package com.ibm.ws.security.admintask.audit.policy;

import com.ibm.ejs.ras.ManagerAdmin;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.queryengine.eval.Constantdef;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.AdminCommand;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandMgr;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandResult;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand;
import com.ibm.websphere.management.cmdframework.provider.TaskCommandResultImpl;
import com.ibm.websphere.management.configservice.ConfigDataId;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.management.exception.ConfigServiceException;
import com.ibm.websphere.models.config.rolebasedauthz.AuthorizationTableExt;
import com.ibm.websphere.models.config.rolebasedauthz.RoleAssignmentExt;
import com.ibm.websphere.models.config.rolebasedauthz.UserExt;
import com.ibm.websphere.models.config.rolebasedauthz.impl.RolebasedauthzFactoryImpl;
import com.ibm.websphere.ras.RasMessage;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.application.AppUtils;
import com.ibm.ws.management.configservice.WorkspaceHelper;
import com.ibm.ws.security.common.util.AuditConstants;
import com.ibm.ws.security.config.AuditConfig;
import com.ibm.ws.security.config.SecurityConfigManagerImpl;
import com.ibm.ws.security.profiletask.MessageFormatHelper;
import com.ibm.ws.security.role.PluggableAuthorizationTableProxy;
import com.ibm.ws.sm.workspace.RepositoryContext;
import com.ibm.ws.sm.workspace.WorkSpace;
import com.ibm.ws.sm.workspace.WorkSpaceException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.ResourceBundle;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.ObjectName;
import javax.management.QueryExp;
import org.eclipse.emf.common.util.URI;
import org.eclipse.emf.ecore.resource.Resource;

/* loaded from: input_file:com/ibm/ws/security/admintask/audit/policy/SetAuditorId.class */
public class SetAuditorId extends AbstractTaskCommand {
    private static String BUNDLE_NAME = "com.ibm.ejs.resources.security";
    private static ResourceBundle resBundle = ResourceBundle.getBundle(BUNDLE_NAME, Locale.getDefault());
    private static TraceComponent tc = Tr.register(SetAuditorId.class, ManagerAdmin.audit, "com.ibm.ws.security.admintask.audit.policy");
    String auditorId;

    public SetAuditorId(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.auditorId = null;
    }

    public SetAuditorId(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.auditorId = null;
    }

    private String getMsg(ResourceBundle resourceBundle, String str, Object[] objArr) {
        return MessageFormatHelper.getFormattedMessage(resourceBundle, str, objArr);
    }

    private AuthorizationTableExt getAuthTable(Session session, String str, WorkSpace workSpace) throws WorkSpaceException, Exception {
        r12 = null;
        RepositoryContext findContext = AppUtils.findContext("cells", str, (String) null, (RepositoryContext) null, workSpace, true);
        findContext.extract("audit-authz.xml", false);
        Resource createResource = findContext.getResourceSet().createResource(URI.createURI("audit-authz.xml"));
        createResource.load(new HashMap());
        for (AuthorizationTableExt authorizationTableExt : createResource.getContents()) {
            if (authorizationTableExt.getContext().equals("domain")) {
                break;
            }
        }
        return authorizationTableExt;
    }

    public void validate() throws CommandValidationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AuditConstants.VALIDATE);
        }
        super.validate();
        this.auditorId = (String) getParameter("name");
        if (this.auditorId == null || this.auditorId.length() == 0) {
            throw new CommandValidationException(getMsg(resBundle, "security.admintask.InvalidAuditorId", null));
        }
        ConfigService configService = ConfigServiceFactory.getConfigService();
        Session configSession = getConfigSession();
        try {
            ConfigServiceHelper.createObjectName((ConfigDataId) null, RasMessage.AUDIT);
            ObjectName objectName = configService.resolve(configSession, "Cell=")[0];
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "cell = " + objectName.toString());
            }
            String substring = objectName.toString().substring(objectName.toString().indexOf("_Websphere_Config_Data_Display_Name"));
            String substring2 = substring.substring(0, substring.indexOf(Constantdef.COMMA));
            String substring3 = substring2.substring(substring2.indexOf(SecurityConfigManagerImpl.CFG_VALUE_DELIM) + 1);
            WorkSpace workspace = WorkspaceHelper.getWorkspace(configSession);
            PluggableAuthorizationTableProxy authorizationTableProxy = PluggableAuthorizationTableProxy.getAuthorizationTableProxy();
            if (authorizationTableProxy == null || !authorizationTableProxy.isSAFAuthorizationEnabled()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "SAF NOT enabled");
                }
                try {
                    new RolebasedauthzFactoryImpl();
                    boolean z = false;
                    AuthorizationTableExt authTable = getAuthTable(configSession, substring3, workspace);
                    if (authTable != null) {
                        for (RoleAssignmentExt roleAssignmentExt : authTable.getAuthorizations()) {
                            if (roleAssignmentExt != null && roleAssignmentExt.getRole().getRoleName().equals("auditor")) {
                                for (UserExt userExt : roleAssignmentExt.getUsers()) {
                                    Tr.debug(tc, "user.getName: " + userExt.getName());
                                    if (userExt.getName().equals(this.auditorId)) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "found user " + this.auditorId + " in audit-authz.xml");
                                        }
                                        z = true;
                                    }
                                }
                            }
                        }
                        if (!z) {
                            AdminCommand createCommand = CommandMgr.getCommandMgr().createCommand("mapAuditGroupIDsOfAuthorizationGroup");
                            createCommand.setConfigSession(configSession);
                            createCommand.execute();
                            CommandResult commandResult = createCommand.getCommandResult();
                            ArrayList arrayList = new ArrayList();
                            if (commandResult.isSuccessful() && commandResult.getResult() != null) {
                                arrayList = (ArrayList) commandResult.getResult();
                            }
                            if (!arrayList.isEmpty()) {
                                Iterator it = arrayList.iterator();
                                while (true) {
                                    if (!it.hasNext()) {
                                        break;
                                    }
                                    String str = (String) it.next();
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "found authz: " + str + ", comparing to: " + this.auditorId);
                                    }
                                    if (str.equalsIgnoreCase(this.auditorId)) {
                                        z = true;
                                        break;
                                    }
                                }
                            }
                            if (!z) {
                                throw new CommandValidationException(getMsg(resBundle, "security.audit.auditorId.change.error", null));
                            }
                        }
                    }
                } catch (Exception e) {
                    throw new CommandValidationException(e.getMessage());
                } catch (WorkSpaceException e2) {
                    e2.printStackTrace();
                    throw new CommandValidationException(getMsg(resBundle, "security.audit.auditorId.change.ws.error", null));
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "z with SAF enabled");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, AuditConstants.VALIDATE);
            }
        } catch (Throwable th) {
            throw new CommandValidationException(getMsg(resBundle, "security.admintask.FailAccesstoSecWS", null));
        }
    }

    protected void afterStepsExecuted() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "afterStepsExecuted");
        }
        super.afterStepsExecuted();
        TaskCommandResultImpl taskCommandResult = getTaskCommandResult();
        if (!taskCommandResult.isSuccessful()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "afterStepsExecuted");
                return;
            }
            return;
        }
        ConfigService configService = ConfigServiceFactory.getConfigService();
        Session configSession = getConfigSession();
        try {
            ObjectName objectName = configService.queryConfigObjects(configSession, (ObjectName) null, ConfigServiceHelper.createObjectName((ConfigDataId) null, RasMessage.AUDIT), (QueryExp) null)[0];
            if (objectName == null) {
                String msg = getMsg(resBundle, "security.admintask.NoAuditXML", null);
                taskCommandResult.addWarnings(msg);
                taskCommandResult.setResult(new Boolean(false));
                taskCommandResult.setException(new CommandException(msg));
                return;
            }
            ObjectName objectName2 = configService.queryConfigObjects(configSession, (ObjectName) null, ConfigServiceHelper.createObjectName((AttributeList) configService.getAttribute(configSession, objectName, AuditConfig.AUDIT_POLICY)), (QueryExp) null)[0];
            AttributeList attributeList = new AttributeList();
            attributeList.add(new Attribute(AuditConfig.AUDITOR_ID, this.auditorId));
            configService.setAttributes(configSession, objectName2, attributeList);
            taskCommandResult.setResult(new Boolean(true));
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "afterStepsExecuted");
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.admintask.audit.policy.SetAuditorId.afterStepsExecuted", "154");
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Error getting configuration: ", e.getMessage());
            }
            String msg2 = getMsg(resBundle, "security.admintask.ConfigurationError", null);
            if (e.getMessage() != null) {
                msg2 = msg2.concat(": ").concat(e.getMessage());
            }
            taskCommandResult.addWarnings(msg2);
            taskCommandResult.setResult(new Boolean(false));
            taskCommandResult.setException(new CommandException(msg2));
        } catch (ConfigServiceException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.admintask.audit.policy.SetAuditorId.afterStepsExecuted", "154");
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Error getting configuration: ", e2.getMessage());
            }
            String msg3 = getMsg(resBundle, "security.admintask.ConfigurationError", null);
            if (e2.getMessage() != null) {
                msg3 = msg3.concat(": ").concat(e2.getMessage());
            }
            taskCommandResult.addWarnings(msg3);
            taskCommandResult.setResult(new Boolean(false));
            taskCommandResult.setException(new CommandException(msg3));
        }
    }
}
