package com.tivoli.xtela.core.security;

import com.tivoli.xtela.core.objectmodel.kernel.DBDeleteException;
import com.tivoli.xtela.core.objectmodel.kernel.DBEnumerateException;
import com.tivoli.xtela.core.objectmodel.kernel.DBNoSuchElementException;
import com.tivoli.xtela.core.objectmodel.kernel.DBPersistException;
import com.tivoli.xtela.core.objectmodel.kernel.DBSyncException;
import com.tivoli.xtela.core.objectmodel.security.ACL;
import com.tivoli.xtela.core.objectmodel.security.ACLFactory;
import com.tivoli.xtela.core.util.Assert;
import com.tivoli.xtela.core.util.TraceService;
import java.util.Enumeration;
import java.util.Vector;

/* loaded from: input_file:142513449e75f67c81acb6a2b8b6afc5/ijar/default:1461bdba47f34a7b3efd5e91142d6159:com/tivoli/xtela/core/security/AclImpl.class */
public class AclImpl implements Acl, AclAuth {
    private ACL acl;
    private static TraceService traceService;

    public AclImpl(String str, Vector vector) throws DBPersistException {
        traceService.log(1, 1, "Entering AclImpl ctor");
        Assert.m529assert(str != null, "null name for AclImpl ctor");
        Assert.m529assert(str.length() != 0, "empty name string for AclImpl ctor");
        this.acl = new ACL(str, "");
        this.acl.persist();
        if (vector != null && vector.size() > 0) {
            Enumeration elements = vector.elements();
            while (elements.hasMoreElements()) {
                addEntry((AclEntry) elements.nextElement());
            }
        }
        traceService.log(3, 2, "Created an instance of AclImpl");
        traceService.log(1, 1, "Exiting AclImpl ctor");
    }

    public AclImpl(String str) throws DBSyncException, DBNoSuchElementException {
        traceService.log(1, 1, "Entering AclImpl ctor");
        Assert.m529assert(str != null, "null name for AclImpl ctor");
        Assert.m529assert(str.length() != 0, "empty name string for AclImpl ctor");
        this.acl = ACLFactory.createACL(str);
        traceService.log(3, 2, "Created an instance of AclImpl");
        traceService.log(1, 1, "Exiting AclImpl ctor");
    }

    @Override // com.tivoli.xtela.core.security.Acl
    public void addEntry(AclEntry aclEntry) throws DBPersistException {
        traceService.log(1, 2, "Entering addEntry");
        this.acl.addEntry(aclEntry);
        traceService.log(1, 2, "Exiting addEntry");
    }

    @Override // com.tivoli.xtela.core.security.Acl
    public void removeEntry(AclEntry aclEntry) throws DBDeleteException {
        traceService.log(1, 2, "Entering removeEntry");
        this.acl.removeEntry(aclEntry);
        traceService.log(1, 2, "Exiting removeEntry");
    }

    @Override // com.tivoli.xtela.core.security.Acl
    public void removeEntryForElement(String str) throws DBDeleteException {
        traceService.log(1, 2, "Entering removeEntryForElement");
        this.acl.removeEntryForElement(str);
        traceService.log(1, 2, "Exiting removeEntryForElement");
    }

    @Override // com.tivoli.xtela.core.security.Acl
    public void replaceEntry(AclEntry aclEntry) throws DBDeleteException, DBPersistException {
        traceService.log(1, 2, "Entering replaceEntry");
        this.acl.replaceEntry(aclEntry);
        traceService.log(1, 2, "Exiting replaceEntry");
    }

    @Override // com.tivoli.xtela.core.security.Acl
    public Enumeration elements() throws DBEnumerateException {
        traceService.log(1, 2, "Entering elements");
        Enumeration elements = this.acl.elements();
        traceService.log(1, 2, "Exiting elements");
        return elements;
    }

    @Override // com.tivoli.xtela.core.security.AclAuth
    public boolean isAuth(Credentials credentials, String str) {
        traceService.log(1, 2, "Entering isAuth");
        Assert.m529assert(str != null, "null element for isAuth");
        Assert.m529assert(str.length() != 0, "empty element string for isAuth");
        try {
            traceService.log(10, 1, new StringBuffer("isAuth invoked with credentials ").append(credentials).append(" for element ").append(str).toString());
            RoleSet roleSet = null;
            String str2 = null;
            if (credentials == null) {
                traceService.log(10, 2, "isAuth invoked for unauthenticated user");
            } else if (credentials.hasExpired()) {
                traceService.log(10, 2, "isAuth invoked with expired credentials");
            } else {
                roleSet = credentials.getRoleSet();
                roleSet.addRole(1);
                str2 = credentials.getDomain();
            }
            Enumeration elements = this.acl.elements();
            while (true) {
                if (!elements.hasMoreElements()) {
                    break;
                }
                AclEntry aclEntry = (AclEntry) elements.nextElement();
                if (str.equals(aclEntry.getElement())) {
                    if (aclEntry.unauthenticated()) {
                        traceService.log(10, 2, "Passed authorization test because unauthenticated was permitted");
                        traceService.log(1, 2, "Exiting isAuth");
                        return true;
                    }
                    if (roleSet == null) {
                        traceService.log(10, 2, "Failed authorization test because unauthenticated was not permitted");
                        traceService.log(1, 2, "Exiting isAuth");
                        return false;
                    }
                    Enumeration elements2 = aclEntry.getPermissions().elements();
                    while (true) {
                        if (!elements2.hasMoreElements()) {
                            break;
                        }
                        Permission permission = (Permission) elements2.nextElement();
                        if (str2.equals(permission.getDomain())) {
                            RoleSet roleSet2 = permission.getRoleSet();
                            if (roleSet.intersection(roleSet2)) {
                                traceService.log(10, 2, "Passed authorization test");
                                traceService.log(1, 2, "Exiting isAuth");
                                return true;
                            }
                            traceService.log(10, 3, new StringBuffer("Authorization failed; roles authorized are ").append(roleSet2).toString());
                        }
                    }
                }
            }
        } catch (DBEnumerateException e) {
            traceService.log(10, 3, new StringBuffer("isAuth caught exception ").append(e).toString());
        }
        traceService.log(1, 2, "Exiting isAuth");
        return false;
    }

    @Override // com.tivoli.xtela.core.security.AclAuth
    public boolean isAuth(String str, String str2) {
        traceService.log(1, 1, "Entering isAuth");
        traceService.log(10, 1, new StringBuffer("isAuth invoked with principal ").append(str).append(" for element ").append(str2).toString());
        if (str.equals(PrincipalBase.unauth)) {
            boolean isAuth = isAuth((Credentials) null, str2);
            traceService.log(1, 1, "Exiting isAuth");
            return isAuth;
        }
        boolean isAuth2 = isAuth(new Credentials(PrincipalFactory.loadPrincipal(str)), str2);
        traceService.log(1, 1, "Exiting isAuth");
        return isAuth2;
    }

    @Override // com.tivoli.xtela.core.objectmodel.kernel.PersistentObject
    public void persist() throws DBPersistException {
        traceService.log(1, 2, "Entering persist");
        this.acl.persist();
        traceService.log(1, 2, "Exiting persist");
    }

    @Override // com.tivoli.xtela.core.objectmodel.kernel.PersistentObject
    public boolean sync() throws DBSyncException, DBNoSuchElementException {
        traceService.log(1, 2, "Entering sync");
        boolean sync = this.acl.sync();
        traceService.log(1, 2, "Exiting sync");
        return sync;
    }

    @Override // com.tivoli.xtela.core.objectmodel.kernel.PersistentObject
    public void delete() throws DBDeleteException {
        traceService.log(1, 2, "Entering delete");
        this.acl.delete();
        traceService.log(1, 2, "Exiting delete");
    }

    static {
        traceService = null;
        traceService = SecurityTraceService.getTraceService("AclImpl");
    }
}
