package com.ibm.commerce.accesscontrol;

import com.ibm.commerce.accesscontrol.util.AccessControlConstants;
import com.ibm.commerce.command.AccCommand;
import com.ibm.commerce.command.CommandContext;
import com.ibm.commerce.command.ECCommand;
import com.ibm.commerce.command.ViewCommand;
import com.ibm.commerce.common.objects.StoreAccessBean;
import com.ibm.commerce.context.base.BaseContext;
import com.ibm.commerce.event.accesslogging.AccessLogging;
import com.ibm.commerce.exception.ECApplicationException;
import com.ibm.commerce.exception.ECException;
import com.ibm.commerce.exception.ECSystemException;
import com.ibm.commerce.grouping.Groupable;
import com.ibm.commerce.ras.ECMessage;
import com.ibm.commerce.ras.ECMessageHelper;
import com.ibm.commerce.ras.ECMessageLog;
import com.ibm.commerce.ras.ECTrace;
import com.ibm.commerce.security.Protectable;
import com.ibm.commerce.server.ECConstants;
import com.ibm.commerce.server.WcsApp;
import com.ibm.commerce.user.objects.UserAccessBean;
import com.ibm.ivj.ejb.runtime.AbstractAccessBean;
import java.rmi.RemoteException;
import java.util.Enumeration;
import java.util.Hashtable;
import javax.ejb.CreateException;
import javax.ejb.FinderException;
import javax.rmi.PortableRemoteObject;

/* JADX WARN: Classes with same name are omitted:
  input_file:wc56PRO_fp3_zlinux.jar:ptfs/wc56PRO_fp3_zlinux/components/commerce.cm.client/update.jar:/lib/Enablement-BaseComponentsLogic.jarcom/ibm/commerce/accesscontrol/AccManager.class
  input_file:wc56PRO_fp3_zlinux.jar:ptfs/wc56PRO_fp3_zlinux/components/commerce.cm/update.jar:/lib/Enablement-BaseComponentsLogic.jarcom/ibm/commerce/accesscontrol/AccManager.class
  input_file:wc56PRO_fp3_zlinux.jar:ptfs/wc56PRO_fp3_zlinux/components/commerce.server/update.jar:/wc.ear/Enablement-BaseComponentsLogic.jarcom/ibm/commerce/accesscontrol/AccManager.class
 */
/* loaded from: input_file:wc56PRO_fp3_zlinux.jar:ptfs/wc56PRO_fp3_zlinux/components/commerce.server.was/update.jar:/Enablement-BaseComponentsLogic.jarcom/ibm/commerce/accesscontrol/AccManager.class */
public class AccManager {
    public static final String COPYRIGHT = "(c) Copyright International Business Machines Corporation 2000,2001,2003";
    private static final String strClassName = "AccManager";
    private static final String ProtectableClassName = "com.ibm.commerce.security.Protectable";
    private static final String ACT_EXECUTE = "Execute";
    private static final String ACT_BECOME_USER = "becomeUser";
    private static final String ACT_STORE_ACCESS = "StoreAccess";
    private static Class protectableClass = null;
    private static AccManager singleton = new AccManager();
    private static boolean unitTest = false;
    private static boolean bStoreScopedCommandLevelCheckEnabled;
    private static boolean bProgrammaticResourceLevelCheckEnabled;

    static {
        bStoreScopedCommandLevelCheckEnabled = true;
        bProgrammaticResourceLevelCheckEnabled = true;
        bStoreScopedCommandLevelCheckEnabled = !"false".equalsIgnoreCase(WcsApp.configProperties.getValue(AccessControlConstants.STORE_SCOPED_COMMAND_LEVEL_CHECK, "true"));
        bProgrammaticResourceLevelCheckEnabled = !"false".equalsIgnoreCase(WcsApp.configProperties.getValue(AccessControlConstants.PROGRAMMATIC_RESOURCE_LEVEL_CHECK, "true"));
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public boolean canUserExecuteCommand(AccCommand accCommand) throws ECException {
        ECTrace.entry(0L, strClassName, "canUserExecuteCommand");
        CommandContext commandContext = ((ECCommand) accCommand).getCommandContext();
        StoreAccessBean store = commandContext.getStore();
        if (store != null) {
            try {
                Integer statusInEJBType = store.getStatusInEJBType();
                boolean z = true;
                if (WcsApp.byPassAccessCheckForOpenStore && (statusInEJBType == null || statusInEJBType.intValue() == 1)) {
                    z = false;
                }
                if (z) {
                    boolean isActionAllowed = isActionAllowed(commandContext, ACT_STORE_ACCESS, store);
                    ECTrace.trace(0L, strClassName, "canUserExecuteCommand", new StringBuffer("store state=").append(statusInEJBType).append(" has access?=").append(isActionAllowed).toString());
                    if (!isActionAllowed) {
                        throw new ECApplicationException(ECMessage._ERR_BAD_STORE_STATE, getClass().getName(), "canUserExecuteCommand", ECMessageHelper.generateMsgParms(statusInEJBType));
                    }
                }
            } catch (Exception e) {
                if (e instanceof ECException) {
                    throw ((ECException) e);
                }
                String message = e.getMessage();
                if (message == null || message.equals("null")) {
                    message = e.toString();
                }
                throw new ECSystemException(ECMessage._ERR_REMOTE_EXCEPTION, getClass().getName(), "canUserExecuteCommand", ECMessageHelper.generateMsgParms(message), e);
            }
        }
        String viewName = accCommand instanceof ViewCommand ? ((ViewCommand) accCommand).getViewName() : "Execute";
        Long forUserId = commandContext.getForUserId();
        Long userId = commandContext.getUserId();
        if (forUserId != null && !userId.equals(forUserId)) {
            UserAccessBean userAccessBean = new UserAccessBean();
            try {
                userAccessBean.setInitKey_MemberId(forUserId.toString());
                String registerType = userAccessBean.getRegisterType();
                if (registerType.equals("A") || registerType.equals("S")) {
                    throw new ECApplicationException(ECMessage._ERR_CMD_INVALID_PARAM, strClassName, "canUserExecuteCommand", ECMessageHelper.generateMsgParms("forUser"));
                }
                viewName = "becomeUser";
            } catch (Exception e2) {
                if ((e2 instanceof FinderException) || (e2 instanceof CreateException)) {
                    throw new ECApplicationException(ECMessage._ERR_CMD_INVALID_PARAM, strClassName, "canUserExecuteCommand", ECMessageHelper.generateMsgParms(BaseContext.KEY_FOR_USER_ID));
                }
                throw new ECSystemException(ECMessage._ERR_GENERIC, strClassName, "canUserExecuteCommand", ECMessageHelper.generateMsgParms(e2), e2);
            }
        }
        boolean isActionAllowed2 = isActionAllowed(commandContext, viewName, accCommand);
        if (isActionAllowed2 && viewName.equals("becomeUser")) {
            Long becomeUser = commandContext.becomeUser(forUserId);
            isActionAllowed2 = isActionAllowed(commandContext, accCommand instanceof ViewCommand ? ((ViewCommand) accCommand).getViewName() : "Execute", accCommand);
            commandContext.restoreUser(becomeUser);
        }
        ECTrace.exit(0L, strClassName, "canUserExecuteCommand");
        return isActionAllowed2;
    }

    public void initialize() throws Exception {
        protectableClass = Class.forName(ProtectableClassName);
        WcsApp.accManager = this;
        if (WcsApp.configProperties.getValue("Instance/AccessControlUnitTest", "false").equalsIgnoreCase("true")) {
            unitTest = true;
        }
    }

    public boolean isActionAllowed(CommandContext commandContext, String str, AccessVector accessVector) throws ECException {
        ECTrace.entry(0L, strClassName, "isActionAllowed(AccessVector)");
        boolean z = true;
        if (accessVector != null) {
            ECTrace.trace(0L, strClassName, "isActionAllowed(AccessVector)", new StringBuffer("AccessVector size=").append(accessVector.size()).toString());
            Enumeration elements = accessVector.elements();
            while (elements.hasMoreElements()) {
                ResourceActionPair resourceActionPair = (ResourceActionPair) elements.nextElement();
                if (resourceActionPair.action != null && !resourceActionPair.action.equalsIgnoreCase("-Read") && !resourceActionPair.action.equalsIgnoreCase("-Write")) {
                    throw new ECApplicationException(ECMessage._ERR_CMD_INVALID_PARAM, strClassName, "isActionAllowed(AccessVector)", ECMessageHelper.generateMsgParms("action", resourceActionPair.action));
                }
                z = isActionAllowed(commandContext, resourceActionPair.action == null ? str : new StringBuffer(String.valueOf(str)).append(resourceActionPair.action).toString(), resourceActionPair.resource);
                if (!z) {
                    return false;
                }
            }
        } else {
            ECTrace.trace(0L, strClassName, "isActionAllowed(AccessVector)", "AccessVector is null");
        }
        ECTrace.exit(0L, strClassName, "isActionAllowed(AccessVector)");
        return z;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    protected boolean isActionAllowed(CommandContext commandContext, String str, AccCommand accCommand) throws ECException {
        Long memberIdInEJBType;
        ECTrace.entry(0L, strClassName, "isActionAllowed(AccCommand)");
        boolean z = true;
        try {
            try {
                if (accCommand.getOwner() == null) {
                    Long[] resourceOwners = accCommand.getResourceOwners();
                    if (resourceOwners == null) {
                        StoreAccessBean store = commandContext.getStore();
                        if (store != null) {
                            try {
                                memberIdInEJBType = store.getMemberIdInEJBType();
                            } catch (Exception e) {
                                throw new ECSystemException(ECMessage._ERR_IO_EXCEPTION, getClass().getName(), "isActionAllowed", ECMessageHelper.generateMsgParms("StoreAccessBean"), e);
                            }
                        } else {
                            memberIdInEJBType = ECConstants.EC_SITE_ORGANIZATION;
                        }
                        accCommand.setOwner(memberIdInEJBType);
                        z = isAllowed(commandContext, str, accCommand);
                    } else {
                        for (Long l : resourceOwners) {
                            if (l.toString().equals("0")) {
                                l = ECConstants.EC_SITE_ORGANIZATION;
                            }
                            accCommand.setOwner(l);
                            if (!isAllowed(commandContext, str, accCommand)) {
                                return false;
                            }
                        }
                    }
                } else {
                    z = isAllowed(commandContext, str, accCommand);
                }
                return z;
            } catch (Exception e2) {
                if (e2 instanceof ECException) {
                    throw ((ECException) e2);
                }
                String message = e2.getMessage();
                if (message == null || message.equalsIgnoreCase("null")) {
                    message = e2.toString();
                }
                if (e2 instanceof RemoteException) {
                    throw new ECSystemException(ECMessage._ERR_REMOTE_EXCEPTION, strClassName, "isActionAllowed(AccCommand)", ECMessageHelper.generateMsgParms(message), e2);
                }
                throw new ECSystemException(ECMessage._ERR_GENERIC, strClassName, "isActionAllowed(AccCommand)", ECMessageHelper.generateMsgParms(message), e2);
            }
        } finally {
            ECTrace.exit(0L, strClassName, "isActionAllowed(AccCommand)");
        }
    }

    public boolean isActionAllowed(CommandContext commandContext, String str, Object obj) throws ECException {
        if (ECTrace.traceEnabled(0L)) {
            ECTrace.entry(0L, strClassName, "isActionAllowed(Object)");
            ECTrace.trace(0L, strClassName, "isActionAllowed(Object)", new StringBuffer("action=").append(str).append(" object=").append(obj).toString());
        }
        boolean z = true;
        if (obj instanceof Protectable) {
            z = isAllowed(commandContext, str, (Protectable) obj);
        } else if (obj instanceof AbstractAccessBean) {
            try {
                z = isAllowed(commandContext, str, (Protectable) PortableRemoteObject.narrow(((AbstractAccessBean) obj).getEJBRef(), protectableClass));
            } catch (ClassCastException e) {
            } catch (Exception e2) {
                if (e2 instanceof ECException) {
                    throw ((ECException) e2);
                }
                String message = e2.getMessage();
                if (message == null || message.equalsIgnoreCase("null")) {
                    message = e2.toString();
                }
                if (e2 instanceof RemoteException) {
                    throw new ECSystemException(ECMessage._ERR_REMOTE_EXCEPTION, getClass().getName(), "isActionAllowed(Object)", ECMessageHelper.generateMsgParms(message), e2);
                }
                throw new ECSystemException(ECMessage._ERR_GENERIC, getClass().getName(), "isActionAllowed(Object)", ECMessageHelper.generateMsgParms(message), e2);
            }
        }
        ECTrace.exit(0L, strClassName, "isActionAllowed(Object)");
        return z;
    }

    public boolean isAllowed(CommandContext commandContext, String str, Protectable protectable) throws ECException {
        ECTrace.entry(0L, strClassName, "isAllowed");
        String currentCommandName = commandContext.getCurrentCommandName();
        if (ECTrace.traceEnabled(0L) || ECTrace.traceEnabled(39L)) {
            try {
                StringBuffer stringBuffer = new StringBuffer(" isAllowed? ");
                stringBuffer.append(new StringBuffer("User=").append(commandContext.getUserId()).append("; ").toString());
                stringBuffer.append(new StringBuffer("Action=").append(str).append("; ").toString());
                stringBuffer.append(new StringBuffer("Protectable=").append(protectable.getClass().getName()).append("; ").toString());
                stringBuffer.append(new StringBuffer("Owner=").append(protectable.getOwner()).toString());
                if (protectable instanceof Groupable) {
                    stringBuffer.append("resource is Groupable");
                }
                if (ECTrace.traceEnabled(39L)) {
                    System.out.println(new StringBuffer("Thread Id=").append(Thread.currentThread().hashCode()).append(" command=").append(currentCommandName).append(stringBuffer.toString()).toString());
                }
                ECTrace.trace(0L, strClassName, "isAllowed", stringBuffer.toString());
            } catch (Throwable th) {
                if (th instanceof ECException) {
                    throw ((ECException) th);
                }
                String message = th.getMessage();
                if (message == null || message.equalsIgnoreCase("null")) {
                    message = th.toString();
                }
                if (th instanceof RemoteException) {
                    throw new ECSystemException(ECMessage._ERR_REMOTE_EXCEPTION, getClass().getName(), "isAllowed", ECMessageHelper.generateMsgParms(message), th);
                }
                throw new ECSystemException(ECMessage._ERR_GENERIC, getClass().getName(), "isAllowed", ECMessageHelper.generateMsgParms(message), th);
            }
        }
        try {
            boolean isAllowed = WcsApp.policyManager.isAllowed(commandContext, str, protectable);
            ECTrace.trace(0L, strClassName, "isAllowed", new StringBuffer("PASSED? =").append(isAllowed).toString());
            if (ECTrace.traceEnabled(39L)) {
                System.out.println(new StringBuffer("Thread Id=").append(Thread.currentThread().hashCode()).append(" command=").append(currentCommandName).append(" isAllowed? ").append(isAllowed).toString());
            }
            if (!isAllowed) {
                ECMessageLog.out(ECMessage._ERR_ACCESS_CHECK_FAILED, strClassName, "isAllowed", ECMessageHelper.generateMsgParms(commandContext.getCommandName(), commandContext.getUserId().toString(), str, protectable.getClass().getName()));
            }
            if (unitTest) {
                isAllowed = true;
            }
            if (!isAllowed || WcsApp.log_all_requests) {
                Hashtable hashtable = new Hashtable();
                hashtable.put("ACTION", str);
                hashtable.put("RESOURCE", protectable.getClass().getName());
                hashtable.put("RESULT", isAllowed ? "Allowed" : "Not Allowed");
                AccessLogging.singleton().createLoggingRecord(commandContext, hashtable);
            }
            ECTrace.exit(0L, strClassName, "isAllowed");
            return isAllowed;
        } catch (Throwable th2) {
            if (ECTrace.traceEnabled(39L)) {
                System.out.println(new StringBuffer("Thread Id=").append(Thread.currentThread().hashCode()).append(" command=").append(currentCommandName).append(" isAllowed EXCEPTION ").append(th2.toString()).toString());
            }
            if (th2 instanceof ECException) {
                throw ((ECException) th2);
            }
            String message2 = th2.getMessage();
            if (message2 == null || message2.equalsIgnoreCase("null")) {
                message2 = th2.toString();
            }
            if (th2 instanceof RemoteException) {
                throw new ECSystemException(ECMessage._ERR_REMOTE_EXCEPTION, getClass().getName(), "isAllowed", ECMessageHelper.generateMsgParms(message2), th2);
            }
            throw new ECSystemException(ECMessage._ERR_GENERIC, getClass().getName(), "isAllowed", ECMessageHelper.generateMsgParms(message2), th2);
        }
    }

    public static AccManager singleton() {
        return singleton;
    }

    public static boolean isStoreScopedCommandLevelCheckEnabled() {
        return bStoreScopedCommandLevelCheckEnabled;
    }

    public static boolean isProgrammaticResourceLevelCheckEnabled() {
        return bProgrammaticResourceLevelCheckEnabled;
    }
}
