.actionSetManager.getOidToActionSetMap().get(roleInstance.getActionSetOID());
                if ((actionSetImpl == null || actionSetImpl2.implies(actionSetImpl)) && (resourceType == null || roleInstance.getResourceType() == resourceType)) {
                    ProtectedResourceRO resource = this.resourceManager.getResource(roleInstance.getProtectedResourceOID());
                    arrayList.add(new RoleDataImpl(actionSetImpl2, resource.getExternalOID(), roleInstance.getName(), roleInstance.getAlias(), resource.isExternalized()));
                }
            }
            if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                logger.exit(Logger.TRACE_MEDIUM, "loadAssignedRoles", arrayList);
            }
            return arrayList;
        } catch (DataBackendException e) {
            logger.text(100, "loadAssignedRoles", "Exception occured while loading all role mappings for a principal", new Object[]{objectID}, e);
            throw new AuthorizationDataException(AccessControlMessages.LOAD_ASSIGNED_ROLES_ERROR_1, new Object[]{objectID}, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ActionSetImpl getActionSet(ObjectID objectID) {
        return (ActionSetImpl) this.actionSetManager.getOidToActionSetMap().get(objectID);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setExternalManager(ExternalAccessControlManager externalAccessControlManager) {
        this.externalManager = externalAccessControlManager;
    }

    private Map toNodeMap(ProtectedResourceRO[] protectedResourceROArr, ResourceType resourceType) {
        HashMap hashMap = new HashMap(protectedResourceROArr.length);
        for (int i = 0; i < protectedResourceROArr.length; i++) {
            ResourceType resourceType2 = protectedResourceROArr[i].getExternalOID().getResourceType();
            SuperType superType = SuperType.getSuperType(resourceType);
            if (resourceType == resourceType2 || superType.getTypes().contains(resourceType2)) {
                hashMap.put(protectedResourceROArr[i].getObjectID(), protectedResourceROArr[i]);
            }
        }
        return hashMap;
    }

    private StringBuffer buildRoleName(ObjectID objectID, ProtectedResourceRO protectedResourceRO, ActionSetDescriptor actionSetDescriptor) {
        StringBuffer stringBuffer = new StringBuffer(200);
        stringBuffer.append(actionSetDescriptor.getName());
        stringBuffer.append('@');
        stringBuffer.append(objectID.getResourceType().toString());
        stringBuffer.append('/');
        if (objectID.getUniqueName() != null) {
            stringBuffer.append(objectID.getUniqueName());
        }
        stringBuffer.append('/');
        stringBuffer.append(objectID.toString());
        return stringBuffer;
    }

    private ACAdministrationPermissionFactory getPermissionFactory() {
        if (this.permissionFactory == null) {
            this.permissionFactory = ACManager.getAccessControl().getAccessControlAdministrationPermissionFactory();
        }
        return this.permissionFactory;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean checkUnDeletableRole(ObjectID objectID, ActionSet actionSet) {
        return objectID.equals(ObjectIDConstants.AC_VIRTUAL_RESOURCE_PORTAL) && actionSet.equals(ActionSet.ADMIN);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        LogManager logManager = LogManager.getLogManager();
        if (class$com$ibm$wps$ac$impl$RoleManager == null) {
            cls = class$("com.ibm.wps.ac.impl.RoleManager");
            class$com$ibm$wps$ac$impl$RoleManager = cls;
        } else {
            cls = class$com$ibm$wps$ac$impl$RoleManager;
        }
        logger = logManager.getLogger(cls);
        EMPTY_ROLE_INSTANCE_ARRAY = new RoleInstance[0];
    }
}
