package com.ibm.wps.ac.esm;

import com.ibm.portal.WPAuthorizationTableExtended;
import com.ibm.wps.ac.ACManager;
import com.ibm.wps.ac.ACPrincipal;
import com.ibm.wps.ac.ActionSet;
import com.ibm.wps.ac.AuthorizationDataException;
import com.ibm.wps.ac.ExternalAuthorizationException;
import com.ibm.wps.ac.impl.ACPrincipalAnonymousUserImpl;
import com.ibm.wps.ac.internal.ACPumaPrincipal;
import com.ibm.wps.command.CommandException;
import com.ibm.wps.command.ac.QueryRoleCommand;
import com.ibm.wps.logging.LogManager;
import com.ibm.wps.logging.Logger;
import com.ibm.wps.puma.Principal;
import com.ibm.wps.puma.User;
import com.ibm.wps.services.ac.ExternalAccessControlService;
import com.ibm.wps.util.ObjectIDConstants;
import com.ibm.wps.util.Properties;
import com.ibm.wps.wsrp.util.Constants;
import com.ibm.ws.security.util.InvalidPasswordDecodingException;
import com.ibm.ws.security.util.InvalidPasswordEncodingException;
import com.ibm.ws.security.util.PasswordUtil;
import com.ibm.ws.security.util.UnsupportedCryptoAlgorithmException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import javax.servlet.ServletConfig;

/* loaded from: input_file:lib/wps.jar:com/ibm/wps/ac/esm/GenericExternalAccessControlImpl.class */
public abstract class GenericExternalAccessControlImpl extends ExternalAccessControlService {
    public static final String COPYRIGHT = "Licensed Materials - Property of IBM, 5724-E76 and 5724-E77, (C) Copyright IBM Corp. 2001, 2003 - All Rights reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    protected static Logger logger;
    private String MAJORVERSION = "5";
    private String MINORVERSION = "0";
    private String app = null;
    private String cell = null;
    private String server = null;
    private String order = null;
    private char roleDelim = '_';
    private char contextDelim = '-';
    private WPAuthorizationTableExtended authTable = null;
    private HashMap defaultContextMap = new HashMap();
    public static final String PD_ROOT = "ctx_pd_root";
    static Class class$com$ibm$wps$ac$esm$GenericExternalAccessControlImpl;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.wps.services.Service
    public void init(ServletConfig servletConfig, Properties properties) throws Exception {
        setApp(properties.getString("externalaccesscontrol.application", "WPS"));
        setCell(properties.getString("externalaccesscontrol.cell", "cell"));
        setServer(properties.getString("externalaccesscontrol.server", "WebSphere_Portal"));
        setOrder(properties.getString("externalaccesscontrol.order", "rasc"));
        setRoleDelim(properties.getString("externalaccesscontrol.role.delimiter", Constants.NAMESPACE_START).charAt(0));
    }

    public String getMAJORVERSION() {
        return this.MAJORVERSION;
    }

    public String getMINORVERSION() {
        return this.MINORVERSION;
    }

    public void setMAJORVERSION(String str) {
        this.MAJORVERSION = str;
    }

    public void setMINORVERSION(String str) {
        this.MINORVERSION = str;
    }

    public boolean passesPropertyVerification(String[] strArr, Properties properties) throws Exception {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "passesPropertyVerification()");
        }
        for (int i = 0; i < strArr.length; i++) {
            if (properties.getString(strArr[i]) == null) {
                logger.message(100, "passesPropertyVerification()", ExternalAccessControlMessages.REQUIRED_PROPERTY_DOES_NOT_EXIST_1, new Object[]{strArr[i]});
                throw new Exception(new StringBuffer().append(strArr[i]).append(" must be set in ExternalAccessControlService.properties.").toString());
            }
        }
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.exit(Logger.TRACE_MEDIUM, "passesPropertyVerification()", true);
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String lookWhatIHaveToDoWithWPProperties(String str) {
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.entry(Logger.TRACE_HIGH, "lookWhatIHaveToDoWithWPProperties()", str);
        }
        StringBuffer stringBuffer = new StringBuffer(str);
        for (int i = 0; i < stringBuffer.length(); i++) {
            if (stringBuffer.charAt(i) == '\\') {
                stringBuffer.deleteCharAt(i);
            }
        }
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.exit(Logger.TRACE_HIGH, "lookWhatIHaveToDoWithWPProperties()", stringBuffer.toString());
        }
        return stringBuffer.toString();
    }

    public static String decryptWASPassword(String str) {
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.entry(Logger.TRACE_HIGH, "decryptWASPassword()");
        }
        String str2 = str;
        if (str != null && str.indexOf("{xor}") > -1) {
            try {
                str2 = PasswordUtil.decode(lookWhatIHaveToDoWithWPProperties(str));
            } catch (InvalidPasswordDecodingException e) {
                if (logger.isLogging(100)) {
                    logger.message(100, "decryptWASPassword()", ExternalAccessControlMessages.UNABLE_TO_DECRYPT_PASSWORD_1, new Object[]{e.toString()});
                }
            } catch (UnsupportedCryptoAlgorithmException e2) {
                if (logger.isLogging(100)) {
                    logger.message(100, "decryptWASPassword()", ExternalAccessControlMessages.UNABLE_TO_DECRYPT_PASSWORD_1, new Object[]{e2.toString()});
                }
            }
        }
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.exit(Logger.TRACE_HIGH, "decryptWASPassword()", str2);
        }
        return str2;
    }

    public static String encryptWASPassword(String str) {
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.entry(Logger.TRACE_HIGH, "encryptWASPassword()");
        }
        String str2 = str;
        if (str != null && str.indexOf("{xor}") == -1) {
            try {
                str2 = PasswordUtil.encode(str);
            } catch (InvalidPasswordEncodingException e) {
                if (logger.isLogging(100)) {
                    logger.message(100, "decryptWASPassword()", ExternalAccessControlMessages.UNABLE_TO_ENCRYPT_PASSWORD_1, new Object[]{e.toString()});
                }
            } catch (UnsupportedCryptoAlgorithmException e2) {
                if (logger.isLogging(100)) {
                    logger.message(100, "decryptWASPassword()", ExternalAccessControlMessages.UNABLE_TO_ENCRYPT_PASSWORD_1, new Object[]{e2.toString()});
                }
            }
        }
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.exit(Logger.TRACE_HIGH, "encryptWASPassword()", str2);
        }
        return str2;
    }

    public String getApp() {
        return this.app;
    }

    public String getCell() {
        return this.cell;
    }

    public String getServer() {
        return this.server;
    }

    public void setApp(String str) {
        this.app = str;
        this.defaultContextMap.put("APPLICATION_NAME", str);
    }

    public void setCell(String str) {
        this.cell = str;
        this.defaultContextMap.put("CELL_NAME", str);
    }

    public void setServer(String str) {
        this.server = str;
        this.defaultContextMap.put("SERVER_NAME", str);
    }

    public WPAuthorizationTableExtended getAuthTable() {
        return this.authTable;
    }

    public void setAuthTable(WPAuthorizationTableExtended wPAuthorizationTableExtended) {
        this.authTable = wPAuthorizationTableExtended;
    }

    public HashMap getDefaultContextMap() {
        return this.defaultContextMap;
    }

    public static String modifyRoleName(String str, char c) {
        String replace = str.replace('/', c);
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.text(Logger.TRACE_HIGH, "modifyRoleName()", new StringBuffer().append(str).append(" modified to ").append(replace).toString());
        }
        return replace;
    }

    @Override // com.ibm.wps.services.ac.ExternalAccessControlService, com.ibm.wps.services.ac.ExternalAccessControlInterface
    public Collection getAliasedRoleMappings(ACPrincipal aCPrincipal, Collection collection) throws ExternalAuthorizationException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "getAliasedRoleMappings()", new String(new StringBuffer().append(aCPrincipal).append(" ,").append(collection).toString()));
        }
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        if (collection != null && !collection.isEmpty()) {
            int i = 0;
            String[] strArr = new String[collection.size()];
            for (Object obj : collection) {
                strArr[i] = (String) obj;
                if (logger.isLogging(Logger.TRACE_HIGH)) {
                    logger.text(Logger.TRACE_HIGH, "getRoleMappings()", new StringBuffer().append("roleName[").append(i).append("] is ").append(strArr[i]).append(" temp class type is ").append(obj.getClass()).toString());
                }
                i++;
            }
            hashMap.put(WPAuthorizationTableExtended.CANDIDATE_ROLES, strArr);
            for (String str : getAuthTable().getRoles(hashMap, getPumaPrincipal(aCPrincipal))) {
                arrayList.add(str);
            }
        }
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.exit(Logger.TRACE_MEDIUM, "getAliasedRoleMappings()", arrayList);
        }
        return arrayList;
    }

    @Override // com.ibm.wps.services.ac.ExternalAccessControlService, com.ibm.wps.services.ac.ExternalAccessControlInterface
    public boolean isUserInRole(ACPrincipal aCPrincipal, String str) throws ExternalAuthorizationException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "isUserInRole()");
        }
        boolean isGrantedRole = getAuthTable().isGrantedRole(getDefaultContextMap(), str, getPumaPrincipal(aCPrincipal));
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.exit(Logger.TRACE_MEDIUM, "isUserInRole()", isGrantedRole);
        }
        return isGrantedRole;
    }

    @Override // com.ibm.wps.services.ac.ExternalAccessControlService, com.ibm.wps.services.ac.ExternalAccessControlInterface
    public boolean isUserInAliasedRole(ACPrincipal aCPrincipal, String str) throws ExternalAuthorizationException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "isUserInAliasedRole()");
        }
        boolean isGrantedRole = getAuthTable().isGrantedRole((HashMap) null, str, getPumaPrincipal(aCPrincipal));
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.exit(Logger.TRACE_MEDIUM, "isUserInRole()", isGrantedRole);
        }
        return isGrantedRole;
    }

    @Override // com.ibm.wps.services.ac.ExternalAccessControlService, com.ibm.wps.services.ac.ExternalAccessControlInterface
    public Collection getRoleMappings(ACPrincipal aCPrincipal, Collection collection) throws ExternalAuthorizationException {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "getRoleMappings()", new String(new StringBuffer().append(aCPrincipal).append(" ,").append(collection).toString()));
        }
        ArrayList arrayList = new ArrayList();
        if (logger.isLogging(Logger.TRACE_HIGH)) {
            logger.text(Logger.TRACE_HIGH, "getRoleMappings()", "before building the String []");
        }
        if (collection != null) {
            int i = 0;
            String[] strArr = new String[collection.size()];
            for (Object obj : collection) {
                strArr[i] = (String) obj;
                if (logger.isLogging(Logger.TRACE_HIGH)) {
                    logger.text(Logger.TRACE_HIGH, "getRoleMappings()", new StringBuffer().append("roleName[").append(i).append("] is ").append(strArr[i]).append(" temp class type is ").append(obj.getClass()).toString());
                }
                i++;
            }
            HashMap defaultContextMap = getDefaultContextMap();
            if (logger.isLogging(Logger.TRACE_HIGH)) {
                logger.text(Logger.TRACE_HIGH, "getRoleMappings()", new StringBuffer().append("array=").append(strArr.toString()).append(", defaultContextRoot: ").append(getDefaultContextMap()).toString());
            }
            defaultContextMap.put(WPAuthorizationTableExtended.CANDIDATE_ROLES, strArr);
            for (String str : getAuthTable().getRoles(defaultContextMap, getPumaPrincipal(aCPrincipal))) {
                arrayList.add(str);
            }
        }
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.exit(Logger.TRACE_MEDIUM, "getRoleMappings()", arrayList);
        }
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public Principal getPumaPrincipal(ACPrincipal aCPrincipal) {
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.entry(Logger.TRACE_MEDIUM, "getPumaPrincipal()");
        }
        Principal principal = null;
        if (aCPrincipal instanceof ACPumaPrincipal) {
            try {
                principal = ((ACPumaPrincipal) aCPrincipal).getPumaPrincipal();
            } catch (AuthorizationDataException e) {
            }
            if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                logger.exit(Logger.TRACE_MEDIUM, "getPumaPrincipal()", principal.getName());
            }
            return principal;
        }
        if (aCPrincipal instanceof ACPrincipalAnonymousUserImpl) {
            if (logger.isLogging(Logger.TRACE_MEDIUM)) {
                logger.text(Logger.TRACE_MEDIUM, "getPumaPrincipal()", new StringBuffer().append(aCPrincipal.getName()).append(" is an ANONYMOUS principal").toString());
            }
            return new User();
        }
        if (!logger.isLogging(Logger.TRACE_MEDIUM)) {
            return null;
        }
        logger.text(Logger.TRACE_MEDIUM, "getPumaPrincipal()", new StringBuffer().append(aCPrincipal.getName()).append(" is not a Puma principal").toString());
        return null;
    }

    public void externalizeExternalACLRole() throws ExternalAuthorizationException {
        ArrayList arrayList = new ArrayList();
        ACPrincipal aCPrincipal = null;
        ACPrincipal aCPrincipal2 = null;
        try {
            aCPrincipal = ACManager.getAccessControl().createPrincipal(ObjectIDConstants.ADMIN_USER);
            aCPrincipal2 = ACManager.getAccessControl().getXmlAccessScriptingUser(ObjectIDConstants.ADMIN_USER);
            if (logger.isLogging(Logger.TRACE_LOW)) {
                logger.text(Logger.TRACE_LOW, "externalizeExternalACLRole()", new StringBuffer().append("finding principal for portal admin: ").append(aCPrincipal.getName()).append(". ObjectID = ").append(aCPrincipal.getObjectID()).toString());
            }
        } catch (AuthorizationDataException e) {
            logger.message(101, "externalizeExternalACLRole()", ExternalAccessControlMessages.ESM_EXCEPTION_1, new Object[]{e.toString()});
            if (logger.isLogging(101)) {
                logger.text(101, "createInitialRole()", " admin user could not be found, so it has NOT been added to the role");
            }
        }
        try {
            QueryRoleCommand queryRoleCommand = new QueryRoleCommand();
            queryRoleCommand.setActionSet(ActionSet.ADMIN);
            queryRoleCommand.setResource(ObjectIDConstants.AC_VIRTUAL_RESOURCE_EXTERNAL_ACCESS_CONTROL);
            queryRoleCommand.setUser(aCPrincipal2);
            queryRoleCommand.execute();
            logger.text(101, "externalizeExternalACLRole()", new StringBuffer().append(" rolename to externalize is ").append(queryRoleCommand.getRoleName()).toString());
            arrayList.add(aCPrincipal);
            externalizeRole(queryRoleCommand.getRoleName(), arrayList);
        } catch (ExternalAuthorizationException e2) {
            logger.message(101, "externalizeExternalACLRole()", ExternalAccessControlMessages.ESM_EXCEPTION_1, new Object[]{e2.toString()});
        } catch (CommandException e3) {
            logger.text(101, "externalizeExternalACLRole()", new StringBuffer().append("Error running QueryRoleCommand(): ").append(e3.toString()).toString());
        } catch (Exception e4) {
            logger.text(101, "externalizeExternalACLRole()", new StringBuffer().append("Error running QueryRoleCommand(): ").append(e4).toString());
        }
    }

    @Override // com.ibm.wps.services.ac.ExternalAccessControlService, com.ibm.wps.services.ac.ExternalAccessControlInterface
    public abstract void externalizeRole(String str, Collection collection) throws ExternalAuthorizationException;

    @Override // com.ibm.wps.services.ac.ExternalAccessControlService, com.ibm.wps.services.ac.ExternalAccessControlInterface
    public abstract Collection internalizeRole(String str) throws ExternalAuthorizationException;

    @Override // com.ibm.wps.services.ac.ExternalAccessControlService, com.ibm.wps.services.ac.ExternalAccessControlInterface
    public abstract void deleteRole(String str) throws ExternalAuthorizationException;

    public String getOrder() {
        return this.order;
    }

    public void setOrder(String str) throws ExternalAuthorizationException {
        if (str.length() == 4) {
            this.order = str;
        } else {
            logger.message(100, "setOrder()", ExternalAccessControlMessages.ESM_CONFIG_FILE_1, new Object[]{"externalaccesscontrol.order must contain 4 characters: r=rolename, c=cell name, a=appliation name, s=servername"});
            throw new ExternalAuthorizationException(ExternalAccessControlMessages.ESM_CONFIG_FILE_1, new Object[]{"externalaccesscontrol.order must contain 4 characters: r=rolename, c=cell name, a=appliation name, s=servername"});
        }
    }

    public char getRoleDelim() {
        return this.roleDelim;
    }

    public void setRoleDelim(char c) {
        this.roleDelim = c;
    }

    public char getContextDelim() {
        return this.contextDelim;
    }

    public void setContextDelim(char c) {
        this.contextDelim = c;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        LogManager logManager = LogManager.getLogManager();
        if (class$com$ibm$wps$ac$esm$GenericExternalAccessControlImpl == null) {
            cls = class$("com.ibm.wps.ac.esm.GenericExternalAccessControlImpl");
            class$com$ibm$wps$ac$esm$GenericExternalAccessControlImpl = cls;
        } else {
            cls = class$com$ibm$wps$ac$esm$GenericExternalAccessControlImpl;
        }
        logger = logManager.getLogger(cls);
    }
}
