package com.ibm.ws.management.commands.authzgroup;

import com.ibm.ejs.models.base.bindings.applicationbnd.serialization.ApplicationbndSerializationConstants;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ras.RASConstants;
import com.ibm.ras.RASFormatter;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.application.client.ResourceValidationHelper;
import com.ibm.websphere.management.authorizer.AdminAuthorizer;
import com.ibm.websphere.management.authorizer.AdminAuthorizerFactory;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.InvalidParameterValueException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.CommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand;
import com.ibm.websphere.management.cmdframework.provider.CommandResultImpl;
import com.ibm.websphere.management.cmdframework.provider.SimpleCommandProvider;
import com.ibm.websphere.management.configservice.ConfigDataId;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.management.exception.ConfigServiceException;
import com.ibm.websphere.management.exception.ConnectorException;
import com.ibm.websphere.management.metadata.ManagedObjectMetadataAccessorFactory;
import com.ibm.websphere.management.metadata.ManagedObjectMetadataHelper;
import com.ibm.websphere.models.config.appdeployment.Deployment;
import com.ibm.websphere.models.config.appdeployment.ServerTarget;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.authorizer.AdminAuthzConstants;
import com.ibm.ws.management.authorizer.ResourceInstanceRelations;
import com.ibm.ws.management.authorizer.RoleRelations;
import com.ibm.ws.management.cmdframework.impl.CommandSecurityUtil;
import com.ibm.ws.management.commands.properties.PropertiesBasedConfigConstants;
import com.ibm.ws.management.configservice.MOFUtil;
import com.ibm.ws.management.util.AdminCommandHelper;
import com.ibm.ws.management.util.SecurityHelper;
import com.ibm.ws.profile.WSProfileConstants;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.SecurityContext;
import com.ibm.ws.wlm.admin.ClusterConfigCommandProvider;
import com.ibm.ws.workspace.query.WorkSpaceQueryUtil;
import com.ibm.wsspi.management.bla.CommandConstants;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.StringTokenizer;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.ObjectName;
import org.eclipse.emf.common.util.TreeIterator;
import org.eclipse.emf.ecore.EObject;
import org.eclipse.emf.ecore.xmi.impl.EMOFExtendedMetaData;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.services.jar:com/ibm/ws/management/commands/authzgroup/AuthzGroupCommandsProvider.class */
public class AuthzGroupCommandsProvider extends SimpleCommandProvider {
    private static TraceComponent tc = Tr.register(AuthzGroupCommandsProvider.class, WSProfileConstants.S_MANAGEMENT_TEMPLATE_TYPE, "com.ibm.ws.management.resources.configservice");

    /* loaded from: input_file:wasJars/com.ibm.ws.admin.services.jar:com/ibm/ws/management/commands/authzgroup/AuthzGroupCommandsProvider$AddResourceToAuthorizationGroupCmd.class */
    public class AddResourceToAuthorizationGroupCmd extends AbstractAdminCommand {
        public AddResourceToAuthorizationGroupCmd(CommandMetadata commandMetadata) throws CommandNotFoundException {
            super(commandMetadata);
        }

        public AddResourceToAuthorizationGroupCmd(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
            super(commandData);
        }

        @Override // com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand, org.eclipse.emf.common.command.Command
        public void execute() {
            ObjectName createObjectName;
            if (AuthzGroupCommandsProvider.tc.isEntryEnabled()) {
                Tr.entry(AuthzGroupCommandsProvider.tc, "execute");
            }
            CommandResultImpl commandResultImpl = new CommandResultImpl();
            commandResultImpl.reset();
            setCommandResult(commandResultImpl);
            try {
                try {
                    ConfigService configService = AuthzGroupCommandsProvider.this.getCommandProviderHelper().getConfigService();
                    Session configSession = getConfigSession();
                    String str = (String) getParameter("authorizationGroupName");
                    String str2 = (String) getParameter(CommonConstants.RESOURCE_NAME);
                    if (AuthzGroupCommandsProvider.tc.isDebugEnabled()) {
                        Tr.debug(AuthzGroupCommandsProvider.tc, "authzGrpName=" + str);
                        Tr.debug(AuthzGroupCommandsProvider.tc, "resourceName=" + str2);
                    }
                    if (AuthzGroupCommandsProvider.isResourceNameAnAssetsBlasOrCus(str2)) {
                        Tr.debug(AuthzGroupCommandsProvider.tc, "resourceName is an assets, blas, or cus");
                        createObjectName = AdminCommandHelper.getResourceForAssetsBlasOrCus(configService, configSession, str2)[0];
                    } else {
                        createObjectName = str2.contains("=") ? AdminCommandHelper.getResources(configSession, configService, str2)[0] : ConfigServiceHelper.createObjectName(new ConfigDataId(str2));
                    }
                    if (AuthzGroupCommandsProvider.tc.isDebugEnabled()) {
                        Tr.debug(AuthzGroupCommandsProvider.tc, "resourceObjectName " + createObjectName);
                    }
                    validate(configSession, configService, null, createObjectName);
                    String configDataId = ConfigServiceHelper.getConfigDataId(createObjectName).toString();
                    String resourceType = ResourceInstanceRelations.getInstance().getResourceType(configDataId);
                    if (resourceType != null && resourceType.equals("AuthorizationGroup")) {
                        throw new InvalidParameterValueException(getName(), CommonConstants.RESOURCE_NAME, str2);
                    }
                    if (resourceType != null && !ResourceInstanceRelations.getInstance().isValidResourceType(resourceType)) {
                        throw new InvalidParameterValueException(getName(), CommonConstants.RESOURCE_NAME, str2);
                    }
                    AttributeList attributeList = new AttributeList();
                    ConfigServiceHelper.setAttributeValue(attributeList, CommonConstants.RESOURCE_NAME, configDataId);
                    ConfigServiceHelper.setAttributeValue(attributeList, CommonConstants.RESOURCE_TYPE, resourceType);
                    if (AuthzGroupCommandsProvider.tc.isDebugEnabled()) {
                        Tr.debug(AuthzGroupCommandsProvider.tc, "Resources attributes to be set are " + attributeList);
                    }
                    if (AuthzGroupCommandsProvider.tc.isDebugEnabled()) {
                        Tr.debug(AuthzGroupCommandsProvider.tc, "authzGroups name is " + str);
                    }
                    ObjectName[] authzGroupObjectName = AuthzGroupCommandsProvider.this.getAuthzGroupObjectName(configSession, configService, str);
                    if (authzGroupObjectName == null || authzGroupObjectName.length <= 0) {
                        if (AuthzGroupCommandsProvider.tc.isDebugEnabled()) {
                            Tr.debug(AuthzGroupCommandsProvider.tc, "No authorization group: " + str + " found");
                        }
                        throw new InvalidParameterValueException(getName(), "authorizationGroupName", str);
                    }
                    ObjectName createConfigData = configService.createConfigData(configSession, authzGroupObjectName[0], ClusterConfigCommandProvider.MEMBERS_STEP_NAME, "AuthorizationGroupMember", attributeList);
                    HashMap allParentInstances = ResourceInstanceRelations.getInstance().getAllParentInstances(configSession, configService, configDataId, resourceType);
                    for (String str3 : allParentInstances.keySet()) {
                        for (String str4 : (List) allParentInstances.get(str3)) {
                            attributeList.clear();
                            ConfigServiceHelper.setAttributeValue(attributeList, "name", str3);
                            ConfigServiceHelper.setAttributeValue(attributeList, "value", str4);
                            configService.createConfigData(configSession, createConfigData, "memberProperties", EMOFExtendedMetaData.EMOF_PROPERTY_CLASS_NAME, attributeList);
                        }
                    }
                    if (AuthzGroupCommandsProvider.tc.isEntryEnabled()) {
                        Tr.exit(AuthzGroupCommandsProvider.tc, "execute");
                    }
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.createAuthorizationGroup", "88");
                    if (AuthzGroupCommandsProvider.tc.isDebugEnabled()) {
                        Tr.debug(AuthzGroupCommandsProvider.tc, "exception caught", e);
                    }
                    commandResultImpl.setException(e);
                    if (AuthzGroupCommandsProvider.tc.isEntryEnabled()) {
                        Tr.exit(AuthzGroupCommandsProvider.tc, "execute");
                    }
                }
            } catch (Throwable th) {
                if (AuthzGroupCommandsProvider.tc.isEntryEnabled()) {
                    Tr.exit(AuthzGroupCommandsProvider.tc, "execute");
                }
                throw th;
            }
        }

        public void validate(Session session, ConfigService configService, ObjectName[] objectNameArr, ObjectName objectName) throws CommandValidationException, ConfigServiceException {
            if (AuthzGroupCommandsProvider.tc.isEntryEnabled()) {
                Tr.entry(AuthzGroupCommandsProvider.tc, "validate", new Object[]{objectNameArr, objectName});
            }
            super.validate();
            try {
                try {
                    String configDataType = ConfigServiceHelper.getConfigDataType(objectName);
                    if (configDataType == null) {
                        String configDataId = ConfigServiceHelper.getConfigDataId(objectName).toString();
                        if (AuthzGroupCommandsProvider.tc.isDebugEnabled()) {
                            Tr.debug(AuthzGroupCommandsProvider.tc, "resString=" + configDataId);
                        }
                        configDataType = ResourceInstanceRelations.getInstance().getResourceType(configDataId);
                    }
                    if (configDataType != null && !ResourceInstanceRelations.getInstance().isValidResourceType(configDataType)) {
                        throw new CommandValidationException("Invalid Type.  " + configDataType);
                    }
                    if (AuthzGroupCommandsProvider.tc.isDebugEnabled()) {
                        Tr.debug(AuthzGroupCommandsProvider.tc, "resourceType=" + configDataType);
                    }
                    if (objectNameArr == null) {
                        objectNameArr = AuthzGroupCommandsProvider.this.getAuthzGroupObjectName(session, configService, null);
                    }
                    if (AuthzGroupCommandsProvider.this.findAuthzGroupsWithGivenResource(session, configService, objectNameArr, objectName) != null) {
                        if (AuthzGroupCommandsProvider.tc.isDebugEnabled()) {
                            Tr.debug(AuthzGroupCommandsProvider.tc, "Resource already existed. " + objectName);
                        }
                        throw new CommandValidationException("Resource already existed. " + objectName);
                    }
                    String property = ConfigServiceHelper.getObjectLocation(objectName).getProperty("node");
                    if (property == null) {
                        if (AuthzGroupCommandsProvider.tc.isDebugEnabled()) {
                            Tr.debug(AuthzGroupCommandsProvider.tc, "resource type = ", configDataType);
                        }
                        if (configDataType.equals("Application") || configDataType.equals(AdminAuthzConstants.DEPLOYMENT)) {
                            AuthzGroupCommandsProvider.this.checkApplicationTargets(objectName, session);
                        }
                        if (configDataType.equals("ServerCluster") || configDataType.equals("Cluster")) {
                            AuthzGroupCommandsProvider.this.checkClusterMembers(objectName, session, configService);
                        }
                    } else if (!AuthzGroupCommandsProvider.this.isNodeValid(property, session)) {
                        throw new CommandValidationException("resource " + objectName + " cannot be part of any authorization group becuase, its product version is not 6.1 or greater. Check the corresponding node's product version. ");
                    }
                    Tr.exit(AuthzGroupCommandsProvider.tc, "validate");
                } catch (ConfigServiceException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.AddResourceToAuthorizationGroupCmd", "264");
                    if (AuthzGroupCommandsProvider.tc.isDebugEnabled()) {
                        Tr.debug(AuthzGroupCommandsProvider.tc, "exception caught", e);
                    }
                    throw e;
                } catch (Exception e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.management.commands.authzgroup.AddResourceToAuthorizationGroupCmd", "267");
                    if (AuthzGroupCommandsProvider.tc.isDebugEnabled()) {
                        Tr.debug(AuthzGroupCommandsProvider.tc, "exception caught", e2);
                    }
                    throw new CommandValidationException(e2, "Validation failed");
                }
            } catch (Throwable th) {
                Tr.exit(AuthzGroupCommandsProvider.tc, "validate");
                throw th;
            }
        }
    }

    @Override // com.ibm.websphere.management.cmdframework.provider.SimpleCommandProvider, com.ibm.websphere.management.cmdframework.provider.CommandProvider
    public AbstractAdminCommand createCommand(CommandMetadata commandMetadata) throws CommandNotFoundException {
        return commandMetadata.getName().equals("addResourceToAuthorizationGroup") ? new AddResourceToAuthorizationGroupCmd(commandMetadata) : super.createCommand(commandMetadata);
    }

    @Override // com.ibm.websphere.management.cmdframework.provider.SimpleCommandProvider, com.ibm.websphere.management.cmdframework.provider.CommandProvider
    public AbstractAdminCommand loadCommand(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        return commandData.getName().equals("addResourceToAuthorizationGroup") ? new AddResourceToAuthorizationGroupCmd(commandData) : super.loadCommand(commandData);
    }

    public String createAuthorizationGroup(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createAuthorizationGroup", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("authorizationGroupName");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authzGroups name is " + str);
                }
                if (str == null || str.equals("CellAuthorizationGroup") || str.equals(CommandConstants.UPDATE_OP_MERGE)) {
                    throw new InvalidParameterValueException(abstractAdminCommand.getName(), "authorizationGroupName", str);
                }
                ObjectName[] authzGroupObjectName = getAuthzGroupObjectName(configSession, configService, str);
                if (authzGroupObjectName != null && authzGroupObjectName.length > 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Authorization Group: " + str + " already existed");
                    }
                    throw new InvalidParameterValueException(abstractAdminCommand.getName(), "authorizationGroupName", str);
                }
                ObjectName cellObjectName = getCellObjectName(configSession, configService);
                AttributeList attributeList = new AttributeList();
                ConfigServiceHelper.setAttributeValue(attributeList, "name", str);
                ObjectName createConfigData = configService.createConfigData(configSession, cellObjectName, "AuthorizationGroup", "AuthorizationGroup", attributeList);
                createAuthzTableDocument(configSession, configService, createConfigData);
                createAuditAuthzTableDocument(configSession, configService, createConfigData);
                String configDataId = ConfigServiceHelper.getConfigDataId(createConfigData).toString();
                AttributeList attributeList2 = new AttributeList();
                ConfigServiceHelper.setAttributeValue(attributeList2, CommonConstants.RESOURCE_NAME, configDataId);
                ConfigServiceHelper.setAttributeValue(attributeList2, CommonConstants.RESOURCE_TYPE, "AuthorizationGroup");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Resources attributes to be set are " + attributeList2);
                }
                configService.createConfigData(configSession, createConfigData, ClusterConfigCommandProvider.MEMBERS_STEP_NAME, "AuthorizationGroupMember", attributeList2);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createAuthorizationGroup", createConfigData);
                }
                return configDataId;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.createAuthorizationGroup", "88");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createAuthorizationGroup", null);
            }
            throw th;
        }
    }

    public boolean deleteAuthorizationGroup(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "deleteAuthorizationGroup", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("authorizationGroupName");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authzGroups name to delete is " + str);
                }
                ObjectName[] authzGroupObjectName = getAuthzGroupObjectName(configSession, configService, str);
                if (authzGroupObjectName == null || authzGroupObjectName.length != 1) {
                    if (tc.isDebugEnabled()) {
                        Tr.warning(tc, "No authorization group: " + str + " found or more than one authorization group found");
                    }
                    throw new InvalidParameterValueException(abstractAdminCommand.getName(), "authorizationGroupName", str);
                }
                ObjectName objectName = authzGroupObjectName[0];
                ObjectName[] adminAuthzTables = getAdminAuthzTables(configSession, configService, objectName);
                ObjectName objectName2 = null;
                if (adminAuthzTables != null && adminAuthzTables.length != 0) {
                    int i = 0;
                    while (true) {
                        if (i >= adminAuthzTables.length) {
                            break;
                        }
                        String displayName = ConfigServiceHelper.getDisplayName(adminAuthzTables[i]);
                        if (displayName.equals("admin-authz.xml")) {
                            objectName2 = adminAuthzTables[i];
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Found : " + displayName);
                            }
                        } else {
                            i++;
                        }
                    }
                    configService.deleteConfigData(configSession, objectName2);
                }
                configService.deleteConfigData(configSession, objectName);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "deleteAuthorizationGroup");
                }
                return true;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.createAuthorizationGroup", "88");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "deleteAuthorizationGroup");
            }
            throw th;
        }
    }

    public boolean removeResourceFromAuthorizationGroup(AbstractAdminCommand abstractAdminCommand) throws Exception {
        ObjectName createObjectName;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "deleteAuthorizationGroup", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("authorizationGroupName");
                String str2 = (String) abstractAdminCommand.getParameter(CommonConstants.RESOURCE_NAME);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authorization group name is " + str);
                }
                if (str2.contains("=")) {
                    ObjectName[] resourceForAssetsBlasOrCus = isResourceNameAnAssetsBlasOrCus(str2) ? AdminCommandHelper.getResourceForAssetsBlasOrCus(configService, configSession, str2) : AdminCommandHelper.getResources(configSession, configService, str2);
                    if (resourceForAssetsBlasOrCus == null || resourceForAssetsBlasOrCus.length != 1) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Resource is not unique or does not exist. " + str2);
                        }
                        throw new InvalidParameterValueException(abstractAdminCommand.getName(), CommonConstants.RESOURCE_NAME, str2);
                    }
                    createObjectName = resourceForAssetsBlasOrCus[0];
                } else {
                    createObjectName = ConfigServiceHelper.createObjectName(new ConfigDataId(str2));
                }
                ObjectName objectName = null;
                if (str == null || str.equals("")) {
                    objectName = findAuthzGroupsWithGivenResource(configSession, configService, getAuthzGroupObjectName(configSession, configService, null), createObjectName);
                } else {
                    ObjectName[] authzGroupObjectName = getAuthzGroupObjectName(configSession, configService, str);
                    if (authzGroupObjectName != null) {
                        objectName = authzGroupObjectName[0];
                    }
                }
                if (objectName == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cannot find the authorization group which contains the resource, " + str2);
                    }
                    throw new InvalidParameterValueException(abstractAdminCommand.getName(), CommonConstants.RESOURCE_NAME, str2);
                }
                String configDataId = ConfigServiceHelper.getConfigDataId(createObjectName).toString();
                String resourceType = ResourceInstanceRelations.getInstance().getResourceType(configDataId);
                if (resourceType != null && resourceType.equals("AuthorizationGroup")) {
                    throw new InvalidParameterValueException(abstractAdminCommand.getName(), CommonConstants.RESOURCE_NAME, str2);
                }
                ArrayList arrayList = (ArrayList) configService.getAttribute(configSession, objectName, ClusterConfigCommandProvider.MEMBERS_STEP_NAME, false);
                int i = 0;
                while (true) {
                    if (i >= arrayList.size()) {
                        break;
                    }
                    ObjectName objectName2 = (ObjectName) arrayList.get(i);
                    if (((String) configService.getAttribute(configSession, objectName2, CommonConstants.RESOURCE_NAME)).equals(configDataId)) {
                        configService.deleteConfigData(configSession, objectName2);
                        break;
                    }
                    i++;
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "deleteAuthorizationGroup");
                }
                return true;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.createAuthorizationGroup", "88");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "deleteAuthorizationGroup");
            }
            throw th;
        }
    }

    public boolean mapUsersToAdminRole(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapUsersToAdminRole", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("authorizationGroupName");
                String str2 = (String) abstractAdminCommand.getParameter(CommonConstants.ROLE_NAME);
                String[] strArr = (String[]) abstractAdminCommand.getParameter("userids");
                String[] strArr2 = (String[]) abstractAdminCommand.getParameter("accessids");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authzGroups name is " + str);
                }
                List addRemoveRoleOrGroupID = addRemoveRoleOrGroupID(configSession, configService, abstractAdminCommand.getName(), str, str2, strArr, null, strArr2);
                if (addRemoveRoleOrGroupID.isEmpty()) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "mapUsersToAdminRole");
                    }
                    return true;
                }
                StringBuffer stringBuffer = new StringBuffer("Invalid userids are : ");
                Iterator it = addRemoveRoleOrGroupID.iterator();
                while (it.hasNext()) {
                    stringBuffer.append((String) it.next());
                    stringBuffer.append(RASFormatter.DEFAULT_SEPARATOR);
                }
                throw new InvalidParameterValueException(abstractAdminCommand.getName(), "userids", stringBuffer.toString());
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.mapUsersToAdminRole", "200");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "mapUsersToAdminRole");
            }
            throw th;
        }
    }

    public boolean mapGroupsToAdminRole(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapGroupsToAdminRole", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("authorizationGroupName");
                String str2 = (String) abstractAdminCommand.getParameter(CommonConstants.ROLE_NAME);
                String[] strArr = (String[]) abstractAdminCommand.getParameter("groupids");
                String[] strArr2 = (String[]) abstractAdminCommand.getParameter("accessids");
                String[] strArr3 = (String[]) abstractAdminCommand.getParameter("specialSubjects");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authzGroups name is " + str);
                }
                List addRemoveRoleOrGroupID = addRemoveRoleOrGroupID(configSession, configService, abstractAdminCommand.getName(), str, str2, strArr, strArr3, strArr2);
                if (addRemoveRoleOrGroupID.isEmpty()) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "mapGroupsToAdminRole");
                    }
                    return true;
                }
                StringBuffer stringBuffer = new StringBuffer("Invalid groupids are : ");
                Iterator it = addRemoveRoleOrGroupID.iterator();
                while (it.hasNext()) {
                    stringBuffer.append((String) it.next());
                    stringBuffer.append(RASFormatter.DEFAULT_SEPARATOR);
                }
                throw new InvalidParameterValueException(abstractAdminCommand.getName(), "groupids", stringBuffer.toString());
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.mapGroupsToAdminRole", "241");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "mapGroupsToAdminRole");
            }
            throw th;
        }
    }

    public boolean removeUsersFromAdminRole(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeUsersFromAdminRole", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("authorizationGroupName");
                String str2 = (String) abstractAdminCommand.getParameter(CommonConstants.ROLE_NAME);
                String[] strArr = (String[]) abstractAdminCommand.getParameter("userids");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authzGroups name is " + str);
                }
                List addRemoveRoleOrGroupID = addRemoveRoleOrGroupID(configSession, configService, abstractAdminCommand.getName(), str, str2, strArr, null, null);
                if (addRemoveRoleOrGroupID.isEmpty()) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "removeUsersFromAdminRole");
                    }
                    return true;
                }
                StringBuffer stringBuffer = new StringBuffer("Invalid userids are : ");
                Iterator it = addRemoveRoleOrGroupID.iterator();
                while (it.hasNext()) {
                    stringBuffer.append((String) it.next());
                    stringBuffer.append(RASFormatter.DEFAULT_SEPARATOR);
                }
                throw new InvalidParameterValueException(abstractAdminCommand.getName(), "userids", stringBuffer.toString());
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.removeUsersFromAdminRole", "242");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "removeUsersFromAdminRole");
            }
            throw th;
        }
    }

    public boolean removeGroupsFromAdminRole(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeGroupsFromAdminRole", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("authorizationGroupName");
                String str2 = (String) abstractAdminCommand.getParameter(CommonConstants.ROLE_NAME);
                String[] strArr = (String[]) abstractAdminCommand.getParameter("groupids");
                String[] strArr2 = (String[]) abstractAdminCommand.getParameter("specialSubjects");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authzGroups name is " + str);
                }
                List addRemoveRoleOrGroupID = addRemoveRoleOrGroupID(configSession, configService, abstractAdminCommand.getName(), str, str2, strArr, strArr2, null);
                if (addRemoveRoleOrGroupID.isEmpty()) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "removeGroupsFromAdminRole");
                    }
                    return true;
                }
                StringBuffer stringBuffer = new StringBuffer("Invalid groupids are : ");
                Iterator it = addRemoveRoleOrGroupID.iterator();
                while (it.hasNext()) {
                    stringBuffer.append((String) it.next());
                    stringBuffer.append(RASFormatter.DEFAULT_SEPARATOR);
                }
                throw new InvalidParameterValueException(abstractAdminCommand.getName(), "groupids", stringBuffer.toString());
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.removeGroupsFromAdminRole", "258");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "removeGroupsFromAdminRole");
            }
            throw th;
        }
    }

    public List listAuthorizationGroups(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listAuthorizationGroups", new Object[]{abstractAdminCommand});
        }
        ArrayList arrayList = new ArrayList();
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                ObjectName[] authzGroupObjectName = getAuthzGroupObjectName(configSession, configService, null);
                if (authzGroupObjectName != null) {
                    for (ObjectName objectName : authzGroupObjectName) {
                        String str = (String) configService.getAttribute(configSession, objectName, "name", false);
                        if (checkAccess(objectName)) {
                            arrayList.add(str);
                        }
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "listAuthorizationGroups", arrayList);
                }
                return arrayList;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.listAuthorizationGroups", "300");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listAuthorizationGroups", arrayList);
            }
            throw th;
        }
    }

    public List listResourcesOfAuthorizationGroup(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listResourcesOfAuthorizationGroup", new Object[]{abstractAdminCommand});
        }
        ArrayList arrayList = new ArrayList();
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("authorizationGroupName");
                ObjectName[] authzGroupObjectName = getAuthzGroupObjectName(configSession, configService, str);
                if (authzGroupObjectName != null && authzGroupObjectName.length == 1) {
                    List resourcesFromAuthorizationGroup = getResourcesFromAuthorizationGroup(configSession, configService, authzGroupObjectName[0]);
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "listResourcesOfAuthorizationGroup", arrayList);
                    }
                    return resourcesFromAuthorizationGroup;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No authorization group: " + str + " found or more than one authorization group found");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "listResourcesOfAuthorizationGroup", arrayList);
                }
                return null;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.listResourcesOfAuthorizationGroup", "316");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listResourcesOfAuthorizationGroup", arrayList);
            }
            throw th;
        }
    }

    public List listAuthorizationGroupsOfResource(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listAuthorizationGroupsOfResource", new Object[]{abstractAdminCommand});
        }
        ArrayList arrayList = new ArrayList();
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter(CommonConstants.RESOURCE_NAME);
                Boolean bool = (Boolean) abstractAdminCommand.getParameter("traverseContainedResources");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "resourceName=" + str);
                }
                ObjectName[] resourceForAssetsBlasOrCus = isResourceNameAnAssetsBlasOrCus(str) ? AdminCommandHelper.getResourceForAssetsBlasOrCus(configService, configSession, str) : AdminCommandHelper.getResources(configSession, configService, str);
                if (resourceForAssetsBlasOrCus != null && resourceForAssetsBlasOrCus.length == 1) {
                    ObjectName objectName = resourceForAssetsBlasOrCus[0];
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Resource found is " + objectName);
                    }
                    ArrayList arrayList2 = new ArrayList();
                    String configDataId = ConfigServiceHelper.getConfigDataId(objectName).toString();
                    arrayList2.add(configDataId);
                    if (bool != null && bool.booleanValue()) {
                        String resourceType = ResourceInstanceRelations.getInstance().getResourceType(configDataId);
                        if (resourceType != null && !ResourceInstanceRelations.getInstance().isValidResourceType(resourceType)) {
                            throw new InvalidParameterValueException(abstractAdminCommand.getName(), CommonConstants.RESOURCE_NAME, str);
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "traverse the parent");
                        }
                        HashMap allParentInstances = ResourceInstanceRelations.getInstance().getAllParentInstances(configSession, configService, configDataId, resourceType);
                        Iterator it = allParentInstances.keySet().iterator();
                        while (it.hasNext()) {
                            Iterator it2 = ((List) allParentInstances.get((String) it.next())).iterator();
                            while (it2.hasNext()) {
                                arrayList2.add((String) it2.next());
                            }
                        }
                    }
                    ObjectName[] authzGroupObjectName = getAuthzGroupObjectName(configSession, configService, null);
                    if (authzGroupObjectName != null) {
                        for (ObjectName objectName2 : authzGroupObjectName) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "authzGroup is " + objectName2);
                            }
                            ArrayList arrayList3 = (ArrayList) getResourcesFromAuthorizationGroup(configSession, configService, objectName2);
                            int i = 0;
                            while (true) {
                                if (i >= arrayList2.size()) {
                                    break;
                                }
                                if (arrayList3.contains(arrayList2.get(i))) {
                                    String str2 = (String) configService.getAttribute(configSession, objectName2, "name", false);
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Authorization group:  " + str2 + ".  Contains resource: " + arrayList2.get(i));
                                    }
                                    arrayList.add(str2);
                                } else {
                                    i++;
                                }
                            }
                        }
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "listAuthorizationGroupsOfResource", arrayList);
                }
                return arrayList;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.listAuthorizationGroupsOfResource", "361");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listAuthorizationGroupsOfResource", arrayList);
            }
            throw th;
        }
    }

    public HashMap listResourcesForUserID(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listResourcesForUserID", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter(ApplicationbndSerializationConstants.USER_ID_ATTR);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "user id to find is " + str);
                }
                if (!isUserAllowed(str, false)) {
                    throw new Exception("Access Denied for " + abstractAdminCommand.getName());
                }
                HashMap listAuthzGrpOrResourcesAsSystem = listAuthzGrpOrResourcesAsSystem(configSession, configService, true, "users", str);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "listResourcesForUserID");
                }
                return listAuthzGrpOrResourcesAsSystem;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.listResourcesForUserID", "390");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listResourcesForUserID");
            }
            throw th;
        }
    }

    public HashMap listResourcesForGroupID(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listResourcesForGroupID", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("groupid");
                String str2 = "groups";
                if (str.equals("EVERYONE")) {
                    str = "EveryoneExt";
                    str2 = "specialSubjects";
                } else if (str.equals("ALLAUTHENTICATED")) {
                    str = "AllAuthenticatedUsersExt";
                    str2 = "specialSubjects";
                } else if (str.equals("ALLAUTHENTICATEDINTRUSTEDREALMS")) {
                    str = "AllAuthenticatedUsersInTrustedRealmsExt";
                    str2 = "specialSubjects";
                }
                if (!isUserAllowed(str, true)) {
                    throw new Exception("Access Denied for " + abstractAdminCommand.getName());
                }
                HashMap listAuthzGrpOrResourcesAsSystem = listAuthzGrpOrResourcesAsSystem(configSession, configService, true, str2, str);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "listResourcesForGroupID");
                }
                return listAuthzGrpOrResourcesAsSystem;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.listResourcesForGroupID", "454");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listResourcesForGroupID");
            }
            throw th;
        }
    }

    public HashMap listAuthorizationGroupsForUserID(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listAuthorizationGroupsForUserID", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter(ApplicationbndSerializationConstants.USER_ID_ATTR);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "user id to find is " + str);
                }
                HashMap listAuthzGrpOrResources = listAuthzGrpOrResources(configSession, configService, false, "users", str);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "listAuthorizationGroupsForUser");
                }
                return listAuthzGrpOrResources;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.listResourcesForUser", "390");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listAuthorizationGroupsForUser");
            }
            throw th;
        }
    }

    public HashMap listAuthorizationGroupsForGroupID(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listAuthorizationGroupsForGroupID", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("groupid");
                String str2 = "groups";
                if (str.equals("EVERYONE")) {
                    str = "EveryoneExt";
                    str2 = "specialSubjects";
                } else if (str.equals("ALLAUTHENTICATED")) {
                    str = "AllAuthenticatedUsersExt";
                    str2 = "specialSubjects";
                } else if (str.equals("ALLAUTHENTICATEDINTRUSTEDREALMS")) {
                    str = "AllAuthenticatedUsersInTrustedRealmsExt";
                    str2 = "specialSubjects";
                }
                HashMap listAuthzGrpOrResources = listAuthzGrpOrResources(configSession, configService, false, str2, str);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "listAuthorizationGroupsForGroup");
                }
                return listAuthzGrpOrResources;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.listResourcesForUser", "421");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listAuthorizationGroupsForGroup");
            }
            throw th;
        }
    }

    private boolean isRoleNameACustomRole(String str) {
        boolean z = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isRoleNameACustomRole", false);
        }
        List allParentRoles = RoleRelations.getInstance().getAllParentRoles("monitor");
        if (!str.equals("auditor") && !str.equals("iscadmins") && !str.equals("nobody") && !str.equals("monitor") && !allParentRoles.contains(str)) {
            z = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isRoleNameACustomRole", Boolean.valueOf(z));
        }
        return z;
    }

    public ArrayList listAuthorizationRoles(AbstractAdminCommand abstractAdminCommand) throws Exception {
        ObjectName[] auditAuthzTablesPub;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listAuthorizationRoles", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("roleType");
                ObjectName cellObjectName = getCellObjectName(configSession, configService);
                ObjectName[] adminAuthzTables = getAdminAuthzTables(configSession, configService, cellObjectName);
                ObjectName objectName = null;
                ObjectName objectName2 = null;
                if (adminAuthzTables != null && adminAuthzTables.length == 0) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "listAuthorizationRoles inside AuthzGroupCommandsProvider aaaaaa", null);
                    }
                    return null;
                }
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                int i = 0;
                while (true) {
                    if (i >= adminAuthzTables.length) {
                        break;
                    }
                    String displayName = ConfigServiceHelper.getDisplayName(adminAuthzTables[i]);
                    if (displayName.equals("admin-authz.xml")) {
                        objectName = adminAuthzTables[i];
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found authzFileName: " + displayName);
                        }
                    } else {
                        i++;
                    }
                }
                ArrayList arrayList3 = (ArrayList) configService.getAttribute(configSession, objectName, "authorizations", false);
                ArrayList arrayList4 = new ArrayList();
                for (int i2 = 0; i2 < arrayList3.size(); i2++) {
                    String resolveRoleIDToRoleName = resolveRoleIDToRoleName(configSession, configService, objectName, (ObjectName) configService.getAttribute(configSession, (ObjectName) arrayList3.get(i2), "role", false));
                    if (isRoleNameACustomRole(resolveRoleIDToRoleName)) {
                        arrayList.add(resolveRoleIDToRoleName);
                    } else {
                        arrayList2.add(resolveRoleIDToRoleName);
                    }
                }
                AdminAuthorizer adminAuthorizer = AdminAuthorizerFactory.getAdminAuthorizer();
                if ((!SecurityContext.isSecurityEnabled() || adminAuthorizer == null || adminAuthorizer.isCallerInRole("auditor")) && (auditAuthzTablesPub = AuditAuthzCommandProvider.getAuditAuthzTablesPub(configSession, configService, cellObjectName)) != null && auditAuthzTablesPub.length > 0) {
                    int i3 = 0;
                    while (true) {
                        if (i3 >= auditAuthzTablesPub.length) {
                            break;
                        }
                        String displayName2 = ConfigServiceHelper.getDisplayName(auditAuthzTablesPub[i3]);
                        if (displayName2.equals("audit-authz.xml")) {
                            objectName2 = auditAuthzTablesPub[i3];
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Found auditAuthzFileName: " + displayName2);
                            }
                        } else {
                            i3++;
                        }
                    }
                    ArrayList arrayList5 = (ArrayList) configService.getAttribute(configSession, objectName2, "authorizations", false);
                    int i4 = 0;
                    while (true) {
                        if (i4 >= arrayList5.size()) {
                            break;
                        }
                        String resolveRoleIDToRoleName2 = resolveRoleIDToRoleName(configSession, configService, objectName2, (ObjectName) configService.getAttribute(configSession, (ObjectName) arrayList5.get(i4), "role", false));
                        Tr.debug(tc, "roleName=" + resolveRoleIDToRoleName2);
                        if (resolveRoleIDToRoleName2.equals("auditor")) {
                            arrayList2.add(resolveRoleIDToRoleName2);
                            break;
                        }
                        i4++;
                    }
                }
                if (arrayList.size() > 0 && (null == str || !str.equalsIgnoreCase("Builtin"))) {
                    Object[] array = arrayList.toArray();
                    Arrays.sort(array);
                    for (int i5 = 0; i5 < array.length; i5++) {
                        Tr.debug(tc, " Custom customRolesArray[" + i5 + "]=" + array[i5]);
                        arrayList4.add(array[i5]);
                    }
                }
                if (arrayList2.size() > 0 && (null == str || !str.equalsIgnoreCase("Custom"))) {
                    Object[] array2 = arrayList2.toArray();
                    Arrays.sort(array2);
                    for (int i6 = 0; i6 < array2.length; i6++) {
                        Tr.debug(tc, " Builtin adminRolesArray[" + i6 + "]=" + array2[i6]);
                        arrayList4.add(array2[i6]);
                    }
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "admin-authz.xml name is " + objectName.getCanonicalName());
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "listAuthorizationRoles inside AuthzGroupCommandsProvider aaaaaa", arrayList4);
                }
                return arrayList4;
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught in AuthzGroupCommandsProvider.listAuthorizationRoles", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listAuthorizationRoles inside AuthzGroupCommandsProvider aaaaaa", null);
            }
            throw th;
        }
    }

    public HashMap listGroupIDsOfAuthorizationGroup(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listGroupIDsOfAuthorizationGroup", new Object[]{abstractAdminCommand});
        }
        HashMap hashMap = null;
        try {
            try {
                hashMap = listIDsOfAuthozGroup(abstractAdminCommand, "groups");
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "listGroupIDsOfAuthorizationGroup", hashMap);
                }
                return hashMap;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.listGroupIDsOfAuthorizationGroup", "568");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listGroupIDsOfAuthorizationGroup", hashMap);
            }
            throw th;
        }
    }

    public HashMap listUserIDsOfAuthorizationGroup(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listUserIDsOfAuthorizationGroup", new Object[]{abstractAdminCommand});
        }
        HashMap hashMap = null;
        try {
            try {
                hashMap = listIDsOfAuthozGroup(abstractAdminCommand, "users");
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "listUserIDsOfAuthorizationGroup inside AuthzGroupCommandsProvider bbbbb", hashMap);
                }
                return hashMap;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.listUserIDsOfAuthorizationGroup", "568");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listUserIDsOfAuthorizationGroup inside AuthzGroupCommandsProvider bbbbb", hashMap);
            }
            throw th;
        }
    }

    private HashMap listIDsOfAuthozGroup(AbstractAdminCommand abstractAdminCommand, String str) throws Exception {
        ObjectName cellObjectName;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listUserIDsForAuthorizationGroup", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str2 = (String) abstractAdminCommand.getParameter("authorizationGroupName");
                if (str2 == null || str2.equals("CellAuthorizationGroup")) {
                    cellObjectName = getCellObjectName(configSession, configService);
                } else {
                    ObjectName[] authzGroupObjectName = getAuthzGroupObjectName(configSession, configService, str2);
                    if (authzGroupObjectName == null || authzGroupObjectName.length <= 0) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Authorization Group: " + str2 + " does not exist");
                        }
                        throw new InvalidParameterValueException(abstractAdminCommand.getName(), "authorizationGroupName", str2);
                    }
                    cellObjectName = authzGroupObjectName[0];
                }
                ObjectName[] adminAuthzTables = getAdminAuthzTables(configSession, configService, cellObjectName);
                ObjectName objectName = null;
                if (adminAuthzTables != null && adminAuthzTables.length == 0) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "listUserIDsOfAuthorizationGroup", null);
                    }
                    return null;
                }
                int i = 0;
                while (true) {
                    if (i >= adminAuthzTables.length) {
                        break;
                    }
                    String displayName = ConfigServiceHelper.getDisplayName(adminAuthzTables[i]);
                    if (displayName.equals("admin-authz.xml")) {
                        objectName = adminAuthzTables[i];
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found : " + displayName);
                        }
                    } else {
                        i++;
                    }
                }
                HashMap createResourceRoleMap = createResourceRoleMap();
                ArrayList arrayList = (ArrayList) configService.getAttribute(configSession, objectName, "authorizations", false);
                for (int i2 = 0; i2 < arrayList.size(); i2++) {
                    ObjectName objectName2 = (ObjectName) arrayList.get(i2);
                    String resolveRoleIDToRoleName = resolveRoleIDToRoleName(configSession, configService, objectName, (ObjectName) configService.getAttribute(configSession, objectName2, "role", false));
                    ArrayList arrayList2 = (ArrayList) configService.getAttribute(configSession, objectName2, str, false);
                    ArrayList arrayList3 = (ArrayList) createResourceRoleMap.get(resolveRoleIDToRoleName);
                    if (arrayList3 == null) {
                        arrayList3 = new ArrayList();
                    }
                    createResourceRoleMap.put(resolveRoleIDToRoleName, arrayList3);
                    for (int i3 = 0; i3 < arrayList2.size(); i3++) {
                        String str3 = (String) configService.getAttribute(configSession, (ObjectName) arrayList2.get(i3), "name", false);
                        arrayList3.add(str3);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Authorization role:  " + resolveRoleIDToRoleName + ".  Name:  " + str3);
                        }
                    }
                    if (str != null && str.equals("groups")) {
                        ArrayList arrayList4 = (ArrayList) configService.getAttribute(configSession, objectName2, "specialSubjects", false);
                        for (int i4 = 0; i4 < arrayList4.size(); i4++) {
                            String configDataType = ConfigServiceHelper.getConfigDataType((ObjectName) arrayList4.get(i4));
                            if (configDataType.equals("EveryoneExt")) {
                                arrayList3.add("EVERYONE");
                            } else if (configDataType.equals("AllAuthenticatedUsersExt")) {
                                arrayList3.add("ALLAUTHENTICATED");
                            } else if (configDataType.equals("AllAuthenticatedUsersInTrustedRealmsExt")) {
                                arrayList3.add("ALLAUTHENTICATEDINTRUSTEDREALMS");
                            }
                        }
                    }
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "admin-authz.xml name is " + objectName.getCanonicalName());
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "listUserIDsOfAuthorizationGroup", createResourceRoleMap);
                }
                return createResourceRoleMap;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.commands.authzgroup.listUserIDsOfAuthorizationGroup", "568");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listUserIDsOfAuthorizationGroup", null);
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ObjectName[] getAuthzGroupObjectName(Session session, ConfigService configService, String str) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuthzGroupObjectName", str);
        }
        ObjectName[] objectNameArr = null;
        ObjectName[] queryConfigObjects = configService.queryConfigObjects(session, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "AuthorizationGroup"), null);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "authzGroups ObjectNames are " + queryConfigObjects);
        }
        if (str == null || str.equals("")) {
            objectNameArr = queryConfigObjects;
        } else if (queryConfigObjects != null) {
            int i = 0;
            while (true) {
                if (i >= queryConfigObjects.length) {
                    break;
                }
                ObjectName objectName = queryConfigObjects[i];
                String str2 = (String) configService.getAttribute(session, objectName, "name");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Authorization group name to check:  " + str2);
                }
                if (str2.equals(str)) {
                    objectNameArr = new ObjectName[]{objectName};
                    break;
                }
                i++;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuthzGroupObjectName", objectNameArr);
        }
        return objectNameArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ObjectName findAuthzGroupsWithGivenResource(Session session, ConfigService configService, ObjectName[] objectNameArr, ObjectName objectName) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuthzGroup", new Object[]{objectNameArr, objectName});
        }
        String configDataId = ConfigServiceHelper.getConfigDataId(objectName).toString();
        ObjectName objectName2 = null;
        boolean z = false;
        for (ObjectName objectName3 : objectNameArr) {
            ArrayList arrayList = (ArrayList) configService.getAttribute(session, objectName3, ClusterConfigCommandProvider.MEMBERS_STEP_NAME, false);
            int i = 0;
            while (true) {
                if (i >= arrayList.size()) {
                    break;
                }
                if (((String) configService.getAttribute(session, (ObjectName) arrayList.get(i), CommonConstants.RESOURCE_NAME)).equals(configDataId)) {
                    objectName2 = objectName3;
                    z = true;
                    break;
                }
                i++;
            }
            if (z) {
                break;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "findResourceInAuthzGroups", objectName2);
        }
        return objectName2;
    }

    private ObjectName resolveRoleNameToRoleID(Session session, ConfigService configService, ObjectName objectName, String str) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "resolveRoleNameToRoleID", str);
        }
        ObjectName objectName2 = null;
        ArrayList arrayList = (ArrayList) configService.getAttribute(session, objectName, "roles", false);
        int i = 0;
        while (true) {
            if (i >= arrayList.size()) {
                break;
            }
            ObjectName objectName3 = (ObjectName) arrayList.get(i);
            if (((String) configService.getAttribute(session, objectName3, CommonConstants.ROLE_NAME, false)).equalsIgnoreCase(str)) {
                objectName2 = objectName3;
                break;
            }
            i++;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "resolveRoleNameToRoleID", objectName2);
        }
        return objectName2;
    }

    private String resolveRoleIDToRoleName(Session session, ConfigService configService, ObjectName objectName, ObjectName objectName2) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "resolveRoleIDToRoleName", objectName2);
        }
        String str = null;
        ArrayList arrayList = (ArrayList) configService.getAttribute(session, objectName, "roles", false);
        int i = 0;
        while (true) {
            if (i >= arrayList.size()) {
                break;
            }
            ObjectName objectName3 = (ObjectName) arrayList.get(i);
            if (objectName3.equals(objectName2)) {
                str = (String) configService.getAttribute(session, objectName3, CommonConstants.ROLE_NAME, false);
                break;
            }
            i++;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "resolveRoleIDToRoleName", str);
        }
        return str;
    }

    private List addRemoveRoleOrGroupID(Session session, ConfigService configService, String str, String str2, String str3, String[] strArr, String[] strArr2, String[] strArr3) throws ConfigServiceException, ConnectorException, InvalidParameterValueException {
        ObjectName cellObjectName;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addRoleOrGroupID", new Object[]{str, str2, str3, strArr});
        }
        ArrayList arrayList = new ArrayList();
        if (str2 == null || str2.equals("CellAuthorizationGroup")) {
            cellObjectName = getCellObjectName(session, configService);
        } else {
            ObjectName[] authzGroupObjectName = getAuthzGroupObjectName(session, configService, str2);
            if (authzGroupObjectName == null || authzGroupObjectName.length != 1) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Authorization Group: " + str2 + " does not exist");
                }
                throw new InvalidParameterValueException(str, "authorizationGroupName", str2);
            }
            cellObjectName = authzGroupObjectName[0];
        }
        ObjectName[] adminAuthzTables = getAdminAuthzTables(session, configService, cellObjectName);
        ObjectName objectName = null;
        if (adminAuthzTables == null || adminAuthzTables.length != 0) {
            int i = 0;
            while (true) {
                if (i >= adminAuthzTables.length) {
                    break;
                }
                String displayName = ConfigServiceHelper.getDisplayName(adminAuthzTables[i]);
                if (displayName.equals("admin-authz.xml")) {
                    objectName = adminAuthzTables[i];
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found : " + displayName);
                    }
                } else {
                    i++;
                }
            }
        } else {
            objectName = createAuthzTableDocument(session, configService, cellObjectName);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "admin-authz.xml name is " + objectName.getCanonicalName());
        }
        ObjectName resolveRoleNameToRoleID = resolveRoleNameToRoleID(session, configService, objectName, str3);
        if (resolveRoleNameToRoleID == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Role " + str3 + " does not exist");
            }
            throw new InvalidParameterValueException(str, CommonConstants.ROLE_NAME, str3);
        }
        ArrayList arrayList2 = (ArrayList) configService.getAttribute(session, objectName, "authorizations", false);
        boolean z = false;
        int i2 = 0;
        while (true) {
            if (i2 >= arrayList2.size()) {
                break;
            }
            if (((ObjectName) configService.getAttribute(session, (ObjectName) arrayList2.get(i2), "role", false)).equals(resolveRoleNameToRoleID)) {
                z = true;
                break;
            }
            i2++;
        }
        if (!z) {
            AttributeList attributeList = new AttributeList();
            attributeList.add(new Attribute("role", resolveRoleNameToRoleID));
            configService.createConfigDataByTemplate(session, objectName, "authorizations", attributeList, null);
            arrayList2 = (ArrayList) configService.getAttribute(session, objectName, "authorizations", false);
        }
        for (int i3 = 0; i3 < arrayList2.size(); i3++) {
            ObjectName objectName2 = (ObjectName) arrayList2.get(i3);
            ObjectName objectName3 = (ObjectName) configService.getAttribute(session, objectName2, "role", false);
            if (objectName3.equals(resolveRoleNameToRoleID)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authorizationRole found" + objectName3.getCanonicalName());
                }
                if (strArr != null) {
                    for (int i4 = 0; i4 < strArr.length; i4++) {
                        String str4 = strArr[i4];
                        String str5 = strArr3 != null ? strArr3[i4] : null;
                        AttributeList attributeList2 = new AttributeList();
                        ConfigServiceHelper.setAttributeValue(attributeList2, "name", str4);
                        if (str5 != null) {
                            ConfigServiceHelper.setAttributeValue(attributeList2, "accessId", str5);
                        }
                        if (str.equals("mapUsersToAdminRole")) {
                            if (findRoleIDInAuthorization(session, configService, objectName2, "users", str4) == null) {
                                configService.createConfigData(session, objectName2, "users", "UserExt", attributeList2);
                            } else {
                                arrayList.add(str4);
                            }
                        } else if (str.equals("removeUsersFromAdminRole")) {
                            ObjectName findRoleIDInAuthorization = findRoleIDInAuthorization(session, configService, objectName2, "users", str4);
                            if (findRoleIDInAuthorization != null) {
                                configService.deleteConfigData(session, findRoleIDInAuthorization);
                            } else {
                                arrayList.add(str4);
                            }
                        } else if (str.equals("mapGroupsToAdminRole")) {
                            if (findRoleIDInAuthorization(session, configService, objectName2, "groups", str4) == null) {
                                configService.createConfigData(session, objectName2, "groups", "GroupExt", attributeList2);
                            } else {
                                arrayList.add(str4);
                            }
                        } else if (str.equals("removeGroupsFromAdminRole")) {
                            ObjectName findRoleIDInAuthorization2 = findRoleIDInAuthorization(session, configService, objectName2, "groups", str4);
                            if (findRoleIDInAuthorization2 != null) {
                                configService.deleteConfigData(session, findRoleIDInAuthorization2);
                            } else {
                                arrayList.add(str4);
                            }
                        }
                    }
                }
                if (strArr2 != null && strArr2.length > 0) {
                    for (String str6 : strArr2) {
                        if (str6.equals("ALLAUTHENTICATED")) {
                            ObjectName findRoleIDInAuthorization3 = findRoleIDInAuthorization(session, configService, objectName2, "specialSubjects", "AllAuthenticatedUsersExt");
                            if (str.equals("mapGroupsToAdminRole")) {
                                if (findRoleIDInAuthorization3 == null) {
                                    configService.createConfigData(session, objectName2, "specialSubjects", "AllAuthenticatedUsersExt", new AttributeList());
                                } else {
                                    arrayList.add("ALLAUTHENTICATED");
                                }
                            } else if (str.equals("removeGroupsFromAdminRole")) {
                                if (findRoleIDInAuthorization3 != null) {
                                    configService.deleteConfigData(session, findRoleIDInAuthorization3);
                                } else {
                                    arrayList.add("ALLAUTHENTICATED");
                                }
                            }
                        } else if (str6.equals("EVERYONE")) {
                            ObjectName findRoleIDInAuthorization4 = findRoleIDInAuthorization(session, configService, objectName2, "specialSubjects", "EveryoneExt");
                            if (str.equals("mapGroupsToAdminRole")) {
                                if (findRoleIDInAuthorization4 == null) {
                                    configService.createConfigData(session, objectName2, "specialSubjects", "EveryoneExt", new AttributeList());
                                } else {
                                    arrayList.add("EVERYONE");
                                }
                            } else if (str.equals("removeGroupsFromAdminRole")) {
                                if (findRoleIDInAuthorization4 != null) {
                                    configService.deleteConfigData(session, findRoleIDInAuthorization4);
                                } else {
                                    arrayList.add("EVERYONE");
                                }
                            }
                        } else if (str6.equals("ALLAUTHENTICATEDINTRUSTEDREALMS")) {
                            ObjectName findRoleIDInAuthorization5 = findRoleIDInAuthorization(session, configService, objectName2, "specialSubjects", "AllAuthenticatedUsersInTrustedRealmsExt");
                            if (str.equals("mapGroupsToAdminRole")) {
                                if (findRoleIDInAuthorization5 == null) {
                                    configService.createConfigData(session, objectName2, "specialSubjects", "AllAuthenticatedUsersInTrustedRealmsExt", new AttributeList());
                                } else {
                                    arrayList.add("ALLAUTHENTICATEDINTRUSTEDREALMS");
                                }
                            } else if (str.equals("removeGroupsFromAdminRole")) {
                                if (findRoleIDInAuthorization5 != null) {
                                    configService.deleteConfigData(session, findRoleIDInAuthorization5);
                                } else {
                                    arrayList.add("ALLAUTHENTICATEDINTRUSTEDREALMS");
                                }
                            }
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addRoleOrGroupID");
        }
        return arrayList;
    }

    private ObjectName createAuthzTableDocument(Session session, ConfigService configService, ObjectName objectName) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createAuthzTableDocument", objectName);
        }
        AttributeList attributeList = new AttributeList();
        ConfigServiceHelper.setAttributeValue(attributeList, RASConstants.KEY_FILE_NAME, "admin-authz.xml");
        ObjectName objectName2 = null;
        ObjectName[] queryTemplates = configService.queryTemplates(session, PropertiesBasedConfigConstants.AUTHORIZATIONTABLEEXT_RESOURCE_TYPE);
        for (int i = 0; queryTemplates != null && i < queryTemplates.length; i++) {
            ObjectName objectName3 = queryTemplates[i];
            String configDataId = ConfigServiceHelper.getConfigDataId(objectName3).toString();
            String substring = configDataId.substring(configDataId.lastIndexOf(CommandSecurityUtil.PARAM_DELIM) + 1, configDataId.lastIndexOf("#"));
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "name = " + substring);
            }
            if (substring.equals("admin-authz.xml")) {
                objectName2 = objectName3;
            }
        }
        ObjectName createConfigDataByTemplate = configService.createConfigDataByTemplate(session, objectName, PropertiesBasedConfigConstants.AUTHORIZATIONTABLEEXT_RESOURCE_TYPE, attributeList, objectName2);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createAuthzTableDocument", createConfigDataByTemplate);
        }
        return createConfigDataByTemplate;
    }

    private ObjectName createAuditAuthzTableDocument(Session session, ConfigService configService, ObjectName objectName) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createAuditAuthzTableDocument", objectName);
        }
        AttributeList attributeList = new AttributeList();
        ConfigServiceHelper.setAttributeValue(attributeList, RASConstants.KEY_FILE_NAME, "audit-authz.xml");
        ObjectName objectName2 = null;
        ObjectName[] queryTemplates = configService.queryTemplates(session, PropertiesBasedConfigConstants.AUTHORIZATIONTABLEEXT_RESOURCE_TYPE);
        for (int i = 0; queryTemplates != null && i < queryTemplates.length; i++) {
            ObjectName objectName3 = queryTemplates[i];
            String configDataId = ConfigServiceHelper.getConfigDataId(objectName3).toString();
            String substring = configDataId.substring(configDataId.lastIndexOf(CommandSecurityUtil.PARAM_DELIM) + 1, configDataId.lastIndexOf("#"));
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "name = " + substring);
            }
            if (substring.equals("audit-authz.xml")) {
                objectName2 = objectName3;
            }
        }
        ObjectName createConfigDataByTemplate = configService.createConfigDataByTemplate(session, objectName, PropertiesBasedConfigConstants.AUTHORIZATIONTABLEEXT_RESOURCE_TYPE, attributeList, objectName2);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createAuditAuthzTableDocument", createConfigDataByTemplate);
        }
        return createConfigDataByTemplate;
    }

    private List getResourcesFromAuthorizationGroup(Session session, ConfigService configService, ObjectName objectName) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getResourcesFromAuthorizationGroup", objectName);
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = (ArrayList) configService.getAttribute(session, objectName, ClusterConfigCommandProvider.MEMBERS_STEP_NAME, false);
        for (int i = 0; i < arrayList2.size(); i++) {
            arrayList.add((String) configService.getAttribute(session, (ObjectName) arrayList2.get(i), CommonConstants.RESOURCE_NAME, false));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getResourcesFromAuthorizationGroup", arrayList);
        }
        return arrayList;
    }

    private ObjectName findRoleIDInAuthorization(Session session, ConfigService configService, ObjectName objectName, String str, String str2) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "findRoleIDInAuthorization", new Object[]{objectName, str, str2});
        }
        ObjectName objectName2 = null;
        ArrayList arrayList = (ArrayList) configService.getAttribute(session, objectName, str, false);
        int i = 0;
        while (true) {
            if (i >= arrayList.size()) {
                break;
            }
            ObjectName objectName3 = (ObjectName) arrayList.get(i);
            String configDataType = !str.equals("specialSubjects") ? (String) configService.getAttribute(session, objectName3, "name", false) : ConfigServiceHelper.getConfigDataType(objectName3);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Role name to check is " + configDataType);
            }
            if (configDataType.equals(str2)) {
                objectName2 = objectName3;
                break;
            }
            i++;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "findRoleIDInAuthorization", objectName2);
        }
        return objectName2;
    }

    private HashMap createResourceRoleMap() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createResourceRoleMap");
        }
        HashMap hashMap = new HashMap(5);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        ArrayList arrayList5 = new ArrayList();
        ArrayList arrayList6 = new ArrayList();
        hashMap.put("administrator", arrayList);
        hashMap.put("operator", arrayList2);
        hashMap.put("configurator", arrayList3);
        hashMap.put("monitor", arrayList4);
        hashMap.put("deployer", arrayList5);
        hashMap.put("adminsecuritymanager", arrayList6);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createResourceRoleMap", hashMap);
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public HashMap listAuthzGrpOrResources(Session session, ConfigService configService, boolean z, String str, String str2) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listAuthzGrpOrResources", new Object[]{str, str2});
        }
        HashMap createResourceRoleMap = createResourceRoleMap();
        getIdOrResourcesFromAuthzGrp(session, configService, new ObjectName[]{getCellObjectName(session, configService)}, createResourceRoleMap, z, true, str, str2);
        getIdOrResourcesFromAuthzGrp(session, configService, getAuthzGroupObjectName(session, configService, null), createResourceRoleMap, z, false, str, str2);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "listAuthzGrpOrResources", createResourceRoleMap);
        }
        return createResourceRoleMap;
    }

    private HashMap getIdOrResourcesFromAuthzGrp(Session session, ConfigService configService, ObjectName[] objectNameArr, HashMap hashMap, boolean z, boolean z2, String str, String str2) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuthzGrpOrResources", new Object[]{objectNameArr, str, str2});
        }
        if (objectNameArr != null) {
            for (ObjectName objectName : objectNameArr) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authzGroup is " + objectName);
                }
                for (ObjectName objectName2 : getAdminAuthzTables(session, configService, objectName)) {
                    ArrayList arrayList = (ArrayList) configService.getAttribute(session, objectName2, "authorizations", false);
                    for (int i = 0; i < arrayList.size(); i++) {
                        ObjectName objectName3 = (ObjectName) arrayList.get(i);
                        if (findRoleIDInAuthorization(session, configService, objectName3, str, str2) != null) {
                            String resolveRoleIDToRoleName = resolveRoleIDToRoleName(session, configService, objectName2, (ObjectName) configService.getAttribute(session, objectName3, "role", false));
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Found matching userid:  " + str2 + "  Authorization role:  " + resolveRoleIDToRoleName);
                            }
                            ArrayList arrayList2 = (ArrayList) hashMap.get(resolveRoleIDToRoleName);
                            if (z) {
                                if (z2) {
                                    arrayList2.add("Cell");
                                } else {
                                    arrayList2.addAll(getResourcesFromAuthorizationGroup(session, configService, objectName));
                                }
                            } else if (z2) {
                                arrayList2.add("CellAuthorizationGroup");
                            } else {
                                arrayList2.add((String) configService.getAttribute(session, objectName, "name", false));
                            }
                        }
                    }
                    if (z2) {
                        break;
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuthzGrpOrResources", hashMap);
        }
        return hashMap;
    }

    private ObjectName getCellObjectName(Session session, ConfigService configService) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCellObjectName", new Object[]{session, configService, this});
        }
        ObjectName objectName = configService.queryConfigObjects(session, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "Cell"), null)[0];
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Cell ObjectName is " + objectName + ". Cell Name is " + ConfigServiceHelper.getDisplayName(objectName));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCellObjectName", objectName);
        }
        return objectName;
    }

    private boolean checkAccess(ObjectName objectName) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkAccess ", objectName);
        }
        if (objectName == null) {
            return true;
        }
        String configDataId = ConfigServiceHelper.getConfigDataId(objectName).toString();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "ResourceName = ", configDataId);
        }
        AdminAuthorizer adminAuthorizer = AdminAuthorizerFactory.getAdminAuthorizer();
        if (adminAuthorizer != null) {
            return adminAuthorizer.checkAccess(configDataId, "adminsecuritymanager");
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkClusterMembers(ObjectName objectName, Session session, ConfigService configService) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkClusterMembers", objectName);
        }
        for (AttributeList attributeList : (List) configService.getAttribute(session, objectName, ClusterConfigCommandProvider.MEMBERS_STEP_NAME)) {
            String str = (String) ConfigServiceHelper.getAttributeValue(attributeList, ResourceValidationHelper.CLUSTER_MEMBER_ATTR);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, ResourceValidationHelper.CLUSTER_MEMBER_ATTR, str);
            }
            String str2 = (String) ConfigServiceHelper.getAttributeValue(attributeList, "nodeName");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "nodeName", str2);
            }
            if (!isNodeValid(str2, session)) {
                throw new CommandValidationException("Cluster has one or more members that is not version 6.1 or greater. One of the members is " + str + " in node " + str2 + " that is not version 6.1 or greater ");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkClusterMembers");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkApplicationTargets(ObjectName objectName, Session session) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkApplicationTargets", objectName);
        }
        EObject convertToEObject = MOFUtil.convertToEObject(session, objectName);
        if (convertToEObject instanceof Deployment) {
            TreeIterator eAllContents = ((Deployment) convertToEObject).eAllContents();
            while (eAllContents.hasNext()) {
                Object next = eAllContents.next();
                if (next instanceof ServerTarget) {
                    String nodeName = ((ServerTarget) next).getNodeName();
                    if (!isNodeValid(nodeName, session)) {
                        throw new CommandValidationException("Application has one or more targets that is not version 6.1 or greater. One of the targets is " + nodeName + " that is not version 6.1 or greater ");
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkApplicationTargets");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isNodeValid(String str, Session session) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isNodeValid", str);
        }
        boolean z = true;
        Properties properties = new Properties();
        properties.setProperty("CONFIG_SESSION", session.toString());
        ManagedObjectMetadataHelper managedObjectMetadataHelper = new ManagedObjectMetadataHelper(ManagedObjectMetadataAccessorFactory.createAccessor(properties));
        if (str != null) {
            String nodeBaseProductVersion = managedObjectMetadataHelper.getNodeBaseProductVersion(str);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Node product version is " + nodeBaseProductVersion);
            }
            String nodeMajorVersion = managedObjectMetadataHelper.getNodeMajorVersion(str);
            String nodeMinorVersion = managedObjectMetadataHelper.getNodeMinorVersion(str);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "nodeMajorVersion is " + nodeMajorVersion + " nodeMinorVersion is " + nodeMinorVersion);
            }
            int parseInt = Integer.parseInt(nodeMajorVersion);
            int parseInt2 = Integer.parseInt(nodeMinorVersion);
            if (parseInt < 7 && (parseInt != 6 || parseInt2 < 1)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Resource is not a version 6.1 or above resource.  Version is " + nodeBaseProductVersion);
                }
                z = false;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isNodeValid", new Boolean(z));
        }
        return z;
    }

    private HashMap listAuthzGrpOrResourcesAsSystem(final Session session, final ConfigService configService, final boolean z, final String str, final String str2) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listAuthzGrpOrResourcesAsSystem", new Object[]{new Boolean(z), str, str2});
        }
        try {
            HashMap hashMap = (HashMap) ContextManagerFactory.getInstance().runAsSpecified(ContextManagerFactory.getInstance().getServerSubject(), new PrivilegedExceptionAction() { // from class: com.ibm.ws.management.commands.authzgroup.AuthzGroupCommandsProvider.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    return AuthzGroupCommandsProvider.this.listAuthzGrpOrResources(session, configService, z, str, str2);
                }
            });
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listAuthzGrpOrResourcesAsSystem", hashMap);
            }
            return hashMap;
        } catch (PrivilegedActionException e) {
            throw new ConfigServiceException(e.getException());
        } catch (Exception e2) {
            throw new ConfigServiceException(e2);
        }
    }

    private boolean isUserAllowed(String str, boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isUserAllowed", new Object[]{str, new Boolean(z)});
        }
        boolean z2 = false;
        AdminAuthorizer adminAuthorizer = AdminAuthorizerFactory.getAdminAuthorizer();
        if (adminAuthorizer == null) {
            return true;
        }
        if (adminAuthorizer.checkAccess(WorkSpaceQueryUtil.CELL_URI, "adminsecuritymanager")) {
            z2 = true;
        } else if (z) {
            try {
                WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(SecurityHelper.retrieveSubject());
                String realmName = wSCredentialFromSubject.getRealmName();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "realm", realmName);
                }
                UserRegistry registry = ContextManagerFactory.getInstance().getRegistry(realmName);
                String uniqueGroupId = registry.getUniqueGroupId(str);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "accessId", uniqueGroupId);
                }
                String securityName = wSCredentialFromSubject.getSecurityName();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "logged in user securityName", securityName);
                }
                Object[] array = registry.getGroupsForUser(securityName).toArray();
                int i = 0;
                while (true) {
                    if (i >= array.length) {
                        break;
                    }
                    String uniqueGroupId2 = registry.getUniqueGroupId((String) array[i]);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "logged in user group uniqueId", uniqueGroupId2);
                    }
                    if (uniqueGroupId == null || uniqueGroupId2 == null) {
                        z2 = false;
                    } else if (uniqueGroupId2.equalsIgnoreCase(uniqueGroupId)) {
                        z2 = true;
                        break;
                    }
                    i++;
                }
            } catch (Exception e) {
                z2 = false;
            }
        } else {
            try {
                WSCredential wSCredentialFromSubject2 = SubjectHelper.getWSCredentialFromSubject(SecurityHelper.retrieveSubject());
                String realmName2 = wSCredentialFromSubject2.getRealmName();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "realm", realmName2);
                }
                UserRegistry registry2 = ContextManagerFactory.getInstance().getRegistry(realmName2);
                String uniqueUserId = registry2.getUniqueUserId(str);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "accessId", uniqueUserId);
                }
                String securityName2 = wSCredentialFromSubject2.getSecurityName();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "logged in user securityName", securityName2);
                }
                String uniqueUserId2 = registry2.getUniqueUserId(securityName2);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "logged in user uniqueId", uniqueUserId2);
                }
                if (uniqueUserId == null || uniqueUserId2 == null) {
                    z2 = false;
                } else if (uniqueUserId2.equalsIgnoreCase(uniqueUserId)) {
                    z2 = true;
                }
            } catch (Exception e2) {
                z2 = false;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isUserAllowed", new Boolean(z2));
        }
        return z2;
    }

    private ObjectName[] getAdminAuthzTables(Session session, ConfigService configService, ObjectName objectName) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAdminAuthzTables", new Object[]{session, objectName});
        }
        ArrayList arrayList = new ArrayList();
        ObjectName[] relationship = configService.getRelationship(session, objectName, PropertiesBasedConfigConstants.AUTHORIZATIONTABLEEXT_RESOURCE_TYPE);
        for (int i = 0; relationship != null && i < relationship.length; i++) {
            ObjectName objectName2 = relationship[i];
            String configDataId = ConfigServiceHelper.getConfigDataId(objectName2).toString();
            String substring = configDataId.substring(configDataId.lastIndexOf(CommandSecurityUtil.PARAM_DELIM) + 1, configDataId.lastIndexOf("#"));
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "name = " + substring);
            }
            if (substring.equals("admin-authz.xml")) {
                arrayList.add(objectName2);
            }
        }
        ObjectName[] objectNameArr = (ObjectName[]) arrayList.toArray(new ObjectName[0]);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAdminAuthzTables", objectNameArr);
        }
        return objectNameArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isResourceNameAnAssetsBlasOrCus(String str) {
        String resourceType;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isResourceNameAssetsBlasCus resourceName=", str);
        }
        boolean z = false;
        if (!isScopeId(str)) {
            if (0 == 0 && null != str && (resourceType = ResourceInstanceRelations.getInstance().getResourceType(str)) != null && (resourceType.equals("BLA") || resourceType.equals(AdminAuthzConstants.ASSET) || resourceType.equals(AdminAuthzConstants.CUS))) {
                z = true;
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "isResourceNameAssetsBlasCus retValue=" + z);
            }
            return z;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, "=:");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.equalsIgnoreCase("blas") || nextToken.equalsIgnoreCase("cus") || nextToken.equalsIgnoreCase("assets")) {
                z = true;
                break;
            }
            if (stringTokenizer.hasMoreTokens()) {
                stringTokenizer.nextToken();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isResourceNameAssetsBlasCus retValue=" + z);
        }
        return z;
    }

    private static boolean isScopeId(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isScopeId", new Object[]{str});
        }
        boolean z = false;
        if (str != null && str.indexOf(61) > 0) {
            z = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isScopeId", new Boolean(z));
        }
        return z;
    }
}
