package com.ibm.ws.security.core;

import com.ibm.ejs.models.base.bindings.applicationbnd.AuthorizationTable;
import com.ibm.ejs.models.base.bindings.applicationbnd.Group;
import com.ibm.ejs.models.base.bindings.applicationbnd.RoleAssignment;
import com.ibm.ejs.models.base.bindings.applicationbnd.SpecialSubject;
import com.ibm.ejs.models.base.bindings.applicationbnd.User;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ras.RASFormatter;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.registry.RegistryUtil;
import com.ibm.ws.security.role.PluggableAuthorizationTableProxy;
import com.ibm.ws.security.role.RoleBasedAppException;
import com.ibm.ws.security.role.RoleBasedAuthorizer;
import com.ibm.ws.security.role.RoleBasedConfiguratorFactory;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.Constants;
import com.ibm.ws.security.util.WCCMHelper;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.Subject;
import org.eclipse.emf.common.util.EList;
import org.eclipse.jst.j2ee.common.SecurityRole;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ws/security/core/WSAccessManager.class */
public abstract class WSAccessManager implements AccessManager {
    public static final String USER = "user";
    public static final String GROUP = "group";
    public static final String ADMINAPP = "Server Administration Application";
    private static final TraceComponent tc;
    private static Hashtable authzTableMap;
    private static Hashtable contextIDTable;
    private static AuthorizationTable adminAppAuthTable;
    private PluggableAuthorizationTableProxy pluggableAuthTable;
    private String serverId;
    private User userSub;
    private Group groupSub;
    private static boolean ignoreCase;
    private static boolean isLDAPRegistry;
    private static UserRegistry registry;
    private static boolean filledAccessIDs;
    private static ContextManager contextManager;
    protected RoleBasedAuthorizer adminAuthorizer;
    protected static List adminapps;
    static Class class$com$ibm$ws$security$core$WSAccessManager;

    public WSAccessManager() {
        this.pluggableAuthTable = null;
        this.serverId = null;
        this.userSub = null;
        this.groupSub = null;
        this.adminAuthorizer = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>");
        }
        contextManager = ContextManagerFactory.getInstance();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "admin applications", adminapps);
        }
        this.pluggableAuthTable = PluggableAuthorizationTableProxy.getAuthorizationTableProxy();
        Boolean bool = (Boolean) SecurityConfig.getConfig().getValue(CommonConstants.IGNORE_CASE);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "ignoreCae", bool);
        }
        if (bool != null && bool.booleanValue()) {
            ignoreCase = true;
        }
        SecurityConfig.getConfig();
        if (SecurityConfig.isRegLDAP()) {
            isLDAPRegistry = true;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "User registry type is LDAP");
            }
        }
        try {
            this.serverId = getAccessId(ContextManagerFactory.getInstance().getServerCredential());
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("serverId is set to: ").append(this.serverId).toString());
            }
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.core.WSAccessManager.WSAccessManager", "164", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "failed to form serverId");
            }
        }
        this.groupSub = WCCMHelper.createGroup("group", "group");
        this.userSub = WCCMHelper.createUser("user", "user");
        try {
            this.adminAuthorizer = RoleBasedConfiguratorFactory.getConfigurator().getRoleBasedAuthorizer(Constants.ADMIN_APP, "domain");
        } catch (RoleBasedAppException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.WSAccessManager.WSAccessManager", "180", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "failed to initialize RoleBasedAuthorizer");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>");
        }
    }

    public static void setAccessIdsFilled() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setAccessIdsFilled");
        }
        filledAccessIDs = true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setAccessIdsFilled");
        }
    }

    public static AuthorizationTable getAdminAppAuthorizationTable() {
        return adminAppAuthTable;
    }

    public static Enumeration getAuthorizationTables() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuthorizationTables");
        }
        Enumeration elements = authzTableMap.elements();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuthorizationTables", elements);
        }
        return elements;
    }

    public static AuthorizationTable getAuthorizationTable(String str) {
        return (AuthorizationTable) authzTableMap.get(str);
    }

    public static void removeAuthorizationTable(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeAuthorizationTable", str);
        }
        authzTableMap.remove(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeAuthorizationTable");
        }
    }

    public static void addAuthorizationTable(String str, AuthorizationTable authorizationTable) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addAuthorizationTable", new Object[]{str, authorizationTable});
        }
        synchronized (authzTableMap) {
            int lastIndexOf = str.lastIndexOf("_");
            String substring = lastIndexOf != -1 ? str.substring(0, lastIndexOf) : str;
            if (authorizationTable != null) {
                if (substring.equals(ADMINAPP)) {
                    adminAppAuthTable = authorizationTable;
                }
                authzTableMap.put(str, authorizationTable);
                fillMissingAccessIds(authorizationTable);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addAuthorizationTable");
        }
    }

    public static void storeContextID(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "storeContextID", new Object[]{str, str2});
        }
        synchronized (contextIDTable) {
            if (str2 != null) {
                contextIDTable.put(str, str2);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "storeContextID");
        }
    }

    public static void removeContextID(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeContextID", str);
        }
        synchronized (contextIDTable) {
            contextIDTable.remove(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeContextID");
        }
    }

    public static String getContextID(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getContextID", str);
        }
        String str2 = (String) contextIDTable.get(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getContextID", str2);
        }
        return str2;
    }

    public static boolean checkIfAdminApp(String str) {
        return adminapps != null && adminapps.contains(str);
    }

    public abstract SecurityRole[] getRequiredRoles(AccessContext accessContext, String str, String str2);

    public abstract boolean allowIfNoRequiredRoles();

    public abstract boolean isExcluded(AccessContext accessContext, String str, String str2);

    @Override // com.ibm.ws.security.core.AccessManager
    public void checkAccess(AccessContext accessContext, Object obj, Object obj2, Principal principal) throws AccessException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkAccess", new Object[]{accessContext, obj, obj2, principal});
        }
        String str = (String) obj;
        String str2 = (String) obj2;
        Subject subject = principal != null ? ((WSPrincipal) principal).getSubject() : null;
        SecurityRole[] requiredRoles = getRequiredRoles(accessContext, str, str2);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Required Roles", requiredRoles);
        }
        if (requiredRoles == null) {
            throw new AccessException("Null required roles");
        }
        if (isExcluded(accessContext, str, str2)) {
            throw new AccessException(new StringBuffer().append(str).append(":").append(str2).append(" is excluded").toString());
        }
        if (requiredRoles == PermissionRoleMap.EMPTY_REQUIRED_ROLES) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Empty required roles list defined in Authorization Constraint for the web applicaiton in the DD");
            }
            throw new AccessException("Empty required roles list defined in Authorization Constraint");
        }
        if (requiredRoles == PermissionRoleMap.NO_REQUIRED_ROLES) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "no required roles declared in the DD");
            }
            if (!allowIfNoRequiredRoles()) {
                throw new AccessException("No required roles defined");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkAccess");
                return;
            }
            return;
        }
        if (accessContext == null || !checkIfAdminApp(accessContext.getEnterpriseAppName())) {
            if (isEveryoneGranted(accessContext, requiredRoles)) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkAccess");
                    return;
                }
                return;
            } else if (isGrantedAnyRole(accessContext, requiredRoles, subject)) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkAccess");
                    return;
                }
                return;
            }
        } else if (this.adminAuthorizer.isGrantedRole(getNamesFromRoles(requiredRoles), subject)) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkAccess");
                return;
            }
            return;
        }
        StringBuffer stringBuffer = new StringBuffer(128);
        stringBuffer.append(principal.toString());
        stringBuffer.append(" is not granted any of the required roles: ");
        for (SecurityRole securityRole : requiredRoles) {
            stringBuffer.append(securityRole.getRoleName()).append(RASFormatter.DEFAULT_SEPARATOR);
        }
        String stringBuffer2 = stringBuffer.toString();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, stringBuffer2);
        }
        throw new AccessException(stringBuffer2);
    }

    @Override // com.ibm.ws.security.core.AccessManager
    public boolean isGrantedRole(AccessContext accessContext, SecurityRole securityRole, Principal principal) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isGrantedRole", new Object[]{accessContext, securityRole, principal});
        }
        Subject subject = principal != null ? ((WSPrincipal) principal).getSubject() : null;
        String enterpriseAppName = accessContext != null ? accessContext.getEnterpriseAppName() : null;
        boolean isGrantedRole = accessContext != null ? checkIfAdminApp(enterpriseAppName) : false ? this.adminAuthorizer.isGrantedRole(new String[]{securityRole.getRoleName()}, subject) : isGrantedRole(accessContext, getAuthorizationTable(enterpriseAppName), securityRole, subject);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isGrantedRole", new Boolean(isGrantedRole));
        }
        return isGrantedRole;
    }

    protected boolean isGrantedRole(AccessContext accessContext, AuthorizationTable authorizationTable, SecurityRole securityRole, Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isGrantedRole", new Object[]{accessContext, authorizationTable, securityRole, subjectToString(subject)});
        }
        boolean z = false;
        if (this.pluggableAuthTable != null) {
            z = this.pluggableAuthTable.isGrantedRole(accessContext, securityRole, subject);
        } else if (authorizationTable != null) {
            SecurityRole[] securityRoleArr = {securityRole};
            if (isEveryoneGranted(accessContext, securityRoleArr)) {
                z = true;
            } else if (isGrantedAnyRole(accessContext, securityRoleArr, subject)) {
                z = true;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isGrantedRole", new Boolean(z));
        }
        return z;
    }

    @Override // com.ibm.ws.security.core.AccessManager
    public boolean isEveryoneGranted(AccessContext accessContext, SecurityRole[] securityRoleArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isEveryoneGranted", new Object[]{accessContext, securityRoleArr});
        }
        boolean z = false;
        if (securityRoleArr != PermissionRoleMap.EMPTY_REQUIRED_ROLES) {
            z = this.pluggableAuthTable != null ? this.pluggableAuthTable.isEveryoneGranted(accessContext, securityRoleArr) : isSpecialSubjectGrantedAnyRole(getAuthorizationTable(accessContext.getEnterpriseAppName()), securityRoleArr, Constants.EVERYONE);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Empty required roles list from web application DD");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isEveryoneGranted", new Boolean(z));
        }
        return z;
    }

    private boolean isServerId(String str) {
        return str != null && str.equalsIgnoreCase(this.serverId);
    }

    @Override // com.ibm.ws.security.core.AccessManager
    public boolean isGrantedAnyRole(AccessContext accessContext, SecurityRole[] securityRoleArr, Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isGrantedAnyRole", new Object[]{accessContext, securityRoleArr, subjectToString(subject)});
        }
        String enterpriseAppName = accessContext != null ? accessContext.getEnterpriseAppName() : null;
        boolean checkIfAdminApp = accessContext != null ? checkIfAdminApp(enterpriseAppName) : false;
        boolean z = false;
        if (securityRoleArr != PermissionRoleMap.EMPTY_REQUIRED_ROLES) {
            z = checkIfAdminApp ? this.adminAuthorizer.isGrantedRole(getNamesFromRoles(securityRoleArr), subject) : this.pluggableAuthTable != null ? this.pluggableAuthTable.isGrantedAnyRole(accessContext, securityRoleArr, subject) : isGrantedAnyRole(getAuthorizationTable(enterpriseAppName), securityRoleArr, subject);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Empty required roles list from web application DD");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isGrantedAnyRole", new Boolean(z));
        }
        return z;
    }

    private boolean isGrantedAnyRole(AuthorizationTable authorizationTable, SecurityRole[] securityRoleArr, Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isGrantedAnyRole", new Object[]{authorizationTable, securityRoleArr, subjectToString(subject)});
        }
        boolean z = false;
        Subject authenticatedSubject = getAuthenticatedSubject(subject);
        if (authenticatedSubject != null) {
            if (isSpecialSubjectGrantedAnyRole(authorizationTable, securityRoleArr, Constants.ALL_AUTHENTICATED_USERS)) {
                z = true;
            } else {
                WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(authenticatedSubject);
                if (isServerId(getAccessId(wSCredentialFromSubject)) && isSpecialSubjectGrantedAnyRole(authorizationTable, securityRoleArr, Constants.SERVER)) {
                    z = true;
                } else if (isGrantedAnyRole(authorizationTable, securityRoleArr, wSCredentialFromSubject)) {
                    z = true;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isGrantedAnyRole", new Boolean(z));
        }
        return z;
    }

    private boolean isSpecialSubjectGrantedAnyRole(AuthorizationTable authorizationTable, SecurityRole[] securityRoleArr, SpecialSubject specialSubject) {
        List rolesForSubject;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isSpecialSubjectGrantedAnyRole", new Object[]{authorizationTable, securityRoleArr, specialSubject});
        }
        boolean z = false;
        if (authorizationTable != null && (rolesForSubject = authorizationTable.getRolesForSubject(specialSubject)) != null) {
            int i = 0;
            while (true) {
                if (i >= securityRoleArr.length) {
                    break;
                }
                if (rolesForSubject.contains(securityRoleArr[i])) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isSpecialSubjectGrantedAnyRole", new Boolean(z));
        }
        return z;
    }

    private boolean isGrantedAnyRole(AuthorizationTable authorizationTable, SecurityRole[] securityRoleArr, WSCredential wSCredential) {
        List rolesForSubject;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isGrantedAnyRole", new Object[]{authorizationTable, securityRoleArr, wSCredential});
        }
        boolean z = false;
        if (authorizationTable != null) {
            String accessId = getAccessId(wSCredential);
            synchronized (this.userSub) {
                this.userSub.setAccessId(accessId);
                this.userSub.setName(accessId);
                rolesForSubject = authorizationTable.getRolesForSubject(this.userSub);
            }
            int i = 0;
            while (true) {
                if (rolesForSubject == null || i >= securityRoleArr.length) {
                    break;
                }
                if (rolesForSubject.contains(securityRoleArr[i])) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                String[] groupIds = getGroupIds(wSCredential);
                synchronized (this.groupSub) {
                    int i2 = 0;
                    while (groupIds != null) {
                        if (i2 >= groupIds.length || z) {
                            break;
                        }
                        this.groupSub.setAccessId(groupIds[i2]);
                        this.groupSub.setName(groupIds[i2]);
                        List rolesForSubject2 = authorizationTable.getRolesForSubject(this.groupSub);
                        int i3 = 0;
                        while (true) {
                            if (rolesForSubject2 != null && i3 < securityRoleArr.length) {
                                if (rolesForSubject2.contains(securityRoleArr[i3])) {
                                    z = true;
                                    break;
                                }
                                i3++;
                            }
                        }
                        i2++;
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isGrantedAnyRole", new Boolean(z));
        }
        return z;
    }

    private Subject getAuthenticatedSubject(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuthenticatedSubject", subjectToString(subject));
        }
        Subject subject2 = null;
        WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
        if (wSCredentialFromSubject == null || wSCredentialFromSubject.isUnauthenticated()) {
            subject2 = null;
        } else if (wSCredentialFromSubject.isBasicAuth()) {
            try {
                subject2 = (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction(this, wSCredentialFromSubject) { // from class: com.ibm.ws.security.core.WSAccessManager.1
                    private final WSCredential val$rCreds;
                    private final WSAccessManager this$0;

                    {
                        this.this$0 = this;
                        this.val$rCreds = wSCredentialFromSubject;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws WSLoginFailedException {
                        return WSAccessManager.contextManager.login(this.val$rCreds);
                    }
                });
            } catch (PrivilegedActionException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.WSAccessManager.getAuthenticatedSubject", "801", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("authentication failed:").append(e.getException()).toString());
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.core.WSAccessManager.getAuthenticatedSubject", "806", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("authentication failed:").append(e2).toString());
                }
                subject2 = null;
            }
        } else {
            subject2 = subject;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuthenticatedSubject", subjectToString(subject2));
        }
        return subject2;
    }

    private String[] getNamesFromRoles(SecurityRole[] securityRoleArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getNamesFromRoles", securityRoleArr);
        }
        String[] strArr = new String[securityRoleArr == null ? 0 : securityRoleArr.length];
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = securityRoleArr[i].getRoleName();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getNamesFromRoles", strArr);
        }
        return strArr;
    }

    protected static synchronized void fillAccessIds() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fillAccessIds");
        }
        Iterator it = authzTableMap.values().iterator();
        while (it.hasNext()) {
            fillMissingAccessIds((AuthorizationTable) it.next());
        }
        setAccessIdsFilled();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "fillAccessIds");
        }
    }

    protected static void fillMissingAccessIds(AuthorizationTable authorizationTable) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fillMissingAccessIds", authorizationTable);
        }
        try {
            if (registry == null) {
                if (contextManager == null) {
                    return;
                } else {
                    registry = contextManager.getRegistry(contextManager.getDefaultRealm());
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.WSAccessManager.fillMissingAccessIds", "884");
            Tr.error(tc, "security.wsaccessmanage.get.reg", new Object[]{e});
        }
        for (RoleAssignment roleAssignment : authorizationTable.getAuthorizations()) {
            EList specialSubjects = roleAssignment.getSpecialSubjects();
            int size = specialSubjects.size();
            for (int i = 0; i < size; i++) {
                SpecialSubject specialSubject = (SpecialSubject) specialSubjects.get(i);
                String name = specialSubject.getName();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("SpecialSubject ").append(name).toString());
                }
                String accessId = specialSubject.getAccessId();
                if (accessId == null || accessId.length() == 0) {
                    specialSubject.setAccessId(name);
                }
            }
            for (User user : roleAssignment.getUsers()) {
                String accessId2 = user.getAccessId();
                if (accessId2 != null && isLDAPRegistry) {
                    accessId2 = RegistryUtil.removeDNSpace(accessId2, -1);
                }
                if (accessId2 == null || accessId2.length() == 0) {
                    try {
                        accessId2 = registry.getUniqueUserId(user.getName());
                    } catch (Exception e2) {
                        FFDCFilter.processException(e2, "com.ibm.ws.security.core.WSAccessManager.fillMissingAccessIds", "933");
                    }
                }
                if (accessId2 != null && ignoreCase) {
                    accessId2 = accessId2.toLowerCase();
                }
                if (accessId2 != null && accessId2.length() > 0) {
                    user.setAccessId(accessId2);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("user accessId=").append(accessId2).toString());
                }
            }
            for (Group group : roleAssignment.getGroups()) {
                String accessId3 = group.getAccessId();
                if (accessId3 != null && isLDAPRegistry) {
                    accessId3 = RegistryUtil.removeDNSpace(accessId3, -1);
                }
                if (accessId3 == null || accessId3.length() == 0) {
                    try {
                        accessId3 = registry.getUniqueGroupId(group.getName());
                    } catch (Exception e3) {
                        FFDCFilter.processException(e3, "com.ibm.ws.security.core.WSAccessManager.fillMissingAccessIds", "969");
                    }
                }
                if (accessId3 != null && ignoreCase) {
                    accessId3 = accessId3.toLowerCase();
                }
                if (accessId3 != null && accessId3.length() > 0) {
                    group.setAccessId(accessId3);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("group accessId=").append(accessId3).toString());
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "fillMissingAccessIds");
        }
    }

    private String getAccessId(WSCredential wSCredential) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAccessId");
        }
        String str = null;
        try {
            str = wSCredential.getAccessId();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.WSAccessManager.getAccessId", "1008", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getAccessId raised exception", e);
            }
        }
        if (str != null && str.length() > 0 && ignoreCase) {
            str = str.toLowerCase();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAccessId", str);
        }
        return str;
    }

    private String[] getGroupIds(WSCredential wSCredential) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroupsIds", wSCredential);
        }
        String[] strArr = null;
        try {
            ArrayList groupIds = wSCredential.getGroupIds();
            strArr = (String[]) groupIds.toArray(new String[groupIds.size()]);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.WSAccessManager.getGroupIds", "1041", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getAccessId raised exception", e);
            }
        }
        if (ignoreCase) {
            int length = strArr == null ? 0 : strArr.length;
            for (int i = 0; i < length; i++) {
                strArr[i] = strArr[i].toLowerCase();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getGroupsIds", strArr);
        }
        return strArr;
    }

    private static String subjectToString(Subject subject) {
        String str = null;
        if (subject != null) {
            try {
                str = (String) AccessController.doPrivileged(new PrivilegedExceptionAction(subject) { // from class: com.ibm.ws.security.core.WSAccessManager.2
                    private final Subject val$finalSubject;

                    {
                        this.val$finalSubject = subject;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws WSLoginFailedException {
                        return this.val$finalSubject.toString();
                    }
                });
            } catch (Exception e) {
            }
        }
        return str;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$core$WSAccessManager == null) {
            cls = class$("com.ibm.ws.security.core.WSAccessManager");
            class$com$ibm$ws$security$core$WSAccessManager = cls;
        } else {
            cls = class$com$ibm$ws$security$core$WSAccessManager;
        }
        tc = Tr.register(cls, "Security", "com.ibm.ejs.resources.security");
        authzTableMap = new Hashtable(10);
        contextIDTable = new Hashtable(10);
        adminAppAuthTable = null;
        ignoreCase = false;
        isLDAPRegistry = false;
        filledAccessIDs = false;
        contextManager = null;
        adminapps = null;
    }
}
