package com.ibm.tivoli.orchestrator.datacentermodel.accesscontrol;

import com.thinkdynamics.kanaha.datacentermodel.AccessDomain;
import com.thinkdynamics.kanaha.datacentermodel.AccessDomainMembership;
import com.thinkdynamics.kanaha.datacentermodel.AuditBase;
import com.thinkdynamics.kanaha.datacentermodel.AuditOperationType;
import com.thinkdynamics.kanaha.datacentermodel.DataCenterSystemException;
import com.thinkdynamics.kanaha.datacentermodel.DcmObjectId;
import com.thinkdynamics.kanaha.datacentermodel.DcmObjectProperty;
import com.thinkdynamics.kanaha.datacentermodel.DomainRole;
import com.thinkdynamics.kanaha.datacentermodel.InstanceAccessDeniedException;
import com.thinkdynamics.kanaha.datacentermodel.InstanceAccessRole;
import com.thinkdynamics.kanaha.datacentermodel.InstancePermission;
import com.thinkdynamics.kanaha.datacentermodel.KanahaComponent;
import com.thinkdynamics.kanaha.datacentermodel.ObjectInvalidAccessAudit;
import com.thinkdynamics.kanaha.datacentermodel.User;
import com.thinkdynamics.kanaha.datacentermodel.inprocess.ConnectionManager;
import com.thinkdynamics.kanaha.util.XmlSetting;
import java.security.Principal;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.log4j.Logger;

/* JADX WARN: Classes with same name are omitted:
  input_file:installer/IY99249.jar:efixes/IY99249/components/tpm/update.jar:/apps/tcje.ear:lib/datacentermodel.jar:com/ibm/tivoli/orchestrator/datacentermodel/accesscontrol/AccessControlManager.class
 */
/* loaded from: input_file:installer/IY99249.jar:efixes/IY99249/components/tpm/update.jar:/lib/datacentermodel.jar:com/ibm/tivoli/orchestrator/datacentermodel/accesscontrol/AccessControlManager.class */
public class AccessControlManager {
    public static final String IBM_COPYRIGHT = "Licensed Materials - Property of IBM\n5724-F75\n(C) Copyright IBM Corp.  2003, 2004, 2005\nAll Rights Reserved\nUS Government Users Restricted Rights -Use, duplication or \ndisclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final int ENABLED_PROPERTY_OBJECT_ID = DcmObjectId.KANAHA.getId();
    private static final int ENABLED_PROPERTY_COMPONENT_ID = KanahaComponent.KANAHA.getId();
    private static Logger log;
    public static final String ENABLE_PROPERTY = "enable.access.control";
    static final ThreadLocal context;
    private static Boolean enabled;
    static Class class$com$ibm$tivoli$orchestrator$datacentermodel$accesscontrol$AccessControlManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:installer/IY99249.jar:efixes/IY99249/components/tpm/update.jar:/apps/tcje.ear:lib/datacentermodel.jar:com/ibm/tivoli/orchestrator/datacentermodel/accesscontrol/AccessControlManager$Context.class
     */
    /* loaded from: input_file:installer/IY99249.jar:efixes/IY99249/components/tpm/update.jar:/lib/datacentermodel.jar:com/ibm/tivoli/orchestrator/datacentermodel/accesscontrol/AccessControlManager$Context.class */
    public static class Context {
        Principal principal;
        int principalCount;
        boolean internal;

        Context() {
        }
    }

    public static void inheritAccessMembership(Connection connection, int i, int i2) {
        int accessDomainId;
        AccessDomain findById;
        Collection<AccessDomainMembership> findByObjectId = AccessDomainMembership.findByObjectId(connection, false, i);
        if (findByObjectId != null) {
            for (AccessDomainMembership accessDomainMembership : findByObjectId) {
                if (accessDomainMembership != null && (findById = AccessDomain.findById(connection, (accessDomainId = accessDomainMembership.getAccessDomainId()))) != null && AccessDomainMembership.findByDomainAndObjectId(connection, false, accessDomainId, i2) == null) {
                    findById.addObject(connection, i2);
                }
            }
        }
    }

    static Context getContext() {
        Context context2 = (Context) context.get();
        if (context2 == null) {
            context2 = new Context();
            context.set(context2);
        }
        return context2;
    }

    public static void pushPrincipal(Principal principal) {
        Context context2 = getContext();
        if (context2.principal == null) {
            context2.principal = principal;
            if (principal != null && principal.getName() != null && principal.getName().equals(XmlSetting.getInternalUsername())) {
                context2.internal = true;
            }
        }
        context2.principalCount++;
    }

    public static void popPrincipal() {
        Context context2 = getContext();
        context2.principalCount--;
        if (context2.principalCount <= 0) {
            context2.principal = null;
            context2.principalCount = 0;
            context2.internal = false;
        }
    }

    public static void assertPermission(Connection connection, InstancePermission instancePermission, int i) {
        if (checkPermission(connection, instancePermission, i)) {
            return;
        }
        Principal principal = getContext().principal;
        String name = principal != null ? principal.getName() : "UNAUTHENTICATED";
        InstanceAccessDeniedException instanceAccessDeniedException = new InstanceAccessDeniedException(name, instancePermission, i);
        Connection connection2 = null;
        try {
            try {
                connection2 = ConnectionManager.getConnection();
                ObjectInvalidAccessAudit.createObjectInvalidAccessAudit(connection2, i, instanceAccessDeniedException.getMessage(), -1, new Date(), name, AuditBase.NO_BUSINESS_CONTEXT, AuditOperationType.INVALID_OBJECT_ACCESS.getId());
                connection2.commit();
                try {
                    ConnectionManager.closeConnection(connection2);
                } catch (DataCenterSystemException e) {
                    log.error(new StringBuffer().append("Cannot close connection for audit invalid object access: ").append(e.getMessage()).toString(), e);
                }
            } catch (SQLException e2) {
                log.error(new StringBuffer().append("Cannot audit invalid object access: ").append(e2.getMessage()).toString(), e2);
                try {
                    ConnectionManager.closeConnection(connection2);
                } catch (DataCenterSystemException e3) {
                    log.error(new StringBuffer().append("Cannot close connection for audit invalid object access: ").append(e3.getMessage()).toString(), e3);
                }
            }
            throw instanceAccessDeniedException;
        } catch (Throwable th) {
            try {
                ConnectionManager.closeConnection(connection2);
            } catch (DataCenterSystemException e4) {
                log.error(new StringBuffer().append("Cannot close connection for audit invalid object access: ").append(e4.getMessage()).toString(), e4);
            }
            throw th;
        }
    }

    public static boolean checkPermission(Connection connection, InstancePermission instancePermission, int i) {
        if (!isAccessControlEnabled(connection) || getContext().principal == null || getContext().internal) {
            return true;
        }
        User findByName = User.findByName(connection, getContext().principal.getName());
        if (findByName == null) {
            return false;
        }
        if (findByName.isSuperuser()) {
            return true;
        }
        HashSet hashSet = new HashSet();
        for (AccessDomain accessDomain : AccessDomain.findByObjectId(connection, i)) {
            hashSet.add(new Integer(accessDomain.getAccessDomainId()));
            while (accessDomain.getParentAccessDomainId() != null && !hashSet.contains(accessDomain.getParentAccessDomainId())) {
                hashSet.add(accessDomain.getParentAccessDomainId());
                accessDomain = AccessDomain.findById(connection, accessDomain.getParentAccessDomainId().intValue());
            }
        }
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            if (checkDomainPermission(connection, findByName, instancePermission, ((Integer) it.next()).intValue())) {
                return true;
            }
        }
        return false;
    }

    private static boolean checkDomainPermission(Connection connection, User user, InstancePermission instancePermission, int i) {
        HashSet hashSet = new HashSet();
        for (DomainRole domainRole : DomainRole.findByUser(connection, user)) {
            if (domainRole.getAccessDomainId() == i) {
                addNestedRole(connection, hashSet, domainRole.getInstanceAccessRoleId());
            }
        }
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            if (checkRolePermission(connection, instancePermission, ((Integer) it.next()).intValue())) {
                return true;
            }
        }
        return false;
    }

    private static void addNestedRole(Connection connection, Set set, int i) {
        Integer num = new Integer(i);
        if (set.contains(num)) {
            return;
        }
        set.add(num);
        Iterator it = InstanceAccessRole.findByParentId(connection, i).iterator();
        while (it.hasNext()) {
            addNestedRole(connection, set, ((InstanceAccessRole) it.next()).getInstanceAccessRoleId());
        }
    }

    private static boolean checkRolePermission(Connection connection, InstancePermission instancePermission, int i) {
        Iterator it = InstancePermission.findByRoleId(connection, i).iterator();
        while (it.hasNext()) {
            if (((InstancePermission) it.next()).getInstancePermissionId() == instancePermission.getInstancePermissionId()) {
                return true;
            }
        }
        return false;
    }

    public static synchronized boolean isAccessControlEnabled(Connection connection) {
        if (enabled == null) {
            String property = DcmObjectProperty.getProperty(connection, ENABLED_PROPERTY_COMPONENT_ID, ENABLED_PROPERTY_OBJECT_ID, ENABLE_PROPERTY);
            if (property == null || !"true".equalsIgnoreCase(property)) {
                enabled = Boolean.FALSE;
            } else {
                enabled = Boolean.TRUE;
            }
        }
        return enabled.booleanValue();
    }

    public static synchronized void setAccessControlEnabled(Connection connection, boolean z) {
        enabled = new Boolean(z);
        DcmObjectProperty.setProperty(connection, ENABLED_PROPERTY_OBJECT_ID, ENABLED_PROPERTY_COMPONENT_ID, ENABLE_PROPERTY, enabled.toString());
    }

    public static void deleteAccessDomainMembership(Connection connection, int i) {
        Iterator it = AccessDomainMembership.findByObjectId(connection, true, i).iterator();
        while (it.hasNext()) {
            ((AccessDomainMembership) it.next()).delete(connection);
        }
    }

    public static void setDefaultAccessDomain(Connection connection, int i) {
        User findByName;
        if (!isAccessControlEnabled(connection) || getContext().principal == null || (findByName = User.findByName(connection, getContext().principal.getName())) == null) {
            return;
        }
        AccessDomain.findById(connection, findByName.getDefaultAccessDomainId()).addObject(connection, i);
    }

    public static void addMemberToAccessDomains(int i, int[] iArr) throws SQLException {
        Connection connection = ConnectionManager.getConnection();
        for (int i2 = 0; i2 < iArr.length; i2++) {
            try {
                if (AccessDomainMembership.findByDomainAndObjectId(connection, false, iArr[i2], i) == null) {
                    AccessDomain.findById(connection, iArr[i2]).addObject(connection, i);
                }
            } finally {
                ConnectionManager.closeConnection(connection);
            }
        }
        connection.commit();
    }

    public static String getAuditUserName() {
        if (getContext().principal == null || getContext().internal) {
            return null;
        }
        return getContext().principal.getName();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$tivoli$orchestrator$datacentermodel$accesscontrol$AccessControlManager == null) {
            cls = class$("com.ibm.tivoli.orchestrator.datacentermodel.accesscontrol.AccessControlManager");
            class$com$ibm$tivoli$orchestrator$datacentermodel$accesscontrol$AccessControlManager = cls;
        } else {
            cls = class$com$ibm$tivoli$orchestrator$datacentermodel$accesscontrol$AccessControlManager;
        }
        log = Logger.getLogger(cls);
        context = new ThreadLocal();
    }
}
