package com.ibm.ws.security.config.naming;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.GenericConfigHelperImpl;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.util.Constants;
import com.ibm.wsspi.runtime.config.ConfigObject;
import com.ibm.wsspi.runtime.config.ConfigService;
import com.ibm.wsspi.runtime.service.WsServiceRegistry;
import java.util.List;

/* loaded from: input_file:com/ibm/ws/security/config/naming/NamingAuthzConfigImpl.class */
public class NamingAuthzConfigImpl extends GenericConfigHelperImpl implements NamingAuthzConfig {
    private static final TraceComponent tc = Tr.register((Class<?>) NamingAuthzConfigImpl.class, "SecurityConfig", AdminConstants.MSG_BUNDLE_NAME);
    private String cacheKey;
    private static final String NAMING_AUTHZ = "naming-authz.xml";
    private boolean namingUnprotected = false;
    private boolean alreadyChecked = false;

    public NamingAuthzConfigImpl(String str) {
        this.cacheKey = null;
        this.cacheKey = str;
    }

    @Override // com.ibm.ws.security.config.naming.NamingAuthzConfig
    public boolean isNamingReadUnprotected() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, this.cacheKey + "isNamingReadUnprotected()");
        }
        if (this.alreadyChecked) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, this.cacheKey + "isNamingReadUnprotected() returned cached value: ", Boolean.valueOf(this.namingUnprotected));
            }
            return this.namingUnprotected;
        }
        String property = SecurityObjectLocator.getSecurityConfig().getProperty("com.ibm.security.multiDomain.setNamingReadUnprotected");
        if (property != null) {
            this.namingUnprotected = Boolean.valueOf(property).booleanValue();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Using the custom property to set the namingReadUnprotected flag to: " + this.namingUnprotected);
            }
        } else {
            try {
                ConfigService configService = (ConfigService) WsServiceRegistry.getService(this, ConfigService.class);
                List objectList = ((ConfigObject) configService.getDocumentObjects(configService.createScope(0), NAMING_AUTHZ).get(0)).getObjectList("authorizations");
                for (int i = 0; i < objectList.size(); i++) {
                    ConfigObject configObject = (ConfigObject) objectList.get(i);
                    String string = configObject.getObject("role").getString(CommonConstants.ROLE_NAME, null);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "roleName " + string);
                    }
                    if (string.equals(Constants.COS_NAME_READ)) {
                        List objectList2 = configObject.getObjectList("specialSubjects");
                        int i2 = 0;
                        while (true) {
                            if (i2 < objectList2.size()) {
                                ConfigObject configObject2 = (ConfigObject) objectList2.get(i2);
                                if (tc.isEntryEnabled()) {
                                    Tr.entry(tc, "specialSubject " + configObject2);
                                }
                                if (configObject2.instanceOf("http://www.ibm.com/websphere/appserver/schemas/5.0/rolebasedauthz.xmi", "EveryoneExt")) {
                                    this.namingUnprotected = true;
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "naming read operation is unprotected");
                                    }
                                } else {
                                    i2++;
                                }
                            }
                        }
                    }
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception reading naming authorization file: " + e);
                }
                this.namingUnprotected = false;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, this.cacheKey + "isNamingReadUnprotected()", Boolean.valueOf(this.namingUnprotected));
        }
        this.alreadyChecked = true;
        return this.namingUnprotected;
    }
}
