package com.ibm.ws.security.authorization.builtin;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.AccessIdUtil;
import com.ibm.ws.security.authorization.SecurityRole;
import java.io.IOException;
import java.util.Dictionary;
import java.util.HashSet;
import java.util.Set;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.authorization.builtin_1.0.16.jar:com/ibm/ws/security/authorization/builtin/SecurityRoleImpl.class */
public class SecurityRoleImpl implements SecurityRole {
    private static final TraceComponent tc = Tr.register(SecurityRoleImpl.class);
    static final String CFG_KEY_USER = "user";
    static final String CFG_KEY_GROUP = "group";
    static final String CFG_KEY_ACCESSID = "access-id";
    static final String CFG_KEY_SPECIAL_SUBJECT = "special-subject";
    private final Set<String> users = new HashSet();
    private final Set<String> groups = new HashSet();
    private final Set<String> specialSubjects = new HashSet();
    private final Set<String> accessIds = new HashSet();
    private String name;
    static final long serialVersionUID = 2441729510601226330L;

    public SecurityRoleImpl(ConfigurationAdmin configurationAdmin, String str, Dictionary<String, Object> dictionary, Set<String> set) {
        this.name = null;
        this.name = str;
        processUsers(configurationAdmin, str, dictionary, set);
        processGroups(configurationAdmin, str, dictionary, set);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Role " + str + " has accessIds:", this.accessIds);
        }
        processSpecialSubjects(configurationAdmin, str, dictionary, set);
    }

    @Override // com.ibm.ws.security.authorization.SecurityRole
    public String getRoleName() {
        return this.name;
    }

    @Override // com.ibm.ws.security.authorization.SecurityRole
    public synchronized Set<String> getUsers() {
        return this.users;
    }

    @Override // com.ibm.ws.security.authorization.SecurityRole
    public synchronized Set<String> getGroups() {
        return this.groups;
    }

    @Override // com.ibm.ws.security.authorization.SecurityRole
    public Set<String> getSpecialSubjects() {
        return this.specialSubjects;
    }

    @Override // com.ibm.ws.security.authorization.SecurityRole
    public Set<String> getAccessIds() {
        return this.accessIds;
    }

    private void processUsers(ConfigurationAdmin configurationAdmin, String str, Dictionary<String, Object> dictionary, Set<String> set) {
        String[] strArr = (String[]) dictionary.get("user");
        if (strArr == null || strArr.length == 0) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "No users in role " + str, new Object[0]);
                return;
            }
            return;
        }
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        for (int i = 0; i < strArr.length; i++) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "user pid " + i + ": " + strArr[i], new Object[0]);
            }
            set.add(strArr[i]);
            try {
                Configuration configuration = configurationAdmin.getConfiguration(strArr[i]);
                if (configuration != null && configuration.getProperties() != null) {
                    Dictionary<String, Object> properties = configuration.getProperties();
                    String str2 = (String) properties.get("name");
                    String str3 = (String) properties.get(CFG_KEY_ACCESSID);
                    if (str2 != null && !str2.trim().isEmpty()) {
                        if (str3 == null || !AccessIdUtil.isUserAccessId(str3)) {
                            if (!hashSet.contains(str2) && !str2.trim().isEmpty() && !this.users.add(str2)) {
                                Tr.error(tc, "AUTHZ_TABLE_DUPLICATE_ROLE_MEMBER", getRoleName(), "user", str2);
                                hashSet.add(str2);
                                this.users.remove(str2);
                            }
                        } else if (!hashSet2.contains(str3) && !this.accessIds.add(str3)) {
                            Tr.error(tc, "AUTHZ_TABLE_DUPLICATE_ROLE_MEMBER", getRoleName(), CFG_KEY_ACCESSID, str3);
                            hashSet2.add(str3);
                            this.accessIds.remove(str3);
                        }
                    }
                } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Null user element", strArr[i]);
                }
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authorization.builtin.SecurityRoleImpl", "123", this, new Object[]{configurationAdmin, str, dictionary, set});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Invalid user entry " + strArr[i], new Object[0]);
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Role " + str + " has users:", this.users);
        }
    }

    private void processGroups(ConfigurationAdmin configurationAdmin, String str, Dictionary<String, Object> dictionary, Set<String> set) {
        String[] strArr = (String[]) dictionary.get("group");
        if (strArr == null || strArr.length == 0) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "No groups in role " + str, new Object[0]);
                return;
            }
            return;
        }
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        for (int i = 0; i < strArr.length; i++) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "group pid " + i + ": " + strArr[i], new Object[0]);
            }
            set.add(strArr[i]);
            try {
                Configuration configuration = configurationAdmin.getConfiguration(strArr[i]);
                if (configuration != null && configuration.getProperties() != null) {
                    Dictionary<String, Object> properties = configuration.getProperties();
                    String str2 = (String) properties.get("name");
                    String str3 = (String) properties.get(CFG_KEY_ACCESSID);
                    if (str2 != null && !str2.trim().isEmpty()) {
                        if (str3 == null || !AccessIdUtil.isGroupAccessId(str3)) {
                            if (!hashSet.contains(str2) && !str2.trim().isEmpty() && !this.groups.add(str2)) {
                                Tr.error(tc, "AUTHZ_TABLE_DUPLICATE_ROLE_MEMBER", getRoleName(), "group", str2);
                                hashSet.add(str2);
                                this.groups.remove(str2);
                            }
                        } else if (!hashSet2.contains(str3) && !this.accessIds.add(str3)) {
                            Tr.error(tc, "AUTHZ_TABLE_DUPLICATE_ROLE_MEMBER", getRoleName(), CFG_KEY_ACCESSID, str3);
                            hashSet2.add(str3);
                            this.accessIds.remove(str3);
                        }
                    }
                } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Null group element", strArr[i]);
                }
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authorization.builtin.SecurityRoleImpl", "205", this, new Object[]{configurationAdmin, str, dictionary, set});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Invalid group entry " + strArr[i], new Object[0]);
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Role " + str + " has groups:", this.groups);
        }
    }

    private void processSpecialSubjects(ConfigurationAdmin configurationAdmin, String str, Dictionary<String, Object> dictionary, Set<String> set) {
        String[] strArr = (String[]) dictionary.get(CFG_KEY_SPECIAL_SUBJECT);
        if (strArr == null || strArr.length == 0) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "No special subjects in role " + str, new Object[0]);
                return;
            }
            return;
        }
        HashSet hashSet = new HashSet();
        for (int i = 0; i < strArr.length; i++) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "special subject pid " + i + ": " + strArr[i], new Object[0]);
            }
            set.add(strArr[i]);
            try {
                Configuration configuration = configurationAdmin.getConfiguration(strArr[i]);
                if (configuration != null && configuration.getProperties() != null) {
                    String str2 = (String) configuration.getProperties().get("type");
                    if (str2 != null && !str2.trim().isEmpty() && !hashSet.contains(str2) && !str2.trim().isEmpty() && !this.specialSubjects.add(str2)) {
                        Tr.error(tc, "AUTHZ_TABLE_DUPLICATE_ROLE_MEMBER", getRoleName(), CFG_KEY_SPECIAL_SUBJECT, str2);
                        hashSet.add(str2);
                        this.specialSubjects.remove(str2);
                    }
                } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Null special subject element", strArr[i]);
                }
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authorization.builtin.SecurityRoleImpl", "287", this, new Object[]{configurationAdmin, str, dictionary, set});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Invalid special subject entry " + strArr[i], new Object[0]);
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Role " + str + " has special subjects:", this.specialSubjects);
        }
    }
}
