package com.ibm.ws.objectgrid.security;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.objectgrid.Constants;
import com.ibm.ws.objectgrid.server.ServerStateUtility;
import com.ibm.ws.objectgrid.transport.XsTransportType;
import com.ibm.ws.xs.NLSConstants;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/ibm/ws/objectgrid/security/ServiceAuthorization.class */
public class ServiceAuthorization {
    private static final TraceComponent tc = Tr.register(ServiceAuthorization.class, Constants.TR_SECURITY_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");
    private static Set<String> noAuthRequiredSet;
    private static Set<String> authRequiredSet;
    private static Set<String> failClientRequestSet;
    private static Map<String, Set<String>> serviceToOperationMap;

    public void setupSets() {
        if (ServerStateUtility.getTransportType() == XsTransportType.XIO) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setup authorization sets for XIO transport type");
            }
            noAuthRequiredSet = ServiceAuthorizationXIOSets.getNoAuthRequiredSet();
            authRequiredSet = ServiceAuthorizationXIOSets.getAuthRequiredSet();
            failClientRequestSet = ServiceAuthorizationXIOSets.getFailClientRequestSet();
            serviceToOperationMap = ServiceAuthorizationXIOSets.getServiceToOperationMap();
            return;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Setup authorization sets for ORB transport type");
        }
        noAuthRequiredSet = ServiceAuthorizationOrbSets.getNoAuthRequiredSet();
        authRequiredSet = ServiceAuthorizationOrbSets.getAuthRequiredSet();
        failClientRequestSet = ServiceAuthorizationOrbSets.getFailClientRequestSet();
        serviceToOperationMap = ServiceAuthorizationOrbSets.getServiceToOperationMap();
    }

    public boolean isAuthorizationCheckRequired(String str, String str2) {
        boolean z = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isAuthorizationCheckRequired: ", new Object[]{str, str2});
        }
        if (noAuthRequiredSet.contains(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isAuthorizationCheckRequired, target found in noAuthRequiredSet");
            }
        } else {
            if (!authRequiredSet.contains(str)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "isAuthorizationCheckRequired check if found in failClientRequestSet");
                }
                if (!failClientRequestSet.contains(str)) {
                    throw new SecurityException("Internal authorization error: client sent, " + str2 + " to " + str + " , which is an unknown service ");
                }
                SecurityException securityException = new SecurityException(NLSConstants.SECURITY_NO_PERMISSIONS_CWOBJ1327E);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "isAuthorizationCheckRequired request is from client to a service not allowed to be called from a client throw exception " + securityException);
                }
                throw securityException;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isAuthorizationCheckRequired, target found in authRequiredSet");
            }
            if (str2 != null) {
                Set<String> set = serviceToOperationMap.get(str);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "isAuthorizationCheckRequired, operationsNoCheckingNeeded is ", set);
                }
                if (set == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "isAuthorizationCheckRequired, not in operationsNoCheckingNeeded set so must check");
                    }
                    z = true;
                } else if (!set.contains(str2)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "isAuthorizationCheckRequired, operation not found in operationsNoCheckingNeeded, checking needed");
                    }
                    z = true;
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "isAuthorizationCheckRequired, operation was found in operationsNoCheckingNeeded, no checking needed");
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isAuthorizationCheckRequired return: ", Boolean.valueOf(z));
        }
        return z;
    }
}
