package com.ibm.wps.services.authorization;

import com.ibm.logging.ILogger;
import com.ibm.logging.mgr.LogManager;
import com.ibm.wcm.CMConstants;
import com.ibm.wcp.runtime.feedback.sa.admin.share.AdminConstants;
import com.ibm.wps.datastore.ApplicationDescriptor;
import com.ibm.wps.datastore.ComponentInstance;
import com.ibm.wps.datastore.PageInstance;
import com.ibm.wps.datastore.PortletDescriptor;
import com.ibm.wps.datastore.SkinDescriptor;
import com.ibm.wps.datastore.ThemeDescriptor;
import com.ibm.wps.datastore.UserDescriptor;
import com.ibm.wps.datastore.pco.PCOResourceCollection;
import com.ibm.wps.puma.Group;
import com.ibm.wps.puma.GroupManager;
import com.ibm.wps.puma.Principal;
import com.ibm.wps.puma.User;
import com.ibm.wps.puma.UserManager;
import com.ibm.wps.services.pmi.Pmi;
import com.ibm.wps.util.DataBackendException;
import com.ibm.wps.util.ObjectID;
import com.ibm.wps.util.Properties;
import java.util.Collection;
import java.util.Iterator;
import java.util.Vector;

/* loaded from: input_file:plugins/com.ibm.wps_4.2.0.1/wps.jar:com/ibm/wps/services/authorization/AccessControlImpl.class */
public class AccessControlImpl extends AccessControlService {
    private static final String COPYRIGHT = "Licensed Materials - Property of IBM, 5724-B88, (C) Copyright IBM Corp. 2001, 2002 - All Rights reserved.";
    private static LogManager logMgr;
    private static ILogger msgLog;
    private static ILogger trcLog;
    private PermissionCollectionCache permissionCollectionCache;
    private int traceLevel;
    private boolean enableNestedGroups;
    private boolean doNotResolveGroupMembershipForExternalAccessControl = true;
    private final int reservedObjectID = ObjectID.ANY.intValue();
    static final String ACL_CACHE_ID = "ACL";
    static final String ACL_DB = "ACL";

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.wps.services.Service
    public void destroy() throws Exception {
        if (this.permissionCollectionCache != null) {
            this.permissionCollectionCache.cleanup();
        }
        Pmi.stopCache(CMConstants.ACL_PROPERTY_NAME);
        super.destroy();
    }

    @Override // com.ibm.wps.services.Service
    public void init(Properties properties) throws Exception {
        long integer = properties.getInteger("accesscontrol.maxcacheage", AdminConstants.HEARTBEAT_INTERVAL);
        long integer2 = properties.getInteger("accesscontrol.maxcachesize", 0);
        boolean z = properties.getBoolean("accesscontrol.useAsynchronousCacheInvalidation", true);
        this.traceLevel = properties.getInteger("accesscontrol.tracelevel", 2);
        this.enableNestedGroups = properties.getBoolean("accesscontrol.nestedgroups", true);
        this.doNotResolveGroupMembershipForExternalAccessControl = properties.getBoolean("accesscontrol.doNotResolveGroupMembershipForExternalAccessControl", true);
        logMgr = LogManager.getManager();
        msgLog = logMgr.getMessageLogger("PortalCoreMessageLogger");
        trcLog = logMgr.getTraceLogger("AccessControlTraceLogger");
        Pmi.startCache(CMConstants.ACL_PROPERTY_NAME);
        this.permissionCollectionCache = new PermissionCollectionCache(integer, integer2, msgLog, trcLog, this.traceLevel, z);
        if (trcLog.isLogging()) {
            trcLog.text(1L, this, "entry", "initialized logging");
        }
    }

    private final ObjectID objectID(int i) {
        return i == this.reservedObjectID ? ObjectID.ANY : new ObjectID(i);
    }

    private final ObjectID objectID(Principal principal) {
        return (principal == null || principal == AccessControl.ANY_ANONYMOUS_USER || principal == AccessControl.ANY_USER || principal == AccessControl.ANY_USER_GROUP) ? ObjectID.ANY : principal.getObjectId();
    }

    private final ObjectType objectType(Principal principal) {
        return (principal == null || principal == AccessControl.ANY_ANONYMOUS_USER) ? ObjectType.ANONYMOUS_USER : (principal == AccessControl.ANY_USER || (principal instanceof User)) ? ObjectType.USER : ObjectType.USER_GROUP;
    }

    @Override // com.ibm.wps.services.authorization.AccessControlService
    public PermissionCollection getEntitlements(Principal principal, ObjectType objectType) throws DataBackendException {
        ObjectID objectID = objectID(principal);
        ObjectType objectType2 = objectType(principal);
        Collection groups = getGroups(principal);
        PermissionCollection permissionCollection = new PermissionCollection(objectType2, objectID, objectType);
        permissionCollection.addPermissionCollection(getPermissionCollection(principal, objectType));
        if (objectType2.equals(ObjectType.ANONYMOUS_USER) && objectID != ObjectID.ANY) {
            permissionCollection.addPermissionCollection(getPermissionCollection(AccessControl.ANY_ANONYMOUS_USER, objectType));
        } else if (objectType2.equals(ObjectType.USER) && objectID != ObjectID.ANY) {
            permissionCollection.addPermissionCollection(getPermissionCollection(AccessControl.ANY_USER, objectType));
        }
        if (groups != null) {
            Iterator it = groups.iterator();
            while (it.hasNext()) {
                permissionCollection.addPermissionCollection(getPermissionCollection((Group) it.next(), objectType));
            }
        }
        ObjectType groupType = objectType.getGroupType();
        if (groupType != null) {
            PermissionCollection entitlements = getEntitlements(principal, groupType);
            Iterator it2 = entitlements.iterator();
            while (it2.hasNext()) {
                ObjectID objectID2 = (ObjectID) it2.next();
                PermissionSet permissions = entitlements.getPermissions(objectID2);
                Iterator it3 = getMemberIds(groupType, objectID2, true).iterator();
                while (it3.hasNext()) {
                    permissionCollection.setPermissions(permissions, (ObjectID) it3.next(), true);
                }
            }
        }
        PermissionSet permissions2 = permissionCollection.getPermissions(ObjectID.ANY);
        if (permissions2 != null) {
            permissionCollection.collection.remove(ObjectID.ANY);
            PermissionSet permissionSet = new PermissionSet(permissions2);
            permissionSet.removePermission(Permission.CREATE);
            if (permissionSet.intValue() != Permission.NONE.intValue()) {
                Iterator it4 = getAnyObjectID(objectType).iterator();
                while (it4.hasNext()) {
                    permissionCollection.setPermissions(permissionSet, (ObjectID) it4.next(), true);
                }
                Iterator it5 = permissionCollection.iterator();
                while (it5.hasNext()) {
                    permissionCollection.setPermissions(permissionSet, (ObjectID) it5.next(), true);
                }
            }
        }
        if (trcLog.isLogging() && this.traceLevel > 1) {
            trcLog.text(1L, this, "getEntitlements", new StringBuffer().append(objectType).append(" entitlements for ").append(objectType2).append(":").append(objectID).append(" are ").append(permissionCollection).toString());
        }
        return permissionCollection;
    }

    @Override // com.ibm.wps.services.authorization.AccessControlService
    public boolean hasPermission(Principal principal, Permission permission, ObjectType objectType, ObjectID objectID) throws DataBackendException {
        ObjectID objectID2 = objectID(principal);
        ObjectType objectType2 = objectType(principal);
        Collection collection = null;
        boolean z = false;
        ObjectType groupType = objectType.getGroupType();
        if (groupType != null && objectID != ObjectID.ANY) {
            collection = getGroupIds(null, objectType, objectID, true);
        }
        if (principal == null || principal == AccessControl.ANY_ANONYMOUS_USER) {
            if (collection != null) {
                z = getPermissionCollection(principal, groupType).hasPermission(permission, collection);
            }
            if (!z) {
                z = getPermissionCollection(principal, objectType).hasPermission(permission, objectID);
            }
        } else {
            Principal principal2 = objectType2.equals(ObjectType.USER) ? AccessControl.ANY_USER : AccessControl.ANY_USER_GROUP;
            Collection groups = getGroups(principal);
            if (collection != null) {
                z = hasPermissionFromGroup(groups, permission, groupType, collection) || getPermissionCollection(principal2, groupType).hasPermission(permission, collection) || getPermissionCollection(principal, groupType).hasPermission(permission, collection);
            }
            if (!z) {
                z = hasPermissionFromGroup(groups, permission, objectType, objectID) || getPermissionCollection(principal2, objectType).hasPermission(permission, objectID) || getPermissionCollection(principal, objectType).hasPermission(permission, objectID);
            }
        }
        if (trcLog.isLogging() && this.traceLevel > 1) {
            trcLog.text(1L, this, "hasPermission", new StringBuffer().append("principal ").append(objectType2).append(":").append(objectID2).append(" ").append(permission).append(" ").append(objectType).append(":").append(objectID).append(" returns ").append(z).toString());
        }
        return z;
    }

    @Override // com.ibm.wps.services.authorization.AccessControlService
    public boolean hasPermission(Principal principal, Permission permission, Principal principal2) throws DataBackendException {
        ObjectID objectID = objectID(principal);
        ObjectType objectType = objectType(principal);
        ObjectID objectID2 = objectID(principal2);
        ObjectType objectType2 = objectType(principal2);
        Collection collection = null;
        boolean z = false;
        ObjectType groupType = objectType2.getGroupType();
        if (groupType != null && objectID2 != ObjectID.ANY) {
            collection = getGroupIds(principal2, objectType2, objectID2, true);
        }
        if (principal == null || principal == AccessControl.ANY_ANONYMOUS_USER) {
            if (collection != null) {
                z = getPermissionCollection(principal, groupType).hasPermission(permission, collection);
            }
            if (!z) {
                z = getPermissionCollection(principal, objectType2).hasPermission(permission, objectID2);
            }
        } else {
            Principal principal3 = objectType.equals(ObjectType.USER) ? AccessControl.ANY_USER : AccessControl.ANY_USER_GROUP;
            Collection groups = getGroups(principal);
            if (collection != null) {
                z = hasPermissionFromGroup(groups, permission, groupType, collection) || getPermissionCollection(principal3, groupType).hasPermission(permission, collection) || getPermissionCollection(principal, groupType).hasPermission(permission, collection);
            }
            if (!z) {
                z = hasPermissionFromGroup(groups, permission, objectType2, objectID2) || getPermissionCollection(principal3, objectType2).hasPermission(permission, objectID2) || getPermissionCollection(principal, objectType2).hasPermission(permission, objectID2);
            }
        }
        if (trcLog.isLogging() && this.traceLevel > 1) {
            trcLog.text(1L, this, "hasPermission", new StringBuffer().append("principal ").append(objectType).append(":").append(objectID).append(":").append(principal).append(" ").append(permission).append(" ").append(objectType2).append(":").append(objectID2).append(":").append(principal2).append(" returns ").append(z).toString());
        }
        return z;
    }

    private boolean hasPermissionFromGroup(Collection collection, Permission permission, ObjectType objectType, Collection collection2) throws DataBackendException {
        if (collection2 == null) {
            return false;
        }
        Iterator it = collection2.iterator();
        while (it.hasNext()) {
            if (hasPermissionFromGroup(collection, permission, objectType, (ObjectID) it.next())) {
                return true;
            }
        }
        return false;
    }

    private boolean hasPermissionFromGroup(Collection collection, Permission permission, ObjectType objectType, ObjectID objectID) throws DataBackendException {
        if (collection == null) {
            return false;
        }
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            if (getPermissionCollection((Principal) it.next(), objectType).hasPermission(permission, objectID)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.ibm.wps.services.authorization.AccessControlService
    public boolean hasPermission(ObjectType objectType, ObjectID objectID, Permission permission, ObjectType objectType2, ObjectID objectID2) throws DataBackendException {
        Collection collection = null;
        Collection collection2 = null;
        boolean z = false;
        ObjectType groupType = objectType2.getGroupType();
        if (groupType != null && objectID2 != ObjectID.ANY) {
            collection2 = getGroupIds(null, objectType2, objectID2, true);
        }
        ObjectType groupType2 = objectType.getGroupType();
        if (groupType2 != null && objectID != ObjectID.ANY) {
            collection = getGroupIds(null, objectType, objectID, true);
        }
        if (groupType != null) {
            z = hasPermissionFromGroup(groupType2, collection, permission, groupType, collection2) || getPermissionCollection(null, objectType, ObjectID.ANY, groupType).hasPermission(permission, collection2) || getPermissionCollection(null, objectType, objectID, groupType).hasPermission(permission, collection2);
        }
        if (!z) {
            z = hasPermissionFromGroup(groupType2, collection, permission, objectType2, objectID2) || getPermissionCollection(null, objectType, ObjectID.ANY, objectType2).hasPermission(permission, objectID2) || getPermissionCollection(null, objectType, objectID, objectType2).hasPermission(permission, objectID2);
        }
        if (trcLog.isLogging() && this.traceLevel > 1) {
            trcLog.text(1L, this, "hasPermission", new StringBuffer().append(objectType).append(":").append(objectID).append(" has permission ").append(permission).append(" for ").append(objectType2).append(":").append(objectID2).append(" is ").append(z).toString());
        }
        return z;
    }

    private boolean hasPermissionFromGroup(ObjectType objectType, Collection collection, Permission permission, ObjectType objectType2, Collection collection2) throws DataBackendException {
        if (collection2 == null) {
            return false;
        }
        Iterator it = collection2.iterator();
        while (it.hasNext()) {
            if (hasPermissionFromGroup(objectType, collection, permission, objectType2, (ObjectID) it.next())) {
                return true;
            }
        }
        return false;
    }

    private boolean hasPermissionFromGroup(ObjectType objectType, Collection collection, Permission permission, ObjectType objectType2, ObjectID objectID) throws DataBackendException {
        if (collection == null) {
            return false;
        }
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            if (getPermissionCollection(null, objectType, (ObjectID) it.next(), objectType2).hasPermission(permission, objectID)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.ibm.wps.services.authorization.AccessControlService
    public void checkEntitlements(Principal principal, Permission permission, ObjectType objectType, Collection collection) throws DataBackendException {
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            if (!hasPermission(principal, permission, objectType, (ObjectID) it.next())) {
                it.remove();
            }
        }
    }

    @Override // com.ibm.wps.services.authorization.AccessControlService
    public boolean hasExplicitPermission(Principal principal, Permission permission, ObjectType objectType, ObjectID objectID) throws DataBackendException {
        return getPermissionCollection(principal, objectType).hasExplicitPermission(permission, objectID);
    }

    @Override // com.ibm.wps.services.authorization.AccessControlService
    public void addPermission(Principal principal, Principal principal2, Permission permission, ObjectType objectType, ObjectID objectID) throws DataBackendException, NotAllowedException {
        setPermission(principal, principal2, permission, objectType, objectID, true);
    }

    @Override // com.ibm.wps.services.authorization.AccessControlService
    public void removePermission(Principal principal, Principal principal2, Permission permission, ObjectType objectType, ObjectID objectID) throws DataBackendException, NotAllowedException {
        setPermission(principal, principal2, permission, objectType, objectID, false);
    }

    @Override // com.ibm.wps.services.authorization.AccessControlService
    public void setPermission(Principal principal, Principal principal2, Permission permission, ObjectType objectType, ObjectID objectID, boolean z) throws DataBackendException, NotAllowedException {
        setPermission(principal, objectType(principal2), objectID(principal2), permission, objectType, objectID, z);
    }

    @Override // com.ibm.wps.services.authorization.AccessControlService
    public void setPermission(Principal principal, Permission permission, ObjectType objectType, ObjectID objectID, boolean z) throws DataBackendException {
        setPermission(objectType(principal), objectID(principal), permission, objectType, objectID, z);
    }

    @Override // com.ibm.wps.services.authorization.AccessControlService
    public void setPermission(Principal principal, ObjectType objectType, ObjectID objectID, Permission permission, ObjectType objectType2, ObjectID objectID2, boolean z) throws DataBackendException, NotAllowedException {
        if (!hasPermission(principal, Permission.MANAGE, ObjectType.PORTAL, ObjectID.ANY) && (!hasPermission(principal, Permission.DELEGATE, objectType, objectID) || !hasPermission(principal, Permission.DELEGATE, objectType2, objectID2) || !hasPermission(principal, permission, objectType2, objectID2))) {
            throw new NotAllowedException();
        }
        setPermission(objectType, objectID, permission, objectType2, objectID2, z);
    }

    private Collection getGroupIds(Principal principal, ObjectType objectType, ObjectID objectID, boolean z) {
        Vector vector = null;
        if ((objectType.equals(ObjectType.USER) || objectType.equals(ObjectType.USER_GROUP)) && objectID != ObjectID.ANY) {
            if (principal == null) {
                principal = objectType.equals(ObjectType.USER) ? (User) UserManager.instance().findById(objectID) : GroupManager.instance().findById(objectID);
            }
            Collection groups = getGroups(principal);
            if (groups != null) {
                vector = new Vector();
                Iterator it = groups.iterator();
                if (z) {
                    while (it.hasNext()) {
                        vector.add(((Group) it.next()).getObjectId());
                    }
                } else {
                    while (it.hasNext()) {
                        vector.add(((Group) it.next()).getId());
                    }
                }
            }
        }
        if (vector != null) {
            vector.add(ObjectID.ANY);
        }
        if (trcLog.isLogging() && this.traceLevel > 1) {
            trcLog.text(1L, this, "getGroupIds", new StringBuffer().append(objectType).append(":").append(objectID).append(" is a member of groups ").append(vector).toString());
        }
        return vector;
    }

    private Collection getMemberIds(ObjectType objectType, ObjectID objectID, boolean z) {
        Collection members;
        Vector vector = null;
        if (objectType.equals(ObjectType.USER_GROUP) && objectID != ObjectID.ANY && (members = getMembers(GroupManager.instance().findById(objectID))) != null) {
            vector = new Vector();
            Iterator it = members.iterator();
            if (z) {
                while (it.hasNext()) {
                    vector.add(((User) it.next()).getObjectId());
                }
            } else {
                while (it.hasNext()) {
                    vector.add(((User) it.next()).getId());
                }
            }
        }
        if (trcLog.isLogging() && this.traceLevel > 1) {
            trcLog.text(1L, this, "getMemberIds", new StringBuffer().append(objectType).append(":").append(objectID).append(" has group members ").append(vector).toString());
        }
        return vector;
    }

    private Collection getGroups(Principal principal) {
        Vector vector = null;
        if (principal == null) {
            principal = AccessControl.ANY_ANONYMOUS_USER;
        }
        if (principal != AccessControl.ANY_ANONYMOUS_USER && principal != AccessControl.ANY_USER && principal != AccessControl.ANY_USER_GROUP) {
            try {
                vector = this.enableNestedGroups ? principal.getNestedGroups() : principal.getGroups();
            } catch (Exception e) {
                if (trcLog.isLogging()) {
                    trcLog.text(1L, this, "getGroups failed", "retry");
                }
                try {
                    vector = this.enableNestedGroups ? principal.getNestedGroups() : principal.getGroups();
                } catch (Exception e2) {
                    if (trcLog.isLogging()) {
                        trcLog.text(1L, this, "getGroups failed", "retry failed too");
                    }
                }
            }
        }
        if (trcLog.isLogging() && this.traceLevel > 2) {
            StringBuffer stringBuffer = new StringBuffer();
            if (vector != null) {
                if (vector.size() > 0) {
                    stringBuffer.append(((Group) vector.elementAt(0)).getId());
                }
                for (int i = 1; i < vector.size(); i++) {
                    stringBuffer.append(new StringBuffer().append(",").append(((Group) vector.elementAt(i)).getId()).toString());
                }
            }
            trcLog.text(1L, this, "getGroups", new StringBuffer().append("principal ").append(principal.getId()).append(" is a member of groups [").append((Object) stringBuffer).append("]").toString());
        }
        return vector == null ? new Vector() : vector;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Collection getMembers(Principal principal) {
        Vector vector = new Vector();
        if (principal == null) {
            principal = AccessControl.ANY_ANONYMOUS_USER;
        }
        if (principal != AccessControl.ANY_ANONYMOUS_USER && principal != AccessControl.ANY_USER && principal != AccessControl.ANY_USER_GROUP && (principal instanceof Group)) {
            try {
                vector = ((Group) principal).getUsers();
            } catch (Exception e) {
                if (trcLog.isLogging()) {
                    trcLog.text(1L, this, "getMembers failed", "failed, retrying...");
                }
                try {
                    vector = ((Group) principal).getUsers();
                } catch (Exception e2) {
                    if (trcLog.isLogging()) {
                        trcLog.text(1L, this, "getMembers failed", "retry failed too");
                    }
                }
            }
        }
        if (trcLog.isLogging() && this.traceLevel > 2) {
            StringBuffer stringBuffer = new StringBuffer();
            if (vector != null) {
                if (vector.size() > 0) {
                    stringBuffer.append(((User) vector.elementAt(0)).getId());
                }
                for (int i = 1; i < vector.size(); i++) {
                    stringBuffer.append(new StringBuffer().append(",").append(((User) vector.elementAt(i)).getId()).toString());
                }
            }
            trcLog.text(1L, this, "getMembers", new StringBuffer().append("user group ").append(principal.getId()).append(" has members [").append((Object) stringBuffer).append("]").toString());
        }
        return vector;
    }

    private PermissionCollection getPermissionCollection(Principal principal, ObjectType objectType) throws DataBackendException {
        return getPermissionCollection(principal, objectType(principal), objectID(principal), objectType);
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:30:0x0195
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private com.ibm.wps.services.authorization.PermissionCollection getPermissionCollection(com.ibm.wps.puma.Principal r11, com.ibm.wps.services.authorization.ObjectType r12, com.ibm.wps.util.ObjectID r13, com.ibm.wps.services.authorization.ObjectType r14) throws com.ibm.wps.util.DataBackendException {
        /*
            Method dump skipped, instructions count: 823
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.wps.services.authorization.AccessControlImpl.getPermissionCollection(com.ibm.wps.puma.Principal, com.ibm.wps.services.authorization.ObjectType, com.ibm.wps.util.ObjectID, com.ibm.wps.services.authorization.ObjectType):com.ibm.wps.services.authorization.PermissionCollection");
    }

    public void addPermission(Principal principal, Permission permission, ObjectType objectType, ObjectID objectID) throws DataBackendException {
        setPermission(principal, permission, objectType, objectID, true);
    }

    public void removePermission(Principal principal, Permission permission, ObjectType objectType, ObjectID objectID) throws DataBackendException {
        setPermission(principal, permission, objectType, objectID, false);
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:35:0x029c
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    public void setPermission(com.ibm.wps.services.authorization.ObjectType r9, com.ibm.wps.util.ObjectID r10, com.ibm.wps.services.authorization.Permission r11, com.ibm.wps.services.authorization.ObjectType r12, com.ibm.wps.util.ObjectID r13, boolean r14) throws com.ibm.wps.util.DataBackendException {
        /*
            Method dump skipped, instructions count: 678
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.wps.services.authorization.AccessControlImpl.setPermission(com.ibm.wps.services.authorization.ObjectType, com.ibm.wps.util.ObjectID, com.ibm.wps.services.authorization.Permission, com.ibm.wps.services.authorization.ObjectType, com.ibm.wps.util.ObjectID, boolean):void");
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:35:0x01c0
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    @Override // com.ibm.wps.services.authorization.AccessControlService
    public com.ibm.wps.services.authorization.PermissionCollection getEntitledSubjects(com.ibm.wps.services.authorization.ObjectType r9, com.ibm.wps.services.authorization.ObjectType r10, com.ibm.wps.util.ObjectID r11) throws com.ibm.wps.util.DataBackendException {
        /*
            Method dump skipped, instructions count: 524
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.wps.services.authorization.AccessControlImpl.getEntitledSubjects(com.ibm.wps.services.authorization.ObjectType, com.ibm.wps.services.authorization.ObjectType, com.ibm.wps.util.ObjectID):com.ibm.wps.services.authorization.PermissionCollection");
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:15:0x00af
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private java.util.Collection getAnyObjectID(com.ibm.wps.services.authorization.ObjectType r9) throws com.ibm.wps.util.DataBackendException {
        /*
            Method dump skipped, instructions count: 242
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.wps.services.authorization.AccessControlImpl.getAnyObjectID(com.ibm.wps.services.authorization.ObjectType):java.util.Collection");
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:9:0x00a4
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private int executeUpdate(java.lang.String r8, com.ibm.wps.services.authorization.ObjectType r9, com.ibm.wps.util.ObjectID r10) throws com.ibm.wps.util.DataBackendException {
        /*
            r7 = this;
            r0 = 0
            r11 = r0
            r0 = 0
            r12 = r0
            r0 = 0
            r13 = r0
            java.lang.String r0 = "ACL"
            com.ibm.wps.services.pmi.Pmi.updateDB(r0)
            java.sql.Connection r0 = com.ibm.wps.services.datastore.DataStore.getConnection()     // Catch: java.sql.SQLException -> L44 java.lang.Throwable -> L7a
            r12 = r0
            r0 = r12
            r1 = r8
            java.sql.PreparedStatement r0 = r0.prepareStatement(r1)     // Catch: java.sql.SQLException -> L44 java.lang.Throwable -> L7a
            r13 = r0
            r0 = r13
            r1 = 1
            r2 = r9
            int r2 = r2.intValue()     // Catch: java.sql.SQLException -> L44 java.lang.Throwable -> L7a
            r0.setInt(r1, r2)     // Catch: java.sql.SQLException -> L44 java.lang.Throwable -> L7a
            r0 = r13
            r1 = 2
            r2 = r10
            int r2 = r2.intValue()     // Catch: java.sql.SQLException -> L44 java.lang.Throwable -> L7a
            r0.setInt(r1, r2)     // Catch: java.sql.SQLException -> L44 java.lang.Throwable -> L7a
            r0 = r13
            int r0 = r0.executeUpdate()     // Catch: java.sql.SQLException -> L44 java.lang.Throwable -> L7a
            r14 = r0
            r0 = jsr -> L82
        L41:
            goto La8
        L44:
            r15 = move-exception
            com.ibm.logging.ILogger r0 = com.ibm.wps.services.authorization.AccessControlImpl.msgLog     // Catch: java.lang.Throwable -> L7a
            r1 = 4
            r2 = r7
            java.lang.StringBuffer r3 = new java.lang.StringBuffer     // Catch: java.lang.Throwable -> L7a
            r4 = r3
            r4.<init>()     // Catch: java.lang.Throwable -> L7a
            java.lang.String r4 = "SQL update failed for "
            java.lang.StringBuffer r3 = r3.append(r4)     // Catch: java.lang.Throwable -> L7a
            r4 = r9
            java.lang.StringBuffer r3 = r3.append(r4)     // Catch: java.lang.Throwable -> L7a
            java.lang.String r4 = ":"
            java.lang.StringBuffer r3 = r3.append(r4)     // Catch: java.lang.Throwable -> L7a
            r4 = r10
            java.lang.StringBuffer r3 = r3.append(r4)     // Catch: java.lang.Throwable -> L7a
            java.lang.String r3 = r3.toString()     // Catch: java.lang.Throwable -> L7a
            r4 = r15
            r0.exception(r1, r2, r3, r4)     // Catch: java.lang.Throwable -> L7a
            com.ibm.wps.util.DataBackendException r0 = new com.ibm.wps.util.DataBackendException     // Catch: java.lang.Throwable -> L7a
            r1 = r0
            r2 = r15
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L7a
            throw r0     // Catch: java.lang.Throwable -> L7a
        L7a:
            r16 = move-exception
            r0 = jsr -> L82
        L7f:
            r1 = r16
            throw r1
        L82:
            r17 = r0
            r0 = r13
            if (r0 == 0) goto L95
            r0 = r13
            r0.close()     // Catch: java.lang.Exception -> L93
            goto L95
        L93:
            r18 = move-exception
        L95:
            r0 = r12
            if (r0 == 0) goto La6
            r0 = r12
            r0.close()     // Catch: java.lang.Exception -> La4
            goto La6
        La4:
            r18 = move-exception
        La6:
            ret r17
        La8:
            r1 = r14
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.wps.services.authorization.AccessControlImpl.executeUpdate(java.lang.String, com.ibm.wps.services.authorization.ObjectType, com.ibm.wps.util.ObjectID):int");
    }

    @Override // com.ibm.wps.services.authorization.AccessControlService
    public PermissionSet addObject(Principal principal, ObjectType objectType, ObjectID objectID, String str) throws DataBackendException {
        if (trcLog.isLogging() && this.traceLevel > 1) {
            trcLog.text(1L, this, "addObject", new StringBuffer().append("add ").append(objectType).append(":").append(objectID).append(" known as ").append(str).toString());
        }
        PermissionSet permissionSet = new PermissionSet();
        permissionSet.addPermission(Permission.VIEW).addPermission(Permission.EDIT).addPermission(Permission.MANAGE).addPermission(Permission.DELEGATE);
        addPermission(principal, permissionSet, objectType, objectID);
        ExternalAccessControl.addObject(objectType, objectID, str);
        if (hasPermission(principal, Permission.EXTERNAL, objectType, ObjectID.ANY)) {
            if (trcLog.isLogging() && this.traceLevel > 1) {
                trcLog.text(1L, this, "addObject", new StringBuffer().append("automatically moving ").append(objectType).append(":").append(objectID).append(" known as ").append(str).append(" to external").toString());
            }
            try {
                setObjectControl(principal, objectType, objectID, true);
            } catch (NotAllowedException e) {
                if (trcLog.isLogging() && this.traceLevel > 1) {
                    trcLog.text(1L, this, "addObject", new StringBuffer().append(principal.getId()).append(" is not allowed to move this resource externally").toString());
                }
            }
        }
        return permissionSet;
    }

    @Override // com.ibm.wps.services.authorization.AccessControlService
    public void removeObject(ObjectType objectType, ObjectID objectID) throws DataBackendException {
        String friendlyName = friendlyName(objectType, objectID);
        if (trcLog.isLogging() && this.traceLevel > 1) {
            trcLog.text(1L, this, "removeObject", new StringBuffer().append("remove ").append(objectType).append(":").append(objectID).toString());
            if (friendlyName != null) {
                trcLog.text(1L, this, "removeObject", new StringBuffer().append("friendlyName: ").append(friendlyName).toString());
            } else {
                trcLog.text(1L, this, "removeObject", "friendlyName is not available");
            }
        }
        if (executeUpdate("delete from ACL where objectType=? and objectId=?", objectType, objectID) >= 1) {
            ExternalAccessControl.removeObject(objectType, objectID, friendlyName);
        } else if (trcLog.isLogging()) {
            trcLog.text(1L, this, "removeObject", "object retrieval failed. no entries deleted!");
        }
    }

    @Override // com.ibm.wps.services.authorization.AccessControlService
    public void removeSubject(Principal principal) throws DataBackendException {
        ObjectID objectID = objectID(principal);
        ObjectType objectType = objectType(principal);
        if (trcLog.isLogging() && this.traceLevel > 1) {
            trcLog.text(1L, this, "removeSubject", new StringBuffer().append("remove ").append(objectType).append(":").append(objectID).toString());
        }
        if (executeUpdate("delete from ACL where subjectType=? and subjectId=?", objectType, objectID) >= 1 || !trcLog.isLogging()) {
            return;
        }
        trcLog.text(1L, this, "removeSubject", "object retrieval failed. no entries deleted!");
    }

    @Override // com.ibm.wps.services.authorization.AccessControlService
    public void setObjectControl(Principal principal, ObjectType objectType, ObjectID objectID, boolean z) throws DataBackendException, NotAllowedException {
        if (trcLog.isLogging() && this.traceLevel > 1) {
            trcLog.text(1L, this, "setObjectControl", new StringBuffer().append("about to set external control for ").append(objectType).append(":").append(objectID).append(" to ").append(z).toString());
        }
        if (!hasPermission(principal, Permission.MANAGE, ObjectType.EXTERNAL_ACL, ObjectID.ANY) || !hasPermission(principal, Permission.DELEGATE, ObjectType.EXTERNAL_ACL, ObjectID.ANY) || !hasPermission(principal, Permission.MANAGE, objectType, objectID) || !hasPermission(principal, Permission.DELEGATE, objectType, objectID)) {
            throw new NotAllowedException();
        }
        String friendlyName = friendlyName(objectType, objectID);
        if (trcLog.isLogging() && this.traceLevel > 1) {
            if (friendlyName != null) {
                trcLog.text(1L, this, "setObjectControl", new StringBuffer().append("friendlyName: ").append(friendlyName).toString());
            } else {
                trcLog.text(1L, this, "setObjectControl", "friendlyName is not available");
            }
        }
        ExternalAccessControl.setObjectControl(principal, objectType, objectID, friendlyName, z);
        if (executeUpdate("delete from ACL where objectType=? and objectId=?", objectType, objectID) < 1 && trcLog.isLogging()) {
            trcLog.text(1L, this, "setObjectControl", "object retrieval failed. no entries deleted!");
        }
        if (z) {
            setPermission(ObjectType.USER, ObjectID.ANY, Permission.EXTERNAL, objectType, objectID, true);
            setPermission(ObjectType.USER_GROUP, ObjectID.ANY, Permission.EXTERNAL, objectType, objectID, true);
            setPermission(ObjectType.ANONYMOUS_USER, ObjectID.ANY, Permission.EXTERNAL, objectType, objectID, true);
        } else {
            PermissionSet permissionSet = new PermissionSet();
            permissionSet.addPermission(Permission.MANAGE).addPermission(Permission.DELEGATE);
            addPermission(principal, permissionSet, objectType, objectID);
        }
        if (!trcLog.isLogging() || this.traceLevel <= 1) {
            return;
        }
        trcLog.text(1L, this, "setObjectControl", new StringBuffer().append("external control for ").append(objectType).append(":").append(objectID).append(" is now ").append(z).toString());
    }

    @Override // com.ibm.wps.services.authorization.AccessControlService
    public String friendlyName(ObjectType objectType, ObjectID objectID) throws DataBackendException {
        return (objectType.equals(ObjectType.USER) || objectType.equals(ObjectType.USER_GROUP)) ? UserDescriptor.findName(objectID) : objectType.equals(ObjectType.PORTLET_APPLICATION) ? ApplicationDescriptor.findName(objectID) : objectType.equals(ObjectType.COMPONENT) ? ComponentInstance.findName(objectID) : objectType.equals(ObjectType.COMPOSITION) ? PageInstance.findName(objectID) : objectType.equals(ObjectType.PORTLET) ? PortletDescriptor.findName(objectID) : objectType.equals(ObjectType.SKIN) ? SkinDescriptor.findName(objectID) : objectType.equals(ObjectType.THEME) ? ThemeDescriptor.findName(objectID) : objectType.equals(ObjectType.RESOURCE_COLLECTION) ? PCOResourceCollection.findName(objectID) : new String();
    }
}
