package com.ibm.wps.ac.impl;

import com.ibm.portal.ObjectID;
import com.ibm.portal.ResourceType;
import com.ibm.wps.ac.ACPrincipal;
import com.ibm.wps.ac.AccessControlMessages;
import com.ibm.wps.ac.AuthorizationDataException;
import com.ibm.wps.ac.ExternalAuthorizationException;
import com.ibm.wps.ac.cache.ACCacheManager;
import com.ibm.wps.ac.internal.AccessControlConfig;
import com.ibm.wps.datastore.ac.LinkUserToRole;
import com.ibm.wps.datastore.ac.ProtectedResource;
import com.ibm.wps.datastore.ac.RoleInstance;
import com.ibm.wps.datastore.ac.RoleInstanceRO;
import com.ibm.wps.logging.LogManager;
import com.ibm.wps.logging.Logger;
import com.ibm.wps.util.DataBackendException;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

/* loaded from: input_file:plugins/com.ibm.wps_v5_5.0.2/wps.jar:com/ibm/wps/ac/impl/RoleManagerDataAccess.class */
public class RoleManagerDataAccess {
    private static final String COPYRIGHT = "Licensed Materials - Property of IBM, 5724-E76 and 5724-E77, (C) Copyright IBM Corp. 2001, 2003 - All Rights reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private ACCacheManager cacheManager;
    private static Logger logger;
    private static final RoleInstance[] EMPTY_ROLE_INSTANCE_ARRAY;
    private ResourceManager resourceManager;
    private boolean isResolveGroupMembership = false;
    private static final RoleInstance[] EMTY_ROLE_INSTANCES;
    static Class class$com$ibm$wps$ac$impl$RoleManagerDataAccess;

    public RoleManagerDataAccess(ACCacheManager aCCacheManager, ResourceManager resourceManager) {
        this.cacheManager = aCCacheManager;
        this.resourceManager = resourceManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setResolveGroupMembership(boolean z) {
        this.isResolveGroupMembership = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RoleInstance loadRole(ObjectID objectID, ObjectID objectID2) throws AuthorizationDataException {
        try {
            return RoleInstance.find((com.ibm.wps.util.ObjectID) objectID, (com.ibm.wps.util.ObjectID) objectID2);
        } catch (DataBackendException e) {
            logger.text(100, "loadRole", "Exception: ", e);
            throw new AuthorizationDataException(AccessControlMessages.ROLE_INSTANCE_LOAD_ERROR_2, new Object[]{objectID, objectID2});
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RoleInstanceRO[] getRolesForPrincipal(ACPrincipal aCPrincipal, ResourceType resourceType) throws AuthorizationDataException {
        if (logger.isLogging(112)) {
            logger.entry(112, "getRolesForPrincipal", aCPrincipal, resourceType);
        }
        SuperType superType = SuperType.getSuperType(resourceType);
        RoleInstanceRO[] rolesForPrincipalAndType = this.cacheManager.getRolesForPrincipalAndType(aCPrincipal.getObjectID(), superType);
        if (rolesForPrincipalAndType == null) {
            rolesForPrincipalAndType = loadRolesForPrincipal(aCPrincipal, resourceType);
            this.cacheManager.putRolesForPrincipalAndType(aCPrincipal.getObjectID(), superType, rolesForPrincipalAndType);
        }
        if (logger.isLogging(112)) {
            logger.exit(112, "getRolesForPrincipal", Arrays.asList(rolesForPrincipalAndType));
        }
        return rolesForPrincipalAndType;
    }

    RoleInstance[] loadRolesForPrincipal(ACPrincipal aCPrincipal, ResourceType resourceType) throws AuthorizationDataException {
        if (logger.isLogging(112)) {
            logger.entry(112, "loadRolesForPrincipal", aCPrincipal, resourceType);
        }
        RoleInstance[] loadInternalRolesForPrincipal = loadInternalRolesForPrincipal(aCPrincipal, resourceType);
        if (AccessControlConfig.isExternalizationActivated()) {
            loadInternalRolesForPrincipal = addExternalRoles(aCPrincipal, resourceType, loadInternalRolesForPrincipal);
        }
        if (logger.isLogging(112)) {
            logger.exit(112, "loadRolesForPrincipal", Arrays.asList(loadInternalRolesForPrincipal));
        }
        return loadInternalRolesForPrincipal;
    }

    private RoleInstance[] loadInternalRolesForPrincipal(ACPrincipal aCPrincipal, ResourceType resourceType) throws AuthorizationDataException {
        if (logger.isLogging(112)) {
            logger.entry(112, "loadInternalRolesForPrincipal", aCPrincipal, resourceType);
        }
        Set types = SuperType.getSuperType(resourceType).getTypes();
        if (types.size() == 0) {
            if (logger.isLogging(112)) {
                logger.text(112, "loadInternalRolesForPrincipal", "skip this type");
            }
            return EMPTY_ROLE_INSTANCE_ARRAY;
        }
        try {
            LinkUserToRole[] findAllByPrincipalOID = LinkUserToRole.findAllByPrincipalOID((com.ibm.wps.util.ObjectID) aCPrincipal.getObjectID());
            if (findAllByPrincipalOID == null) {
                if (logger.isLogging(112)) {
                    logger.exit(112, "loadInternalRolesForPrincipal", "no links found (was null)");
                }
                return EMPTY_ROLE_INSTANCE_ARRAY;
            }
            if (findAllByPrincipalOID.length == 0) {
                if (logger.isLogging(112)) {
                    logger.exit(112, "loadInternalRolesForPrincipal", "no links found");
                }
                return EMPTY_ROLE_INSTANCE_ARRAY;
            }
            if (logger.isLogging(112)) {
                logger.text(112, "loadInternalRolesForPrincipal", new StringBuffer().append("links= ").append(Arrays.asList(findAllByPrincipalOID)).toString());
            }
            com.ibm.wps.util.ObjectID[] objectIDArr = new com.ibm.wps.util.ObjectID[findAllByPrincipalOID.length];
            for (int i = 0; i < objectIDArr.length; i++) {
                objectIDArr[i] = (com.ibm.wps.util.ObjectID) findAllByPrincipalOID[i].getRoleInstanceID();
            }
            RoleInstance[] findAllByOIDsAndResourceTypes = RoleInstance.findAllByOIDsAndResourceTypes(objectIDArr, types);
            if (logger.isLogging(112)) {
                logger.exit(112, "loadInternalRolesForPrincipal", Arrays.asList(findAllByOIDsAndResourceTypes));
            }
            return findAllByOIDsAndResourceTypes;
        } catch (DataBackendException e) {
            logger.text(100, "loadInternalRolesForPrincipal()", "Exception occured:", e);
            throw new AuthorizationDataException(AccessControlMessages.PRINCIPAL_RETRIEVE_MAPPED_ROLES_1, new Object[]{aCPrincipal.getObjectID()}, e);
        }
    }

    private RoleInstance[] loadExternalRolesForPrincipal(ACPrincipal aCPrincipal, ResourceType resourceType) throws AuthorizationDataException, ExternalAuthorizationException {
        if (logger.isLogging(112)) {
            logger.entry(112, "loadExternalRolesForPrincipal", aCPrincipal, resourceType);
        }
        if (aCPrincipal.getObjectID().getResourceType().equals(ResourceType.USER_GROUP) && !this.isResolveGroupMembership) {
            return EMTY_ROLE_INSTANCES;
        }
        try {
            Set types = SuperType.getSuperType(resourceType).getTypes();
            if (types.size() == 0) {
                if (logger.isLogging(112)) {
                    logger.text(112, "loadExternalRolesForPrincipal", "skip this type");
                }
                return EMPTY_ROLE_INSTANCE_ARRAY;
            }
            RoleInstance[] findAllByResourceTypes = RoleInstance.findAllByResourceTypes(types);
            if (findAllByResourceTypes.length == 0) {
                return findAllByResourceTypes;
            }
            com.ibm.wps.util.ObjectID[] objectIDArr = new com.ibm.wps.util.ObjectID[findAllByResourceTypes.length];
            for (int i = 0; i < findAllByResourceTypes.length; i++) {
                objectIDArr[i] = findAllByResourceTypes[i].getProtectedResourceOID();
            }
            ProtectedResource[] findAllExternalByOIDs = ProtectedResource.findAllExternalByOIDs(objectIDArr);
            if (logger.isLogging(112)) {
                logger.text(112, "loadExternalRolesForPrincipal", new StringBuffer().append("externalizedDomainRootResources: ").append(Arrays.asList(findAllExternalByOIDs)).toString());
            }
            HashSet hashSet = new HashSet(findAllExternalByOIDs.length * 2);
            for (ProtectedResource protectedResource : findAllExternalByOIDs) {
                hashSet.add(protectedResource.getObjectID());
            }
            if (logger.isLogging(112)) {
                logger.text(112, "loadExternalRolesForPrincipal", new StringBuffer().append("Role candidates: ").append(Arrays.asList(findAllByResourceTypes)).toString());
            }
            HashMap hashMap = new HashMap(findAllByResourceTypes.length);
            HashMap hashMap2 = new HashMap(findAllByResourceTypes.length);
            for (int i2 = 0; i2 < findAllByResourceTypes.length; i2++) {
                if (hashSet.contains(findAllByResourceTypes[i2].getProtectedResourceOID())) {
                    if (findAllByResourceTypes[i2].getAlias() == null) {
                        hashMap.put(findAllByResourceTypes[i2].getName(), findAllByResourceTypes[i2]);
                    } else {
                        hashMap2.put(findAllByResourceTypes[i2].getAlias(), findAllByResourceTypes[i2]);
                    }
                } else if (logger.isLogging(112)) {
                    logger.text(112, "loadExternalRolesForPrincipal", new StringBuffer().append("Skipping internal role: ").append(findAllByResourceTypes[i2]).toString());
                }
            }
            Collection roleMappings = ExternalAccessControl.getRoleMappings(aCPrincipal, hashMap.keySet());
            Collection aliasedRoleMappings = ExternalAccessControl.getAliasedRoleMappings(aCPrincipal, hashMap2.keySet());
            RoleInstance[] roleInstanceArr = new RoleInstance[roleMappings.size() + aliasedRoleMappings.size()];
            int i3 = 0;
            Iterator it = roleMappings.iterator();
            while (it.hasNext()) {
                int i4 = i3;
                i3++;
                roleInstanceArr[i4] = (RoleInstance) hashMap.get(it.next());
            }
            Iterator it2 = aliasedRoleMappings.iterator();
            while (it2.hasNext()) {
                int i5 = i3;
                i3++;
                roleInstanceArr[i5] = (RoleInstance) hashMap2.get(it2.next());
            }
            return roleInstanceArr;
        } catch (DataBackendException e) {
            logger.text(100, "loadInternalRolesForPrincipal()", "Exception occured:", e);
            throw new AuthorizationDataException(AccessControlMessages.PRINCIPAL_RETRIEVE_MAPPED_ROLES_1, new Object[]{aCPrincipal.getObjectID()}, e);
        }
    }

    private RoleInstance[] addExternalRoles(ACPrincipal aCPrincipal, ResourceType resourceType, RoleInstance[] roleInstanceArr) throws ExternalAuthorizationException, AuthorizationDataException {
        RoleInstance[] loadExternalRolesForPrincipal = loadExternalRolesForPrincipal(aCPrincipal, resourceType);
        RoleInstance[] roleInstanceArr2 = new RoleInstance[roleInstanceArr.length + loadExternalRolesForPrincipal.length];
        System.arraycopy(roleInstanceArr, 0, roleInstanceArr2, 0, roleInstanceArr.length);
        System.arraycopy(loadExternalRolesForPrincipal, 0, roleInstanceArr2, roleInstanceArr.length, loadExternalRolesForPrincipal.length);
        return roleInstanceArr2;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        LogManager logManager = LogManager.getLogManager();
        if (class$com$ibm$wps$ac$impl$RoleManagerDataAccess == null) {
            cls = class$("com.ibm.wps.ac.impl.RoleManagerDataAccess");
            class$com$ibm$wps$ac$impl$RoleManagerDataAccess = cls;
        } else {
            cls = class$com$ibm$wps$ac$impl$RoleManagerDataAccess;
        }
        logger = logManager.getLogger(cls);
        EMPTY_ROLE_INSTANCE_ARRAY = new RoleInstance[0];
        EMTY_ROLE_INSTANCES = new RoleInstance[0];
    }
}
