package com.ibm.wps.services.authorization;

import com.ibm.logging.ILogger;
import com.ibm.logging.mgr.LogManager;
import com.ibm.wps.command.webservices.UDDIConstants;
import com.ibm.wps.puma.Group;
import com.ibm.wps.puma.GroupManager;
import com.ibm.wps.puma.Principal;
import com.ibm.wps.puma.User;
import com.ibm.wps.puma.UserManager;
import com.ibm.wps.util.DataBackendException;
import com.ibm.wps.util.ObjectID;
import com.ibm.wps.util.Properties;
import com.ibm.wps.wsrp.util.Constants;
import com.tivoli.mts.PDAttrs;
import com.tivoli.mts.PDPermission;
import com.tivoli.mts.PDPrincipal;
import com.tivoli.pd.jadmin.PDAcl;
import com.tivoli.pd.jadmin.PDAclEntry;
import com.tivoli.pd.jadmin.PDAclEntryAnyOther;
import com.tivoli.pd.jadmin.PDAclEntryUnAuth;
import com.tivoli.pd.jadmin.PDAclEntryUser;
import com.tivoli.pd.jadmin.PDAdmin;
import com.tivoli.pd.jadmin.PDGroup;
import com.tivoli.pd.jadmin.PDProtObject;
import com.tivoli.pd.jadmin.PDProtObjectSpace;
import com.tivoli.pd.jadmin.PDUser;
import com.tivoli.pd.jutil.PDContext;
import com.tivoli.pd.jutil.PDException;
import com.tivoli.pd.jutil.PDMessage;
import com.tivoli.pd.jutil.PDMessages;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import javax.naming.NamingException;
import javax.security.auth.Subject;

/* loaded from: input_file:plugins/com.ibm.wps_4.2.0.1/wps.jar:com/ibm/wps/services/authorization/PDExternalAccessControlImpl.class */
public class PDExternalAccessControlImpl extends ExternalAccessControlService {
    private PDContext pd_ctx;
    private URL pd_url;
    private LogManager logMgr;
    private ILogger trcLog;
    private PDPrincipal ANONYMOUS_PDPRINCIPAL;
    static Class class$com$tivoli$mts$PDPrincipal;
    private String pd_root = "/WPS";
    private String pd_pw = "password";
    private boolean logging = false;
    private String pd_user = "sec_master";
    private boolean createAcl = true;
    private String actionGroup = "[WPS]";
    private String viewAction = "v";
    private String editAction = "e";
    private String manageAction = "m";
    private String delegateAction = "d";
    private String createAction = "n";
    private String copyAction = UDDIConstants.CREATED;

    @Override // com.ibm.wps.services.authorization.ExternalAccessControlService
    public void addObject(ObjectType objectType, ObjectID objectID, String str) throws DataBackendException {
        if (this.logging) {
            this.trcLog.text(1L, this, "addObject", new StringBuffer().append("add object ").append(objectType).append(":").append(objectID).append(" alias ").append(str).toString());
        }
    }

    private PermissionSet callImpliesForAllPermissions(PDPrincipal pDPrincipal, String str) throws DataBackendException {
        PermissionSet permissionSet = new PermissionSet();
        if (pDPrincipal != null) {
            if (pDPrincipal.implies(new PDPermission(str, new StringBuffer().append(this.actionGroup).append(this.delegateAction).toString()))) {
                permissionSet.addPermission(Permission.DELEGATE);
            }
            if (pDPrincipal.implies(new PDPermission(str, new StringBuffer().append(this.actionGroup).append(this.copyAction).toString()))) {
                permissionSet.addPermission(Permission.COPY);
            }
            if (pDPrincipal.implies(new PDPermission(str, new StringBuffer().append(this.actionGroup).append(this.manageAction).toString()))) {
                permissionSet.addPermission(Permission.MANAGE).addPermission(Permission.EDIT).addPermission(Permission.VIEW).addPermission(Permission.CREATE);
            } else if (pDPrincipal.implies(new PDPermission(str, new StringBuffer().append(this.actionGroup).append(this.editAction).toString()))) {
                permissionSet.addPermission(Permission.EDIT).addPermission(Permission.VIEW);
            } else if (pDPrincipal.implies(new PDPermission(str, new StringBuffer().append(this.actionGroup).append(this.viewAction).toString()))) {
                permissionSet.addPermission(Permission.VIEW);
            } else if (pDPrincipal.implies(new PDPermission(str, new StringBuffer().append(this.actionGroup).append(this.createAction).toString()))) {
                permissionSet.addPermission(Permission.CREATE);
            }
        }
        return permissionSet;
    }

    private boolean createNameSpaceEntry(ObjectType objectType, ObjectID objectID, String str) throws DataBackendException {
        boolean z = false;
        PDMessages pDMessages = new PDMessages();
        try {
            PDProtObject.createProtObject(this.pd_ctx, oidToPd(objectType, ObjectID.ANY, ""), new StringBuffer().append("WPS ").append(objectType).append(" Container").toString(), true, (String) null, (PDAttrs) null, pDMessages);
        } catch (PDException e) {
            handlePDException(e);
        }
        try {
            pDMessages.clear();
            PDProtObject.createProtObject(this.pd_ctx, oidToPd(objectType, objectID, str), new StringBuffer().append("WPS Object representing ").append(getFriendlyName(objectType, ObjectID.ANY, "")).append(" ").append(str).toString(), true, (String) null, (PDAttrs) null, pDMessages);
            z = true;
        } catch (PDException e2) {
            handlePDException(e2);
        }
        return z;
    }

    @Override // com.ibm.wps.services.Service
    public void destroy() throws DataBackendException {
        try {
            PDAdmin.shutdown(new PDMessages());
        } catch (PDException e) {
            handlePDException(e);
        }
    }

    private PDPrincipal extractPDPrincipal(User user) {
        Class cls;
        if (this.logging) {
            this.trcLog.entry(1L, this, "extractSessionId()");
        }
        r10 = null;
        Subject subject = user.getSubject();
        if (this.logging) {
            this.trcLog.text(1L, this, "extractSessionId", subject != null ? "subject is not null" : "subject is null");
        }
        if (subject != null) {
            if (class$com$tivoli$mts$PDPrincipal == null) {
                cls = class$("com.tivoli.mts.PDPrincipal");
                class$com$tivoli$mts$PDPrincipal = cls;
            } else {
                cls = class$com$tivoli$mts$PDPrincipal;
            }
            for (PDPrincipal pDPrincipal : subject.getPrincipals(cls)) {
                if (this.logging) {
                    this.trcLog.text(1L, this, "extracting Principal()", new StringBuffer().append("found principal: ").append(pDPrincipal).toString());
                }
            }
        }
        return pDPrincipal;
    }

    @Override // com.ibm.wps.services.authorization.ExternalAccessControlService
    public PermissionCollection getEntitledSubjects(ObjectType objectType, ObjectType objectType2, ObjectID objectID, String str) throws DataBackendException {
        PDAclEntryUnAuth pDAclEntryUnAuth;
        PermissionCollection permissionCollection = new PermissionCollection(objectType2, objectID, objectType);
        String friendlyName = getFriendlyName(objectType2, objectID, str);
        try {
            PDMessages pDMessages = new PDMessages();
            PDAcl acl = new PDProtObject(this.pd_ctx, oidToPd(objectType2, objectID, friendlyName), (PDAttrs) null, (PDAttrs) null, pDMessages).getAcl();
            HashMap hashMap = new HashMap();
            if (acl != null) {
                if (objectType.equals(ObjectType.USER)) {
                    hashMap = acl.getPDAclEntriesUser();
                } else if (objectType.equals(ObjectType.USER_GROUP)) {
                    hashMap = acl.getPDAclEntriesGroup();
                }
                for (String str2 : hashMap.keySet()) {
                    PermissionSet pdToWpsPermissionSet = pdToWpsPermissionSet(((PDAclEntry) hashMap.get(str2)).getPermission(), false);
                    if (objectType.equals(ObjectType.USER)) {
                        permissionCollection.setPermissions(pdToWpsPermissionSet, getUser(new PDUser(this.pd_ctx, str2, pDMessages).getRgyName()).getObjectId(), true);
                    } else if (objectType.equals(ObjectType.USER_GROUP)) {
                        permissionCollection.setPermissions(pdToWpsPermissionSet, getGroup(new PDGroup(this.pd_ctx, str2, pDMessages).getRgyName()).getObjectId(), true);
                    }
                }
                if (objectType.equals(ObjectType.ANONYMOUS_USER) && (pDAclEntryUnAuth = acl.getPDAclEntryUnAuth()) != null) {
                    permissionCollection.setPermissions(pdToWpsPermissionSet(pDAclEntryUnAuth.getPermission(), false), ObjectID.ANY, true);
                }
                new PermissionSet();
                PDAclEntryAnyOther pDAclEntryAnyOther = acl.getPDAclEntryAnyOther();
                if (pDAclEntryAnyOther != null) {
                    permissionCollection.setPermissions(pdToWpsPermissionSet(pDAclEntryAnyOther.getPermission(), false), ObjectID.ANY, true);
                }
            } else if (this.logging) {
                this.trcLog.text(1L, this, "getEntitledSubjects()", new StringBuffer().append("no acl found on object: ").append(objectType2).append(":").append(objectID).toString());
            }
        } catch (PDException e) {
            handlePDException(e);
        }
        return permissionCollection;
    }

    private String getFriendlyName(ObjectType objectType, ObjectID objectID, String str) {
        String objectType2;
        if (objectID.equals(ObjectID.ANY)) {
            objectType2 = objectType.equals(ObjectType.USER_GROUP) ? "GROUP" : objectType.equals(ObjectType.PAGE_GROUP) ? "PLACE" : objectType.toString();
        } else {
            if (objectType.equals(ObjectType.USER_GROUP) || objectType.equals(ObjectType.USER)) {
                str = str.substring(str.indexOf(61) + 1, str.indexOf(44));
            }
            objectType2 = new StringBuffer().append(str).append("(").append(objectID.toString()).append(")").toString();
        }
        if (this.logging) {
            this.trcLog.text(1L, this, "getFriendlyName()", new StringBuffer().append(objectType).append(":").append(objectID).append("--> ").append(objectType2).toString());
        }
        return objectType2;
    }

    private Group getGroup(String str) {
        if (this.logging) {
            this.trcLog.text(1L, this, "getGroup(String)", new StringBuffer().append("getting group for: ").append(str).toString());
        }
        if (str != null) {
            return GroupManager.instance().findById(str);
        }
        if (!this.logging) {
            return null;
        }
        this.trcLog.text(4L, this, "getGroup(String)", "null DN for Group lookup");
        return null;
    }

    public PDPrincipal getPDPrincipal(ObjectType objectType, ObjectID objectID) {
        if (objectType.equals(ObjectType.ANONYMOUS_USER)) {
            return this.ANONYMOUS_PDPRINCIPAL;
        }
        if (!objectType.equals(ObjectType.USER) || objectID.equals(ObjectID.ANY)) {
            return null;
        }
        try {
            return new PDPrincipal(((User) UserManager.instance().findById(objectID)).getUid());
        } catch (NamingException e) {
            this.trcLog.text(4L, this, "getPDPrincipal()", new StringBuffer().append("User not found for subjectId ").append(objectID).toString());
            return null;
        }
    }

    @Override // com.ibm.wps.services.authorization.ExternalAccessControlService
    public PermissionSet getPermissions(Principal principal, Collection collection, ObjectType objectType, ObjectID objectID, String str, ObjectType objectType2, Collection collection2) throws DataBackendException {
        if (this.logging) {
            this.trcLog.text(1L, this, "getPermissions", new StringBuffer().append("get permissions for ").append(principal.getId()).append(" on ").append(objectType).append(":").append(objectID).toString());
        }
        ObjectType objectType3 = objectType(principal);
        ObjectID objectID2 = objectID(principal);
        PermissionSet permissionSet = new PermissionSet();
        if (!objectType3.equals(ObjectType.USER) || objectID2.equals(ObjectID.ANY)) {
            return permissionSet;
        }
        PDPrincipal extractPDPrincipal = extractPDPrincipal((User) principal);
        if (extractPDPrincipal == null) {
            if (this.logging) {
                this.trcLog.text(1L, this, "getPermission(prin)", "PDPrincipal was not found in Subject ");
            }
            return getPermissions(objectType(principal), objectID(principal), ObjectType.USER_GROUP, collection, objectType, objectID, str, objectType2, collection2);
        }
        String oidToPd = oidToPd(objectType, objectID, getFriendlyName(objectType, objectID, str));
        if (this.logging) {
            this.trcLog.text(1L, this, "getPermissions(Principal)", new StringBuffer().append("resource to check is: ").append(oidToPd).toString());
        }
        PermissionSet callImpliesForAllPermissions = callImpliesForAllPermissions(extractPDPrincipal, oidToPd);
        if (this.logging) {
            this.trcLog.text(1L, this, "getPermission(prin)", new StringBuffer().append("set returned from Access Manager for ").append(principal.getId()).append(" on ").append(objectType).append(":").append(objectID).append(" is ").append(callImpliesForAllPermissions).toString());
        }
        return callImpliesForAllPermissions;
    }

    @Override // com.ibm.wps.services.authorization.ExternalAccessControlService
    public PermissionSet getPermissions(ObjectType objectType, ObjectID objectID, ObjectType objectType2, Collection collection, ObjectType objectType3, ObjectID objectID2, String str, ObjectType objectType4, Collection collection2) throws DataBackendException {
        if (this.logging) {
            this.trcLog.text(128L, this, "getPermissions", new StringBuffer().append("get permissions for ").append(objectType3).append(":").append(objectID2).toString());
        }
        new PermissionSet();
        String oidToPd = oidToPd(objectType3, objectID2, getFriendlyName(objectType3, objectID2, str));
        if (this.logging) {
            this.trcLog.text(1L, this, "getPermission()", new StringBuffer().append("resource name is: ").append(oidToPd).toString());
        }
        PermissionSet callImpliesForAllPermissions = callImpliesForAllPermissions(getPDPrincipal(objectType, objectID), oidToPd);
        if (this.logging) {
            this.trcLog.text(1L, this, "getPermission()", new StringBuffer().append("set returned from Access Manager for : ").append(objectType).append(":").append(objectID).append(" on ").append(objectType3).append(":").append(objectID2).append(" is ").append(callImpliesForAllPermissions).toString());
        }
        return callImpliesForAllPermissions;
    }

    private User getUser(String str) {
        if (this.logging) {
            this.trcLog.text(1L, this, "getUser(String)", new StringBuffer().append("getting user for: ").append(str).toString());
        }
        if (str != null) {
            return (User) UserManager.instance().findById(str);
        }
        if (!this.logging) {
            return null;
        }
        this.trcLog.text(4L, this, "getUser(String)", "null DN for User lookup");
        return null;
    }

    public void handlePDException(PDException pDException) throws DataBackendException {
        PDMessages messages = pDException.getMessages();
        boolean z = true;
        if (messages != null) {
            Iterator it = messages.iterator();
            while (it.hasNext()) {
                PDMessage pDMessage = (PDMessage) it.next();
                if (this.logging) {
                    this.trcLog.text(1L, this, "handlePDException()", new StringBuffer().append("msg text is: ").append(pDMessage.getMsgText()).append(", msg code is: ").append(pDMessage.getMsgCode()).toString());
                }
                if (pDMessage.getMsgCode() == 348131929) {
                    z = false;
                    if (this.logging) {
                        this.trcLog.text(1L, this, "handlePDException()", " Object already exists ");
                    }
                }
                if (pDMessage.getMsgCode() == 268808650) {
                    z = false;
                    if (this.logging) {
                        this.trcLog.text(1L, this, "handlePDException()", " Object does not exist ");
                    }
                }
                if (pDMessage.getMsgCode() == 268808652) {
                    z = false;
                    if (this.logging) {
                        this.trcLog.text(1L, this, "handlePDException()", " ObjectSpace already exists ");
                    }
                }
            }
        }
        if (z) {
            this.trcLog.text(4L, this, "handlePDException()", new StringBuffer().append("Error accessing PD: ").append(pDException.toString()).toString());
            throw new DataBackendException(pDException.getMessage());
        }
    }

    @Override // com.ibm.wps.services.Service
    public void init(Properties properties) throws Exception {
        this.logMgr = LogManager.getManager();
        this.trcLog = this.logMgr.getTraceLogger("AccessControlTraceLogger");
        this.logging = this.trcLog.isLogging();
        if (this.logging) {
            this.trcLog.text(1L, this, "init()", "initialized logging");
        }
        if (properties.getBoolean("accesscontrol.ready").booleanValue()) {
            initPD(properties);
        } else {
            this.trcLog.text(2L, this, "init()", "WARNING: PD configuration has not been run. See ExternalAccessControlService.properties. PD authorization DISABLED");
        }
    }

    private void initPD(Properties properties) throws Exception {
        if (this.trcLog.isLogging()) {
            this.trcLog.text(1L, this, "initPD()", new StringBuffer().append(properties.toString()).append("version: >= PQ23060").toString());
        }
        this.pd_root = properties.getString("accesscontrol.pdroot", "/WPS");
        this.pd_pw = properties.getString("accesscontrol.pdpw", "password");
        this.actionGroup = properties.getString("accesscontrol.actionGroup", "[WPS]");
        this.viewAction = properties.getString("accesscontrol.viewAction", "v");
        this.editAction = properties.getString("accesscontrol.editAction", "e");
        this.manageAction = properties.getString("accesscontrol.manageAction", "m");
        this.delegateAction = properties.getString("accesscontrol.delegateAction", "d");
        this.createAction = properties.getString("accesscontrol.createAction", "n");
        this.copyAction = properties.getString("accesscontrol.copyAction", UDDIConstants.CREATED);
        this.createAcl = properties.getBoolean("accesscontrol.createAcl").booleanValue();
        this.pd_user = properties.getString("accesscontrol.pduser", "sec_master");
        try {
            this.pd_url = new URL(properties.getString("accesscontrol.pdurl", "pdperm.properties"));
        } catch (MalformedURLException e) {
            this.trcLog.text(1L, this, "initPD()", "pdurl URL invalid");
        }
        this.ANONYMOUS_PDPRINCIPAL = new PDPrincipal();
        PDMessages pDMessages = new PDMessages();
        PDAdmin.initialize("WPS 4.1 ACL", pDMessages);
        this.pd_ctx = new PDContext(this.pd_user, this.pd_pw.toCharArray(), this.pd_url);
        if (this.pd_ctx == null) {
            throw new DataBackendException("null pd_context -> check ExternalAccessControlService.properties");
        }
        try {
            pDMessages.clear();
            PDProtObjectSpace.createProtObjectSpace(this.pd_ctx, this.pd_root, "Websphere Portal ACL Root", pDMessages);
        } catch (PDException e2) {
            handlePDException(e2);
        }
        setObjectControl("wpsadmin", ObjectType.EXTERNAL_ACL, ObjectID.ANY, getFriendlyName(ObjectType.EXTERNAL_ACL, ObjectID.ANY, ""), true);
    }

    private final ObjectID objectID(Principal principal) {
        String id = principal.getId();
        if (principal != null && id.indexOf("ANY") == -1 && id.indexOf("ANONYMOUS") == -1) {
            if (this.logging) {
                this.trcLog.text(1L, this, "objectID(prin)", new StringBuffer().append("Principal is: ").append(id).append(", returning his ID").toString());
            }
            return principal.getObjectId();
        }
        if (this.logging) {
            this.trcLog.text(1L, this, "objectID(prin)", new StringBuffer().append("Principal is: ").append(id).append(", returning ObjectID.ANY").toString());
        }
        return ObjectID.ANY;
    }

    private final ObjectType objectType(Principal principal) {
        return (principal == null || principal == AccessControl.ANY_ANONYMOUS_USER) ? ObjectType.ANONYMOUS_USER : (principal == AccessControl.ANY_USER || (principal instanceof User)) ? ObjectType.USER : ObjectType.USER_GROUP;
    }

    private String oidToPd(ObjectType objectType, ObjectID objectID, String str) {
        StringBuffer stringBuffer = new StringBuffer(new StringBuffer().append(this.pd_root).append("/").toString());
        stringBuffer.append(getFriendlyName(objectType, ObjectID.ANY, ""));
        if (objectID != null && !objectID.equals(ObjectID.ANY)) {
            stringBuffer.append(new StringBuffer().append("/").append(str).toString());
        }
        if (this.logging) {
            this.trcLog.text(1L, this, "oidToPd()", new StringBuffer().append("POS name is ").append(stringBuffer.toString()).toString());
        }
        return stringBuffer.toString();
    }

    private PermissionSet pdToWpsPermissionSet(String str, boolean z) {
        PermissionSet permissionSet = new PermissionSet(Permission.NONE);
        if (str.indexOf(this.createAction, str.indexOf(this.actionGroup)) != -1) {
            permissionSet.addPermission(Permission.CREATE);
        }
        if (str.indexOf(this.manageAction, str.indexOf(this.actionGroup)) != -1) {
            if (z) {
                permissionSet.addPermission(Permission.MANAGE).addPermission(Permission.EDIT).addPermission(Permission.VIEW);
            } else {
                permissionSet.addPermission(Permission.MANAGE);
            }
        }
        if (str.indexOf(this.editAction, str.indexOf(this.actionGroup)) != -1) {
            if (z) {
                permissionSet.addPermission(Permission.EDIT).addPermission(Permission.VIEW);
            } else {
                permissionSet.addPermission(Permission.EDIT);
            }
        }
        if (str.indexOf(this.viewAction, str.indexOf(this.actionGroup)) != -1) {
            permissionSet.addPermission(Permission.VIEW);
        }
        if (str.indexOf(this.copyAction, str.indexOf(this.actionGroup)) != -1) {
            permissionSet.addPermission(Permission.COPY);
        }
        if (str.indexOf(this.delegateAction, str.indexOf(this.actionGroup)) != -1) {
            permissionSet.addPermission(Permission.DELEGATE);
        }
        if (this.logging) {
            this.trcLog.text(1L, this, new StringBuffer().append("pdToWpsPermissionSet(").append(z).append(")").toString(), new StringBuffer().append("PD permission string").append(str).append("->").append(permissionSet).toString());
        }
        return permissionSet;
    }

    @Override // com.ibm.wps.services.authorization.ExternalAccessControlService
    public void removeObject(ObjectType objectType, ObjectID objectID, String str) throws DataBackendException {
        String friendlyName = getFriendlyName(objectType, objectID, str);
        if (this.logging) {
            this.trcLog.text(1L, this, "removeObject", new StringBuffer().append(objectType).append(":").append(objectID).append(":").append(friendlyName).toString());
        }
        String substring = this.pd_root.substring(1);
        PDMessages pDMessages = new PDMessages();
        try {
            PDProtObject pDProtObject = new PDProtObject(this.pd_ctx, oidToPd(objectType, objectID, friendlyName), (PDAttrs) null, (PDAttrs) null, pDMessages);
            if (this.logging) {
                this.trcLog.text(1L, this, "removeObject()", new StringBuffer().append("object to remove=").append(pDProtObject.toString()).append("pd_messages=").append(pDMessages.toString()).toString());
            }
            pDMessages.clear();
            PDAcl acl = pDProtObject.getAcl();
            if (acl != null) {
                if (acl.getId().equals(new StringBuffer().append(substring).append(Constants.NAMESPACE_START).append(getFriendlyName(objectType, ObjectID.ANY, "")).append(objectID).toString())) {
                    pDProtObject.detachAcl(this.pd_ctx, pDMessages);
                    pDMessages.clear();
                    PDAcl.deleteAcl(this.pd_ctx, acl.getId(), pDMessages);
                    pDMessages.clear();
                    this.trcLog.text(1L, this, "removeObject()", new StringBuffer().append("ACL: ").append(acl.getId()).append(" removed").toString());
                } else {
                    try {
                        pDMessages.clear();
                        this.trcLog.text(1L, this, "removeObject()", new StringBuffer().append("ACL to delete :").append(substring).append(Constants.NAMESPACE_START).append(getFriendlyName(objectType, ObjectID.ANY, "")).append(objectID).toString());
                        PDAcl.deleteAcl(this.pd_ctx, new StringBuffer().append(substring).append(Constants.NAMESPACE_START).append(getFriendlyName(objectType, ObjectID.ANY, "")).append(objectID).toString(), pDMessages);
                        pDMessages.clear();
                    } catch (PDException e) {
                        this.trcLog.text(1L, this, "removeObject()", new StringBuffer().append("Error occurred trying to delete generated ACL. Exception: ").append(e.getMessage()).toString());
                    }
                }
            }
            PDProtObject.deleteProtObject(this.pd_ctx, oidToPd(objectType, objectID, friendlyName), pDMessages);
        } catch (PDException e2) {
            handlePDException(e2);
        }
    }

    @Override // com.ibm.wps.services.authorization.ExternalAccessControlService
    public void setObjectControl(Principal principal, ObjectType objectType, ObjectID objectID, String str, boolean z) throws DataBackendException, NotAllowedException {
        String friendlyName = getFriendlyName(objectType, objectID, str);
        String substring = this.pd_root.substring(1);
        if (this.logging) {
            this.trcLog.text(1L, this, "setObjectControl", new StringBuffer().append("set object control for ").append(objectType).append(":").append(objectID).append(" alias ").append(str).append(". Owner: ").append(principal != null ? principal.getId() : "no one").toString());
        }
        PDMessages pDMessages = new PDMessages();
        PermissionSet permissions = getPermissions(principal, null, ObjectType.EXTERNAL_ACL, ObjectID.ANY, "", null, null);
        if (!permissions.hasPermission(Permission.MANAGE) || !permissions.hasPermission(Permission.DELEGATE)) {
            this.trcLog.text(4L, this, "setObjectControl()", new StringBuffer().append("Principal: ").append(principal.getId()).append(" does not have MANAGE and DELEGATE permissions on: ").append(ObjectType.EXTERNAL_ACL).append(" in TAM ").toString());
            throw new NotAllowedException();
        }
        if (!z) {
            removeObject(objectType, objectID, str);
            return;
        }
        createNameSpaceEntry(objectType, objectID, friendlyName);
        if (this.createAcl) {
            HashMap hashMap = new HashMap();
            PermissionSet permissionSet = new PermissionSet();
            permissionSet.addPermission(Permission.MANAGE).addPermission(Permission.DELEGATE);
            String substring2 = principal.getId().substring(principal.getId().indexOf("=") + 1, principal.getId().indexOf(","));
            try {
                PDProtObject pDProtObject = new PDProtObject(this.pd_ctx, oidToPd(objectType, objectID, friendlyName), (PDAttrs) null, (PDAttrs) null, pDMessages);
                pDMessages.clear();
                if (pDProtObject.getAcl() == null) {
                    this.trcLog.text(1L, this, "setObjectControl()", "No acl attached. We'll create one");
                    hashMap.put(substring2, new PDAclEntryUser(this.pd_ctx, substring2, wpsToPdPermission(permissionSet), pDMessages));
                    pDMessages.clear();
                    PDAcl.createAcl(this.pd_ctx, new StringBuffer().append(substring).append(Constants.NAMESPACE_START).append(getFriendlyName(objectType, ObjectID.ANY, "")).append(objectID).toString(), new StringBuffer().append("ACL for ").append(getFriendlyName(objectType, ObjectID.ANY, "")).append(":").append(friendlyName).toString(), hashMap, (HashMap) null, (PDAclEntryAnyOther) null, (PDAclEntryUnAuth) null, (PDAttrs) null, pDMessages);
                    pDMessages.clear();
                    PDProtObject.attachAcl(this.pd_ctx, oidToPd(objectType, objectID, friendlyName), new StringBuffer().append(substring).append(Constants.NAMESPACE_START).append(getFriendlyName(objectType, ObjectID.ANY, "")).append(objectID).toString(), pDMessages);
                    pDMessages.clear();
                }
            } catch (PDException e) {
                if (e.toString().indexOf("already exists") == -1) {
                    throw new DataBackendException((Throwable) e);
                }
                this.trcLog.text(1L, this, "setobjectControl()", "Object already exists in namespace");
            }
        }
    }

    private void setObjectControl(String str, ObjectType objectType, ObjectID objectID, String str2, boolean z) throws DataBackendException, NotAllowedException {
        String friendlyName = getFriendlyName(objectType, objectID, str2);
        String substring = this.pd_root.substring(1);
        if (this.logging) {
            this.trcLog.text(1L, this, "setObjectControl", new StringBuffer().append("set object control for ").append(objectType).append(":").append(objectID).append(" alias ").append(str2).append(". Owner: ").append(str != null ? str : "no one").toString());
        }
        PDMessages pDMessages = new PDMessages();
        try {
            new PDUser(this.pd_ctx, str, pDMessages);
            if (this.logging) {
                this.trcLog.text(1L, this, "setObjectControl(String)", new StringBuffer().append("user ").append(str).append(" exists!").toString());
            }
            pDMessages.clear();
        } catch (PDException e) {
            this.trcLog.text(1L, this, "setObjectControl(String)", new StringBuffer().append("user ").append(str).append(" does NOT exist. Cannot set ACL for ").append(getFriendlyName(objectType, objectID, friendlyName)).toString());
        }
        if (!z) {
            removeObject(objectType, objectID, str2);
            return;
        }
        createNameSpaceEntry(objectType, objectID, friendlyName);
        if (this.createAcl) {
            HashMap hashMap = new HashMap();
            PermissionSet permissionSet = new PermissionSet();
            permissionSet.addPermission(Permission.MANAGE).addPermission(Permission.DELEGATE);
            try {
                PDProtObject pDProtObject = new PDProtObject(this.pd_ctx, oidToPd(objectType, objectID, friendlyName), (PDAttrs) null, (PDAttrs) null, pDMessages);
                pDMessages.clear();
                if (pDProtObject.getAcl() == null) {
                    hashMap.put(str, new PDAclEntryUser(this.pd_ctx, str, wpsToPdPermission(permissionSet), pDMessages));
                    pDMessages.clear();
                    PDAcl.createAcl(this.pd_ctx, new StringBuffer().append(substring).append(Constants.NAMESPACE_START).append(getFriendlyName(objectType, ObjectID.ANY, "")).append(objectID).toString(), new StringBuffer().append("ACL for ").append(getFriendlyName(objectType, ObjectID.ANY, "")).append(":").append(friendlyName).toString(), hashMap, (HashMap) null, (PDAclEntryAnyOther) null, (PDAclEntryUnAuth) null, (PDAttrs) null, pDMessages);
                    pDMessages.clear();
                    PDProtObject.attachAcl(this.pd_ctx, oidToPd(objectType, objectID, friendlyName), new StringBuffer().append(substring).append(Constants.NAMESPACE_START).append(getFriendlyName(objectType, ObjectID.ANY, "")).append(objectID).toString(), pDMessages);
                    pDMessages.clear();
                }
            } catch (PDException e2) {
                handlePDException(e2);
            }
        }
    }

    private String wpsToPdPermission(PermissionSet permissionSet) {
        StringBuffer stringBuffer = new StringBuffer(new StringBuffer().append("T").append(this.actionGroup).toString());
        if (permissionSet.hasExplicitPermission(Permission.DELEGATE)) {
            stringBuffer.append(this.delegateAction);
        }
        if (permissionSet.hasExplicitPermission(Permission.MANAGE)) {
            stringBuffer.append(new StringBuffer().append(this.manageAction).append(this.editAction).append(this.viewAction).toString());
        } else if (permissionSet.hasExplicitPermission(Permission.EDIT)) {
            stringBuffer.append(new StringBuffer().append(this.editAction).append(this.viewAction).toString());
        } else if (permissionSet.hasExplicitPermission(Permission.VIEW)) {
            stringBuffer.append(this.viewAction);
        }
        if (permissionSet.hasExplicitPermission(Permission.COPY)) {
            stringBuffer.append(this.copyAction);
        }
        if (permissionSet.hasExplicitPermission(Permission.CREATE)) {
            stringBuffer.append(this.createAction);
        }
        if (this.logging) {
            this.trcLog.text(1L, this, "wpsToPDPermission", new StringBuffer().append("Permission set: ").append(permissionSet).append("->").append(stringBuffer.toString()).toString());
        }
        return stringBuffer.toString();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }
}
