package com.ibm.wps.ac.authtable;

import com.ibm.portal.WPAuthorizationTableExtended;
import com.ibm.websphere.security.SecurityProviderException;
import com.ibm.wps.ac.esm.ExternalAccessControlMessages;
import com.ibm.wps.ac.esm.SiteMinderExternalAccessControlImpl;
import com.ibm.wps.logging.LogManager;
import com.ibm.wps.logging.Logger;
import com.ibm.wps.puma.User;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import javax.security.auth.Subject;
import netegrity.siteminder.javaagent.AgentAPI;
import netegrity.siteminder.javaagent.AttributeList;
import netegrity.siteminder.javaagent.RealmDef;
import netegrity.siteminder.javaagent.ResourceContextDef;
import netegrity.siteminder.javaagent.SessionDef;

/* loaded from: input_file:plugins/com.ibm.wps_v5_5.0.2/wps.jar:com/ibm/wps/ac/authtable/WPSiteMinderAuthTableImpl.class */
public class WPSiteMinderAuthTableImpl implements WPAuthorizationTableExtended {
    private static final String COPYRIGHT = "Licensed Materials - Property of IBM, 5724-E76 and 5724-E77, (C) Copyright IBM Corp. 2001, 2003 - All Rights reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    String action = "Get";
    public final String CLASS_NAME = getClass().getName();
    private AgentAPI agentApi;
    private Logger logger;
    private String order;
    static Class class$com$ibm$wps$ac$authtable$WPSiteMinderAuthTableImpl;
    static Class class$com$ibm$wps$sso$SiteMinderSessionIdPrincipal;
    static Class class$com$ibm$wps$sso$SiteMinderSessionSpecPrincipal;

    public WPSiteMinderAuthTableImpl(AgentAPI agentAPI, String str) {
        Class cls;
        this.agentApi = null;
        this.logger = null;
        this.order = "rasc";
        this.agentApi = agentAPI;
        this.order = str;
        LogManager logManager = LogManager.getLogManager();
        if (class$com$ibm$wps$ac$authtable$WPSiteMinderAuthTableImpl == null) {
            cls = class$("com.ibm.wps.ac.authtable.WPSiteMinderAuthTableImpl");
            class$com$ibm$wps$ac$authtable$WPSiteMinderAuthTableImpl = cls;
        } else {
            cls = class$com$ibm$wps$ac$authtable$WPSiteMinderAuthTableImpl;
        }
        this.logger = logManager.getLogger(cls);
        this.logger.message(102, "WPSiteMinderAuthTableImpl()", ExternalAccessControlMessages.AUTH_TABLE_INITIALIZATION_COMPLETE_1, new Object[]{this.CLASS_NAME});
    }

    public boolean isGrantedRole(HashMap hashMap, String str, Principal principal) throws SecurityProviderException {
        if (this.logger.isLogging(111)) {
            this.logger.entry(102, "isGrantedRole()");
        }
        boolean z = false;
        String roleNameToResourceName = SiteMinderExternalAccessControlImpl.roleNameToResourceName(str, hashMap, this.order);
        ResourceContextDef resourceContextDef = new ResourceContextDef("", "", roleNameToResourceName, this.action);
        RealmDef realmDef = new RealmDef();
        AttributeList attributeList = new AttributeList();
        if (this.agentApi.isProtected(roleNameToResourceName, resourceContextDef, realmDef) == 1) {
            SessionDef sessionDef = new SessionDef();
            sessionDef.id = extractSessionId(principal);
            sessionDef.spec = extractSessionSpec(principal);
            if (sessionDef.id != null && sessionDef.spec != null) {
                switch (this.agentApi.authorize("", "WebSphere Portal Server", resourceContextDef, realmDef, sessionDef, attributeList)) {
                    case 1:
                        z = true;
                        if (this.logger.isLogging(110)) {
                            this.logger.text(110, "isGrantedRole()", new StringBuffer().append(principal.getName()).append(" IS authorized on ").append(roleNameToResourceName).toString());
                            break;
                        }
                        break;
                    case 2:
                        if (this.logger.isLogging(110)) {
                            this.logger.text(110, "isGrantedRole()", new StringBuffer().append(principal.getName()).append(" IS NOT authorized on ").append(roleNameToResourceName).toString());
                            break;
                        }
                        break;
                }
            }
        } else {
            z = true;
        }
        if (this.logger.isLogging(111)) {
            this.logger.exit(102, "isGrantedRole()", z);
        }
        return z;
    }

    private String extractSessionId(Principal principal) {
        Class cls;
        if (this.logger.isLogging(111)) {
            this.logger.entry(102, "extractSessionId()");
        }
        String str = null;
        Subject subject = ((User) principal).getSubject();
        if (subject != null) {
            if (class$com$ibm$wps$sso$SiteMinderSessionIdPrincipal == null) {
                cls = class$("com.ibm.wps.sso.SiteMinderSessionIdPrincipal");
                class$com$ibm$wps$sso$SiteMinderSessionIdPrincipal = cls;
            } else {
                cls = class$com$ibm$wps$sso$SiteMinderSessionIdPrincipal;
            }
            Iterator it = subject.getPrincipals(cls).iterator();
            while (it.hasNext()) {
                str = it.next().toString();
            }
        }
        if (this.logger.isLogging(111)) {
            this.logger.exit(102, "extractSessionId()", str);
        }
        return str;
    }

    private String extractSessionSpec(Principal principal) {
        Class cls;
        if (this.logger.isLogging(111)) {
            this.logger.entry(102, "extractSessionSpec()");
        }
        String str = null;
        Subject subject = ((User) principal).getSubject();
        if (subject != null) {
            if (class$com$ibm$wps$sso$SiteMinderSessionSpecPrincipal == null) {
                cls = class$("com.ibm.wps.sso.SiteMinderSessionSpecPrincipal");
                class$com$ibm$wps$sso$SiteMinderSessionSpecPrincipal = cls;
            } else {
                cls = class$com$ibm$wps$sso$SiteMinderSessionSpecPrincipal;
            }
            Iterator it = subject.getPrincipals(cls).iterator();
            while (it.hasNext()) {
                str = it.next().toString();
            }
        }
        if (this.logger.isLogging(111)) {
            this.logger.exit(102, "extractSessionSpec()", str);
        }
        return str;
    }

    public boolean isEveryoneGranted(HashMap hashMap, String[] strArr) throws SecurityProviderException {
        if (this.logger.isLogging(111)) {
            this.logger.entry(102, "isEveryoneGranted()");
        }
        RealmDef realmDef = new RealmDef();
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= strArr.length) {
                break;
            }
            String roleNameToResourceName = SiteMinderExternalAccessControlImpl.roleNameToResourceName(strArr[i], hashMap, this.order);
            if (this.agentApi.isProtected(roleNameToResourceName, new ResourceContextDef("", "", roleNameToResourceName, this.action), realmDef) == 2) {
                z = true;
                break;
            }
            i++;
        }
        if (this.logger.isLogging(111)) {
            this.logger.exit(102, "isEveryoneGranted()", z);
        }
        return z;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x00a2. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:23:0x0159  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean isGrantedAnyRole(java.util.HashMap r9, java.lang.String[] r10, java.security.Principal r11) throws com.ibm.websphere.security.SecurityProviderException {
        /*
            Method dump skipped, instructions count: 363
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.wps.ac.authtable.WPSiteMinderAuthTableImpl.isGrantedAnyRole(java.util.HashMap, java.lang.String[], java.security.Principal):boolean");
    }

    @Override // com.ibm.portal.WPAuthorizationTableExtended
    public String[] getRoles(HashMap hashMap, Principal principal) throws SecurityProviderException {
        if (this.logger.isLogging(111)) {
            this.logger.entry(102, "getRoles()");
        }
        ArrayList arrayList = new ArrayList();
        AttributeList attributeList = new AttributeList();
        RealmDef realmDef = new RealmDef();
        String[] strArr = (String[]) hashMap.get(WPAuthorizationTableExtended.CANDIDATE_ROLES);
        if (strArr == null || strArr.length <= 0) {
            this.logger.text(100, "getRoles()", "No roles to check. SiteMinder provides no entitlements type function. This would be too SLOOOOOOWW to build");
        } else {
            for (int i = 0; i < strArr.length; i++) {
                String roleNameToResourceName = SiteMinderExternalAccessControlImpl.roleNameToResourceName(strArr[i], hashMap, this.order);
                ResourceContextDef resourceContextDef = new ResourceContextDef("", "", roleNameToResourceName, this.action);
                if (this.agentApi.isProtected(roleNameToResourceName, resourceContextDef, realmDef) == 1) {
                    if (this.logger.isLogging(112)) {
                        this.logger.entry(112, "getRoles()", new StringBuffer().append(roleNameToResourceName).append(" IS protected ").toString());
                    }
                    if (principal != null) {
                        SessionDef sessionDef = new SessionDef();
                        sessionDef.id = extractSessionId(principal);
                        sessionDef.spec = extractSessionSpec(principal);
                        if (sessionDef.id != null && sessionDef.spec != null) {
                            switch (this.agentApi.authorize("", "WebSphere Portal Server", resourceContextDef, realmDef, sessionDef, attributeList)) {
                                case 1:
                                    arrayList.add(strArr[i]);
                                    if (this.logger.isLogging(110)) {
                                        this.logger.text(110, "getRoles()", new StringBuffer().append(principal.getName()).append(" IS authorized on ").append(roleNameToResourceName).toString());
                                        break;
                                    } else {
                                        break;
                                    }
                                case 2:
                                    if (this.logger.isLogging(110)) {
                                        this.logger.text(110, "getRoles()", new StringBuffer().append(principal.getName()).append(" IS NOT authorized on ").append(roleNameToResourceName).toString());
                                        break;
                                    } else {
                                        break;
                                    }
                            }
                        } else if (this.logger.isLogging(110)) {
                            this.logger.entry(110, "getRoles()", new StringBuffer().append(roleNameToResourceName).append(" IS protected but principal does not contain id and spec. Denied access ").toString());
                        }
                    } else if (this.logger.isLogging(112)) {
                        this.logger.entry(112, "getRoles()", new StringBuffer().append(roleNameToResourceName).append(" IS protected but principal is null.Denied access ").toString());
                    }
                } else if (this.logger.isLogging(112)) {
                    this.logger.entry(112, "getRoles()", new StringBuffer().append(roleNameToResourceName).append(" is NOT protected. Granting access. ").toString());
                    arrayList.add(roleNameToResourceName);
                }
            }
        }
        String[] strArr2 = new String[arrayList.size()];
        for (int i2 = 0; i2 < arrayList.size(); i2++) {
            strArr2[i2] = (String) arrayList.get(i2);
        }
        if (this.logger.isLogging(111)) {
            this.logger.exit(102, "getRoles()", new StringBuffer().append(strArr2).append("size: ").append(strArr2.length).toString());
        }
        return strArr2;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }
}
