package com.ibm.ws.security.admintask.naming;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand;
import com.ibm.websphere.management.cmdframework.provider.SimpleCommandProvider;
import com.ibm.websphere.management.configservice.ConfigDataId;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.management.exception.ConfigServiceException;
import com.ibm.websphere.management.exception.ConnectorException;
import com.ibm.websphere.wssecurity.callbackhandler.SAMLIdAssertionCallback;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.commands.properties.PropertiesBasedConfigConstants;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.profiletask.MessageFormatHelper;
import com.ibm.ws.security.util.Constants;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.ResourceBundle;
import javax.management.AttributeList;
import javax.management.ObjectName;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/admintask/naming/NamingAuthzCommands.class */
public class NamingAuthzCommands extends SimpleCommandProvider {
    private static TraceComponent tc = Tr.register(NamingAuthzCommands.class, "security", "com.ibm.ws.security.admintask.naming");
    private static String BUNDLE_NAME = AdminConstants.MSG_BUNDLE_NAME;
    private static ResourceBundle resBundle = ResourceBundle.getBundle(BUNDLE_NAME, Locale.getDefault());
    private static String NAMING_AUTHZ_FILE = "naming-authz.xml";
    private static String NAMING_READ_ROLE = Constants.COS_NAME_READ;
    private static String NAMING_WRITE_ROLE = Constants.COS_NAME_WRITE;
    private static String NAMING_CREATE_ROLE = Constants.COS_NAME_CREATE;
    private static String NAMING_DELETE_ROLE = Constants.COS_NAME_DELETE;

    private String getMsg(ResourceBundle resourceBundle, String str, Object[] objArr) {
        return MessageFormatHelper.getFormattedMessage(resourceBundle, str, objArr);
    }

    public boolean mapUsersToNamingRole(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapUsersToNamingRole", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter(CommonConstants.ROLE_NAME);
                String[] strArr = (String[]) abstractAdminCommand.getParameter("userids");
                String[] strArr2 = (String[]) abstractAdminCommand.getParameter("accessids");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "roleName is " + str);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "userids " + strArr);
                }
                if (strArr2 != null && strArr2.length > 0) {
                    checkAccessIdFormat(strArr2, "user");
                }
                List addRemoveUserGroup = addRemoveUserGroup(configSession, configService, abstractAdminCommand.getName(), str, strArr, strArr2, null);
                if (addRemoveUserGroup.isEmpty()) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "mapUsersToNamingRole");
                    }
                    return true;
                }
                StringBuffer stringBuffer = new StringBuffer("");
                Iterator it = addRemoveUserGroup.iterator();
                while (it.hasNext()) {
                    stringBuffer.append((String) it.next());
                    stringBuffer.append(" ");
                }
                throw new CommandValidationException(getMsg(resBundle, "security.admintask.naming.invalid.users.groups.SECJ7758E", new Object[]{stringBuffer.toString(), str}));
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.NamingAuthzCommands", "110");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "mapUsersToNamingRole");
            }
            throw th;
        }
    }

    public boolean mapGroupsToNamingRole(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapGroupsToNamingRole", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter(CommonConstants.ROLE_NAME);
                String[] strArr = (String[]) abstractAdminCommand.getParameter("groupids");
                String[] strArr2 = (String[]) abstractAdminCommand.getParameter("accessids");
                String[] strArr3 = (String[]) abstractAdminCommand.getParameter("specialSubjects");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "roleName is " + str);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "groupsids " + strArr);
                }
                if (strArr2 != null && strArr2.length > 0) {
                    checkAccessIdFormat(strArr2, "group");
                }
                List addRemoveUserGroup = addRemoveUserGroup(configSession, configService, abstractAdminCommand.getName(), str, strArr, strArr2, strArr3);
                if (addRemoveUserGroup.isEmpty()) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "mapGroupsToNamingRole");
                    }
                    return true;
                }
                StringBuffer stringBuffer = new StringBuffer("");
                Iterator it = addRemoveUserGroup.iterator();
                while (it.hasNext()) {
                    stringBuffer.append((String) it.next());
                    stringBuffer.append(" ");
                }
                throw new CommandValidationException(getMsg(resBundle, "security.admintask.naming.invalid.users.groups.SECJ7758E", new Object[]{stringBuffer.toString(), str}));
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.NamingAuthzCommands", "153");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "mapGroupsToNamingRole");
            }
            throw th;
        }
    }

    public boolean removeUsersFromNamingRole(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeUsersFromNamingRole", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter(CommonConstants.ROLE_NAME);
                String[] strArr = (String[]) abstractAdminCommand.getParameter("userids");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "roleName is " + str);
                }
                List addRemoveUserGroup = addRemoveUserGroup(configSession, configService, abstractAdminCommand.getName(), str, strArr, null, null);
                if (addRemoveUserGroup.isEmpty()) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "removeUsersFromNamingRole");
                    }
                    return true;
                }
                StringBuffer stringBuffer = new StringBuffer("");
                Iterator it = addRemoveUserGroup.iterator();
                while (it.hasNext()) {
                    stringBuffer.append((String) it.next());
                    stringBuffer.append(" ");
                }
                throw new CommandValidationException(getMsg(resBundle, "security.admintask.naming.invalid.users.groups.remove.SECJ7759E", new Object[]{stringBuffer.toString(), str}));
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.NamingAuthzCommands", "187");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "removeUsersFromNamingRole");
            }
            throw th;
        }
    }

    public boolean removeGroupsFromNamingRole(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeGroupsFromNamingRole", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter(CommonConstants.ROLE_NAME);
                String[] strArr = (String[]) abstractAdminCommand.getParameter("groupids");
                String[] strArr2 = (String[]) abstractAdminCommand.getParameter("specialSubjects");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "roleName is " + str);
                }
                List addRemoveUserGroup = addRemoveUserGroup(configSession, configService, abstractAdminCommand.getName(), str, strArr, null, strArr2);
                if (addRemoveUserGroup.isEmpty()) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "removeGroupsFromNamingRole");
                    }
                    return true;
                }
                StringBuffer stringBuffer = new StringBuffer("");
                Iterator it = addRemoveUserGroup.iterator();
                while (it.hasNext()) {
                    stringBuffer.append((String) it.next());
                    stringBuffer.append(" ");
                }
                throw new CommandValidationException(getMsg(resBundle, "security.admintask.naming.invalid.users.groups.remove.SECJ7759E", new Object[]{stringBuffer.toString(), str}));
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.NamingAuthzCommands", "221");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "removeGroupsFromNamingRole");
            }
            throw th;
        }
    }

    public HashMap listUsersForNamingRoles(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listUsersForNamingRoles", new Object[]{abstractAdminCommand});
        }
        HashMap hashMap = null;
        try {
            try {
                hashMap = listIDsForNamingRoles(abstractAdminCommand, "users");
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "listUsersForNamingRoles", hashMap);
                }
                return hashMap;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.NamingAuthzCommands", "238");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listUsersForNamingRoles", hashMap);
            }
            throw th;
        }
    }

    public HashMap listGroupsForNamingRoles(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listGroupsForNamingRoles", new Object[]{abstractAdminCommand});
        }
        HashMap hashMap = null;
        try {
            try {
                hashMap = listIDsForNamingRoles(abstractAdminCommand, SAMLIdAssertionCallback.GROUPS);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "listGroupsForNamingRoles", hashMap);
                }
                return hashMap;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.NamingAuthzCommands", "255");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listGroupsForNamingRoles", hashMap);
            }
            throw th;
        }
    }

    private HashMap listIDsForNamingRoles(AbstractAdminCommand abstractAdminCommand, String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listIDsForNamingRoles", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                ObjectName[] resolve = configService.resolve(configSession, getCellObjectName(configSession, configService), PropertiesBasedConfigConstants.AUTHORIZATIONTABLEEXT_RESOURCE_TYPE);
                ObjectName objectName = null;
                int i = 0;
                while (true) {
                    if (i >= resolve.length) {
                        break;
                    }
                    String displayName = ConfigServiceHelper.getDisplayName(resolve[i]);
                    if (displayName.equals(NAMING_AUTHZ_FILE)) {
                        objectName = resolve[i];
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found : " + displayName);
                        }
                    } else {
                        i++;
                    }
                }
                if (objectName == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cannot find naming-authz.xml file");
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "listIDsForNamingAuthz", null);
                    }
                    return null;
                }
                HashMap createResourceRoleMap = createResourceRoleMap();
                ArrayList arrayList = (ArrayList) configService.getAttribute(configSession, objectName, "authorizations", false);
                for (int i2 = 0; i2 < arrayList.size(); i2++) {
                    ObjectName objectName2 = (ObjectName) arrayList.get(i2);
                    String resolveRoleIDToRoleName = resolveRoleIDToRoleName(configSession, configService, objectName, (ObjectName) configService.getAttribute(configSession, objectName2, "role", false));
                    ArrayList arrayList2 = (ArrayList) configService.getAttribute(configSession, objectName2, str, false);
                    ArrayList arrayList3 = (ArrayList) createResourceRoleMap.get(resolveRoleIDToRoleName);
                    if (arrayList3 == null) {
                        arrayList3 = new ArrayList();
                    }
                    createResourceRoleMap.put(resolveRoleIDToRoleName, arrayList3);
                    for (int i3 = 0; i3 < arrayList2.size(); i3++) {
                        String str2 = (String) configService.getAttribute(configSession, (ObjectName) arrayList2.get(i3), "name", false);
                        arrayList3.add(str2);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Authorization role:  " + resolveRoleIDToRoleName + ".  Name:  " + str2);
                        }
                    }
                    if (str != null && str.equals(SAMLIdAssertionCallback.GROUPS)) {
                        ArrayList arrayList4 = (ArrayList) configService.getAttribute(configSession, objectName2, "specialSubjects", false);
                        for (int i4 = 0; i4 < arrayList4.size(); i4++) {
                            String configDataType = ConfigServiceHelper.getConfigDataType((ObjectName) arrayList4.get(i4));
                            if (configDataType.equals("EveryoneExt")) {
                                arrayList3.add("EVERYONE");
                            } else if (configDataType.equals("AllAuthenticatedUsersExt")) {
                                arrayList3.add("ALLAUTHENTICATED");
                            } else if (configDataType.equals("AllAuthenticatedUsersInTrustedRealmsExt")) {
                                arrayList3.add("ALLAUTHENTICATEDINTRUSTEDREALMS");
                            }
                        }
                    }
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "naming-authz.xml name is " + objectName.getCanonicalName());
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "listIDsForNamingAuthz", createResourceRoleMap);
                }
                return createResourceRoleMap;
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.NamingAuthzCommands", "332");
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listIDsForNamingAuthz", null);
            }
            throw th;
        }
    }

    private HashMap createResourceRoleMap() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createResourceRoleMap");
        }
        HashMap hashMap = new HashMap(5);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        hashMap.put(NAMING_READ_ROLE, arrayList);
        hashMap.put(NAMING_WRITE_ROLE, arrayList2);
        hashMap.put(NAMING_CREATE_ROLE, arrayList3);
        hashMap.put(NAMING_DELETE_ROLE, arrayList4);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createResourceRoleMap", hashMap);
        }
        return hashMap;
    }

    private String resolveRoleIDToRoleName(Session session, ConfigService configService, ObjectName objectName, ObjectName objectName2) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "resolveRoleIDToRoleName", objectName2);
        }
        String str = null;
        ArrayList arrayList = (ArrayList) configService.getAttribute(session, objectName, SAMLIdAssertionCallback.ROLES, false);
        int i = 0;
        while (true) {
            if (i >= arrayList.size()) {
                break;
            }
            ObjectName objectName3 = (ObjectName) arrayList.get(i);
            if (objectName3.equals(objectName2)) {
                str = (String) configService.getAttribute(session, objectName3, CommonConstants.ROLE_NAME, false);
                break;
            }
            i++;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "resolveRoleIDToRoleName", str);
        }
        return str;
    }

    private List addRemoveUserGroup(Session session, ConfigService configService, String str, String str2, String[] strArr, String[] strArr2, String[] strArr3) throws ConfigServiceException, ConnectorException, CommandValidationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addRemoveUserGroup", new Object[]{str, str2, strArr, strArr2});
        }
        ArrayList arrayList = new ArrayList();
        ObjectName[] resolve = configService.resolve(session, getCellObjectName(session, configService), PropertiesBasedConfigConstants.AUTHORIZATIONTABLEEXT_RESOURCE_TYPE);
        ObjectName objectName = null;
        int i = 0;
        while (true) {
            if (i >= resolve.length) {
                break;
            }
            String displayName = ConfigServiceHelper.getDisplayName(resolve[i]);
            if (displayName.equals(NAMING_AUTHZ_FILE)) {
                objectName = resolve[i];
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Found : " + displayName);
                }
            } else {
                i++;
            }
        }
        ObjectName resolveRoleNameToRoleID = resolveRoleNameToRoleID(session, configService, objectName, str2);
        if (resolveRoleNameToRoleID == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Role " + str2 + " does not exist");
            }
            throw new CommandValidationException(getMsg(resBundle, "security.admintask.naming.invalid.roleName.SECJ7760E", new Object[]{str2}));
        }
        ArrayList arrayList2 = (ArrayList) configService.getAttribute(session, objectName, "authorizations", false);
        for (int i2 = 0; i2 < arrayList2.size(); i2++) {
            ObjectName objectName2 = (ObjectName) arrayList2.get(i2);
            ObjectName objectName3 = (ObjectName) configService.getAttribute(session, objectName2, "role", false);
            if (objectName3.equals(resolveRoleNameToRoleID)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authorizationRole found" + objectName3.getCanonicalName());
                }
                boolean z = false;
                if (strArr != null) {
                    if (strArr2 != null && strArr.length == strArr2.length) {
                        z = true;
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Not adding accessIds since either they are missing or do not match the same number as the ids");
                    }
                    for (int i3 = 0; i3 < strArr.length; i3++) {
                        String str3 = strArr[i3];
                        String str4 = z ? strArr2[i3] : null;
                        AttributeList attributeList = new AttributeList();
                        ConfigServiceHelper.setAttributeValue(attributeList, "name", str3);
                        if (str4 != null) {
                            ConfigServiceHelper.setAttributeValue(attributeList, "accessId", str4);
                        }
                        if (str.equals("mapUsersToNamingRole")) {
                            if (findRoleIDInAuthorization(session, configService, objectName2, "users", str3) == null) {
                                configService.createConfigData(session, objectName2, "users", "UserExt", attributeList);
                            } else {
                                arrayList.add(str3);
                            }
                        } else if (str.equals("mapGroupsToNamingRole")) {
                            if (findRoleIDInAuthorization(session, configService, objectName2, SAMLIdAssertionCallback.GROUPS, str3) == null) {
                                configService.createConfigData(session, objectName2, SAMLIdAssertionCallback.GROUPS, "GroupExt", attributeList);
                            } else {
                                arrayList.add(str3);
                            }
                        } else if (str.equals("removeUsersFromNamingRole")) {
                            ObjectName findRoleIDInAuthorization = findRoleIDInAuthorization(session, configService, objectName2, "users", str3);
                            if (findRoleIDInAuthorization != null) {
                                configService.deleteConfigData(session, findRoleIDInAuthorization);
                            } else {
                                arrayList.add(str3);
                            }
                        } else if (str.equals("removeGroupsFromNamingRole")) {
                            ObjectName findRoleIDInAuthorization2 = findRoleIDInAuthorization(session, configService, objectName2, SAMLIdAssertionCallback.GROUPS, str3);
                            if (findRoleIDInAuthorization2 != null) {
                                configService.deleteConfigData(session, findRoleIDInAuthorization2);
                            } else {
                                arrayList.add(str3);
                            }
                        }
                    }
                }
                if (strArr3 != null && strArr3.length > 0) {
                    for (String str5 : strArr3) {
                        if (str5.equals("ALLAUTHENTICATED")) {
                            ObjectName findRoleIDInAuthorization3 = findRoleIDInAuthorization(session, configService, objectName2, "specialSubjects", "AllAuthenticatedUsersExt");
                            if (str.equals("mapUsersToNamingRole") || str.equals("mapGroupsToNamingRole")) {
                                if (findRoleIDInAuthorization3 == null) {
                                    configService.createConfigData(session, objectName2, "specialSubjects", "AllAuthenticatedUsersExt", new AttributeList());
                                } else {
                                    arrayList.add("ALLAUTHENTICATED");
                                }
                            } else if (str.equals("removeUsersFromNamingRole") || str.equals("removeGroupsFromNamingRole")) {
                                if (findRoleIDInAuthorization3 != null) {
                                    configService.deleteConfigData(session, findRoleIDInAuthorization3);
                                } else {
                                    arrayList.add("ALLAUTHENTICATED");
                                }
                            }
                        } else if (str5.equals("EVERYONE")) {
                            ObjectName findRoleIDInAuthorization4 = findRoleIDInAuthorization(session, configService, objectName2, "specialSubjects", "EveryoneExt");
                            if (str.equals("mapUsersToNamingRole") || str.equals("mapGroupsToNamingRole")) {
                                if (findRoleIDInAuthorization4 == null) {
                                    configService.createConfigData(session, objectName2, "specialSubjects", "EveryoneExt", new AttributeList());
                                } else {
                                    arrayList.add("EVERYONE");
                                }
                            } else if (str.equals("removeUsersFromNamingRole") || str.equals("removeGroupsFromNamingRole")) {
                                if (findRoleIDInAuthorization4 != null) {
                                    configService.deleteConfigData(session, findRoleIDInAuthorization4);
                                } else {
                                    arrayList.add("EVERYONE");
                                }
                            }
                        } else if (str5.equals("ALLAUTHENTICATEDINTRUSTEDREALMS")) {
                            ObjectName findRoleIDInAuthorization5 = findRoleIDInAuthorization(session, configService, objectName2, "specialSubjects", "AllAuthenticatedUsersInTrustedRealmsExt");
                            if (str.equals("mapUsersToNamingRole") || str.equals("mapGroupsToNamingRole")) {
                                if (findRoleIDInAuthorization5 == null) {
                                    configService.createConfigData(session, objectName2, "specialSubjects", "AllAuthenticatedUsersInTrustedRealmsExt", new AttributeList());
                                } else {
                                    arrayList.add("ALLAUTHENTICATEDINTRUSTEDREALMS");
                                }
                            } else if (str.equals("removeUsersFromNamingRole") || str.equals("removeGroupsFromNamingRole")) {
                                if (findRoleIDInAuthorization5 != null) {
                                    configService.deleteConfigData(session, findRoleIDInAuthorization5);
                                } else {
                                    arrayList.add("ALLAUTHENTICATEDINTRUSTEDREALMS");
                                }
                            }
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addRemoveUserGroup");
        }
        return arrayList;
    }

    private ObjectName getCellObjectName(Session session, ConfigService configService) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCellObjectName", new Object[]{session, configService, this});
        }
        ObjectName objectName = configService.queryConfigObjects(session, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "Cell"), null)[0];
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Cell ObjectName is " + objectName + ". Cell Name is " + ConfigServiceHelper.getDisplayName(objectName));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCellObjectName", objectName);
        }
        return objectName;
    }

    private ObjectName findRoleIDInAuthorization(Session session, ConfigService configService, ObjectName objectName, String str, String str2) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "findRoleIDInAuthorization", new Object[]{objectName, str, str2});
        }
        ObjectName objectName2 = null;
        ArrayList arrayList = (ArrayList) configService.getAttribute(session, objectName, str, false);
        int i = 0;
        while (true) {
            if (i >= arrayList.size()) {
                break;
            }
            ObjectName objectName3 = (ObjectName) arrayList.get(i);
            String configDataType = !str.equals("specialSubjects") ? (String) configService.getAttribute(session, objectName3, "name", false) : ConfigServiceHelper.getConfigDataType(objectName3);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Role name to check is " + configDataType);
            }
            if (configDataType.equals(str2)) {
                objectName2 = objectName3;
                break;
            }
            i++;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "findRoleIDInAuthorization", objectName2);
        }
        return objectName2;
    }

    private ObjectName resolveRoleNameToRoleID(Session session, ConfigService configService, ObjectName objectName, String str) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "resolveRoleNameToRoleID", str);
        }
        ObjectName objectName2 = null;
        ArrayList arrayList = (ArrayList) configService.getAttribute(session, objectName, SAMLIdAssertionCallback.ROLES, false);
        int i = 0;
        while (true) {
            if (i >= arrayList.size()) {
                break;
            }
            ObjectName objectName3 = (ObjectName) arrayList.get(i);
            if (((String) configService.getAttribute(session, objectName3, CommonConstants.ROLE_NAME, false)).equalsIgnoreCase(str)) {
                objectName2 = objectName3;
                break;
            }
            i++;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "resolveRoleNameToRoleID", objectName2);
        }
        return objectName2;
    }

    private void checkAccessIdFormat(String[] strArr, String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkAccessIdFormat", strArr);
        }
        String msg = getMsg(resBundle, "security.admintask.naming.invalidAccessIdFormat.SECJ7812E", null);
        for (String str2 : strArr) {
            if (!str2.startsWith(str + ":")) {
                throw new CommandValidationException(msg);
            }
            String substring = str2.substring(str2.indexOf(":") + 1);
            if (substring == null || substring.length() <= 1 || !substring.contains("/")) {
                throw new CommandValidationException(msg);
            }
            String substring2 = substring.substring(0, substring.indexOf("/"));
            if (substring2 == null || substring2.length() <= 0) {
                throw new CommandValidationException(msg);
            }
            String substring3 = substring.substring(substring.indexOf("/") + 1);
            if (substring3 == null || substring3.length() == 0) {
                throw new CommandValidationException(msg);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkAccessIdFormat");
        }
    }
}
