package com.ibm.wps.ac.impl;

import com.ibm.portal.ObjectID;
import com.ibm.portal.events.ACRoleMappingEventListener;
import com.ibm.wps.ac.ACPrincipal;
import com.ibm.wps.ac.AccessControlMessages;
import com.ibm.wps.ac.ActionSet;
import com.ibm.wps.ac.AuthorizationDataException;
import com.ibm.wps.ac.AuthorizationModelException;
import com.ibm.wps.ac.ExternalAuthorizationException;
import com.ibm.wps.ac.RoleData;
import com.ibm.wps.ac.cache.ACCacheManager;
import com.ibm.wps.ac.internal.AccessControlConfig;
import com.ibm.wps.datastore.ac.ProtectedResourceRO;
import com.ibm.wps.datastore.ac.RoleInstance;
import com.ibm.wps.logging.LogManager;
import com.ibm.wps.logging.Logger;
import com.ibm.wps.services.events.EventBroker;
import com.ibm.wps.util.ObjectIDConstants;
import java.util.ArrayList;
import java.util.Collection;

/* loaded from: input_file:plugins/com.ibm.wps_v5_5.0.2/wps.jar:com/ibm/wps/ac/impl/ExternalAccessControlManager.class */
public class ExternalAccessControlManager {
    private static final String COPYRIGHT = "Licensed Materials - Property of IBM, 5724-E76 and 5724-E77, (C) Copyright IBM Corp. 2001, 2003 - All Rights reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static Logger logger;
    private ResourceManager resourceManager;
    private ACCacheManager cacheManager;
    private RoleManager roleManager;
    private Engine engine;
    private static final int INITIAL_COLLECTION_SIZE = 32;
    private ACRoleMappingEventListener acRoleMappingEvent;
    private boolean isReorderRoleNames;
    static Class class$com$ibm$wps$ac$impl$ExternalAccessControlManager;
    static Class class$com$ibm$portal$events$ACRoleMappingEventListener;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ExternalAccessControlManager(ResourceManager resourceManager, RoleManager roleManager, ACCacheManager aCCacheManager, Engine engine, boolean z) throws AuthorizationDataException {
        Class cls;
        this.acRoleMappingEvent = null;
        this.isReorderRoleNames = false;
        this.resourceManager = resourceManager;
        this.roleManager = roleManager;
        this.cacheManager = aCCacheManager;
        this.engine = engine;
        if (class$com$ibm$portal$events$ACRoleMappingEventListener == null) {
            cls = class$("com.ibm.portal.events.ACRoleMappingEventListener");
            class$com$ibm$portal$events$ACRoleMappingEventListener = cls;
        } else {
            cls = class$com$ibm$portal$events$ACRoleMappingEventListener;
        }
        this.acRoleMappingEvent = (ACRoleMappingEventListener) EventBroker.getTrigger(cls);
        this.isReorderRoleNames = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection externalizeResourceTree(ACPrincipal aCPrincipal, ObjectID objectID, boolean z) throws AuthorizationDataException, ExternalAuthorizationException, AuthorizationModelException {
        Collection loadSubTree;
        if (logger.isLogging(111)) {
            logger.entry(111, "externalizeResourceTree", new Object[]{objectID});
        }
        checkResourcePrivate(objectID);
        if (!this.roleManager.loadRolesForPrincipalOnResource(aCPrincipal, objectID).contains(ActionSet.ADMIN)) {
            RoleDataImpl roleDataImpl = new RoleDataImpl(ActionSet.ADMIN, objectID, null, null, false);
            ArrayList arrayList = new ArrayList();
            arrayList.add(aCPrincipal);
            roleDataImpl.setMappedPrincipals(arrayList);
            this.roleManager.createRoleMapping(roleDataImpl);
        }
        if (z) {
            loadSubTree = new ArrayList(1);
            loadSubTree.add(this.resourceManager.getDataAccess().loadResourceByExternalID(objectID));
        } else {
            loadSubTree = this.resourceManager.loadSubTree(objectID, true);
        }
        Collection externalizeRoleInstances = externalizeRoleInstances(this.roleManager.loadRoleInstancesOnResources(this.resourceManager.getObjectIDsFiltered(loadSubTree, true)));
        this.resourceManager.modifyExternalizedFlag(loadSubTree, true);
        this.cacheManager.resourceExternalized(objectID);
        if (AccessControlConfig.roleMappingEventsEnabled()) {
            this.acRoleMappingEvent.roleMappingModified(objectID, null, null);
        }
        if (logger.isLogging(111)) {
            logger.exit(111, "externalizeResourceTree", new Object[]{externalizeRoleInstances});
        }
        return externalizeRoleInstances;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection internalizeResourceTree(ObjectID objectID, boolean z) throws AuthorizationDataException, ExternalAuthorizationException, AuthorizationModelException {
        Collection loadSubTree;
        if (logger.isLogging(111)) {
            logger.entry(111, "internalizeResourceTree", new Object[]{objectID});
        }
        checkResourcePrivate(objectID);
        if (objectID.equals(ObjectIDConstants.AC_VIRTUAL_RESOURCE_EXTERNAL_ACCESS_CONTROL)) {
            logger.text(100, "internalizeResourceTree", "Attempt to internalize the virtual resource EXTERNAL_ACCESS_CONTROL");
            throw new AuthorizationModelException(AccessControlMessages.INTERNALIZE_EACL_RESOURCE_ERROR_0);
        }
        if (z) {
            loadSubTree = new ArrayList(1);
            loadSubTree.add(this.resourceManager.getDataAccess().loadResourceByExternalID(objectID));
        } else {
            loadSubTree = this.resourceManager.loadSubTree(objectID, true);
        }
        RoleInstance[] loadRoleInstancesOnResources = this.roleManager.loadRoleInstancesOnResources(this.resourceManager.getObjectIDsFiltered(loadSubTree, false));
        this.resourceManager.modifyExternalizedFlag(loadSubTree, false);
        Collection internalizeRoleInstances = internalizeRoleInstances(loadRoleInstancesOnResources);
        this.cacheManager.resourceExternalized(objectID);
        if (logger.isLogging(111)) {
            logger.exit(111, "internalizeResourceTree", new Object[]{internalizeRoleInstances});
        }
        return internalizeRoleInstances;
    }

    private Collection externalizeRoleInstances(RoleInstance[] roleInstanceArr) throws AuthorizationDataException, ExternalAuthorizationException, AuthorizationModelException {
        if (logger.isLogging(111)) {
            logger.entry(111, "externalizeRoleInstances", new Object[]{roleInstanceArr});
        }
        ArrayList arrayList = new ArrayList(roleInstanceArr.length);
        for (int i = 0; i < roleInstanceArr.length; i++) {
            if (roleInstanceArr[i].getAlias() == null) {
                Collection loadMappedPrincipals = this.roleManager.loadMappedPrincipals(roleInstanceArr[i]);
                this.roleManager.deleteAllRoleMappings(roleInstanceArr[i]);
                ResourceTitleManager.rebuildRoleName(roleInstanceArr[i], this.isReorderRoleNames);
                ExternalAccessControl.externalizeRole(roleInstanceArr[i].getName(), loadMappedPrincipals);
            }
            arrayList.add(roleInstanceArr[i].getName());
        }
        if (logger.isLogging(111)) {
            logger.exit(111, "externalizeRoleInstances", new Object[]{arrayList});
        }
        return arrayList;
    }

    private Collection internalizeRoleInstances(RoleInstance[] roleInstanceArr) throws AuthorizationDataException, ExternalAuthorizationException, AuthorizationModelException {
        if (logger.isLogging(111)) {
            logger.entry(111, "internalizeRoleInstances", new Object[]{roleInstanceArr});
        }
        ArrayList arrayList = new ArrayList(roleInstanceArr.length);
        for (int i = 0; i < roleInstanceArr.length; i++) {
            if (roleInstanceArr[i].getAlias() == null) {
                Collection internalizeRole = ExternalAccessControl.internalizeRole(roleInstanceArr[i].getName());
                this.roleManager.getActionSet(roleInstanceArr[i].getActionSetOID());
                this.roleManager.createRoleMapping(roleInstanceArr[i], internalizeRole, null);
            }
            arrayList.add(roleInstanceArr[i].getName());
        }
        if (logger.isLogging(111)) {
            logger.exit(111, "internalizeRoleInstances", new Object[]{arrayList});
        }
        return arrayList;
    }

    private void checkResourcePrivate(ObjectID objectID) throws AuthorizationModelException, AuthorizationDataException {
        if (this.resourceManager.getResourceByExternalID(objectID).isPrivate()) {
            throw new AuthorizationModelException(AccessControlMessages.EXTERNALIZE_PRIVATE_ERROR_1, new Object[]{objectID});
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean checkExternalizeResource(ACNodeImpl aCNodeImpl) throws AuthorizationDataException {
        if (logger.isLogging(111)) {
            logger.entry(112, "checkExternalizeResource", aCNodeImpl);
        }
        boolean z = AccessControlConfig.isExternalizationActivated() && aCNodeImpl.isExternalized();
        if (logger.isLogging(111)) {
            logger.exit(112, "checkExternalizeResource", z);
        }
        return z;
    }

    boolean isRoleExternalized(RoleData roleData) throws AuthorizationDataException {
        if (AccessControlConfig.isExternalizationActivated()) {
            return this.resourceManager.getResourceByExternalID(roleData.getResourceID()).isExternalized();
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void roleCreated(ProtectedResourceRO protectedResourceRO, RoleInstance roleInstance) throws ExternalAuthorizationException {
        if (logger.isLogging(111)) {
            logger.entry(112, "roleCreated", new Object[]{protectedResourceRO, roleInstance});
        }
        if (AccessControlConfig.isExternalizationActivated() && protectedResourceRO.isExternalized()) {
            ExternalAccessControl.externalizeRole(roleInstance.getName(), new ArrayList());
        }
        if (logger.isLogging(111)) {
            logger.exit(112, "roleCreated");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void roleDeleted(ProtectedResourceRO protectedResourceRO, RoleInstance roleInstance) throws ExternalAuthorizationException {
        if (logger.isLogging(111)) {
            logger.entry(112, "roleDeleted", new Object[]{protectedResourceRO, roleInstance});
        }
        if (AccessControlConfig.isExternalizationActivated() && protectedResourceRO.isExternalized()) {
            ExternalAccessControl.deleteRole(roleInstance.getName());
        }
        if (logger.isLogging(111)) {
            logger.exit(112, "roleDeleted");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void resourceDeleted(ObjectID objectID) throws ExternalAuthorizationException, AuthorizationDataException {
        if (logger.isLogging(111)) {
            logger.entry(112, "roleDeleted", new Object[]{objectID});
        }
        if (AccessControlConfig.isExternalizationActivated()) {
            for (RoleInstance roleInstance : this.roleManager.loadRoleInstancesOnResources(this.resourceManager.getObjectIDsFiltered(this.resourceManager.loadSubTree(objectID, true), false))) {
                ExternalAccessControl.internalizeRole(roleInstance.getName());
            }
        }
        if (logger.isLogging(111)) {
            logger.exit(112, "roleDeleted");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        LogManager logManager = LogManager.getLogManager();
        if (class$com$ibm$wps$ac$impl$ExternalAccessControlManager == null) {
            cls = class$("com.ibm.wps.ac.impl.ExternalAccessControlManager");
            class$com$ibm$wps$ac$impl$ExternalAccessControlManager = cls;
        } else {
            cls = class$com$ibm$wps$ac$impl$ExternalAccessControlManager;
        }
        logger = logManager.getLogger(cls);
    }
}
