package com.ibm.ws.sib.security.auth.policy;

import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.sib.security.BusSecurityConstants;
import com.ibm.ws.sib.security.auth.SIBAccessControlException;
import com.ibm.ws.sib.security.users.NoSuchUserException;
import com.ibm.ws.sib.security.users.UserRepository;
import com.ibm.ws.sib.security.users.UserRepositoryException;
import com.ibm.ws.sib.security.users.UserRepositoryFactory;
import com.ibm.ws.sib.utils.ras.SibTr;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

/* loaded from: input_file:lib/com.ibm.ws.sib.server.jar:com/ibm/ws/sib/security/auth/policy/RoleImpl.class */
public class RoleImpl extends AbstractRole implements Role {
    private Set<String> _usersInRole;
    private Set<String> _groupsInRole;
    private String _busName;
    private UserRepository _userRep;
    private static final TraceComponent _tc = SibTr.register(RoleImpl.class, BusSecurityConstants.TRC_GROUP, BusSecurityConstants.MSG_BUNDLE);
    public static final String $sccsid = "@(#) 1.9 SIB/ws/code/sib.security.impl/src/com/ibm/ws/sib/security/auth/policy/RoleImpl.java, SIB.security, WASX.SIB, ww1616.03 09/03/27 05:50:01 [4/26/16 10:14:37]";

    public RoleImpl(RoleType roleType, ResourceType resourceType, String str, String str2, Set<String> set, Set<String> set2) {
        super(roleType, resourceType, str);
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "RoleImpl", new Object[]{roleType, resourceType, str, str2, set, set2});
        }
        this._busName = str2;
        this._usersInRole = new HashSet();
        this._usersInRole.addAll(set);
        this._groupsInRole = new HashSet();
        this._groupsInRole.addAll(set2);
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "RoleImpl", this);
        }
    }

    @Override // com.ibm.ws.sib.security.auth.policy.Role
    public AuthorizationDecision isUserInRole(String str) throws SIBAccessControlException {
        Set<UserRepository.Group> hashSet;
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "isUserInRole", str);
        }
        boolean z = false;
        if (this._groupsInRole.contains(BusSecurityConstants.EVERYONE)) {
            z = true;
        } else if (str != null && str.length() > 0) {
            if (this._groupsInRole.contains(BusSecurityConstants.ALLAUTHENTICATED)) {
                z = true;
            } else if (this._usersInRole.contains(str.toLowerCase())) {
                z = true;
            } else if (!this._groupsInRole.isEmpty()) {
                try {
                    hashSet = getUserRepository().getUserUsingUniqueName(str).getGroups();
                } catch (NoSuchUserException e) {
                    hashSet = new HashSet();
                } catch (UserRepositoryException e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.sib.security.auth.policy.RoleImpl.isUserInRole", "167", this);
                    SibTr.error(_tc, "GROUP_QUERY_FAILED_CWSII0209E", new Object[]{this._busName, str, e2});
                    SIBAccessControlException sIBAccessControlException = new SIBAccessControlException("Exception occurred trying to access the User Registry", e2);
                    if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
                        SibTr.exit(this, _tc, "isUserInRole", sIBAccessControlException);
                    }
                    throw sIBAccessControlException;
                }
                Iterator<UserRepository.Group> it = hashSet.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (this._groupsInRole.contains(it.next().getSecurityName().toLowerCase())) {
                        z = true;
                        break;
                    }
                }
            }
        }
        AuthorizationDecision createAuthorizationDecision = createAuthorizationDecision(z);
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "isUserInRole", createAuthorizationDecision);
        }
        return createAuthorizationDecision;
    }

    private UserRepository getUserRepository() throws UserRepositoryException {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getUserRepository");
        }
        if (this._userRep == null) {
            this._userRep = UserRepositoryFactory.getUserRepository(this._busName, UserRepositoryFactory.BehaviouralModifiers.LAZILY_RETRIEVE_ENTITY_DATA, UserRepositoryFactory.BehaviouralModifiers.CACHED_GROUP_DATA_ALLOWED);
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getUserRepository", this._userRep);
        }
        return this._userRep;
    }

    @Override // com.ibm.ws.sib.security.auth.policy.Role
    public AuthorizationDecision isGroupInRole(String str) throws SIBAccessControlException {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "isGroupInRole", str);
        }
        boolean z = false;
        if (BusSecurityConstants.EVERYONE.equals(str)) {
            z = this._groupsInRole.contains(str);
        } else if (BusSecurityConstants.ALLAUTHENTICATED.equals(str)) {
            z = this._groupsInRole.contains(BusSecurityConstants.EVERYONE) || this._groupsInRole.contains(str);
        } else if (this._groupsInRole.contains(BusSecurityConstants.EVERYONE) || this._groupsInRole.contains(BusSecurityConstants.ALLAUTHENTICATED) || this._groupsInRole.contains(str)) {
            z = true;
        }
        AuthorizationDecision createAuthorizationDecision = createAuthorizationDecision(z);
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "isGroupInRole", createAuthorizationDecision);
        }
        return createAuthorizationDecision;
    }

    @Override // com.ibm.ws.sib.security.auth.policy.AbstractRole, com.ibm.ws.sib.security.auth.policy.Role
    public String toFullString() {
        return super.toFullString() + " users in role = " + this._usersInRole + ", groups in role = " + this._groupsInRole;
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
            SibTr.debug(_tc, "Source Info: @(#) 1.9 SIB/ws/code/sib.security.impl/src/com/ibm/ws/sib/security/auth/policy/RoleImpl.java, SIB.security, WASX.SIB, ww1616.03 09/03/27 05:50:01 [4/26/16 10:14:37]");
        }
    }
}
