package com.ibm.ws.security.role;

import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminContext;
import com.ibm.websphere.models.config.rolebasedauthz.AllAuthenticatedUsersExt;
import com.ibm.websphere.models.config.rolebasedauthz.AllAuthenticatedUsersInTrustedRealmsExt;
import com.ibm.websphere.models.config.rolebasedauthz.EveryoneExt;
import com.ibm.websphere.models.config.rolebasedauthz.PrimaryAdminExt;
import com.ibm.websphere.models.config.rolebasedauthz.RolebasedauthzPackage;
import com.ibm.websphere.models.config.rolebasedauthz.SecurityRoleExt;
import com.ibm.websphere.models.config.rolebasedauthz.ServerExt;
import com.ibm.websphere.models.config.rolebasedauthz.SpecialSubjectExt;
import com.ibm.websphere.models.config.rolebasedauthz.SubjectExt;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.AdminData;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.config.UserRegistryConfig;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.wsspi.runtime.config.ConfigObject;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.TreeSet;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/role/RoleBasedSubjectMap.class */
public class RoleBasedSubjectMap {
    private static TraceComponent tc = Tr.register(RoleBasedSubjectMap.class);
    public static final String NO_CRED = "NO_CRED_NO_ACCESS_ID";
    public static final String NULL_ACCESS_ID = "NULL_ACCESS_ID";
    private HashSet[] roles;
    private String name;
    private String serverId;
    private String longServerId;
    private boolean ignoreCase;
    private HashMap roleMap;
    private HashMap subjects = new HashMap();
    private HashMap subjectGroups = new HashMap();
    private boolean defaultAccess = true;
    private String adminAccessId = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/role/RoleBasedSubjectMap$Role.class */
    public class Role {
        private boolean everyoneAllowed = false;
        private boolean allAuthenAllowed = false;
        private boolean allAuthenAllowedInTrustedRealms = false;
        private boolean serverAllowed = false;
        private boolean adminAllowed = false;

        Role() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RoleBasedSubjectMap(String str, List list, String str2, String str3, boolean z) {
        this.roles = null;
        this.name = null;
        this.serverId = null;
        this.longServerId = null;
        this.ignoreCase = false;
        this.roleMap = null;
        Boolean valueOf = Boolean.valueOf(SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getBoolean(UserRegistryConfig.IGNORE_CASE));
        if (valueOf != null && valueOf.booleanValue()) {
            this.ignoreCase = true;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ignoreCase is set");
            }
        }
        this.name = str;
        this.serverId = str2;
        this.longServerId = str3;
        int size = list.size();
        this.roleMap = new HashMap(size);
        if (size == 0) {
            return;
        }
        String[] strArr = new String[size];
        int[] iArr = new int[size - 1];
        Iterator it = list.iterator();
        int i = 0;
        while (it.hasNext()) {
            if (z) {
                int i2 = i;
                i++;
                strArr[i2] = new String(((SecurityRoleExt) it.next()).getRoleName());
            } else {
                int i3 = i;
                i++;
                strArr[i3] = ((ConfigObject) it.next()).getString(CommonConstants.ROLE_NAME, null);
            }
            this.roleMap.put(strArr[i - 1], new Role());
        }
        this.roles = new HashSet[1];
        this.roles[0] = new HashSet(1);
        for (int i4 = 0; i4 < size; i4++) {
            this.roles[0].add(strArr[i4]);
        }
    }

    public void addRoles(List list) {
        int size = list.size();
        if (size == 0) {
            return;
        }
        String[] strArr = new String[size];
        int[] iArr = new int[size - 1];
        Iterator it = list.iterator();
        int i = 0;
        while (it.hasNext()) {
            int i2 = i;
            i++;
            strArr[i2] = ((ConfigObject) it.next()).getString(CommonConstants.ROLE_NAME, null);
        }
        for (int i3 = 0; i3 < size; i3++) {
            if (!this.roles[0].contains(strArr[i3])) {
                this.roles[0].add(strArr[i3]);
            }
        }
        for (int i4 = 0; i4 < size; i4++) {
            if (!this.roleMap.containsKey(strArr[i4])) {
                this.roleMap.put(strArr[i4], new Role());
            }
        }
    }

    public void addSpecialSubjects(String str, List list, boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addSpecialSubjects: " + str);
        }
        if (list == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "list null");
                return;
            }
            return;
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            if (z) {
                SpecialSubjectExt specialSubjectExt = (SpecialSubjectExt) it.next();
                if (specialSubjectExt instanceof EveryoneExt) {
                    ((Role) this.roleMap.get(str)).everyoneAllowed = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "added EveryoneExt");
                    }
                } else if (specialSubjectExt instanceof AllAuthenticatedUsersExt) {
                    ((Role) this.roleMap.get(str)).allAuthenAllowed = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "added AllAuthenticatedUsersExt");
                    }
                } else if (specialSubjectExt instanceof AllAuthenticatedUsersInTrustedRealmsExt) {
                    ((Role) this.roleMap.get(str)).allAuthenAllowedInTrustedRealms = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "added AllAuthenticatedUsersInTrustedRealmsExt");
                    }
                } else if (specialSubjectExt instanceof ServerExt) {
                    ((Role) this.roleMap.get(str)).serverAllowed = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "added ServerExt");
                    }
                } else if (specialSubjectExt instanceof PrimaryAdminExt) {
                    ((Role) this.roleMap.get(str)).adminAllowed = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "added PrimaryAdminExt");
                    }
                }
            } else {
                ConfigObject configObject = (ConfigObject) it.next();
                if (configObject.instanceOf(RolebasedauthzPackage.eNS_URI, "EveryoneExt")) {
                    ((Role) this.roleMap.get(str)).everyoneAllowed = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "added EveryoneExt");
                    }
                } else if (configObject.instanceOf(RolebasedauthzPackage.eNS_URI, "AllAuthenticatedUsersExt")) {
                    ((Role) this.roleMap.get(str)).allAuthenAllowed = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "added AllAuthenticatedUsersExt");
                    }
                } else if (configObject.instanceOf(RolebasedauthzPackage.eNS_URI, "AllAuthenticatedUsersInTrustedRealmsExt")) {
                    ((Role) this.roleMap.get(str)).allAuthenAllowedInTrustedRealms = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "added AllAuthenticatedUsersInTrustedRealmsExt");
                    }
                } else if (configObject.instanceOf(RolebasedauthzPackage.eNS_URI, "ServerExt")) {
                    ((Role) this.roleMap.get(str)).serverAllowed = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "added ServerExt");
                    }
                } else if (configObject.instanceOf(RolebasedauthzPackage.eNS_URI, "PrimaryAdminExt")) {
                    ((Role) this.roleMap.get(str)).adminAllowed = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "added PrimaryAdminExt");
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addSpecialSubjects: " + str);
        }
    }

    public boolean isEveryoneGranted(Set set) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isEveryoneGranted");
        }
        if (set == null || set.size() == 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "requiredRoles null, access allowed ? " + this.defaultAccess);
            }
            return this.defaultAccess;
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            Role role = (Role) this.roleMap.get(it.next());
            if (role != null && role.everyoneAllowed) {
                if (!tc.isDebugEnabled()) {
                    return true;
                }
                Tr.debug(tc, "everyone allowed");
                return true;
            }
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "isEveryoneGranted");
        return false;
    }

    public boolean isAllAuthenticatedUsersGranted(Set set) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isAllAuthenticatedUsersGranted");
        }
        if (set == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "requiredRoles null, access allowed? " + this.defaultAccess);
            }
            return this.defaultAccess;
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            Role role = (Role) this.roleMap.get(it.next());
            if (role != null && role.allAuthenAllowed) {
                if (!tc.isDebugEnabled()) {
                    return true;
                }
                Tr.debug(tc, "all authenticated users allowed");
                return true;
            }
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "isAllAuthenticatedUsersGanted");
        return false;
    }

    public boolean isAllAuthenticatedUsersInTrustedRealmsGranted(Set set) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isAllAuthenticatedUsersInTrustedRealmsGranted");
        }
        if (set == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "requiredRoles null, access allowed? " + this.defaultAccess);
            }
            return this.defaultAccess;
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            Role role = (Role) this.roleMap.get(it.next());
            if (role != null && role.allAuthenAllowedInTrustedRealms) {
                if (!tc.isDebugEnabled()) {
                    return true;
                }
                Tr.debug(tc, "all authenticated users in trusted realms allowed");
                return true;
            }
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "isAllAuthenticatedUsersInTrustedRealmsGranted");
        return false;
    }

    public boolean isServerGranted(Set set) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isServerGranted");
        }
        if (set == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "requiredRoles null, access allowed? " + this.defaultAccess);
            }
            return this.defaultAccess;
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            Role role = (Role) this.roleMap.get(it.next());
            if (role != null && role.serverAllowed) {
                if (!tc.isDebugEnabled()) {
                    return true;
                }
                Tr.debug(tc, "server allowed");
                return true;
            }
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "isServerGranted");
        return false;
    }

    public boolean isAdminGranted(Set set) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isAdminGranted");
        }
        if (set == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "requiredRoles null, access allowed? " + this.defaultAccess);
            }
            return this.defaultAccess;
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            Role role = (Role) this.roleMap.get(it.next());
            if (role != null && role.adminAllowed) {
                if (!tc.isDebugEnabled()) {
                    return true;
                }
                Tr.debug(tc, "adminID allowed");
                return true;
            }
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "isAdminGranted");
        return false;
    }

    public void addSubjects(String str, List list, boolean z, RoleBasedConfiguratorImpl roleBasedConfiguratorImpl) {
        String accessId;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addSubjects: " + str);
        }
        if (list == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "list null");
                return;
            }
            return;
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            if (z) {
                accessId = ((SubjectExt) it.next()).getAccessId();
            } else {
                ConfigObject configObject = (ConfigObject) it.next();
                accessId = roleBasedConfiguratorImpl != null ? roleBasedConfiguratorImpl.getAccessId(configObject, false) : configObject.getString("accessId", null);
            }
            if (accessId != null && this.ignoreCase) {
                accessId = accessId.toLowerCase();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "accessId: " + accessId);
            }
            if (this.subjects.containsKey(accessId)) {
                HashSet hashSet = (HashSet) this.subjects.get(accessId);
                hashSet.add(str);
                this.subjects.put(accessId, hashSet);
            } else {
                HashSet hashSet2 = new HashSet(1);
                hashSet2.add(str);
                this.subjects.put(accessId, hashSet2);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addSubjects: " + str);
        }
    }

    public void addSubjectGroups(String str, List list, boolean z, RoleBasedConfiguratorImpl roleBasedConfiguratorImpl) {
        String accessId;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addSubjectGroups: " + str);
        }
        if (list == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "list null");
                return;
            }
            return;
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            if (z) {
                accessId = ((SubjectExt) it.next()).getAccessId();
            } else {
                ConfigObject configObject = (ConfigObject) it.next();
                accessId = roleBasedConfiguratorImpl != null ? roleBasedConfiguratorImpl.getAccessId(configObject, true) : configObject.getString("accessId", null);
            }
            if (accessId != null && this.ignoreCase) {
                accessId = accessId.toLowerCase();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "accessId: " + accessId);
            }
            if (this.subjectGroups.containsKey(accessId)) {
                HashSet hashSet = (HashSet) this.subjectGroups.get(accessId);
                hashSet.add(str);
                this.subjectGroups.put(accessId, hashSet);
            } else {
                HashSet hashSet2 = new HashSet(1);
                hashSet2.add(str);
                this.subjectGroups.put(accessId, hashSet2);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addSubjectGroups: " + str);
        }
    }

    public void pack() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "pack");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "pack subjects");
        }
        packMap(this.subjects);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "pack subjectGroups");
        }
        packMap(this.subjectGroups);
        this.roles = null;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "pack");
        }
    }

    private void packMap(HashMap hashMap) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "packMap");
        }
        for (String str : hashMap.keySet()) {
            HashSet hashSet = (HashSet) hashMap.get(str);
            boolean z = false;
            for (int i = 0; !z && i < this.roles.length; i++) {
                if (hashSet.equals(this.roles[i])) {
                    z = true;
                    hashMap.put(str, this.roles[i]);
                }
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "dump hm");
            for (String str2 : hashMap.keySet()) {
                Tr.debug(tc, "subjectName: " + str2 + " roles: " + hashMap.get(str2));
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "packMap");
        }
    }

    private boolean isAdminId(WSCredential wSCredential) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isAdminId", new Object[]{wSCredential, this});
        }
        try {
            if (this.adminAccessId == null) {
                if (wSCredential == null || wSCredential.isBasicAuth() || wSCredential.isUnauthenticated()) {
                    if (!tc.isDebugEnabled()) {
                        return false;
                    }
                    Tr.debug(tc, "isAdminId returning falsesince the WSCredential is null or basicAuth or Unaauthenticated.");
                    return false;
                }
                String string = SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getString(UserRegistryConfig.PRIMARY_ADMIN_ID);
                if (string != null) {
                    ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                    String str = null;
                    if (AdminContext.peek() == null) {
                        str = contextManagerFactory.getAdminRealm();
                    }
                    this.adminAccessId = contextManagerFactory.getRegistry(str).getUniqueUserId(string);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "isAdminId got adminAccessId from registry: ", new Object[]{"realm: " + str, "adminAccessId: " + this.adminAccessId, this});
                    }
                }
            }
            String accessId = wSCredential.getAccessId();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "adminAccessId: " + this.adminAccessId + " accessId: " + accessId);
            }
            if (accessId == null || this.adminAccessId == null) {
                if (!tc.isDebugEnabled()) {
                    return false;
                }
                Tr.exit(tc, "isAdminId returning false: accessid is null");
                return false;
            }
            if (this.ignoreCase) {
                accessId = accessId.toLowerCase();
                this.adminAccessId = this.adminAccessId.toLowerCase();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "ignoreCase set: adminAccessId: " + this.adminAccessId + " accessId: " + accessId);
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.exit(tc, "isAdminId returning " + accessId.equals(this.adminAccessId));
            }
            return accessId.equals(this.adminAccessId);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.role.RoleBasedSubjectMap.isAdminId", "359", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception in isAdminId: ", new Object[]{e.getMessage()});
            }
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.exit(tc, "isAdminId returning false");
            return false;
        }
    }

    private boolean isServerId(WSCredential wSCredential) {
        try {
            UserRegistryConfig activeUserRegistry = SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry();
            if (wSCredential != null && wSCredential.isBasicAuth() && !wSCredential.isUnauthenticated()) {
                String string = activeUserRegistry.getString(UserRegistryConfig.SERVER_ID);
                String decodedString = activeUserRegistry.getDecodedString(UserRegistryConfig.SERVER_PASSWORD);
                String securityName = wSCredential.getSecurityName();
                byte[] credentialToken = wSCredential.getCredentialToken();
                String str = null;
                if (credentialToken != null) {
                    str = StringBytesConversion.getConvertedString(credentialToken);
                }
                if (credentialToken == null || securityName == null) {
                    if (!tc.isDebugEnabled()) {
                        return false;
                    }
                    Tr.debug(tc, "Returning false, either WSCredential ID or password is null.");
                    return false;
                }
                if (string.equals(securityName) && decodedString.equals(str)) {
                    if (!tc.isDebugEnabled()) {
                        return true;
                    }
                    Tr.debug(tc, "Valid BasicAuth server ID.");
                    return true;
                }
                if (!tc.isDebugEnabled()) {
                    return false;
                }
                Tr.debug(tc, "Not valid BasicAuth server ID: " + securityName);
                return false;
            }
            if (wSCredential != null && wSCredential.isUnauthenticated()) {
                if (!tc.isDebugEnabled()) {
                    return false;
                }
                Tr.debug(tc, "Unauthenticated cred is not server ID.");
                return false;
            }
            if (wSCredential == null) {
                if (!tc.isDebugEnabled()) {
                    return false;
                }
                Tr.debug(tc, "WSCredential is null, returning false.");
                return false;
            }
            String accessId = wSCredential.getAccessId();
            if (accessId == null) {
                if (!tc.isDebugEnabled()) {
                    return false;
                }
                Tr.debug(tc, "isServerId? false, accessid is null");
                return false;
            }
            if (this.ignoreCase) {
                accessId = accessId.toLowerCase();
            }
            boolean booleanValue = Boolean.valueOf(activeUserRegistry.getBoolean(UserRegistryConfig.USE_REGISTRY_SERVER_ID)).booleanValue();
            if (SecurityObjectLocator.getAdminData().getString(AdminData.UNEXPANDED_SERVER_ID) != null && booleanValue) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Checking to determine if serverID is from the same cell.");
                }
                return isServerIdFromCell(wSCredential, accessId, this.serverId, this.longServerId);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "accessId: " + accessId + " serverId: " + this.serverId + " longServerId: " + this.longServerId);
            }
            if (booleanValue || !ContextManagerFactory.getInstance().isInternalServerCredential(wSCredential)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "isServerId? " + (accessId.equals(this.serverId) || accessId.equals(this.longServerId)));
                }
                return accessId.equals(this.serverId) || accessId.equals(this.longServerId);
            }
            if (!tc.isDebugEnabled()) {
                return true;
            }
            Tr.debug(tc, "isServerId? - server credential. Returning true");
            return true;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.role.RoleBasedSubjectMap.isServerId", "361", this);
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "Exception in isServerId: ", new Object[]{e.getMessage()});
            return false;
        }
    }

    public boolean isServerIdFromCell(WSCredential wSCredential, String str, String str2, String str3) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isServerIdFromCell", new Object[]{str, str2, str3});
        }
        if (str.equals(str2) || str.equals(str3)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning true, server ID is from this node.");
            }
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "isServerIdFromCell");
            return true;
        }
        TreeSet treeSet = (TreeSet) SecurityObjectLocator.getAdminData().getObject(AdminData.MULTI_SERVER_ID_LIST);
        String str4 = null;
        try {
            str4 = wSCredential.getSecurityName().toLowerCase();
            int indexOf = str4.indexOf("@");
            if (indexOf != -1) {
                str4 = str4.substring(0, indexOf);
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting security name from WSCredential.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.role.RoleBasedSubjectMap.isServerIdFromCell", "404", this);
        }
        if (treeSet != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "serverIDSet is not null");
            }
            Iterator it = treeSet.iterator();
            while (it.hasNext()) {
                Object next = it.next();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "entry: " + next.toString());
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "serverIDSet == null");
        }
        if (str4 != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "securityName: " + str4);
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "securityName == null");
        }
        if (treeSet != null && (treeSet.contains(str.toLowerCase()) || (str4 != null && treeSet.contains(str4)))) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning true, server ID is from this cell.");
            }
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "isServerIdFromCell");
            return true;
        }
        if (treeSet == null && str3.startsWith("server")) {
            return true;
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "isServerIdFromCell (false)");
        return false;
    }

    public boolean isGrantedAnyRole(WSCredential wSCredential, Set set) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isGrantedAnyRole");
        }
        if (set != null) {
            try {
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.role.RoleBasedSubjectMap.isGrantedAnyRole", "467", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception in isGrantedAnyRole: ", new Object[]{e.getMessage()});
                }
            }
            if (set.size() != 0) {
                String accessId = wSCredential.getAccessId();
                if (this.ignoreCase) {
                    accessId = accessId.toLowerCase();
                }
                if (accessId != null && !accessId.equalsIgnoreCase(ContextManagerFactory.getInstance().getUnauthenticatedString()) && !accessId.equalsIgnoreCase(NO_CRED) && !accessId.equalsIgnoreCase(NULL_ACCESS_ID)) {
                    if (isAllAuthenticatedUsersGranted(set)) {
                        return true;
                    }
                    if (isServerGranted(set) && isServerId(wSCredential)) {
                        return true;
                    }
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "isGrantedAnyRole: accessId is: " + accessId);
                }
                if (accessId != null && accessId.equalsIgnoreCase(ContextManagerFactory.getInstance().getUnauthenticatedString())) {
                    if (!tc.isDebugEnabled()) {
                        return false;
                    }
                    Tr.debug(tc, "isGrantedAnyRole: has unauthenticated accessId: " + accessId);
                    return false;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "about to check for isAllAuthenticatedUsersInTrustedRealmsGranted");
                }
                if (isAllAuthenticatedUsersInTrustedRealmsGranted(set)) {
                    if (!tc.isDebugEnabled()) {
                        return true;
                    }
                    Tr.debug(tc, "isAllAuthenticatedUsersInTrustedRealmsGranted is true.");
                    return true;
                }
                if (isAdminGranted(set) && isAdminId(wSCredential)) {
                    return true;
                }
                Set<String> set2 = (Set) this.subjects.get(accessId);
                if (set2 == null || set2.size() == 0) {
                    if (!tc.isDebugEnabled()) {
                        return false;
                    }
                    Tr.debug(tc, "isGrantedAnyRole: grantedRoles null, access denied");
                    return false;
                }
                for (String str : set2) {
                    Iterator it = set.iterator();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "isGrantedAnyRole: grantedRolesName = " + str);
                    }
                    while (it.hasNext()) {
                        if (str.equals((String) it.next())) {
                            if (!tc.isDebugEnabled()) {
                                return true;
                            }
                            Tr.debug(tc, "isGrantedAnyRole: access granted");
                            return true;
                        }
                    }
                }
                if (!tc.isDebugEnabled()) {
                    return false;
                }
                Tr.debug(tc, "isGrantedAnyRole: access denied");
                return false;
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "isGrantedAnyRole: requiredRoles null, access allowed? " + this.defaultAccess);
        }
        return this.defaultAccess;
    }

    public boolean isGroupGrantedAnyRole(String str, Set set) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isGroupGrantedAnyRole");
        }
        if (set == null || set.size() == 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isGroupGrantedAnyRole: requiredRoles null, access allowed? " + this.defaultAccess);
            }
            return this.defaultAccess;
        }
        Set<String> set2 = (Set) this.subjectGroups.get(str);
        if (set2 == null || set2.size() == 0) {
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "isGroupGrantedAnyRole: grantedRoles null, access denied");
            return false;
        }
        for (String str2 : set2) {
            Iterator it = set.iterator();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isiGroupGrantedAnyRole: grantedRolesName = " + str2);
            }
            while (it.hasNext()) {
                if (str2.equals((String) it.next())) {
                    if (!tc.isDebugEnabled()) {
                        return true;
                    }
                    Tr.debug(tc, "isGroupGrantedAnyRole: access granted");
                    return true;
                }
            }
        }
        if (!tc.isDebugEnabled()) {
            return false;
        }
        Tr.debug(tc, "isGroupGrantedAnyRole: access denied");
        return false;
    }

    protected String getSubjectMapName() {
        return this.name;
    }

    protected HashMap getSubjectMap() {
        return this.subjects;
    }

    protected HashSet[] getSecurityRoles() {
        return this.roles;
    }
}
