package com.ibm.ws.wim.security.authz;

import com.ibm.sec.auth.subjectx.VirtualPrincipal;
import com.ibm.sec.authz.jaccx.resource.Resource;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.websphere.wim.ServiceProvider;
import com.ibm.websphere.wim.copyright.IBMCopyright;
import com.ibm.websphere.wim.exception.WIMException;
import com.ibm.websphere.wim.ras.WIMLogger;
import com.ibm.websphere.wim.security.authz.AuthSystemException;
import com.ibm.ws.wim.SchemaManager;
import com.ibm.ws.wim.adapter.file.was.FileAdapter;
import com.ibm.ws.wim.dao.DAOHelperBase;
import com.ibm.ws.wim.security.authz.jacc.GroupPrincipal;
import com.ibm.ws.wim.security.authz.jacc.JACCSecurityManager;
import com.ibm.ws.wim.security.authz.jacc.UserPrincipal;
import com.ibm.ws.wim.util.DataGraphHelper;
import commonj.sdo.DataObject;
import java.rmi.RemoteException;
import java.security.Principal;
import java.security.PrivilegedExceptionAction;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;

/* loaded from: input_file:com/ibm/ws/wim/security/authz/ProfileAccessHandler.class */
public class ProfileAccessHandler implements AccessHandler {
    private static final String CONTEXT_PARAM_ENTITY_TYPE = "_ENTITY-TYPE";
    static final String COPYRIGHT_NOTICE = IBMCopyright.COPYRIGHT_NOTICE_LONG_2005_2010;
    private static final String CLASSNAME = ProfileAccessHandler.class.getName();
    private static final Logger msgLogger = WIMLogger.getMessageLogger(MessageKeys.PACKAGE_NAME);
    private static final Logger trcLogger = WIMLogger.getTraceLogger(MessageKeys.PACKAGE_NAME);
    private static ThreadLocal subjectAttrCache = new ThreadLocal();
    private static ThreadLocal resourceAttrCache = new ThreadLocal();

    @Override // com.ibm.ws.wim.security.authz.AccessHandler
    public void clearThreadCache() {
        trcLogger.entering(CLASSNAME, "clearThreadCache()");
        subjectAttrCache.set(new Hashtable());
        resourceAttrCache.set(new Hashtable());
        trcLogger.exiting(CLASSNAME, "clearThreadCache()");
    }

    @Override // com.ibm.ws.wim.security.authz.AccessHandler
    public Map getContextParameters(Resource resource) {
        trcLogger.entering(CLASSNAME, "getContextParameters()");
        Hashtable hashtable = new Hashtable();
        for (DataObject dataObject : ((EntityResource) resource).getRoot().getList(SDOHelper.PROPERTY_ROOT_CONTEXTS)) {
            hashtable.put(dataObject.getString(SDOHelper.PROPERTY_CONTEXT_KEY), dataObject.get(SDOHelper.PROPERTY_CONTEXT_VALUE));
        }
        hashtable.put(CONTEXT_PARAM_ENTITY_TYPE, ((EntityResource) resource).getEntityType());
        trcLogger.exiting(CLASSNAME, "getContextParameters() - " + hashtable);
        return hashtable;
    }

    @Override // com.ibm.ws.wim.security.authz.AccessHandler
    public Set getResourceAttributeNames(Resource resource) {
        trcLogger.entering(CLASSNAME, "getResourceAttributeNames()");
        Set entityAttributes = SDOHelper.getEntityAttributes(((EntityResource) resource).getEntity(), true, true);
        trcLogger.exiting(CLASSNAME, "getResourceAttributeNames()");
        return entityAttributes;
    }

    @Override // com.ibm.ws.wim.security.authz.AccessHandler
    public Object getResourceAttribute(final Resource resource, final String str, final Set set) {
        trcLogger.entering(CLASSNAME, "getResourceAttribute()");
        try {
            Object runAsSuperUser = ProfileSecurityManager.singleton().runAsSuperUser(new PrivilegedExceptionAction() { // from class: com.ibm.ws.wim.security.authz.ProfileAccessHandler.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    return ProfileAccessHandler.this.getEntityAttribute(resource.getEntity(), str, (Map) ProfileAccessHandler.resourceAttrCache.get(), set);
                }
            });
            trcLogger.exiting(CLASSNAME, "getResourceAttribute()");
            return runAsSuperUser;
        } catch (WIMException e) {
            return null;
        }
    }

    @Override // com.ibm.ws.wim.security.authz.AccessHandler
    public Set getSubjectAttributeNames(Subject subject) {
        trcLogger.entering(CLASSNAME, "getSubjectAttributeNames()");
        Set entityAttributes = SDOHelper.getEntityAttributes(createSubjectEntity(subject), true, true);
        trcLogger.exiting(CLASSNAME, "getSubjectAttributeNames()");
        return entityAttributes;
    }

    @Override // com.ibm.ws.wim.security.authz.AccessHandler
    public Object getSubjectAttribute(final Subject subject, final String str, final Set set) {
        trcLogger.entering(CLASSNAME, "getSubjectAttribute()");
        try {
            Object runAsSuperUser = ProfileSecurityManager.singleton().runAsSuperUser(new PrivilegedExceptionAction() { // from class: com.ibm.ws.wim.security.authz.ProfileAccessHandler.2
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    return ProfileAccessHandler.this.getEntityAttribute(ProfileAccessHandler.this.createSubjectEntity(subject), str, (Map) ProfileAccessHandler.subjectAttrCache.get(), set);
                }
            });
            trcLogger.exiting(CLASSNAME, "getSubjectAttribute()");
            return runAsSuperUser;
        } catch (WIMException e) {
            return null;
        }
    }

    @Override // com.ibm.ws.wim.security.authz.AccessHandler
    public Principal getSubjectPrincipal(Subject subject) {
        UserPrincipal userPrincipal = VirtualPrincipal.AnonymousUser;
        WSCredential wSCredential = getWSCredential(subject);
        if (wSCredential != null) {
            try {
                userPrincipal = new UserPrincipal(wSCredential.getUniqueSecurityName());
            } catch (Exception e) {
                msgLogger.log(Level.WARNING, "AUTH_SUBJECT_CRED_FAILURE", (Throwable) e);
            }
        }
        return userPrincipal;
    }

    private String getSubjectUniqueName(Subject subject) {
        String name = VirtualPrincipal.AnonymousUser.getName();
        WSCredential wSCredential = getWSCredential(subject);
        if (wSCredential != null) {
            try {
                name = wSCredential.getUniqueSecurityName();
            } catch (Exception e) {
                msgLogger.log(Level.WARNING, "AUTH_SUBJECT_CRED_FAILURE", (Throwable) e);
            }
        }
        return name;
    }

    @Override // com.ibm.ws.wim.security.authz.AccessHandler
    public Set getSubjectGroups(Subject subject) {
        HashSet hashSet = new HashSet();
        WSCredential wSCredential = getWSCredential(subject);
        if (wSCredential != null) {
            try {
                Iterator it = wSCredential.getGroupIds().iterator();
                while (it.hasNext()) {
                    String str = (String) it.next();
                    hashSet.add(new GroupPrincipal(str.substring(str.indexOf(DAOHelperBase.COMPOSITE_COMPONENT_SEPERATOR) + 1, str.length())));
                }
            } catch (Exception e) {
                msgLogger.log(Level.WARNING, "AUTH_SUBJECT_CRED_FAILURE", (Throwable) e);
            }
        }
        return hashSet;
    }

    @Override // com.ibm.ws.wim.security.authz.AccessHandler
    public Set getSubjectRelationships(Subject subject, Resource resource) {
        trcLogger.entering(CLASSNAME, "getSubjectRelationships()");
        String str = null;
        HashSet hashSet = new HashSet();
        DataObject entity = ((EntityResource) resource).getEntity();
        String subjectUniqueName = getSubjectUniqueName(subject);
        if (entity.get(SDOHelper.PROPERTY_ENTITY_IDENTIFIER) != null) {
            str = entity.getString("identifier/uniqueName");
        }
        if (subjectUniqueName != null && str != null && subjectUniqueName.equals(str)) {
            hashSet.add(AccessHandler.RELATIONSHIP_OWNER);
        }
        trcLogger.exiting(CLASSNAME, "getSubjectRelationships() - " + hashSet);
        return hashSet;
    }

    private WSCredential getWSCredential(Subject subject) {
        WSCredential wSCredential = null;
        Iterator it = subject.getPublicCredentials(WSCredential.class).iterator();
        if (it.hasNext()) {
            wSCredential = (WSCredential) it.next();
        }
        return wSCredential;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Object getEntityAttribute(DataObject dataObject, String str, Map map, Set set) {
        DataObject dataObject2;
        String str2 = null;
        String str3 = null;
        trcLogger.log(Level.FINEST, MessageKeys.TRC_RULE_ATTR_REQUEST, new Object[]{str, SDOHelper.getEntityDisplayName(dataObject)});
        Object obj = map.get(str);
        Object obj2 = obj;
        if (obj == null) {
            try {
                SchemaManager singleton = SchemaManager.singleton();
                if (dataObject.get(SDOHelper.PROPERTY_ENTITY_IDENTIFIER) != null) {
                    str2 = dataObject.getString("identifier/uniqueName");
                    str3 = dataObject.getString("identifier/uniqueId");
                }
                if (str2 == null && str3 == null) {
                    dataObject2 = dataObject;
                } else {
                    ServiceProvider singleton2 = ServiceProvider.singleton();
                    DataObject createRootDataObject = singleton2.createRootDataObject();
                    createRootDataObject.getList(SDOHelper.PROPERTY_ROOT_ENTITIES).add(DataGraphHelper.cloneDataObject(dataObject));
                    DataObject createDataObject = createRootDataObject.createDataObject(SDOHelper.PROPERTY_ROOT_CONTROLS, SDOHelper.NAMESPACE, SDOHelper.CLASSNAME_PROPERTYCTRL);
                    Set entityAttributes = SDOHelper.getEntityAttributes(dataObject, true, true);
                    if (!entityAttributes.contains(str)) {
                        entityAttributes.add(str);
                    }
                    Iterator it = entityAttributes.iterator();
                    while (it.hasNext()) {
                        String str4 = (String) it.next();
                        if (str4.equals(str) || set.contains(str4)) {
                            createDataObject.getList(SDOHelper.PROPERTY_PROPERTYCTRL_PROPERTIES).add(str4);
                        } else {
                            it.remove();
                        }
                    }
                    dataObject2 = singleton2.get(createRootDataObject).getDataObject(FileAdapter.DO_ENTITIES0);
                }
                for (String str5 : SDOHelper.getEntityAttributes(dataObject2, false, true)) {
                    Object obj3 = dataObject2.get(singleton.getProperty(dataObject2.getType(), str5));
                    if (obj3 instanceof List) {
                        obj3 = new HashSet((List) obj3);
                    }
                    if (obj3 != null) {
                        map.put(str5, obj3);
                    }
                    if (str.equals(str5)) {
                        obj2 = obj3;
                    }
                }
            } catch (Exception e) {
                throw new RuntimeException((Throwable) new AuthSystemException("AUTH_RULE_ATTR_FAILURE", new Object[]{str, SDOHelper.getEntityDisplayName(dataObject)}, e, Level.SEVERE));
            }
        }
        if (obj2 == null) {
            obj2 = JACCSecurityManager.ATTRVALUE_NON_APPLICABLE;
            msgLogger.log(Level.WARNING, "AUTH_RULE_ATTR_MISSING", new Object[]{str, SDOHelper.getEntityDisplayName(dataObject)});
        }
        trcLogger.log(Level.FINEST, MessageKeys.TRC_RULE_ATTR_RESULT, new Object[]{str, obj2, SDOHelper.getEntityDisplayName(dataObject)});
        return obj2;
    }

    private DataObject createEntity(String str, String str2) throws WIMException, RemoteException {
        DataObject createDataObject = ServiceProvider.singleton().createDataObject(SDOHelper.NAMESPACE, str);
        createDataObject.createDataObject(SDOHelper.PROPERTY_ENTITY_IDENTIFIER);
        createDataObject.setString("identifier/uniqueName", str2);
        return createDataObject;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public DataObject createSubjectEntity(Subject subject) {
        DataObject dataObject = null;
        try {
            String subjectUniqueName = getSubjectUniqueName(subject);
            String entityType = SDOHelper.getEntityType(createEntity(SDOHelper.CLASSNAME_ENTITY, subjectUniqueName), false);
            String substring = entityType.substring(0, entityType.length() - 1);
            if (substring.indexOf(47) != -1) {
                substring = substring.substring(substring.lastIndexOf(47) + 1);
            }
            dataObject = createEntity(substring, subjectUniqueName);
        } catch (Exception e) {
            trcLogger.log(Level.FINE, e.getMessage(), (Throwable) e);
        }
        return dataObject;
    }
}
