package com.ibm.ws.eba.bla.steps;

import com.ibm.ISecurityUtilityImpl.InvalidPasswordDecodingException;
import com.ibm.ISecurityUtilityImpl.PasswordUtil;
import com.ibm.ISecurityUtilityImpl.UnsupportedCryptoAlgorithmException;
import com.ibm.ejs.models.base.bindings.applicationbnd.AllAuthenticatedInTrustedRealms;
import com.ibm.ejs.models.base.bindings.applicationbnd.AllAuthenticatedUsers;
import com.ibm.ejs.models.base.bindings.applicationbnd.ApplicationBinding;
import com.ibm.ejs.models.base.bindings.applicationbnd.AuthorizationTable;
import com.ibm.ejs.models.base.bindings.applicationbnd.Everyone;
import com.ibm.ejs.models.base.bindings.applicationbnd.Group;
import com.ibm.ejs.models.base.bindings.applicationbnd.RunAsBinding;
import com.ibm.ejs.models.base.bindings.applicationbnd.RunAsMap;
import com.ibm.ejs.models.base.bindings.applicationbnd.SpecialSubject;
import com.ibm.ejs.models.base.bindings.applicationbnd.Subject;
import com.ibm.ejs.models.base.bindings.applicationbnd.User;
import com.ibm.ejs.models.base.bindings.commonbnd.BasicAuthData;
import com.ibm.etools.commonarchive.EARFile;
import com.ibm.etools.commonarchive.EJBJarFile;
import com.ibm.etools.commonarchive.WARFile;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.ws.eba.bla.AriesOperationType;
import com.ibm.ws.eba.bla.AriesStep;
import com.ibm.ws.eba.bla.EbaBLAActivator;
import com.ibm.ws.eba.bla.EbaHelper;
import com.ibm.ws.eba.bla.PropertyRow;
import com.ibm.ws.eba.bla.PropertyTable;
import com.ibm.ws.eba.bla.parsers.BPSecurityParser;
import com.ibm.ws.eba.bla.proxies.AbstractAriesAsset;
import com.ibm.ws.eba.bla.proxies.AriesAsset;
import com.ibm.ws.eba.bla.proxies.AriesBLAObjectProxy;
import com.ibm.ws.eba.bla.proxies.AriesCU;
import com.ibm.ws.eba.bla.proxies.BundleAsset;
import com.ibm.ws.eba.bla.steps.AriesConfigurationStep;
import com.ibm.ws.eba.bla.util.ConcurrentBLAExecutor;
import com.ibm.ws.eba.bla.util.EbaConstants;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.sm.workspace.RepositoryContext;
import com.ibm.ws.sm.workspace.WorkSpaceException;
import com.ibm.wsspi.aries.application.metadata.WASApplicationSecurityRoleMappingFactory;
import com.ibm.wsspi.aries.application.metadata.WASApplicationSecurityRoleMappingMetadata;
import com.ibm.wsspi.aries.application.parsing.BundleBlueprintParser;
import com.ibm.wsspi.aries.application.parsing.BundleManifest;
import com.ibm.wsspi.aries.utils.AriesRuntimeUtils;
import com.ibm.wsspi.aries.utils.CompositeUtils;
import com.ibm.wsspi.aries.utils.WASSecurityBindingUtils;
import com.ibm.wsspi.management.bla.op.OpExecutionException;
import com.ibm.wsspi.management.bla.op.OperationContext;
import com.ibm.wsspi.management.bla.op.compound.Phase;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Callable;
import java.util.concurrent.ConcurrentHashMap;
import org.eclipse.emf.common.util.EList;
import org.eclipse.jst.j2ee.common.CommonFactory;
import org.eclipse.jst.j2ee.common.Identity;
import org.eclipse.jst.j2ee.common.RunAsSpecifiedIdentity;
import org.eclipse.jst.j2ee.common.SecurityRole;
import org.eclipse.jst.j2ee.common.SecurityRoleRef;
import org.eclipse.jst.j2ee.commonarchivecore.internal.Archive;
import org.eclipse.jst.j2ee.commonarchivecore.internal.File;
import org.eclipse.jst.j2ee.commonarchivecore.internal.exception.OpenFailureException;
import org.eclipse.jst.j2ee.ejb.EJBJar;
import org.eclipse.jst.j2ee.ejb.EnterpriseBean;
import org.eclipse.jst.j2ee.webapplication.Servlet;

/* loaded from: input_file:com/ibm/ws/eba/bla/steps/AbstractMapSecurityRolesStep.class */
public abstract class AbstractMapSecurityRolesStep extends AriesConfigurationStep {
    private static final TraceComponent tc = Tr.register(AbstractMapSecurityRolesStep.class, EbaConstants._EBA_TRACE_GROUP, "com.ibm.ws.eba.bla.nls.Messages");
    protected static final String OP_CONTEXT_METADATA_NAME = "EBAMappedSecurityRolesMetadata";

    public AbstractMapSecurityRolesStep(String str, Phase phase) {
        super(str, phase);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>", new Object[]{str, phase});
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>");
        }
    }

    @Override // com.ibm.ws.eba.bla.steps.AriesConfigurationStep
    public List<PropertyRow> createPrepopulatedRows(AriesBLAObjectProxy ariesBLAObjectProxy, AriesConfigurationStep.BindingsPolicy bindingsPolicy) throws OpExecutionException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "createPrepopulatedRows", new Object[]{ariesBLAObjectProxy});
        }
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(loadFromConfig(ariesBLAObjectProxy));
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "createPrepopulatedRows", arrayList);
        }
        return arrayList;
    }

    @Override // com.ibm.ws.eba.bla.AriesStep
    public abstract AriesStep.ValidationResult fullValidateTable(PropertyTable propertyTable) throws OpExecutionException;

    @Override // com.ibm.ws.eba.bla.AriesStep
    public abstract void validateTable(PropertyTable propertyTable) throws OpExecutionException;

    protected abstract List<PropertyRow> createPropertyRows(WASApplicationSecurityRoleMappingMetadata wASApplicationSecurityRoleMappingMetadata);

    protected abstract void processPropertyRows(PropertyTable propertyTable, WASApplicationSecurityRoleMappingMetadata wASApplicationSecurityRoleMappingMetadata);

    private static HashSet<SecurityRole> gatherRoleInformation(AbstractAriesAsset abstractAriesAsset, WASApplicationSecurityRoleMappingMetadata wASApplicationSecurityRoleMappingMetadata) throws OpExecutionException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "gatherRoleInformation", new Object[]{abstractAriesAsset});
        }
        HashSet<SecurityRole> hashSet = new HashSet<>();
        try {
            try {
                abstractAriesAsset.openArchiveCache();
                for (Map.Entry<String, List<SecurityRole>> entry : extractBlueprintRoles(abstractAriesAsset, null).entrySet()) {
                    List<SecurityRole> value = entry.getValue();
                    hashSet.addAll(value);
                    Iterator<SecurityRole> it = value.iterator();
                    while (it.hasNext()) {
                        String roleName = it.next().getRoleName();
                        wASApplicationSecurityRoleMappingMetadata.addModuleRole(roleName, roleName, entry.getKey());
                    }
                }
                for (BundleAsset bundleAsset : abstractAriesAsset.getBundleAssets(AbstractAriesAsset.AssetType.WebAsset)) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Role mapping- bundle name: ", new Object[]{bundleAsset.getFileName()});
                    }
                    if (bundleAsset.getManifest().getRawAttributes().getValue("Web-ContextPath") != null) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Role mapping- found Web-ContextPath", new Object[0]);
                        }
                        WARFile wARFile = null;
                        try {
                            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                Tr.debug(tc, "Role mapping- isWARFile()", new Object[0]);
                            }
                            WARFile openAsArchive = bundleAsset.openAsArchive();
                            for (SecurityRole securityRole : openAsArchive.getDeploymentDescriptor().getSecurityRoles()) {
                                String roleName2 = securityRole.getRoleName();
                                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Role mapping- adding role: ", new Object[]{roleName2});
                                }
                                hashSet.add(securityRole);
                                wASApplicationSecurityRoleMappingMetadata.addModuleRole(roleName2, roleName2, bundleAsset.getManifest().getSymbolicName());
                            }
                            for (Servlet servlet : openAsArchive.getDeploymentDescriptor().getServlets()) {
                                if (servlet.getRunAs() != null) {
                                    if (servlet.getRunAs().getIdentity() != null) {
                                        String roleName3 = servlet.getRunAs().getIdentity().getRoleName();
                                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                            Tr.debug(tc, "RoleName of RunAsSpecifiedIdentity is " + roleName3, new Object[0]);
                                        }
                                        wASApplicationSecurityRoleMappingMetadata.setIsRunAsRole(roleName3, true);
                                    } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Identity of RunAsSpecifiedIdentity is null.", new Object[0]);
                                    }
                                } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Servlet " + servlet.getServletName() + "does not contain runas role", new Object[0]);
                                }
                            }
                            if (openAsArchive.containsEJBContent()) {
                                gatherRolesForEJBs(wASApplicationSecurityRoleMappingMetadata, hashSet, bundleAsset, openAsArchive.getEJBDeploymentDescriptor());
                            }
                            if (openAsArchive != null) {
                                openAsArchive.close();
                            }
                        } catch (Throwable th) {
                            if (0 != 0) {
                                wARFile.close();
                            }
                            throw th;
                        }
                    }
                }
                for (BundleAsset bundleAsset2 : abstractAriesAsset.getBundleAssets(AbstractAriesAsset.AssetType.EjbAsset)) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Role mapping- bundle name: ", new Object[]{bundleAsset2.getFileName()});
                    }
                    EJBJarFile eJBJarFile = null;
                    try {
                        eJBJarFile = (EJBJarFile) bundleAsset2.openAsArchive();
                        gatherRolesForEJBs(wASApplicationSecurityRoleMappingMetadata, hashSet, bundleAsset2, eJBJarFile.getDeploymentDescriptor());
                        if (eJBJarFile != null) {
                            eJBJarFile.close();
                        }
                    } catch (Throwable th2) {
                        if (eJBJarFile != null) {
                            eJBJarFile.close();
                        }
                        throw th2;
                    }
                }
                if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                    Tr.exit(tc, "gatherRoleInformation", hashSet);
                }
                return hashSet;
            } finally {
                abstractAriesAsset.closeArchiveCache();
            }
        } catch (OpenFailureException e) {
            FFDCFilter.processException(e, MapRolesToUsersStep.class.getName(), "413");
            OpExecutionException opExecutionException = new OpExecutionException(e);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "gatherRoleInformation", opExecutionException);
            }
            throw opExecutionException;
        }
    }

    private static void gatherRolesForEJBs(WASApplicationSecurityRoleMappingMetadata wASApplicationSecurityRoleMappingMetadata, HashSet<SecurityRole> hashSet, BundleAsset bundleAsset, EJBJar eJBJar) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "gatherRolesForEJBs", new Object[]{hashSet, bundleAsset, eJBJar});
        }
        for (EnterpriseBean enterpriseBean : eJBJar.getEnterpriseBeans()) {
            for (SecurityRoleRef securityRoleRef : enterpriseBean.getSecurityRoleRefs()) {
                String name = securityRoleRef.getName();
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Role mapping- adding role: ", new Object[]{name});
                }
                SecurityRole createSecurityRole = CommonFactory.eINSTANCE.createSecurityRole();
                createSecurityRole.setDescription(securityRoleRef.getDescription());
                createSecurityRole.setRoleName(name);
                hashSet.add(createSecurityRole);
                wASApplicationSecurityRoleMappingMetadata.addModuleRole(name, name, bundleAsset.getManifest().getSymbolicName());
            }
            if (eJBJar.getAssemblyDescriptor() != null) {
                for (SecurityRole securityRole : eJBJar.getAssemblyDescriptor().getSecurityRoles()) {
                    hashSet.add(securityRole);
                    wASApplicationSecurityRoleMappingMetadata.addModuleRole(securityRole.getRoleName(), securityRole.getRoleName(), bundleAsset.getManifest().getSymbolicName());
                }
            }
            RunAsSpecifiedIdentity securityIdentity = enterpriseBean.getSecurityIdentity();
            if (securityIdentity != null && securityIdentity.isRunAsSpecifiedIdentity()) {
                Identity identity = securityIdentity.getIdentity();
                if (identity != null) {
                    String roleName = identity.getRoleName();
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "RoleName of RunAsSpecifiedIdentity is " + roleName, new Object[0]);
                    }
                    wASApplicationSecurityRoleMappingMetadata.setIsRunAsRole(roleName, true);
                } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Identity of RunAsSpecifiedIdentity is null.", new Object[0]);
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "gatherRolesForEJBs", hashSet);
        }
    }

    @Override // com.ibm.ws.eba.bla.steps.AriesConfigurationStep
    public void storeToConfig(PropertyTable propertyTable, AriesConfigurationStep.BindingsPolicy bindingsPolicy) throws OpExecutionException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "storeToConfig", new Object[]{propertyTable});
        }
        boolean z = !(getOperationTarget() instanceof AriesCU);
        AriesCU ariesCUProxy = z ? getAriesCUProxy() : (AriesCU) getOperationTarget();
        WASApplicationSecurityRoleMappingMetadata loadMappingMetadata = loadMappingMetadata(ariesCUProxy, getOpContext(), z);
        processPropertyRows(propertyTable, loadMappingMetadata);
        try {
            AriesRuntimeUtils.getApplicationSecurityManager(EbaBLAActivator.getBundleContext()).addSecurityMappingMetadata(EbaHelper.getInstance().getCuWorkspace(getPhase(), ariesCUProxy.getCU()), EbaHelper.getInstance().getCUConfigPath(ariesCUProxy.getCU().getName(), ariesCUProxy.getCU().getVersion()), loadMappingMetadata);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "storeToConfig");
            }
        } catch (Exception e) {
            OpExecutionException opExecutionException = new OpExecutionException(e);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "storeToConfig", opExecutionException);
            }
            throw opExecutionException;
        }
    }

    protected AriesAsset getAriesAsset() throws OpExecutionException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getAriesAsset", new Object[0]);
        }
        AriesAsset firstEbaAsset = getOperationType() != AriesOperationType.AddCompUnit ? EbaHelper.getInstance().getFirstEbaAsset(getPhase().getOp()) : (AriesAsset) getOperationTarget();
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "getAriesAsset", firstEbaAsset);
        }
        return firstEbaAsset;
    }

    private List<PropertyRow> loadFromConfig(AriesBLAObjectProxy ariesBLAObjectProxy) throws OpExecutionException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "loadFromConfig", new Object[]{ariesBLAObjectProxy});
        }
        List<PropertyRow> createPropertyRows = createPropertyRows(ariesBLAObjectProxy instanceof AriesCU ? loadMappingMetadata((AriesCU) ariesBLAObjectProxy, getOpContext(), false) : loadMappingMetadata(getAriesCUProxy(), getOpContext(), true));
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "loadFromConfig", createPropertyRows);
        }
        return createPropertyRows;
    }

    public static WASApplicationSecurityRoleMappingMetadata loadMappingMetadata(AriesCU ariesCU, OperationContext operationContext, boolean z) throws OpExecutionException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "loadMappingMetadata", new Object[]{ariesCU, operationContext, Boolean.valueOf(z)});
        }
        WASApplicationSecurityRoleMappingMetadata wASApplicationSecurityRoleMappingMetadata = (WASApplicationSecurityRoleMappingMetadata) operationContext.getProps().get(OP_CONTEXT_METADATA_NAME + ariesCU.getCU().getName() + ariesCU.getCU().getVersion());
        if (wASApplicationSecurityRoleMappingMetadata == null) {
            RepositoryContext cuWorkspace = EbaHelper.getInstance().getCuWorkspace(operationContext, ariesCU.getCU());
            WASApplicationSecurityRoleMappingMetadata roleMappingMetadata = WASApplicationSecurityRoleMappingFactory.getRoleMappingMetadata();
            WASApplicationSecurityRoleMappingMetadata wASApplicationSecurityRoleMappingMetadata2 = null;
            if (cuWorkspace != null) {
                try {
                    wASApplicationSecurityRoleMappingMetadata2 = WASSecurityBindingUtils.loadConfig(cuWorkspace, EbaHelper.getInstance().getCUConfigPath(ariesCU.getName(), ariesCU.getCU().getVersion()));
                } catch (WorkSpaceException e) {
                    OpExecutionException opExecutionException = new OpExecutionException(e);
                    if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                        Tr.exit(tc, "loadMappingMetadata", opExecutionException);
                    }
                    throw opExecutionException;
                }
            }
            if (wASApplicationSecurityRoleMappingMetadata2 == null || wASApplicationSecurityRoleMappingMetadata2.getAllApplicationRoles().isEmpty()) {
                HashSet<SecurityRole> gatherRoleInformation = gatherRoleInformation(z ? ariesCU.getBackingAsset() : ariesCU, roleMappingMetadata);
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Role mapping- about to check existing bindings", new Object[0]);
                }
                mapExistingBindings(ariesCU, roleMappingMetadata, gatherRoleInformation);
                wASApplicationSecurityRoleMappingMetadata = roleMappingMetadata;
                operationContext.getProps().put(OP_CONTEXT_METADATA_NAME + ariesCU.getCU().getName() + ariesCU.getCU().getVersion(), wASApplicationSecurityRoleMappingMetadata);
            } else {
                HashSet<SecurityRole> gatherRoleInformation2 = gatherRoleInformation(z ? ariesCU.getBackingAsset() : ariesCU, roleMappingMetadata);
                mapExistingBindings(ariesCU, roleMappingMetadata, gatherRoleInformation2);
                Iterator<SecurityRole> it = gatherRoleInformation2.iterator();
                while (it.hasNext()) {
                    String roleName = it.next().getRoleName();
                    if (wASApplicationSecurityRoleMappingMetadata2.isApplicationRoleMapped(roleName)) {
                        roleMappingMetadata.clearARoleMapping(roleName);
                        roleMappingMetadata.mapGroupsToApplicationRole(roleName, wASApplicationSecurityRoleMappingMetadata2.getGroupsMappedToApplicationRole(roleName));
                        roleMappingMetadata.mapUsersToApplicationRole(roleName, wASApplicationSecurityRoleMappingMetadata2.getUsersMappedToApplicationRole(roleName));
                        roleMappingMetadata.mapSpecialSubjectToApplicationRole(roleName, wASApplicationSecurityRoleMappingMetadata2.getSpecialSubjectMappedToApplicationRole(roleName));
                        if (roleMappingMetadata.isRunAsRole(roleName) && wASApplicationSecurityRoleMappingMetadata2.isRunAsRole(roleName)) {
                            BasicAuthData basicAuthForRunAsRole = wASApplicationSecurityRoleMappingMetadata2.getBasicAuthForRunAsRole(roleName);
                            if (null == basicAuthForRunAsRole) {
                                roleMappingMetadata.clearARunAsRoleMapping(roleName);
                            } else {
                                roleMappingMetadata.setRunAsRoleBasicAuth(roleName, basicAuthForRunAsRole);
                            }
                        }
                    }
                }
                wASApplicationSecurityRoleMappingMetadata = roleMappingMetadata;
                operationContext.getProps().put(OP_CONTEXT_METADATA_NAME + ariesCU.getCU().getName() + ariesCU.getCU().getVersion(), wASApplicationSecurityRoleMappingMetadata);
            }
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Using existing metadata object from the Operation Context:" + wASApplicationSecurityRoleMappingMetadata, new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "loadMappingMetadata", wASApplicationSecurityRoleMappingMetadata);
        }
        return wASApplicationSecurityRoleMappingMetadata;
    }

    private static void mapExistingBindings(AriesCU ariesCU, WASApplicationSecurityRoleMappingMetadata wASApplicationSecurityRoleMappingMetadata, HashSet<SecurityRole> hashSet) throws OpExecutionException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "mapExistingBindings", new Object[]{ariesCU, ariesCU.getAsset().getName(), wASApplicationSecurityRoleMappingMetadata, hashSet});
        }
        if (hashSet == null || hashSet.isEmpty()) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "mapExistingBindings");
                return;
            }
            return;
        }
        EARFile eARFile = null;
        try {
            try {
                eARFile = ariesCU.openAsArchive();
                if (eARFile.isEARFile()) {
                    ApplicationBinding bindings = eARFile.getBindings();
                    AuthorizationTable authorizationTable = bindings.getAuthorizationTable();
                    if (authorizationTable != null) {
                        Iterator<SecurityRole> it = hashSet.iterator();
                        while (it.hasNext()) {
                            SecurityRole next = it.next();
                            List<Subject> subjectsForRole = authorizationTable.getSubjectsForRole(next);
                            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                Tr.debug(tc, "Role mapping- " + next.getRoleName() + " is bound to " + (subjectsForRole == null ? "0" : Integer.valueOf(subjectsForRole.size())) + " subjects", new Object[0]);
                            }
                            if (subjectsForRole != null) {
                                for (Subject subject : subjectsForRole) {
                                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Role mapping- Subject name: " + subject.getName(), new Object[0]);
                                    }
                                    if (subject instanceof User) {
                                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Role mapping- is a USER", new Object[0]);
                                        }
                                        wASApplicationSecurityRoleMappingMetadata.mapUserToApplicationRole(next.getRoleName(), subject.getName());
                                    }
                                    if (subject instanceof Group) {
                                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Role mapping- is a GROUP", new Object[0]);
                                        }
                                        wASApplicationSecurityRoleMappingMetadata.mapGroupToApplicationRole(next.getRoleName(), subject.getName());
                                    }
                                    if (subject instanceof SpecialSubject) {
                                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Role mapping- is a SPECIAL SUBJECT", new Object[0]);
                                        }
                                        if (subject instanceof AllAuthenticatedUsers) {
                                            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                                Tr.debug(tc, "Role mapping- SPECIAL SUBJECT is AllAuthUsers", new Object[0]);
                                            }
                                            wASApplicationSecurityRoleMappingMetadata.mapSpecialSubjectToApplicationRole(next.getRoleName(), "roles.subject.AllAuthAppRealm");
                                        }
                                        if (subject instanceof AllAuthenticatedInTrustedRealms) {
                                            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                                Tr.debug(tc, "Role mapping- SPECIAL SUBJECT is AllAuthUsersInTrustedRealms", new Object[0]);
                                            }
                                            wASApplicationSecurityRoleMappingMetadata.mapSpecialSubjectToApplicationRole(next.getRoleName(), "roles.subject.AllAuthTrustedRealms");
                                        }
                                        if (subject instanceof Everyone) {
                                            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                                Tr.debug(tc, "Role mapping- SPECIAL SUBJECT is Everyone", new Object[0]);
                                            }
                                            wASApplicationSecurityRoleMappingMetadata.mapSpecialSubjectToApplicationRole(next.getRoleName(), "roles.subject.Everyone");
                                        }
                                    }
                                }
                            }
                        }
                    }
                    RunAsMap runAsMap = bindings.getRunAsMap();
                    if (runAsMap != null) {
                        for (RunAsBinding runAsBinding : runAsMap.getRunAsBindings()) {
                            SecurityRole securityRole = runAsBinding.getSecurityRole();
                            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                Tr.debug(tc, "Current RunAsBinding Security Role " + securityRole, new Object[0]);
                            }
                            if (securityRole != null) {
                                BasicAuthData authData = runAsBinding.getAuthData();
                                String roleName = securityRole.getRoleName();
                                if (roleName != null) {
                                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Found RunAs security Role " + roleName, new Object[0]);
                                    }
                                    if (authData instanceof BasicAuthData) {
                                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Found BasicAuthData with userid: " + authData.getUserId(), new Object[0]);
                                        }
                                        wASApplicationSecurityRoleMappingMetadata.setRunAsRoleUserid(roleName, authData.getUserId());
                                        String password = authData.getPassword();
                                        if (PasswordUtil.isEncrypted(password)) {
                                            try {
                                                password = PasswordUtil.decode(password);
                                            } catch (UnsupportedCryptoAlgorithmException e) {
                                                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                                    Tr.debug(tc, "Exception thrown trying decode Runas Password: " + e, new Object[0]);
                                                }
                                                FFDCFilter.processException(e, "com.ibm.ws.eba.bla.steps.AbstractMapSecurityRolesStep.mapExistingBindings", "350");
                                            } catch (InvalidPasswordDecodingException e2) {
                                                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                                    Tr.debug(tc, "Exception thrown trying decode Runas Password: " + e2, new Object[0]);
                                                }
                                                FFDCFilter.processException(e2, "com.ibm.ws.eba.bla.steps.AbstractMapSecurityRolesStep.mapExistingBindings", "344");
                                            }
                                        }
                                        wASApplicationSecurityRoleMappingMetadata.setRunAsRolePassword(roleName, password);
                                    }
                                } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                    Tr.debug(tc, "The security role is returning a null roleName: " + securityRole, new Object[0]);
                                }
                            }
                        }
                    }
                }
                if (eARFile != null) {
                    eARFile.close();
                }
                if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                    Tr.exit(tc, "mapExistingBindings");
                }
            } catch (OpenFailureException e3) {
                FFDCFilter.processException(e3, MapRolesToUsersStep.class.getName(), "482");
                OpExecutionException opExecutionException = new OpExecutionException(e3);
                if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                    Tr.exit(tc, "mapExistingBindings", opExecutionException);
                }
                throw opExecutionException;
            }
        } catch (Throwable th) {
            if (eARFile != null) {
                eARFile.close();
            }
            throw th;
        }
    }

    private static Map<String, List<SecurityRole>> extractBlueprintRoles(AbstractAriesAsset abstractAriesAsset, String str) throws OpExecutionException {
        return extractBlueprintRoles(abstractAriesAsset, str, null, null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Map<String, List<SecurityRole>> extractBlueprintRoles(AbstractAriesAsset abstractAriesAsset, String str, ConcurrentBLAExecutor concurrentBLAExecutor, Map<String, List<SecurityRole>> map) throws OpExecutionException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "extractBlueprintRoles", new Object[]{abstractAriesAsset, str, concurrentBLAExecutor, map});
        }
        boolean z = concurrentBLAExecutor == null;
        final ConcurrentBLAExecutor concurrentBLAExecutor2 = z ? new ConcurrentBLAExecutor() : concurrentBLAExecutor;
        final Map<String, List<SecurityRole>> concurrentHashMap = z ? new ConcurrentHashMap<>() : map;
        if (concurrentHashMap == null) {
            throw new OpExecutionException("No SecurityRole Map provided for results");
        }
        for (final BundleAsset bundleAsset : abstractAriesAsset.getBundles()) {
            concurrentBLAExecutor2.addCallableWorker(new Callable<Exception>() { // from class: com.ibm.ws.eba.bla.steps.AbstractMapSecurityRolesStep.1Worker
                /* JADX WARN: Can't rename method to resolve collision */
                /* JADX WARN: Finally extract failed */
                @Override // java.util.concurrent.Callable
                public Exception call() {
                    BundleManifest manifest = BundleAsset.this.getManifest();
                    String symbolicName = manifest.getSymbolicName();
                    Archive archive = null;
                    try {
                        try {
                            Archive openAsArchive = BundleAsset.this.openAsArchive();
                            if (BundleAsset.this instanceof AbstractAriesAsset.CBABundleAsset) {
                                concurrentHashMap.putAll(AbstractMapSecurityRolesStep.extractBlueprintRoles(((AbstractAriesAsset.CBABundleAsset) BundleAsset.this).getCBAAsset(openAsArchive), CompositeUtils.getBundleUniqueId(symbolicName, BundleAsset.this.getManifest().getVersion().toString()), concurrentBLAExecutor2, concurrentHashMap));
                                concurrentBLAExecutor2.addArchiveToClose(openAsArchive);
                                openAsArchive = null;
                            } else {
                                EList<File> files = openAsArchive.getFiles();
                                BundleBlueprintParser bundleBlueprintParser = new BundleBlueprintParser(manifest);
                                for (File file : files) {
                                    if (bundleBlueprintParser.isBPFile(file.getDirectoryURI(), file.getName())) {
                                        InputStream inputStream = file.getInputStream();
                                        try {
                                            List<SecurityRole> securityRoles = new BPSecurityParser(inputStream).getSecurityRoles();
                                            if (!securityRoles.isEmpty()) {
                                                concurrentHashMap.put(manifest.getSymbolicName(), securityRoles);
                                            }
                                            inputStream.close();
                                        } catch (Throwable th) {
                                            inputStream.close();
                                            throw th;
                                        }
                                    }
                                }
                            }
                            if (openAsArchive == null) {
                                return null;
                            }
                            openAsArchive.close();
                            return null;
                        } catch (Exception e) {
                            FFDCFilter.processException(e, getClass().getName(), "10");
                            if (0 != 0) {
                                archive.close();
                            }
                            return e;
                        }
                    } catch (Throwable th2) {
                        if (0 != 0) {
                            archive.close();
                        }
                        throw th2;
                    }
                }
            });
        }
        if (z) {
            concurrentBLAExecutor2.invokeWorkersAndCheckResults();
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "extractBlueprintRoles", concurrentHashMap);
        }
        return concurrentHashMap;
    }
}
