package com.ibm.ws.security.core;

import com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl;
import com.ibm.ISecurityUtilityImpl.SecurityAttributeList;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.ejs.models.base.bindings.applicationbnd.Group;
import com.ibm.ejs.models.base.bindings.applicationbnd.RoleAssignment;
import com.ibm.ejs.models.base.bindings.applicationbnd.SpecialSubject;
import com.ibm.ejs.models.base.bindings.applicationbnd.User;
import com.ibm.ejs.models.base.bindings.applicationbnd.impl.SubjectImpl;
import com.ibm.ejs.oa.EJSORB;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ejs.security.SecurityCollaborator;
import com.ibm.ejs.security.registry.RegistryImpl;
import com.ibm.ejs.security.util.Constants;
import com.ibm.etools.emf.ref.EList;
import com.ibm.etools.j2ee.common.SecurityRole;
import com.ibm.websphere.security.AuthorizationTable;
import com.ibm.websphere.security.SecurityProviderException;
import com.ibm.websphere.security.WASPrincipal;
import com.ibm.ws.runtime.Server;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.security.Principal;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import org.omg.CORBA.IntHolder;
import org.omg.Security.Attribute;
import org.omg.Security.AttributeType;
import org.omg.Security.DuplicateAttributeType;
import org.omg.Security.ExtensibleFamily;
import org.omg.Security.InvalidAttributeType;
import org.omg.SecurityLevel2.Credentials;

/* loaded from: input_file:lib/security.jar:com/ibm/ws/security/core/WSAccessManager.class */
public abstract class WSAccessManager implements AccessManager {
    public static final String USER = "user";
    public static final String GROUP = "group";
    public static final String ADMINAPP = "Server Administration Application";
    public static final String PLUGGABLE_AUTHZN_PROPERTY = "com.ibm.websphere.security.authorizationTable";
    private AuthorizationTable pluggableAuthTable;
    private String cellName;
    private String serverName;
    private static RegistryImpl registry;
    protected static final int PUBLIC = 0;
    protected static final int ACCESSID = 1;
    protected static final int GROUPID = 2;
    protected static AttributeType[] publicAttr;
    private static final TraceComponent tc;
    static Class class$com$ibm$ws$security$core$WSAccessManager;
    private static Hashtable authzTableMap = new Hashtable(10);
    private static com.ibm.ejs.models.base.bindings.applicationbnd.AuthorizationTable adminAppAuthTable = null;
    private static boolean filledAccessIDs = false;
    public static final IntHolder ZERO_INT = new IntHolder(0);
    protected static AttributeType[] secAttrs = new AttributeType[3];

    public WSAccessManager() {
        this.pluggableAuthTable = null;
        this.cellName = null;
        this.serverName = null;
        String property = EJSORB.getORBInstance().getProperty(PLUGGABLE_AUTHZN_PROPERTY);
        if (property == null || property.length() == 0) {
            return;
        }
        try {
            this.pluggableAuthTable = (AuthorizationTable) Class.forName(property).newInstance();
            Tr.audit(tc, Constants.nls.getFormattedMessage("security.wsaccessmanager.classloaded", new Object[]{property}, "Loaded Vendor AuthorizationTable: {0}"));
        } catch (ClassNotFoundException e) {
            Tr.error(tc, Constants.nls.getFormattedMessage("security.wsaccessmanager.classnotfound", new Object[]{property}, "Can not found class {0}"), e);
        } catch (InstantiationException e2) {
            Tr.error(tc, Constants.nls.getFormattedMessage("security.wsaccessmanager.instantiationerror", new Object[]{property}, "Can not instantiate class {0}"), e2);
        } catch (Exception e3) {
            Tr.error(tc, Constants.nls.getFormattedMessage("security.wsaccessmanager.classloading", new Object[]{property}, "Problem loading class {0}"), e3);
        }
        if (this.pluggableAuthTable == null) {
            Tr.audit(tc, Constants.nls.getFormattedMessage("security.wsaccessmanager.classloadingaudit", new Object[]{property}, "Problem loading class {0}, using default authorization table provided by WebSphere"));
        }
    }

    public WSAccessManager(RegistryImpl registryImpl) {
        this();
        registry = registryImpl;
        try {
            this.cellName = registryImpl.getRealm();
        } catch (Exception e) {
            Tr.error(tc, "Error trying to get realm name", e);
        }
        this.serverName = Server.getServerInstance().getApplicationServer().getName();
    }

    public static com.ibm.ejs.models.base.bindings.applicationbnd.AuthorizationTable getAdminAppAuthorizationTable() {
        return adminAppAuthTable;
    }

    public static Enumeration getAuthorizationTables() {
        return authzTableMap.elements();
    }

    public static void removeAuthorizationTable(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("removeAuthorizationTable ").append(str).toString());
        }
        authzTableMap.remove(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeAuthorizationTable ");
        }
    }

    public static void addAuthorizationTable(String str, com.ibm.ejs.models.base.bindings.applicationbnd.AuthorizationTable authorizationTable) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("addAuthorizationTable ").append(str).toString());
        }
        synchronized (authzTableMap) {
            int lastIndexOf = str.lastIndexOf("_");
            String substring = lastIndexOf != -1 ? str.substring(0, lastIndexOf) : str;
            if (authorizationTable != null) {
                if (substring.equals(ADMINAPP)) {
                    adminAppAuthTable = authorizationTable;
                }
                authzTableMap.put(str, authorizationTable);
                if (registry != null) {
                    fillMissingAccessIds(authorizationTable);
                } else {
                    Tr.debug(tc, "Registry is null");
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addAuthorizationTable ");
        }
    }

    @Override // com.ibm.ws.security.core.AccessManager
    public void checkAccess(AccessContext accessContext, Object obj, Object obj2, Principal principal) throws AccessException {
        String str = (String) obj;
        String str2 = (String) obj2;
        Credentials credentials = principal != null ? ((WSPrincipal) principal).getCredentials() : null;
        fillAccessIds();
        SecurityRole[] requiredRoles = getRequiredRoles(accessContext, str, str2);
        if (requiredRoles == null) {
            throw new AccessException("Null required roles");
        }
        if (requiredRoles == PermissionRoleMap.NO_REQUIRED_ROLES) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "no required roles declared in the DD ");
            }
            if (!allowIfNoRequiredRoles()) {
                throw new AccessException("No required roles defined");
            }
            return;
        }
        if (isEveryoneGranted(accessContext, requiredRoles)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append(str).append(str2).append(" is unprotected").toString());
                return;
            }
            return;
        }
        if (isGrantedAnyRole(accessContext, requiredRoles, credentials)) {
            if (tc.isDebugEnabled()) {
                StringBuffer stringBuffer = new StringBuffer(128);
                for (SecurityRole securityRole : requiredRoles) {
                    stringBuffer.append(" ").append(securityRole.getRoleName()).append(" ");
                }
                Tr.debug(tc, new StringBuffer().append(principal.toString()).append(" is granted").append(stringBuffer.toString()).toString());
                return;
            }
            return;
        }
        StringBuffer stringBuffer2 = new StringBuffer(128);
        stringBuffer2.append(principal.toString());
        stringBuffer2.append(" is not granted any of the required roles: ");
        for (SecurityRole securityRole2 : requiredRoles) {
            stringBuffer2.append(securityRole2.getRoleName()).append(" ");
        }
        String stringBuffer3 = stringBuffer2.toString();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, stringBuffer3);
        }
        throw new AccessException(stringBuffer3);
    }

    @Override // com.ibm.ws.security.core.AccessManager
    public boolean isGrantedRole(AccessContext accessContext, SecurityRole securityRole, Principal principal) {
        Credentials credentials = null;
        if (principal != null) {
            credentials = ((WSPrincipal) principal).getCredentials();
        }
        return isGrantedRole(accessContext, (com.ibm.ejs.models.base.bindings.applicationbnd.AuthorizationTable) authzTableMap.get(accessContext.getEnterpriseAppName()), securityRole, credentials);
    }

    public abstract SecurityRole[] getRequiredRoles(AccessContext accessContext, String str, String str2);

    public abstract boolean allowIfNoRequiredRoles();

    protected boolean isGrantedRole(AccessContext accessContext, com.ibm.ejs.models.base.bindings.applicationbnd.AuthorizationTable authorizationTable, SecurityRole securityRole, Credentials credentials) {
        Credentials credentials2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isGrantedRole");
        }
        fillAccessIds();
        if (this.pluggableAuthTable != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Using vendor supplied authorizer");
            }
            HashMap createAccessContext = createAccessContext(accessContext);
            String roleName = securityRole.getRoleName();
            WASPrincipal createWASPrincipal = createWASPrincipal(credentials);
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Calling Vendor Supplied Authorizerrole = ").append(roleName).append(" Principal = ").append(createWASPrincipal.toString()).toString());
                }
                return this.pluggableAuthTable.isGrantedRole(createAccessContext, roleName, createWASPrincipal);
            } catch (SecurityProviderException e) {
                Tr.error(tc, Constants.nls.getString("security.wsaccessmanager.VendorAuthTableError", "Error returned from Vendor AuthorizationTable"), e);
                StringWriter stringWriter = new StringWriter();
                e.printStackTrace(new PrintWriter(stringWriter));
                Tr.error(tc, stringWriter.toString());
                Exception exception = e.getException();
                if (exception == null) {
                    return false;
                }
                Tr.error(tc, Constants.nls.getString("security.wsaccessmanager.VendorAuthTableSpecificError", "Vendor's specific exception"), e);
                StringWriter stringWriter2 = new StringWriter();
                exception.printStackTrace(new PrintWriter(stringWriter2));
                Tr.error(tc, stringWriter2.toString());
                return false;
            } catch (Exception e2) {
                Tr.error(tc, Constants.nls.getString("security.wsaccessmanager.VendorAuthTableGenericError", "Generic Error from Vendor AuthorizationTable"), e2);
                return false;
            }
        }
        if (authorizationTable == null) {
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "isGrantedRole, null authorization table, exit value: false");
            return false;
        }
        List subjectsForRole = authorizationTable.getSubjectsForRole(securityRole);
        if (subjectsForRole == null) {
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "isGrantedRole, getSubjectsForRole() returned null, exit value:false");
            return false;
        }
        if (subjectsForRole.contains(Constants.EVERYONE)) {
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "isGrantedRole, EVERYONE granted access, exit value:true");
            return true;
        }
        if (credentials == null || ((CredentialsImpl) credentials).isUnauthenticated()) {
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "isGrantedRole, rCreds are null or rCreds are Unauthenticated, exit value:false");
            return false;
        }
        try {
            credentials2 = SecurityCollaborator.getActualCredential(credentials);
        } catch (Exception e3) {
            credentials2 = null;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("getActualCredential() thru an exception:").append(e3).toString());
            }
        }
        if (credentials2 == null) {
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "isGrantedRole, getActualCredential() thru an exception, exit value:false");
            return false;
        }
        String accessId = getAccessId(credentials2);
        if (accessId != null && subjectsForRole.contains(Constants.ALL_AUTHENTICATED_USERS)) {
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "isGrantedRole, ALL_AUTHENTICATED_USERS granted, exit value:true");
            return true;
        }
        if (subjectsForRole.contains(new SubjectImpl(accessId, accessId))) {
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, new StringBuffer().append("subjects.contains() accessId[").append(accessId).append("], exit value:true").toString());
            return true;
        }
        String[] groupIds = getGroupIds(credentials2);
        int length = groupIds == null ? 0 : groupIds.length;
        for (int i = 0; i < length; i++) {
            if (subjectsForRole.contains(new SubjectImpl(groupIds[i], groupIds[i]))) {
                if (!tc.isEntryEnabled()) {
                    return true;
                }
                Tr.exit(tc, new StringBuffer().append("Group subjects.contains() accessId[").append(accessId).append("], exit value:true").toString());
                return true;
            }
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, new StringBuffer().append("No role or group role found for accessId[").append(accessId).append("], exit value:true").toString());
        return false;
    }

    @Override // com.ibm.ws.security.core.AccessManager
    public boolean isEveryoneGranted(AccessContext accessContext, SecurityRole[] securityRoleArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isEveryoneGranted");
        }
        fillAccessIds();
        if (this.pluggableAuthTable == null) {
            com.ibm.ejs.models.base.bindings.applicationbnd.AuthorizationTable authorizationTable = (com.ibm.ejs.models.base.bindings.applicationbnd.AuthorizationTable) authzTableMap.get(accessContext.getEnterpriseAppName());
            if (authorizationTable == null) {
                if (!tc.isEntryEnabled()) {
                    return false;
                }
                Tr.exit(tc, "isGrantedRole, null authorization table, exit value: false");
                return false;
            }
            List rolesForSubject = authorizationTable.getRolesForSubject(Constants.EVERYONE);
            if (rolesForSubject != null) {
                for (SecurityRole securityRole : securityRoleArr) {
                    if (rolesForSubject.contains(securityRole)) {
                        if (!tc.isEntryEnabled()) {
                            return true;
                        }
                        Tr.exit(tc, "isGrantedRole, EVERYONE granted access, exit value:true");
                        return true;
                    }
                }
            }
            Tr.exit(tc, "No roles granted to the special subject, Everyone");
            return false;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Using vendor supplied authorizer");
        }
        HashMap createAccessContext = createAccessContext(accessContext);
        String[] strArr = null;
        if (securityRoleArr != null) {
            strArr = new String[securityRoleArr.length];
            for (int i = 0; i < securityRoleArr.length; i++) {
                strArr[i] = securityRoleArr[i].getRoleName();
            }
        }
        try {
            if (tc.isDebugEnabled()) {
                StringBuffer stringBuffer = new StringBuffer(128);
                for (String str : strArr) {
                    stringBuffer.append(" ").append(str);
                }
                Tr.debug(tc, new StringBuffer().append("Calling Vendor Supplied Authorizer roles are = ").append((Object) stringBuffer).toString());
            }
            return this.pluggableAuthTable.isEveryoneGranted(createAccessContext, strArr);
        } catch (SecurityProviderException e) {
            Tr.error(tc, Constants.nls.getString("security.wsaccessmanager.VendorAuthTableError", "Error returned from Vendor AuthorizationTable"), e);
            StringWriter stringWriter = new StringWriter();
            e.printStackTrace(new PrintWriter(stringWriter));
            Tr.error(tc, stringWriter.toString());
            Exception exception = e.getException();
            if (exception == null) {
                return false;
            }
            Tr.error(tc, Constants.nls.getString("security.wsaccessmanager.VendorAuthTableSpecificError", "Vendor's specific exception"), e);
            StringWriter stringWriter2 = new StringWriter();
            exception.printStackTrace(new PrintWriter(stringWriter2));
            Tr.error(tc, stringWriter2.toString());
            return false;
        } catch (Exception e2) {
            Tr.error(tc, Constants.nls.getString("security.wsaccessmanager.VendorAuthTableGenericError", "Generic Error from Vendor AuthorizationTable"), e2);
            return false;
        }
    }

    @Override // com.ibm.ws.security.core.AccessManager
    public boolean isGrantedAnyRole(AccessContext accessContext, SecurityRole[] securityRoleArr, Credentials credentials) {
        Credentials credentials2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isGrantedAnyRole");
        }
        fillAccessIds();
        if (this.pluggableAuthTable != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Using vendor supplied authorizer");
            }
            HashMap createAccessContext = createAccessContext(accessContext);
            String[] strArr = null;
            if (securityRoleArr != null) {
                strArr = new String[securityRoleArr.length];
                for (int i = 0; i < securityRoleArr.length; i++) {
                    strArr[i] = securityRoleArr[i].getRoleName();
                }
            }
            WASPrincipal createWASPrincipal = createWASPrincipal(credentials);
            try {
                if (tc.isDebugEnabled()) {
                    StringBuffer stringBuffer = new StringBuffer(128);
                    for (String str : strArr) {
                        stringBuffer.append(" ").append(str);
                    }
                    Tr.debug(tc, new StringBuffer().append("Calling Vendor Supplied Authorizer, roles are = ").append((Object) stringBuffer).append(" Principal = ").append(createWASPrincipal.toString()).toString());
                }
                return this.pluggableAuthTable.isGrantedAnyRole(createAccessContext, strArr, createWASPrincipal);
            } catch (SecurityProviderException e) {
                Tr.error(tc, Constants.nls.getString("security.wsaccessmanager.VendorAuthTableError", "Error returned from Vendor AuthorizationTable"), e);
                StringWriter stringWriter = new StringWriter();
                e.printStackTrace(new PrintWriter(stringWriter));
                Tr.error(tc, stringWriter.toString());
                Exception exception = e.getException();
                if (exception == null) {
                    return false;
                }
                Tr.error(tc, Constants.nls.getString("security.wsaccessmanager.VendorAuthTableSpecificError", "Vendor's specific exception"), e);
                StringWriter stringWriter2 = new StringWriter();
                exception.printStackTrace(new PrintWriter(stringWriter2));
                Tr.error(tc, stringWriter2.toString());
                return false;
            } catch (Exception e2) {
                Tr.error(tc, Constants.nls.getString("security.wsaccessmanager.VendorAuthTableGenericError", "Generic Error from Vendor AuthorizationTable"), e2);
                return false;
            }
        }
        com.ibm.ejs.models.base.bindings.applicationbnd.AuthorizationTable authorizationTable = (com.ibm.ejs.models.base.bindings.applicationbnd.AuthorizationTable) authzTableMap.get(accessContext.getEnterpriseAppName());
        if (authorizationTable == null) {
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "isGrantedAnyRole, null authorization table, exit value: false");
            return false;
        }
        if (credentials == null || ((CredentialsImpl) credentials).isUnauthenticated()) {
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "isGrantedRole, rCreds are null or rCreds are Unauthenticated, exit value:false");
            return false;
        }
        try {
            credentials2 = SecurityCollaborator.getActualCredential(credentials);
        } catch (Exception e3) {
            credentials2 = null;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("getActualCredential() thru an exception:").append(e3).toString());
            }
        }
        if (credentials2 == null) {
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "isGrantedAnyRole, getActualCredential() thru an exception, exit value:false");
            return false;
        }
        List rolesForSubject = authorizationTable.getRolesForSubject(Constants.ALL_AUTHENTICATED_USERS);
        if (rolesForSubject != null) {
            for (SecurityRole securityRole : securityRoleArr) {
                if (rolesForSubject.contains(securityRole)) {
                    if (!tc.isEntryEnabled()) {
                        return true;
                    }
                    Tr.exit(tc, "isGrantedAnyRole granted access, exit value:true");
                    return true;
                }
            }
        }
        String accessId = getAccessId(credentials2);
        List rolesForSubject2 = authorizationTable.getRolesForSubject(new SubjectImpl(accessId, accessId));
        if (rolesForSubject2 != null) {
            if (tc.isEntryEnabled()) {
                StringBuffer stringBuffer2 = new StringBuffer(accessId);
                stringBuffer2.append(" is granted");
                Iterator it = rolesForSubject2.iterator();
                while (it.hasNext()) {
                    stringBuffer2.append(" ");
                    stringBuffer2.append(it.next().toString());
                }
                Tr.debug(tc, stringBuffer2.toString());
            }
            for (SecurityRole securityRole2 : securityRoleArr) {
                if (rolesForSubject2.contains(securityRole2)) {
                    if (!tc.isEntryEnabled()) {
                        return true;
                    }
                    Tr.exit(tc, "isGrantedAnyRole granted access, exit value:true");
                    return true;
                }
            }
        }
        String[] groupIds = getGroupIds(credentials2);
        int length = groupIds == null ? 0 : groupIds.length;
        for (int i2 = 0; i2 < length; i2++) {
            List rolesForSubject3 = authorizationTable.getRolesForSubject(new SubjectImpl(groupIds[i2], groupIds[i2]));
            if (rolesForSubject3 != null) {
                for (SecurityRole securityRole3 : securityRoleArr) {
                    if (rolesForSubject3.contains(securityRole3)) {
                        if (!tc.isEntryEnabled()) {
                            return true;
                        }
                        Tr.exit(tc, new StringBuffer().append("Group subjects.contains() accessId[").append(accessId).append("], exit value:true").toString());
                        return true;
                    }
                }
            }
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, new StringBuffer().append("isGrantedAnyRole:No role or group role found for accessId[").append(accessId).append("], exit value:true").toString());
        return false;
    }

    protected static synchronized void fillAccessIds() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fillAccessIds");
        }
        if (!filledAccessIDs) {
            Iterator it = authzTableMap.values().iterator();
            while (it.hasNext()) {
                fillMissingAccessIds((com.ibm.ejs.models.base.bindings.applicationbnd.AuthorizationTable) it.next());
            }
            Tr.debug(tc, "Access IDs filled");
            filledAccessIDs = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "fillAccessIds");
        }
    }

    protected static void fillMissingAccessIds(com.ibm.ejs.models.base.bindings.applicationbnd.AuthorizationTable authorizationTable) {
        for (RoleAssignment roleAssignment : authorizationTable.getAuthorizations()) {
            EList specialSubjects = roleAssignment.getSpecialSubjects();
            int size = specialSubjects.size();
            for (int i = 0; i < size; i++) {
                SpecialSubject specialSubject = (SpecialSubject) specialSubjects.get(i);
                String name = specialSubject.getName();
                String accessId = specialSubject.getAccessId();
                Tr.debug(tc, "SpecialSubject.getName()=", specialSubject.getName());
                if (accessId == null || accessId.length() == 0) {
                    specialSubject.setAccessId(name);
                }
            }
            for (User user : roleAssignment.getUsers()) {
                if (user.getAccessId() == null || user.getAccessId().length() == 0) {
                    try {
                        String privilegeAttributeId = registry.getPrivilegeAttributeId("user", user.getName());
                        if (privilegeAttributeId != null && privilegeAttributeId.length() > 0) {
                            user.setAccessId(privilegeAttributeId);
                        }
                    } catch (Exception e) {
                        Tr.debug(tc, new StringBuffer().append("Invalid user: ").append(user.getName()).toString(), e);
                    }
                }
            }
            for (Group group : roleAssignment.getGroups()) {
                if (group.getAccessId() == null || group.getAccessId().length() == 0) {
                    try {
                        String privilegeAttributeId2 = registry.getPrivilegeAttributeId("group", group.getName());
                        if (privilegeAttributeId2 != null && privilegeAttributeId2.length() > 0) {
                            group.setAccessId(privilegeAttributeId2);
                        }
                    } catch (Exception e2) {
                        Tr.debug(tc, new StringBuffer().append("Invalid group: ").append(group.getName()).toString(), e2);
                    }
                }
            }
        }
    }

    private String getAccessId(Credentials credentials) {
        Attribute[] attributeArr = null;
        try {
            attributeArr = credentials.get_attributes(secAttrs);
        } catch (DuplicateAttributeType e) {
        } catch (InvalidAttributeType e2) {
        }
        return StringBytesConversion.getConvertedString(attributeArr[1].value);
    }

    private String[] getGroupIds(Credentials credentials) {
        Attribute[] attributeArr = null;
        try {
            attributeArr = credentials.get_attributes(secAttrs);
        } catch (DuplicateAttributeType e) {
        } catch (InvalidAttributeType e2) {
        }
        return SecurityAttributeList.getAttributeStringArray(attributeArr[2].value);
    }

    private String getSecurityName(Credentials credentials) {
        Attribute[] attributeArr = null;
        try {
            attributeArr = credentials.get_attributes(secAttrs);
        } catch (DuplicateAttributeType e) {
        } catch (InvalidAttributeType e2) {
        }
        return StringBytesConversion.getConvertedString(attributeArr[0].value);
    }

    private HashMap createAccessContext(AccessContext accessContext) {
        HashMap hashMap = new HashMap(3);
        hashMap.put(AuthorizationTable.APP_NAME, accessContext.getEnterpriseAppName());
        hashMap.put(AuthorizationTable.SERVER_NAME, this.serverName);
        hashMap.put(AuthorizationTable.CELL_NAME, this.cellName);
        return hashMap;
    }

    private WASPrincipal createWASPrincipal(Credentials credentials) {
        Credentials credentials2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createWASPrincipal");
        }
        List list = null;
        if (credentials == null || ((CredentialsImpl) credentials).isUnauthenticated()) {
            return new WASPrincipal(WASPrincipal.UNAUTHENTICATED, null, null);
        }
        try {
            credentials2 = SecurityCollaborator.getActualCredential(credentials);
        } catch (Exception e) {
            credentials2 = null;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("getActualCredential() threw an exception:").append(e).toString());
            }
        }
        if (credentials2 == null) {
            return new WASPrincipal(WASPrincipal.UNAUTHENTICATED, null, null);
        }
        Object[] credsAttrs = getCredsAttrs(credentials2);
        String str = (String) credsAttrs[0];
        String str2 = (String) credsAttrs[1];
        String[] strArr = (String[]) credsAttrs[2];
        if (str2.startsWith("user:")) {
            str2 = str2.substring("user:".length());
        }
        if (strArr != null) {
            for (int i = 0; i < strArr.length; i++) {
                if (strArr[i].startsWith("group:")) {
                    strArr[i] = strArr[i].substring("group:".length());
                }
            }
            list = Arrays.asList(strArr);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("creating WASPrincipal for ").append(str).append(" userId = ").append(str2).append(" groupIds = ").append(strArr).toString());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createWASPrincipal");
        }
        return new WASPrincipal(str, str2, list);
    }

    private Object[] getCredsAttrs(Credentials credentials) {
        Object[] objArr = new Object[3];
        try {
            Attribute[] attributeArr = credentials.get_attributes(secAttrs);
            objArr[0] = StringBytesConversion.getConvertedString(attributeArr[0].value);
            objArr[1] = StringBytesConversion.getConvertedString(attributeArr[1].value);
            objArr[2] = SecurityAttributeList.getAttributeStringArray(attributeArr[2].value);
            return objArr;
        } catch (DuplicateAttributeType e) {
            return objArr;
        } catch (InvalidAttributeType e2) {
            return objArr;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        ExtensibleFamily extensibleFamily = new ExtensibleFamily((short) 0, (short) 1);
        secAttrs[0] = new AttributeType(extensibleFamily, 1);
        secAttrs[1] = new AttributeType(extensibleFamily, 2);
        secAttrs[2] = new AttributeType(extensibleFamily, 4);
        if (class$com$ibm$ws$security$core$WSAccessManager == null) {
            cls = class$("com.ibm.ws.security.core.WSAccessManager");
            class$com$ibm$ws$security$core$WSAccessManager = cls;
        } else {
            cls = class$com$ibm$ws$security$core$WSAccessManager;
        }
        tc = Tr.register(cls);
    }
}
