package com.webify.wsf.client.enrollment.impl;

import com.ibm.ws.fabric.client.g11n.CatalogClientApiGlobalization;
import com.ibm.ws.fabric.support.g11n.MLMessage;
import com.ibm.ws.fabric.support.g11n.MultiLocale;
import com.ibm.ws.fabric.support.g11n.Translations;
import com.ibm.ws.fabric.support.g11n.logging.Log;
import com.ibm.ws.repository.ocp.InternalProjectsAndNamespaces;
import com.webify.fabric.catalogstore.GovernanceAccess;
import com.webify.fabric.catalogstore.ICatalogStore;
import com.webify.framework.model.NotFoundException;
import com.webify.wsf.client.BaseAdminImpl;
import com.webify.wsf.client.enrollment.AuthorizationAdmin;
import com.webify.wsf.client.enrollment.BaseAuthorizationObject;
import com.webify.wsf.client.enrollment.Enrollment;
import com.webify.wsf.client.enrollment.Subscription;
import com.webify.wsf.client.resource.Channel;
import com.webify.wsf.client.resource.SubscribableService;
import com.webify.wsf.client.subscriber.OrgAdmin;
import com.webify.wsf.client.subscriber.Organization;
import com.webify.wsf.client.subscriber.Role;
import com.webify.wsf.client.subscriber.RoleAdmin;
import com.webify.wsf.client.subscriber.RoleType;
import com.webify.wsf.client.subscriber.User;
import com.webify.wsf.client.subscriber.UserAdmin;
import com.webify.wsf.model.governance.IFabricProject;
import com.webify.wsf.model.governance.INamespace;
import com.webify.wsf.modelstore.adapter.AdapterObject;
import com.webify.wsf.modelstore.adapter.AdapterObjectQuery;
import com.webify.wsf.support.spring.environment.ContainerSpecificUtils;
import com.webify.wsf.support.spring.environment.JmxUtils;
import com.webify.wsf.support.uri.URIs;
import java.net.URI;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:lib/fabric-client-api.jar:com/webify/wsf/client/enrollment/impl/AuthorizationAdminImpl.class */
public class AuthorizationAdminImpl extends BaseAdminImpl implements AuthorizationAdmin {
    private static final Translations TLNS = CatalogClientApiGlobalization.getTranslations();
    private static final Log log = CatalogClientApiGlobalization.getLog(AuthorizationAdminImpl.class);
    private OrgAdmin _orgAdmin;
    private UserAdmin _userAdmin;
    private RoleAdmin _roleAdmin;
    private GovernanceAccess _govAccess;

    private Enrollment findExistingEnrollment(Organization organization, SubscribableService subscribableService) {
        for (Enrollment enrollment : organization.getEnrollments()) {
            if (enrollment.getService().equals(subscribableService)) {
                return enrollment;
            }
        }
        return null;
    }

    @Override // com.webify.wsf.client.enrollment.AuthorizationAdmin
    public Enrollment enrollOrganization(String str, String str2) {
        checkAssert(str != null, TLNS.getMLMessage("clientapi.enrollment.non-null-org-id").toString());
        checkAssert(str2 != null, TLNS.getMLMessage("clientapi.enrollment.non-null-service-id").toString());
        Organization organization = this._orgAdmin.getOrganization(str);
        SubscribableService subscribableService = getSubscribableService(str2);
        Enrollment findExistingEnrollment = findExistingEnrollment(organization, subscribableService);
        if (findExistingEnrollment != null) {
            return findExistingEnrollment;
        }
        Enrollment enrollment = (Enrollment) create(Enrollment.class);
        enrollment.setOrganization(organization);
        enrollment.setService(subscribableService);
        enrollment.setEnrollmentDate(new Date());
        enrollment.setConfigured(false);
        updateNamespace(enrollment);
        save(enrollment);
        return enrollment;
    }

    private void updateNamespace(Enrollment enrollment) {
        IFabricProject fabricProjectForThing = this._govAccess.getFabricProjectForThing(enrollment.getService().getThing());
        URI uri = null;
        if (fabricProjectForThing != null) {
            List<INamespace> listNamespacesForFabricProject = this._govAccess.listNamespacesForFabricProject(fabricProjectForThing, GovernanceAccess.NamespaceType.Enrollment);
            if (listNamespacesForFabricProject == null || listNamespacesForFabricProject.size() == 0) {
                MLMessage mLMessage = TLNS.getMLMessage("clientapi.enrollment.no-enrollment-namespace-for-project-error");
                mLMessage.addArgument(fabricProjectForThing.getLabel());
                log.warn((MultiLocale) mLMessage);
                throw new IllegalStateException(mLMessage.toString());
            }
            if (listNamespacesForFabricProject.size() > 1) {
                MLMessage mLMessage2 = TLNS.getMLMessage("clientapi.enrollment.more-than-one-project-namespace-error");
                mLMessage2.addArgument(fabricProjectForThing.getLabel());
                mLMessage2.addArgument(listNamespacesForFabricProject.size());
                log.warn((MultiLocale) mLMessage2);
                throw new IllegalStateException(mLMessage2.toString());
            }
            uri = listNamespacesForFabricProject.get(0).getNamespaceUri();
        } else {
            MLMessage mLMessage3 = TLNS.getMLMessage("clientapi.enrollment.service-project-unavailable-error");
            mLMessage3.addArgument(enrollment.getService().getName());
            log.warn((MultiLocale) mLMessage3);
        }
        if (uri == null) {
            uri = enrollment.getService().getNamespace();
            if (uri == null) {
                String id = enrollment.getService().getId();
                uri = URIs.create(id.substring(0, id.indexOf(35) + 1));
            }
        }
        enrollment.setNamespace(uri);
    }

    private SubscribableService getSubscribableService(String str) {
        checkAssert(str != null, TLNS.getMLMessage("clientapi.enrollment.non-null-service-id").toString());
        return (SubscribableService) getTemplate().get(URIs.create(str));
    }

    @Override // com.webify.wsf.client.enrollment.AuthorizationAdmin
    public void disenrollOrganization(String str) {
        checkAssert(str != null, TLNS.getMLMessage("clientapi.enrollment.non-null-enrollment-id").toString());
        try {
            Enrollment enrollment = getEnrollment(str);
            Collection subscriptions = enrollment.getSubscriptions();
            if (subscriptions.size() > 0) {
                MLMessage mLMessage = TLNS.getMLMessage("clientapi.enrollment.removing-enrollment-subscriptions");
                mLMessage.addArgument(subscriptions.size());
                log.info((MultiLocale) mLMessage);
                Iterator it = subscriptions.iterator();
                while (it.hasNext()) {
                    getTemplate().delete((Subscription) it.next());
                }
            }
            getTemplate().delete(enrollment);
        } catch (NotFoundException e) {
        }
    }

    @Override // com.webify.wsf.client.enrollment.AuthorizationAdmin
    public Enrollment getEnrollment(String str) {
        checkAssert(str != null, TLNS.getMLMessage("clientapi.enrollment.non-null-enrollment-id").toString());
        return (Enrollment) getTemplate().get(URIs.create(str));
    }

    @Override // com.webify.wsf.client.enrollment.AuthorizationAdmin
    public void saveEnrollment(Enrollment enrollment) {
        checkAssert(enrollment != null, TLNS.getMLMessage("clientapi.enrollment.non-null-enrollment").toString());
        if (enrollment.getNamespace() == null) {
            updateNamespace(enrollment);
        }
        save(enrollment);
    }

    @Override // com.webify.wsf.client.enrollment.AuthorizationAdmin
    public Subscription newSubscription() {
        Subscription subscription = (Subscription) create(Subscription.class);
        subscription.setSubscriptionDate(new Date());
        subscription.setConfigured(false);
        subscription.setName("Subscription");
        return subscription;
    }

    @Override // com.webify.wsf.client.enrollment.AuthorizationAdmin
    public void deleteSubscription(Subscription subscription) {
        checkAssert(subscription != null, TLNS.getMLMessage("clientapi.enrollment.non-null-subscription").toString());
        getTemplate().delete(subscription);
    }

    @Override // com.webify.wsf.client.enrollment.AuthorizationAdmin
    public Subscription getSubscription(String str) {
        checkAssert(str != null, TLNS.getMLMessage("clientapi.enrollment.non-null-subscription-id").toString());
        return (Subscription) getTemplate().get(URIs.create(str));
    }

    @Override // com.webify.wsf.client.enrollment.AuthorizationAdmin
    public void saveSubscription(Subscription subscription) {
        checkAssert(subscription != null, TLNS.getMLMessage("clientapi.enrollment.non-null-subscription").toString());
        if (subscription.getNamespace() == null) {
            subscription.setNamespace(subscription.getEnrollment().getNamespace());
        }
        save(subscription);
    }

    @Override // com.webify.wsf.client.enrollment.AuthorizationAdmin
    public void grantUserRole(Collection<String> collection, String str, Collection<URI> collection2) {
        checkAssert(str != null, TLNS.getMLMessage("clientapi.enrollment.non-null-org-id").toString());
        Organization organization = this._orgAdmin.getOrganization(str);
        ArrayList arrayList = new ArrayList();
        Iterator<URI> it = collection2.iterator();
        while (it.hasNext()) {
            arrayList.add(this._roleAdmin.getRoleType(it.next().toString()));
        }
        for (String str2 : collection) {
            User user = this._userAdmin.getUser(str2);
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                grantUserRole(user, organization, (RoleType) it2.next(), null);
            }
            flushAuthenticationCache(str2);
        }
    }

    @Override // com.webify.wsf.client.enrollment.AuthorizationAdmin
    public void grantUserRole(String str, String str2, URI uri) {
        checkAssert(str != null, TLNS.getMLMessage("clientapi.enrollment.non-null-user-id").toString());
        checkAssert(str2 != null, TLNS.getMLMessage("clientapi.enrollment.non-null-org-id").toString());
        checkAssert(uri != null, TLNS.getMLMessage("clientapi.enrollment.non-null-role-type").toString());
        grantUserRole(this._userAdmin.getUser(str), this._orgAdmin.getOrganization(str2), this._roleAdmin.getRoleType(uri.toString()), null);
        flushAuthenticationCache(str);
    }

    @Override // com.webify.wsf.client.enrollment.AuthorizationAdmin
    public void grantBootstrapRole(String str) {
        checkAssert(str != null, TLNS.getMLMessage("clientapi.enrollment.non-null-user-id").toString());
        grantUserRole(this._userAdmin.getUser(str), this._orgAdmin.getOrganization("http://www.webifysolutions.com/2005/10/catalog/subscriber-inst#System"), RoleType.ADMIN, InternalProjectsAndNamespaces.USER_GOV_NS.asUri());
        flushAuthenticationCache(str);
    }

    private void grantUserRole(User user, Organization organization, RoleType roleType, URI uri) {
        if (user.getOrganizationsForAdmin(roleType).contains(organization)) {
            MLMessage mLMessage = TLNS.getMLMessage("clientapi.enrollment.duplicate-user-roles-error");
            mLMessage.addArgument(roleType.getName());
            mLMessage.addArgument(organization.getName());
            log.info((MultiLocale) mLMessage);
            return;
        }
        Role newRole = this._roleAdmin.newRole(roleType.getName(), roleType);
        newRole.setOrganization(organization);
        newRole.setMember(user);
        if (uri != null) {
            newRole.setNamespace(uri);
        }
        save(newRole);
    }

    @Override // com.webify.wsf.client.enrollment.AuthorizationAdmin
    public void revokeUserRole(String str, String str2) {
        checkAssert(str != null, TLNS.getMLMessage("clientapi.enrollment.non-null-user-id").toString());
        checkAssert(str2 != null, TLNS.getMLMessage("clientapi.enrollment.non-null-role-id").toString());
        User user = this._userAdmin.getUser(str);
        Role role = this._roleAdmin.getRole(str2);
        for (Subscription subscription : user.getSubscriptions()) {
            if (subscription.getRole().equals(role)) {
                getTemplate().delete(subscription);
            }
        }
        getTemplate().delete(role);
        flushAuthenticationCache(str);
    }

    @Override // com.webify.wsf.client.enrollment.AuthorizationAdmin
    public void updateUserRoles(String str, String str2, URI[] uriArr) {
        checkAssert(str != null, TLNS.getMLMessage("clientapi.enrollment.non-null-user-id").toString());
        checkAssert(str2 != null, TLNS.getMLMessage("clientapi.enrollment.non-null-org-id").toString());
        checkAssert(uriArr != null, TLNS.getMLMessage("clientapi.enrollment.non-null-role-ids").toString());
        User user = this._userAdmin.getUser(str);
        Organization organization = this._orgAdmin.getOrganization(str2);
        HashSet hashSet = new HashSet(Arrays.asList(uriArr));
        AdapterObjectQuery explicitQuery = getTemplate().explicitQuery("roletypesForUserOrg", "select ?role where (?role <subscriber:representsMember> ?_0),  (?role <subscriber:representsOrganization> ?_1) using subscriber for <http://www.webifysolutions.com/2005/10/catalog/subscriber#>");
        explicitQuery.uriParam(str);
        explicitQuery.uriParam(str2);
        List<AdapterObject> find = getTemplate().find(explicitQuery);
        HashSet hashSet2 = new HashSet();
        Iterator<AdapterObject> it = find.iterator();
        while (it.hasNext()) {
            hashSet2.add(((Role) it.next()).getDeclaredType());
        }
        HashSet hashSet3 = new HashSet(hashSet2);
        hashSet3.removeAll(hashSet);
        HashSet hashSet4 = new HashSet(hashSet);
        hashSet4.removeAll(hashSet2);
        if (hashSet3.size() > 0) {
            Iterator it2 = hashSet3.iterator();
            while (it2.hasNext()) {
                Role roleOfType = getRoleOfType(find, (URI) it2.next());
                for (Subscription subscription : user.getSubscriptions()) {
                    if (subscription.getRole().equals(roleOfType)) {
                        getTemplate().delete(subscription);
                    }
                }
                getTemplate().delete(roleOfType);
            }
        }
        Iterator it3 = hashSet4.iterator();
        while (it3.hasNext()) {
            grantUserRole(user, organization, new RoleType(getTemplate().getSession(), (URI) it3.next()), null);
        }
        flushAuthenticationCache(str);
    }

    private Role getRoleOfType(List list, URI uri) {
        Iterator it = list.iterator();
        while (it.hasNext()) {
            Role role = (Role) it.next();
            if (uri.equals(role.getDeclaredType())) {
                return role;
            }
        }
        MLMessage mLMessage = TLNS.getMLMessage("clientapi.enrollment.role-type-not-found-error");
        mLMessage.addArgument(uri);
        mLMessage.addArgument(list);
        throw new IllegalStateException(mLMessage.toString());
    }

    @Override // com.webify.wsf.client.enrollment.AuthorizationAdmin
    public void updateUserSubscriptions(String str, String str2, String[] strArr) {
        checkAssert(str != null, TLNS.getMLMessage("clientapi.enrollment.null-user-id").toString());
        checkAssert(str2 != null, TLNS.getMLMessage("clientapi.enrollment.null-role-id").toString());
        checkAssert(strArr != null, TLNS.getMLMessage("clientapi.enrollment.null-enrollment-ids").toString());
        User user = this._userAdmin.getUser(str);
        Collection subscriptions = user.getSubscriptions();
        Iterator it = subscriptions.iterator();
        while (it.hasNext()) {
            Subscription subscription = (Subscription) it.next();
            if (subscription.isActive()) {
                String id = subscription.getEnrollment().getId();
                boolean z = false;
                int i = 0;
                while (true) {
                    if (i >= strArr.length) {
                        break;
                    }
                    if (id.equals(strArr[i])) {
                        z = true;
                        break;
                    }
                    i++;
                }
                if (!z) {
                    deleteSubscription(subscription);
                    it.remove();
                }
            }
        }
        Role role = (Role) get(str2);
        for (String str3 : strArr) {
            boolean z2 = false;
            Iterator it2 = subscriptions.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Subscription subscription2 = (Subscription) it2.next();
                if (subscription2.isActive() && subscription2.getEnrollment().getId().equals(str3)) {
                    z2 = true;
                    break;
                }
            }
            if (!z2) {
                Enrollment enrollment = getEnrollment(str3);
                Channel channel = getChannel(enrollment);
                Subscription newSubscription = newSubscription();
                newSubscription.setEnrollment(enrollment);
                newSubscription.setChannel(channel);
                newSubscription.setRole(role);
                newSubscription.setUser(user);
                save(newSubscription);
            }
        }
    }

    private Channel getChannel(Enrollment enrollment) {
        SubscribableService service = enrollment.getService();
        for (Channel channel : service.getChannels()) {
            if (channel.getDeclaredType().getFragment().equals("PortalChannel")) {
                return channel;
            }
        }
        MLMessage mLMessage = TLNS.getMLMessage("clientapi.enrollment.no-service-associated-portal-channel-error");
        mLMessage.addArgument(service.getName());
        throw new IllegalStateException(mLMessage.toString());
    }

    public void setOrgAdmin(OrgAdmin orgAdmin) {
        this._orgAdmin = orgAdmin;
    }

    public void setUserAdmin(UserAdmin userAdmin) {
        this._userAdmin = userAdmin;
    }

    public void setRoleAdmin(RoleAdmin roleAdmin) {
        this._roleAdmin = roleAdmin;
    }

    public void setCatalogStore(ICatalogStore iCatalogStore) {
        setGovernanceAccess(iCatalogStore.getGovernanceAccess());
    }

    public void setGovernanceAccess(GovernanceAccess governanceAccess) {
        this._govAccess = governanceAccess;
    }

    @Override // com.webify.wsf.modelstore.adapter.AdapterObjectAdminSupport
    public URI getOntologyNamespace() {
        return BaseAuthorizationObject.ONT_NAMESPACE;
    }

    @Override // com.webify.wsf.modelstore.adapter.AdapterObjectAdminSupport
    public URI getInstanceNamespace() {
        return BaseAuthorizationObject.INST_NAMESPACE;
    }

    @Override // com.webify.wsf.client.enrollment.AuthorizationAdmin
    public void flushAuthenticationCache(String str) {
        MLMessage mLMessage = TLNS.getMLMessage("clientapi.enrollment.flushing-jaas-cache");
        mLMessage.addArgument(str);
        log.info((MultiLocale) mLMessage);
        if (!ContainerSpecificUtils.isJboss()) {
            if (ContainerSpecificUtils.isWebSphere()) {
                JmxUtils.flushWebSphereCache(str);
                return;
            }
            return;
        }
        String str2 = str;
        int indexOf = str2.indexOf(35);
        if (indexOf > -1) {
            str2 = str2.substring(indexOf + 1);
        }
        try {
            JmxUtils.flushJbossCache((Principal) Class.forName("org.jboss.security.SimplePrincipal").getConstructor(String.class).newInstance(str2));
        } catch (Exception e) {
            log.error("", e);
        }
    }
}
