package com.ibm.eim.jndi;

import com.ibm.as400.access.Job;
import com.ibm.eim.AccessContext;
import com.ibm.eim.EimException;
import com.ibm.eim.UserAccess;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.SearchResult;

/* JADX WARN: Classes with same name are omitted:
  input_file:lib/eimIdTokenRA.rar:eim.jar:com/ibm/eim/jndi/AccessContextJNDI.class
 */
/* loaded from: input_file:lib/eimIdTokenRA.JCA15.rar:eim.jar:com/ibm/eim/jndi/AccessContextJNDI.class */
public class AccessContextJNDI implements AccessContext {
    private static final String[] defaultGroups = {"EIM Mapping Operations", "EIM Identifiers Administrator", "EIM Registries Administrator", "EIM Administrator", "EIM Credential Data"};
    private DomainJNDI _domain;
    private String _currentAPI = null;
    private String _dummyMember = null;

    protected static String copyright() {
        return " Licensed Materials - Property of IBM, 5722SS1 (C) COPYRIGHT 2003, 2006 All Rights Reserved. US Government Users restricted Rights -  Use, Duplication or Disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AccessContextJNDI(DomainJNDI domainJNDI) {
        this._domain = null;
        this._domain = domainJNDI;
        setCurrentAPI(this._domain.getCurrentAPI());
    }

    private void setCurrentAPI(String str) {
        this._currentAPI = new StringBuffer().append(getClass().getName()).append(Job.TIME_SEPARATOR_COLON).append(str).toString();
    }

    String getCurrentAPI() {
        return this._currentAPI;
    }

    private String getAccessGroupDomainName(String str) {
        return new StringBuffer().append("cn=").append(StringUtil.escapeDn(str)).append(",").append("cn=Groups").toString();
    }

    private Set getAccessUsers(String str) throws EimException {
        Set attributeSet = JNDIUtil.getAttributeSet(getCurrentAPI(), getDomain().getDirCtx(), getAccessGroupDomainName(str), "member");
        if (attributeSet.contains(getDummyMember())) {
            attributeSet.remove(getDummyMember());
        }
        return attributeSet;
    }

    @Override // com.ibm.eim.AccessContext
    public Set getAdminAccessUsers(int i) throws EimException {
        setCurrentAPI("getAdminAccessUsers");
        return getAccessUsers(buildGroupAccessName(i));
    }

    @Override // com.ibm.eim.AccessContext
    public Set getRegistryAccessUsers(String str) throws EimException {
        setCurrentAPI("getRegistryAccessUsers");
        return getAccessUsers(buildRegistryGroupAccessName(str));
    }

    @Override // com.ibm.eim.AccessContext
    public UserAccess getUserAccess(int i, String str) throws EimException {
        setCurrentAPI("getUserAccess");
        String buildGroupMemberName = buildGroupMemberName(i, str);
        try {
            NamingEnumeration searchLDAP = JNDIUtil.searchLDAP(1, EimConstants.NOATTS, new StringBuffer().append("(&(objectclass=accessgroup)(member=").append(buildGroupMemberName).append("))").toString(), "cn=Groups", getDomain().getDirCtx());
            HashSet hashSet = new HashSet();
            boolean z = false;
            boolean z2 = false;
            boolean z3 = false;
            boolean z4 = false;
            boolean z5 = false;
            while (searchLDAP.hasMore()) {
                String substring = ((SearchResult) searchLDAP.next()).getName().substring(3);
                if (substring.equalsIgnoreCase("EIM Administrator")) {
                    z = true;
                } else if (substring.equalsIgnoreCase("EIM Identifiers Administrator")) {
                    z3 = true;
                } else if (substring.equalsIgnoreCase("EIM Mapping Operations")) {
                    z4 = true;
                } else if (substring.equalsIgnoreCase("EIM Registries Administrator")) {
                    z2 = true;
                } else if (substring.equalsIgnoreCase("EIM Credential Data")) {
                    z5 = true;
                } else if (substring.endsWith("_admin_")) {
                    hashSet.add(substring.substring(0, substring.lastIndexOf("_admin_")));
                }
            }
            return new UserAccess(buildGroupMemberName, z, z2, z3, z4, z5, hashSet);
        } catch (NamingException e) {
            EimException eimException = new EimException("{0}: error getting access group authorities for user {1} of type {2}", (Exception) e);
            eimException.setSubstitutions(new String[]{getCurrentAPI(), str, Integer.toString(i)});
            throw eimException;
        }
    }

    private boolean queryAdminAccess(int i, String str, String str2) throws EimException {
        return getAccessUsers(str2).contains(buildGroupMemberName(i, str));
    }

    @Override // com.ibm.eim.AccessContext
    public boolean queryAdminUserAccess(int i, String str, int i2) throws EimException {
        setCurrentAPI("queryAdminUserAccess");
        return queryAdminAccess(i, str, buildGroupAccessName(i2));
    }

    @Override // com.ibm.eim.AccessContext
    public boolean queryRegistryUserAccess(int i, String str, String str2) throws EimException {
        setCurrentAPI("queryRegistryUserAccess");
        return queryAdminAccess(i, str, buildRegistryGroupAccessName(str2));
    }

    private void changeUserInAdminGroup(int i, String str, String str2, int i2) throws EimException {
        String buildGroupMemberName = buildGroupMemberName(i, str);
        if (StringUtil.isInvalidParm(buildGroupMemberName) || buildGroupMemberName.equals(getDummyMember())) {
            return;
        }
        if (str2.equalsIgnoreCase("EIM Credential Data")) {
            try {
                createGroup(str2);
            } catch (EimException e) {
            }
        }
        JNDIUtil.modifyAttribute(getCurrentAPI(), getDomain().getDirCtx(), getAccessGroupDomainName(str2), i2, "member", buildGroupMemberName);
    }

    @Override // com.ibm.eim.AccessContext
    public void addAdminAccessUser(int i, String str, int i2) throws EimException {
        setCurrentAPI("addAdminAccessUser");
        changeUserInAdminGroup(i, str, buildGroupAccessName(i2), 1);
    }

    @Override // com.ibm.eim.AccessContext
    public void addRegistryAccessUser(int i, String str, String str2) throws EimException {
        setCurrentAPI("addRegistryAccessUser");
        changeUserInAdminGroup(i, str, buildRegistryGroupAccessName(str2), 1);
    }

    @Override // com.ibm.eim.AccessContext
    public void deleteAdminAccessUser(int i, String str, int i2) throws EimException {
        setCurrentAPI("deleteAdminAccessUser");
        changeUserInAdminGroup(i, str, buildGroupAccessName(i2), 3);
    }

    @Override // com.ibm.eim.AccessContext
    public void deleteRegistryAccessUser(int i, String str, String str2) throws EimException {
        setCurrentAPI("deleteRegistryAccessUser");
        changeUserInAdminGroup(i, str, buildRegistryGroupAccessName(str2), 3);
    }

    private String buildGroupMemberName(int i, String str) throws EimException {
        StringUtil.checkParm(getCurrentAPI(), "", str);
        switch (i) {
            case 0:
                return str;
            case 1:
                return new StringBuffer().append("ibm-kn=").append(str).toString();
            default:
                EimException eimException = new EimException("{0}: administrator user type {1} is not valid");
                eimException.setSubstitutions(new String[]{getCurrentAPI(), Integer.toString(i)});
                throw eimException;
        }
    }

    private String buildRegistryGroupAccessName(String str) throws EimException {
        StringUtil.checkName(getCurrentAPI(), str);
        return new StringBuffer().append(str).append("_admin_").toString();
    }

    DomainJNDI getDomain() {
        return this._domain;
    }

    private String buildGroupAccessName(int i) throws EimException {
        switch (i) {
            case 0:
                return "EIM Administrator";
            case 1:
                return "EIM Registries Administrator";
            case 2:
            default:
                EimException eimException = new EimException("{0}: group access type {1} is not valid");
                eimException.setSubstitutions(new String[]{getCurrentAPI(), Integer.toString(i)});
                throw eimException;
            case 3:
                return "EIM Identifiers Administrator";
            case 4:
                return "EIM Mapping Operations";
            case 5:
                return "EIM Credential Data";
        }
    }

    private void deleteGroup(String str) throws EimException {
        try {
            getDomain().getDirCtx().destroySubcontext(getAccessGroupDomainName(str));
        } catch (NamingException e) {
            EimException eimException = new EimException("{0}: error removing access group {1}", (Exception) e);
            eimException.setSubstitutions(new String[]{getCurrentAPI(), str});
            throw eimException;
        }
    }

    private void createGroup(String str) throws EimException {
        String dn = getDomain().getDn();
        String accessGroupDomainName = getAccessGroupDomainName(str);
        BasicAttributes basicAttributes = new BasicAttributes();
        BasicAttribute basicAttribute = new BasicAttribute("objectclass");
        basicAttribute.add("top");
        basicAttribute.add("accessgroup");
        basicAttributes.put(basicAttribute);
        basicAttributes.put("cn", str);
        basicAttributes.put("member", dn.toLowerCase());
        try {
            getDomain().getDirCtx().createSubcontext(accessGroupDomainName, basicAttributes);
        } catch (NamingException e) {
            EimException eimException = new EimException("{0}: error adding access group {1}", (Exception) e);
            eimException.setSubstitutions(new String[]{getCurrentAPI(), str});
            throw eimException;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deleteDefaultGroups() throws EimException {
        EimException eimException = null;
        for (int i = 0; i < defaultGroups.length; i++) {
            try {
                deleteGroup(defaultGroups[i]);
            } catch (EimException e) {
                if (eimException == null) {
                    eimException = e;
                }
            }
        }
        if (eimException != null) {
            throw eimException;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void createDefaultGroups() throws EimException {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < defaultGroups.length; i++) {
            try {
                createGroup(defaultGroups[i]);
                arrayList.add(defaultGroups[i]);
            } catch (EimException e) {
                for (int i2 = 0; i2 < arrayList.size(); i2++) {
                    try {
                        deleteGroup((String) arrayList.get(i2));
                    } catch (EimException e2) {
                    }
                }
                throw e;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAuthorityForNewRegistry(String str) throws EimException {
        boolean z = false;
        boolean z2 = false;
        String buildRegistryGroupAccessName = buildRegistryGroupAccessName(str);
        String createAclEntry = JNDIUtil.createAclEntry(buildRegistryGroupAccessName, "normal:rsc", getDomain().getDn());
        try {
            createGroup(buildRegistryGroupAccessName);
            z = true;
            JNDIUtil.modifyAttribute(getCurrentAPI(), getDomain().getDirCtx(), "cn=Identifiers", 1, "aclentry", createAclEntry);
            z2 = true;
            JNDIUtil.modifyAttribute(getCurrentAPI(), getDomain().getDirCtx(), "cn=Source Mappings,cn=Identifiers", 1, "aclentry", createAclEntry);
        } catch (EimException e) {
            if (z2) {
                try {
                    JNDIUtil.modifyAttribute(getCurrentAPI(), getDomain().getDirCtx(), "cn=Identifiers", 3, "aclentry", createAclEntry);
                } catch (EimException e2) {
                }
            }
            if (z) {
                try {
                    deleteGroup(buildRegistryGroupAccessName);
                } catch (EimException e3) {
                }
            }
            throw e;
        }
    }

    private String getDummyMember() throws EimException {
        if (this._dummyMember == null) {
            this._dummyMember = getDomain().getDn();
        }
        return this._dummyMember;
    }
}
