package com.ibm.ws.security.authorize;

import com.ibm.ejs.models.base.bindings.applicationbnd.AllAuthenticatedUsers;
import com.ibm.ejs.models.base.bindings.applicationbnd.ApplicationBinding;
import com.ibm.ejs.models.base.bindings.applicationbnd.AuthorizationTable;
import com.ibm.ejs.models.base.bindings.applicationbnd.Everyone;
import com.ibm.ejs.models.base.bindings.applicationbnd.RoleAssignment;
import com.ibm.ejs.models.base.bindings.applicationbnd.Server;
import com.ibm.ejs.models.base.bindings.applicationbnd.SpecialSubject;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.etools.commonarchive.EARFile;
import com.ibm.etools.commonarchive.EJBModuleRef;
import com.ibm.etools.commonarchive.WebModuleRef;
import com.ibm.websphere.models.config.appdeployment.ApplicationDeployment;
import com.ibm.websphere.models.config.appdeployment.ModuleDeployment;
import com.ibm.websphere.models.config.security.AuthorizationConfig;
import com.ibm.websphere.models.config.security.AuthorizationProvider;
import com.ibm.websphere.models.config.security.Security;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.authorizer.AdminAuthzConstants;
import com.ibm.ws.portletcontainer.om.security.PortletApplication;
import com.ibm.ws.portletcontainer.om.security.PortletDefinition;
import com.ibm.ws.portletcontainer.om.security.SecurityConstraint;
import com.ibm.ws.portletcontainer.util.PortletModelHelper;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.AuthorizationProviderConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.policy.JaccPolicyDomainProxy;
import com.ibm.ws.security.util.DomainContextHelper;
import com.ibm.ws.security.web.WebConstraintsTable;
import com.ibm.ws.sm.workspace.RepositoryContext;
import com.ibm.ws.sm.workspace.WorkSpace;
import com.ibm.ws.sm.workspace.WorkSpaceException;
import com.ibm.ws.sm.workspace.WorkSpaceManagerFactory;
import com.ibm.ws.sm.workspace.metadata.RepositoryContextType;
import com.ibm.ws.sm.workspace.metadata.RepositoryMetaDataFactory;
import com.ibm.ws.workspace.query.WorkSpaceQueryUtil;
import com.ibm.wsspi.security.authorization.RoleConfiguration;
import com.ibm.wsspi.security.authorization.RoleConfigurationException;
import com.ibm.wsspi.security.authorization.RoleConfigurationFactory;
import com.ibm.wsspi.webcontainer.servlet.IServletConfig;
import java.security.Permission;
import java.security.Permissions;
import java.security.Policy;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import javax.servlet.HttpConstraintElement;
import javax.servlet.HttpMethodConstraintElement;
import javax.servlet.ServletRegistration;
import javax.servlet.ServletSecurityElement;
import javax.servlet.annotation.ServletSecurity;
import org.eclipse.emf.common.util.EList;
import org.eclipse.emf.common.util.URI;
import org.eclipse.emf.ecore.resource.Resource;
import org.eclipse.jst.j2ee.common.SecurityRole;
import org.eclipse.jst.j2ee.common.SecurityRoleRef;
import org.eclipse.jst.j2ee.commonarchivecore.internal.ModuleFile;
import org.eclipse.jst.j2ee.commonarchivecore.internal.ModuleRef;
import org.eclipse.jst.j2ee.commonarchivecore.internal.WARFile;
import org.eclipse.jst.j2ee.commonarchivecore.internal.exception.ArchiveWrappedException;
import org.eclipse.jst.j2ee.commonarchivecore.internal.exception.DeploymentDescriptorLoadException;
import org.eclipse.jst.j2ee.ejb.AssemblyDescriptor;
import org.eclipse.jst.j2ee.ejb.EJBJar;
import org.eclipse.jst.j2ee.ejb.EnterpriseBean;
import org.eclipse.jst.j2ee.ejb.ExcludeList;
import org.eclipse.jst.j2ee.ejb.MethodElement;
import org.eclipse.jst.j2ee.ejb.MethodPermission;
import org.eclipse.jst.j2ee.webapplication.AuthConstraint;
import org.eclipse.jst.j2ee.webapplication.Servlet;
import org.eclipse.jst.j2ee.webapplication.UserDataConstraint;
import org.eclipse.jst.j2ee.webapplication.WebApp;
import org.eclipse.jst.j2ee.webapplication.WebResourceCollection;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/authorize/AppInstallNotify.class */
public class AppInstallNotify {
    private static final int EXTENSION_PATTERN = 0;
    private static final int PATHPREFIX_PATTERN = 1;
    private static final int EXACT_PATTERN = 2;
    private static final int DEFAULT_PATTERN = 3;
    private static TraceComponent tc = Tr.register(AppInstallNotify.class, (String) null, AdminConstants.MSG_BUNDLE_NAME);
    private static String FACTORY_NAME = CommonConstants.JACC_FACTORY_NAME;
    private static AuthorizationProvider authzProvider = null;
    private PolicyConfigurationFactory pcf = null;
    private AppInstallNotify appNotify = null;
    private HashMap pcConfigsMap = null;
    private String policyCfgFactoryImplClassName = null;
    private RoleConfigurationFactory rcf = null;
    private Policy jPolicy = null;

    private AppInstallNotify() {
        initialize();
    }

    public static AppInstallNotify getInstance() {
        return new AppInstallNotify();
    }

    private void initialize() {
        this.pcConfigsMap = new HashMap();
    }

    public void appInstalled(EARFile eARFile, String str) throws Exception {
    }

    public void appInstall(EARFile eARFile, String str, String str2, boolean z) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "appInstalled", new Object[]{eARFile, str, str2});
        }
        if (eARFile == null) {
            Tr.error(tc, "security.jacc.tools.earfile.error", new Object[]{str});
            throw new Exception("The earFile is null");
        }
        if (str == null) {
            Tr.error(tc, "security.jacc.tools.appname.error");
            throw new Exception("The appName is null");
        }
        if (z) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "appInstall in local mode");
            }
            getLocalPolicy();
            getPCF(z);
            getRCF(z);
        }
        List eJBModuleRefs = eARFile.getEJBModuleRefs();
        if (eJBModuleRefs != null && eJBModuleRefs.size() > 0) {
            Iterator it = eJBModuleRefs.iterator();
            while (it.hasNext()) {
                addEJBPermissions((EJBModuleRef) it.next(), str, str2, z, null);
            }
        }
        List webModuleRefs = eARFile.getWebModuleRefs();
        if (webModuleRefs != null && webModuleRefs.size() > 0) {
            Iterator it2 = webModuleRefs.iterator();
            while (it2.hasNext()) {
                addWebPermissions((WebModuleRef) it2.next(), str, str2, z, null);
            }
        }
        addAuthorizationTable(eARFile, str, str2, z);
        if (DomainContextHelper.isDmgrAndMultiDomainAndMultiJacc() && !z) {
            this.jPolicy = ((JaccPolicyDomainProxy) Policy.getPolicy()).getDomainPolicy();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "using jacc policy from the security domain.");
            }
        }
        if (this.jPolicy == null) {
            if (z) {
                this.jPolicy = getLocalPolicy();
            } else {
                this.jPolicy = Policy.getPolicy();
            }
        }
        if (this.jPolicy != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Refreshing the policy ");
            }
            this.jPolicy.refresh();
        }
        Tr.audit(tc, "security.jacc.secpolicy.propagated", new Object[]{str});
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "appInstalled");
        }
    }

    public void addAuthorizationTable(EARFile eARFile, String str, String str2, boolean z) throws RoleConfigurationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addAuthorizationTable");
        }
        if (this.rcf == null) {
            this.rcf = getRCF(z);
        }
        if (this.rcf == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "addAuthorizationTable: no roleconfiguration");
                return;
            }
            return;
        }
        RoleConfiguration roleConfiguration = null;
        if (this.rcf != null) {
            try {
                roleConfiguration = this.rcf.getRoleConfiguration(str2, true);
            } catch (RoleConfigurationException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authorize.AppInstallNotify.addAuthorizationTable", "296", this);
                Tr.error(tc, "security.jacc.tools.rcf", new Object[]{str2, e});
                throw e;
            }
        }
        if (roleConfiguration != null) {
            ApplicationBinding bindings = eARFile.getBindings();
            AuthorizationTable authorizationTable = bindings != null ? bindings.getAuthorizationTable() : null;
            EList authorizations = authorizationTable != null ? authorizationTable.getAuthorizations() : null;
            Iterator it = authorizations != null ? authorizations.iterator() : null;
            if (it != null) {
                while (it.hasNext()) {
                    RoleAssignment roleAssignment = (RoleAssignment) it.next();
                    String roleName = roleAssignment.getRole().getRoleName();
                    EList users = roleAssignment.getUsers();
                    if (users != null) {
                        roleConfiguration.addUsersToRole(roleName, users);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "added users: " + users.toString() + " to role: " + roleName);
                        }
                    }
                    EList groups = roleAssignment.getGroups();
                    if (groups != null) {
                        roleConfiguration.addGroupsToRole(roleName, groups);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "added groups: " + groups.toString() + " to role: " + roleName);
                        }
                    }
                    EList<SpecialSubject> specialSubjects = roleAssignment.getSpecialSubjects();
                    if (specialSubjects != null) {
                        for (SpecialSubject specialSubject : specialSubjects) {
                            if (specialSubject instanceof Everyone) {
                                roleConfiguration.addEveryoneToRole(roleName);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "added Everyone to role: " + roleName);
                                }
                            } else if (specialSubject instanceof AllAuthenticatedUsers) {
                                roleConfiguration.addAuthenticatedUsersToRole(roleName);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "added AllAuthenticatedUsers to role: " + roleName);
                                }
                            } else if ((specialSubject instanceof Server) && tc.isDebugEnabled()) {
                                Tr.debug(tc, "added Server not supported for role: " + roleName);
                            }
                        }
                    }
                }
            }
            roleConfiguration.commit();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Propagated RoleConfiguration information for Application: " + str);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addAuthorizationTable");
        }
    }

    public void appUninstalled(String str, String str2) throws Exception {
    }

    public void appUninstall(ApplicationDeployment applicationDeployment, String str, String str2, boolean z) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "appUninstalled", new Object[]{applicationDeployment, str, str2});
        }
        if (applicationDeployment == null) {
            throw new Exception("The deployment.xml in the application is null");
        }
        if (str == null) {
            Tr.error(tc, "security.jacc.tools.appname.error");
            throw new Exception("The appName is null");
        }
        if (z) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "appInstall in local mode");
            }
            getLocalPolicy();
            getPCF(z);
            getRCF(z);
        }
        try {
            EList modules = applicationDeployment.getModules();
            if (modules != null && modules.size() > 0) {
                for (int i = 0; i < modules.size(); i++) {
                    deleteModule(((ModuleDeployment) modules.get(i)).getUri(), str, str2, z);
                }
            }
            deleteAuthorizationTable(str, str2, z);
            if (DomainContextHelper.isDmgrAndMultiDomainAndMultiJacc() && !z) {
                this.jPolicy = ((JaccPolicyDomainProxy) Policy.getPolicy()).getDomainPolicy();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "using jacc policy from the security domain.");
                }
            }
            if (this.jPolicy == null) {
                if (z) {
                    this.jPolicy = getLocalPolicy();
                } else {
                    this.jPolicy = Policy.getPolicy();
                }
            }
            if (this.jPolicy != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Refreshing the policy ");
                }
                this.jPolicy.refresh();
            }
            Tr.audit(tc, "security.jacc.secpolicy.removed", new Object[]{str});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "appUninstalled");
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.authorize.AppInstallNotify.appUninstalled", "404", this);
            Tr.error(tc, "security.jacc.tools.uninstall", new Object[]{str, e});
            throw e;
        }
    }

    public void deleteAuthorizationTable(String str, String str2, boolean z) throws ClassNotFoundException, PolicyContextException, ArchiveWrappedException, RoleConfigurationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "deleteAuthorizationTable");
        }
        if (this.rcf == null) {
            this.rcf = getRCF(z);
        }
        if (this.rcf == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "deleteAuthorizationTable: no roleconfiguration");
                return;
            }
            return;
        }
        if (this.rcf != null) {
            try {
                RoleConfiguration roleConfiguration = this.rcf.getRoleConfiguration(str2, true);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "RoleConfiguration to be deleted is: " + roleConfiguration);
                }
                if (roleConfiguration != null) {
                    roleConfiguration.delete();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Deleted role configuration for contextID: " + str2);
                    }
                }
            } catch (RoleConfigurationException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authorize.AppInstallNotify.appUninstalled", "464", this);
                Tr.error(tc, "security.jacc.tools.rcf", new Object[]{str2, e});
                throw e;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "deleteAuthorizationTable");
        }
    }

    public void addWebPermissions(WebModuleRef webModuleRef, String str, String str2, boolean z, PolicyConfiguration policyConfiguration) throws Exception {
        addWebPermissions(webModuleRef, str, str2, z, policyConfiguration, null, null);
    }

    public void addWebPermissions(WebModuleRef webModuleRef, String str, String str2, boolean z, PolicyConfiguration policyConfiguration, Map<String, ? extends ServletRegistration> map, WebConstraintsTable webConstraintsTable) throws Exception {
        String uri;
        ActionString userDataString;
        List<SecurityConstraint> securityConstraints;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addWebPermissions", new Object[]{webModuleRef.getUri(), str, str2, Boolean.valueOf(z), policyConfiguration, map});
        }
        EList<org.eclipse.jst.j2ee.webapplication.SecurityConstraint> eList = null;
        EList eList2 = null;
        EList eList3 = null;
        try {
            WebApp webApp = (WebApp) webModuleRef.getDeploymentDescriptor();
            if (webApp != null) {
                eList = webApp.getConstraints();
                eList2 = webApp.getServlets();
                eList3 = webApp.getSecurityRoles();
            }
            PortletApplication portletApplication = PortletModelHelper.getPortletApplication(webModuleRef);
            if (tc.isDebugEnabled() && portletApplication != null && webApp != null) {
                Tr.debug(tc, "Portlet application: " + portletApplication + " exists for webapp: " + webApp);
            }
            String altDD = webModuleRef.getModule().getAltDD();
            if (altDD == null || altDD.length() == 0) {
                uri = webModuleRef.getUri();
            } else {
                uri = altDD;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "using alt-DD = " + altDD);
                }
            }
            String moduleContextID = getModuleContextID(str2, uri);
            try {
                if (this.pcf == null) {
                    this.pcf = getPCF(z);
                }
                if (this.pcf == null) {
                    throw new PolicyContextException("Cannot get the PolicyConfigurationFactory of the JACC provider");
                }
                PolicyConfiguration policyConfiguration2 = this.pcf.getPolicyConfiguration(moduleContextID, true);
                if (policyConfiguration2 == null) {
                    Tr.error(tc, "security.jacc.tools.pcf.null", new Object[]{moduleContextID});
                    throw new PolicyContextException("The PolicyConfiguration object is null");
                }
                Permissions permissions = new Permissions();
                Permissions permissions2 = new Permissions();
                ArrayList arrayList = new ArrayList();
                if (eList2 != null) {
                    for (int i = 0; i < eList2.size(); i++) {
                        Servlet servlet = (Servlet) eList2.get(i);
                        String servletName = servlet.getServletName();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Servlet Name is: " + servletName);
                        }
                        EList securityRoleRefs = servlet.getSecurityRoleRefs();
                        if (securityRoleRefs != null) {
                            for (int i2 = 0; i2 < securityRoleRefs.size(); i2++) {
                                SecurityRoleRef securityRoleRef = (SecurityRoleRef) securityRoleRefs.get(i2);
                                String name = securityRoleRef.getName();
                                String link = securityRoleRef.getLink();
                                Permission webRoleRefPermission = new WebRoleRefPermission(servletName, name);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Adding the following WebRoleRefPermission (roleLink, WebRoleRefPermission) for RoleLink: ", new Object[]{link});
                                }
                                policyConfiguration2.addToRole(link, webRoleRefPermission);
                                arrayList.add(name);
                            }
                        }
                        if (eList3 != null) {
                            Iterator it = eList3.iterator();
                            while (it.hasNext()) {
                                String roleName = ((SecurityRole) it.next()).getRoleName();
                                if (!arrayList.contains(roleName)) {
                                    Permission webRoleRefPermission2 = new WebRoleRefPermission(servletName, roleName);
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Adding the following WebRoleRefPermission (roleLink , WebRoleRefPermission): ", new Object[]{roleName, webRoleRefPermission2});
                                    }
                                    policyConfiguration2.addToRole(roleName, webRoleRefPermission2);
                                }
                            }
                        }
                    }
                }
                if (eList3 != null) {
                    Iterator it2 = eList3.iterator();
                    while (it2.hasNext()) {
                        String roleName2 = ((SecurityRole) it2.next()).getRoleName();
                        Permission webRoleRefPermission3 = new WebRoleRefPermission("", roleName2);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Adding the following WebRoleRefPermission with empty string (roleName , WebRoleRefPermission): ", new Object[]{roleName2, webRoleRefPermission3});
                        }
                        policyConfiguration2.addToRole(roleName2, webRoleRefPermission3);
                    }
                }
                if (portletApplication != null) {
                    List portletDefinitions = portletApplication.getPortletDefinitions();
                    ArrayList arrayList2 = new ArrayList();
                    if (portletDefinitions != null) {
                        for (int i3 = 0; i3 < portletDefinitions.size(); i3++) {
                            PortletDefinition portletDefinition = (PortletDefinition) portletDefinitions.get(i3);
                            String name2 = portletDefinition.getName();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Portlet Name is: " + name2);
                            }
                            List<com.ibm.ws.portletcontainer.om.security.SecurityRoleRef> securityRoleRefs2 = portletDefinition.getSecurityRoleRefs();
                            if (securityRoleRefs2 != null) {
                                for (com.ibm.ws.portletcontainer.om.security.SecurityRoleRef securityRoleRef2 : securityRoleRefs2) {
                                    String roleName3 = securityRoleRef2.getRoleName();
                                    String roleLink = securityRoleRef2.getRoleLink();
                                    Permission webRoleRefPermission4 = new WebRoleRefPermission(name2, roleName3);
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Adding the following WebRoleRefPermission (roleLink, WebRoleRefPermission) for Portlet RoleLink: " + new Object[]{roleLink});
                                    }
                                    policyConfiguration2.addToRole(roleLink, webRoleRefPermission4);
                                    arrayList2.add(roleName3);
                                }
                            }
                            if (eList3 != null) {
                                Iterator it3 = eList3.iterator();
                                while (it3.hasNext()) {
                                    String roleName4 = ((SecurityRole) it3.next()).getRoleName();
                                    if (!arrayList2.contains(roleName4)) {
                                        Permission webRoleRefPermission5 = new WebRoleRefPermission(name2, roleName4);
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Adding the following WebRoleRefPermission for Portlet (roleLink , WebRoleRefPermission): " + new Object[]{roleName4, webRoleRefPermission5});
                                        }
                                        policyConfiguration2.addToRole(roleName4, webRoleRefPermission5);
                                    }
                                }
                            }
                        }
                    }
                }
                HashMap hashMap = new HashMap();
                URLMap uRLMap = new URLMap("/");
                uRLMap.setUncheckedSet(null);
                hashMap.put("/", uRLMap);
                if (eList != null) {
                    for (org.eclipse.jst.j2ee.webapplication.SecurityConstraint securityConstraint : eList) {
                        if (securityConstraint != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "SecurityConstraint: ", new Object[]{securityConstraint});
                            }
                            AuthConstraint authConstraint = securityConstraint.getAuthConstraint();
                            EList<String> roles = authConstraint != null ? authConstraint.getRoles() : null;
                            UserDataConstraint userDataConstraint = securityConstraint.getUserDataConstraint();
                            String str3 = null;
                            if (userDataConstraint != null && userDataConstraint.isSetTransportGuarantee()) {
                                str3 = userDataConstraint.getTransportGuarantee().getName();
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "transport is set: " + str3);
                                }
                            }
                            for (WebResourceCollection webResourceCollection : securityConstraint.getWebResourceCollections()) {
                                EList<String> urlPattern = webResourceCollection.getUrlPattern();
                                if (urlPattern != null) {
                                    for (String str4 : urlPattern) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "url being processed is: " + str4);
                                        }
                                        URLMap uRLMap2 = (URLMap) hashMap.get(str4);
                                        if (uRLMap2 == null) {
                                            uRLMap2 = getNewURLMap(str4, hashMap);
                                        }
                                        EList<String> httpMethodString = webResourceCollection.getHttpMethodString();
                                        EList<String> httpMethodOmission = webResourceCollection.getHttpMethodOmission();
                                        ArrayList arrayList3 = null;
                                        boolean z2 = false;
                                        if (httpMethodString != null && httpMethodString.size() > 0) {
                                            arrayList3 = new ArrayList();
                                            for (String str5 : httpMethodString) {
                                                if (tc.isDebugEnabled()) {
                                                    Tr.debug(tc, " HTTP Method is:" + str5);
                                                }
                                                arrayList3.add(str5);
                                            }
                                        } else if (httpMethodOmission != null && httpMethodOmission.size() > 0) {
                                            z2 = true;
                                            arrayList3 = new ArrayList();
                                            for (String str6 : httpMethodOmission) {
                                                if (tc.isDebugEnabled()) {
                                                    Tr.debug(tc, " HTTP Omission Method is:" + str6);
                                                }
                                                arrayList3.add(str6);
                                            }
                                        } else if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "All Methods are set since HTTP Method isn't defined.");
                                        }
                                        if (authConstraint != null && (roles == null || roles.size() < 1)) {
                                            uRLMap2.setExcludedSet(arrayList3, z2);
                                        } else if (authConstraint == null) {
                                            uRLMap2.setUncheckedSet(arrayList3, z2);
                                        } else if (roles != null && roles != null) {
                                            for (String str7 : roles) {
                                                if (str7.equals("*")) {
                                                    EList securityRoles = webApp.getSecurityRoles();
                                                    if (securityRoles != null) {
                                                        Iterator it4 = securityRoles.iterator();
                                                        while (it4.hasNext()) {
                                                            uRLMap2.setRoleMap(((SecurityRole) it4.next()).getRoleName(), arrayList3, z2);
                                                        }
                                                    }
                                                } else {
                                                    if (tc.isDebugEnabled()) {
                                                        Tr.debug(tc, "Setting role map for role = " + str7);
                                                    }
                                                    uRLMap2.setRoleMap(str7, arrayList3, z2);
                                                }
                                            }
                                        }
                                        if (str3 != null) {
                                            uRLMap2.setUserDataMap(str3, arrayList3, z2);
                                        } else {
                                            if (tc.isDebugEnabled()) {
                                                Tr.debug(tc, "no user data constraint, set NONE");
                                            }
                                            uRLMap2.setUserDataMap("NONE", arrayList3, z2);
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
                if (map != null) {
                    processDynamicServlet(hashMap, map, webConstraintsTable);
                }
                if (portletApplication != null && (securityConstraints = portletApplication.getSecurityConstraints()) != null && securityConstraints.size() > 0) {
                    for (SecurityConstraint securityConstraint2 : securityConstraints) {
                        if (securityConstraint2 != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "SecurityConstraint for Portlet: ", new Object[]{securityConstraint2});
                            }
                            com.ibm.ws.portletcontainer.om.security.UserDataConstraint userDataConstraint2 = securityConstraint2.getUserDataConstraint();
                            String str8 = "NONE";
                            if (userDataConstraint2 != null) {
                                userDataConstraint2.getTransportGuarantee();
                                str8 = userDataConstraint2.getTransportGuarantee().getName();
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "transport set for Portlet is: " + str8);
                                }
                            }
                            List portletDefinitions2 = securityConstraint2.getPortletDefinitions();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "portletDefinitions are: " + portletDefinitions2);
                            }
                            Iterator it5 = portletDefinitions2.iterator();
                            while (it5.hasNext()) {
                                String name3 = ((PortletDefinition) it5.next()).getName();
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "url being processed for Portlet is: " + name3);
                                }
                                String str9 = null;
                                if (!name3.endsWith("/*")) {
                                    str9 = new StringBuffer("/").append(name3).append("/*").toString();
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "url modified for Portlet is: " + str9);
                                    }
                                }
                                URLMap uRLMap3 = (URLMap) hashMap.get(str9);
                                if (uRLMap3 == null) {
                                    uRLMap3 = getNewURLMap(str9, hashMap);
                                }
                                if (str8 != null) {
                                    uRLMap3.setUserDataMap(str8, null);
                                }
                            }
                        }
                    }
                }
                for (String str10 : hashMap.keySet()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "url is: " + str10);
                    }
                    URLMap uRLMap4 = (URLMap) hashMap.get(str10);
                    String uRLPattern = uRLMap4.getURLPattern();
                    if (!unqualified(str10, uRLPattern)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "urlPatternName: " + uRLPattern);
                        }
                        boolean z3 = false;
                        ActionString excludedString = uRLMap4.getExcludedString();
                        boolean z4 = false;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Method string for Excluded Permission: " + excludedString);
                        }
                        if (excludedString != null) {
                            String actions = excludedString.getActions();
                            permissions2.add(new WebResourcePermission(uRLPattern, actions));
                            permissions2.add(new WebUserDataPermission(uRLPattern, actions));
                            z3 = true;
                            if (actions == null) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "all methods is set for excluded");
                                }
                                z4 = true;
                            }
                        }
                        if (!z4) {
                            HashMap roleMap = uRLMap4.getRoleMap();
                            ActionString uncheckedString = uRLMap4.getUncheckedString();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Method string for Unchecked Permission: " + uncheckedString);
                            }
                            if (uncheckedString != null) {
                                permissions.add(new WebResourcePermission(uRLPattern, uncheckedString.getActions()));
                            } else if (!z3 && roleMap == null) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "set unchecked for all methods");
                                }
                                permissions.add(new WebResourcePermission(uRLPattern, (String) null));
                            } else if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "unchecked list is null");
                            }
                            ActionString userDataString2 = uRLMap4.getUserDataString("CONFIDENTIAL_OR_INTEGRAL");
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "\nUserData - Confidential: " + userDataString2);
                            }
                            if (userDataString2 != null) {
                                String actions2 = userDataString2.getActions();
                                addUserData(permissions, uRLPattern, actions2);
                                if (actions2 != null && actions2.startsWith(":")) {
                                    z4 = true;
                                }
                            }
                            if (!z4) {
                                if (userDataString2 != null || z3) {
                                    userDataString = uRLMap4.getUserDataString("REST");
                                    if (userDataString == null && userDataString2 == null) {
                                        userDataString = new ActionString(":NONE");
                                    }
                                } else {
                                    userDataString = new ActionString(":NONE");
                                }
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "UserData - Rest: " + userDataString);
                                }
                                if (userDataString != null) {
                                    addUserData(permissions, uRLPattern, userDataString.getActions());
                                }
                            }
                            if (roleMap != null) {
                                for (String str11 : roleMap.keySet()) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "role is " + str11);
                                    }
                                    String str12 = (String) roleMap.get(str11);
                                    if (str12 == null || str12.length() == 0) {
                                        Permission webResourcePermission = new WebResourcePermission(uRLPattern, (String) null);
                                        policyConfiguration2.addToRole(str11, webResourcePermission);
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Added the role: " + str11 + "\nURL: " + uRLPattern + "\nmethod: <<ALL METHOD>> to the permission " + webResourcePermission);
                                        }
                                    } else {
                                        Permission webResourcePermission2 = new WebResourcePermission(uRLPattern, str12);
                                        policyConfiguration2.addToRole(str11, webResourcePermission2);
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Added the role: " + str11 + "\nURL: " + uRLPattern + "\nmethod: " + str12 + " to the permission " + webResourcePermission2);
                                        }
                                    }
                                }
                            } else if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Added the role: << NONE >>\nURL: " + uRLPattern);
                            }
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "url: " + str10 + " is unqualified");
                    }
                }
                policyConfiguration2.addToExcludedPolicy(permissions2);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Added the following ExcludedPerms:" + permissions2);
                }
                policyConfiguration2.addToUncheckedPolicy(permissions);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Added the following UncheckedPerms:" + permissions);
                }
                linkConfiguration(str, policyConfiguration2, policyConfiguration);
                policyConfiguration2.commit();
                ModuleFile moduleFile = webModuleRef.getModuleFile();
                if (moduleFile.isWARFile() && ((WARFile) moduleFile).containsEJBContent()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "addWebPermissions - war contains EJB content, adding EJB permissions" + permissions2);
                    }
                    addEJBPermissions(null, webModuleRef, ((WARFile) moduleFile).getEJBDeploymentDescriptor(true), str, str2, z, policyConfiguration);
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "addWebPermissions");
                }
            } catch (PolicyContextException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authorize.AppInstallNotify.addWebPermissions", "583", this);
                Tr.error(tc, "security.jacc.tools.pcf", new Object[]{moduleContextID, e});
                this.pcf = null;
                throw e;
            }
        } catch (DeploymentDescriptorLoadException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.authorize.AppInstallNotify.addWebPermissions", "520", this);
            throw e2;
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security. authorize.AppInstallNotify.addWPermissions", "525", this);
            throw e3;
        }
    }

    private void addUserData(Permissions permissions, String str, String str2) {
        if (str2 == null || !str2.startsWith(":")) {
            permissions.add(new WebUserDataPermission(str, str2));
        } else {
            permissions.add(new WebUserDataPermission(str, null, str2.substring(1)));
        }
    }

    private Set<String> addBeanRoleRefs(PolicyConfiguration policyConfiguration, Set<String> set, EnterpriseBean enterpriseBean, EList eList) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addBeanRoleRefs()", "Add EJBRoleRefPermissions for all roles defined in EJB descriptor");
        }
        HashSet hashSet = new HashSet();
        Properties properties = SecurityObjectLocator.getSecurityConfig().getAuthorizationConfig().getAuthorizationProvider().getProperties();
        if (properties != null && "false".equalsIgnoreCase(properties.getProperty("createDefaultEJBRoleRefs"))) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "addBeanRoleRefs()", "createDefaultEJBRoleRefs custom property set to false, no EJBRoleRefPermissions will be created.");
            }
            return hashSet;
        }
        if (policyConfiguration == null || enterpriseBean == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "PolicyConfiguration or EnterpriseBean argument is null, do nothing.");
            }
        } else if (eList != null && !eList.isEmpty()) {
            Iterator it = eList.iterator();
            while (it.hasNext()) {
                String roleName = ((SecurityRole) it.next()).getRoleName();
                String name = enterpriseBean.getName();
                if (roleName == null || name == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Role name or EJB name are null, do nothing.");
                    }
                } else if (set == null || !set.contains(roleName)) {
                    EJBRoleRefPermission eJBRoleRefPermission = new EJBRoleRefPermission(name, roleName);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Adding EJBRoleRefPermission = " + eJBRoleRefPermission);
                    }
                    try {
                        policyConfiguration.addToRole(roleName, eJBRoleRefPermission);
                        hashSet.add(roleName);
                    } catch (PolicyContextException e) {
                        FFDCFilter.processException(e, "addBeanRoleRefs", "1144", this, new Object[]{name, roleName});
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Error adding role ref, exception: " + e);
                        }
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "EJBRoleRefPermission not added, one has already been added for role = " + roleName);
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No roles defined, do nothing.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addBeanRoleRefs()", "EJBRoleRefPermissions added for EJB roles = " + hashSet);
        }
        return hashSet;
    }

    public void addEJBPermissions(EJBModuleRef eJBModuleRef, String str, String str2, boolean z, PolicyConfiguration policyConfiguration) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addEJBPermissions", new Object[]{eJBModuleRef.getUri(), str, str2, Boolean.valueOf(z), policyConfiguration});
        }
        addEJBPermissions(eJBModuleRef, null, null, str, str2, z, policyConfiguration);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addEJBPermissions");
        }
    }

    public void addEJBPermissions(EJBModuleRef eJBModuleRef, WebModuleRef webModuleRef, EJBJar eJBJar, String str, String str2, boolean z, PolicyConfiguration policyConfiguration) throws Exception {
        Permissions eJBPermCollection;
        Permissions eJBPermCollection2;
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[7];
            objArr[0] = eJBModuleRef != null ? eJBModuleRef.getUri() : eJBModuleRef;
            objArr[1] = webModuleRef != null ? webModuleRef.getUri() : webModuleRef;
            objArr[2] = eJBJar;
            objArr[3] = str;
            objArr[4] = str2;
            objArr[5] = Boolean.valueOf(z);
            objArr[6] = policyConfiguration;
            Tr.entry(traceComponent, "addEJBPermissions 1", objArr);
        }
        AssemblyDescriptor assemblyDescriptor = null;
        EList eList = null;
        EList eList2 = null;
        ExcludeList excludeList = null;
        new Permissions();
        new Permissions();
        new Permissions();
        EJBJar eJBJar2 = getEJBJar(eJBModuleRef, eJBJar);
        if (eJBJar2 != null) {
            eList2 = eJBJar2.getEnterpriseBeans();
            assemblyDescriptor = eJBJar2.getAssemblyDescriptor();
        }
        if (assemblyDescriptor != null) {
            eList = assemblyDescriptor.getMethodPermissions();
            excludeList = assemblyDescriptor.getExcludeList();
        }
        String moduleContextID = getModuleContextID(str2, getEJBModuleName(eJBModuleRef, webModuleRef));
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "addEJBPermissions 1 JACC context id: " + moduleContextID);
        }
        try {
            if (this.pcf == null) {
                this.pcf = getPCF(z);
            }
            if (this.pcf == null) {
                throw new PolicyContextException("Cannot get the PolicyConfigurationFactory of the JACC provider");
            }
            PolicyConfiguration policyConfiguration2 = this.pcf.getPolicyConfiguration(moduleContextID, true);
            if (policyConfiguration2 == null) {
                Tr.error(tc, "security.jacc.tools.pcf.null", new Object[]{moduleContextID});
                throw new PolicyContextException("The PolicyConfiguration object is null");
            }
            if (eList2 != null && eList2.size() > 0) {
                for (int i = 0; i < eList2.size(); i++) {
                    EnterpriseBean enterpriseBean = (EnterpriseBean) eList2.get(i);
                    String name = enterpriseBean.getName();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Bean Name processed is " + enterpriseBean.getName());
                    }
                    HashSet hashSet = new HashSet();
                    EList securityRoleRefs = enterpriseBean.getSecurityRoleRefs();
                    if (securityRoleRefs != null) {
                        for (int i2 = 0; i2 < securityRoleRefs.size(); i2++) {
                            SecurityRoleRef securityRoleRef = (SecurityRoleRef) securityRoleRefs.get(i2);
                            String name2 = securityRoleRef.getName();
                            String link = securityRoleRef.getLink();
                            EJBRoleRefPermission eJBRoleRefPermission = new EJBRoleRefPermission(name, name2);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Adding the following EJBRoleRefPermission (roleName, refLink): ", new Object[]{name2, link});
                            }
                            policyConfiguration2.addToRole(link, eJBRoleRefPermission);
                            hashSet.add(link);
                        }
                    }
                    if (assemblyDescriptor != null) {
                        addBeanRoleRefs(policyConfiguration2, hashSet, enterpriseBean, assemblyDescriptor.getSecurityRoles());
                    }
                }
            }
            if (eList != null && eList.size() > 0) {
                for (int i3 = 0; i3 < eList.size(); i3++) {
                    MethodPermission methodPermission = (MethodPermission) eList.get(i3);
                    EList methodElements = methodPermission.getMethodElements();
                    if (methodPermission.isUnchecked()) {
                        Permissions eJBPermCollection3 = getEJBPermCollection(methodElements);
                        if (eJBPermCollection3 != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Adding the following Unchecked permissions: ", new Object[]{eJBPermCollection3});
                            }
                            policyConfiguration2.addToUncheckedPolicy(eJBPermCollection3);
                        }
                    } else {
                        EList roles = methodPermission.getRoles();
                        if (roles != null && roles.size() > 0 && (eJBPermCollection2 = getEJBPermCollection(methodElements)) != null) {
                            for (int i4 = 0; i4 < roles.size(); i4++) {
                                String roleName = ((SecurityRole) roles.get(i4)).getRoleName();
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Adding the following Role Permissions (roleName, EJBRolePermissions): ", new Object[]{roleName, eJBPermCollection2});
                                }
                                policyConfiguration2.addToRole(roleName, eJBPermCollection2);
                            }
                        }
                    }
                }
            }
            if (excludeList != null && (eJBPermCollection = getEJBPermCollection(excludeList.getMethodElements())) != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding the following Excluded Permissions: ", new Object[]{eJBPermCollection});
                }
                policyConfiguration2.addToExcludedPolicy(eJBPermCollection);
            }
            linkConfiguration(str, policyConfiguration2, null);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Committing the EJB PolicyConfiguration ");
            }
            policyConfiguration2.commit();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "addEJBPermissions");
            }
        } catch (PolicyContextException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.authorize.AppInstallNotify.addEJBPermissions", "1246", this);
            Tr.error(tc, "security.jacc.tools.pcf", new Object[]{moduleContextID, e});
            this.pcf = null;
            throw e;
        }
    }

    EJBJar getEJBJar(EJBModuleRef eJBModuleRef, EJBJar eJBJar) throws Exception {
        EJBJar eJBJar2;
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[2];
            objArr[0] = eJBModuleRef != null ? eJBModuleRef.getUri() : eJBModuleRef;
            objArr[1] = eJBJar;
            Tr.entry(traceComponent, "getEJBJar", objArr);
        }
        if (eJBModuleRef != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getEJBJar using EJBJar from EJB module");
            }
            try {
                eJBJar2 = (EJBJar) eJBModuleRef.getDeploymentDescriptor();
            } catch (DeploymentDescriptorLoadException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authorize.AppInstallNotify.addEJBPermissions", "1373", this);
                throw e;
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.authorize.AppInstallNotify.addEJBPermissions", "1378", this);
                throw e2;
            }
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getEJBJar using EJBJar from war");
            }
            eJBJar2 = eJBJar;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getEJBJar", new Object[]{eJBJar2});
        }
        return eJBJar2;
    }

    String getEJBModuleName(EJBModuleRef eJBModuleRef, WebModuleRef webModuleRef) {
        String str;
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[2];
            objArr[0] = eJBModuleRef != null ? eJBModuleRef.getUri() : eJBModuleRef;
            objArr[1] = webModuleRef != null ? webModuleRef.getUri() : webModuleRef;
            Tr.entry(traceComponent, "getEJBModuleName", objArr);
        }
        if (eJBModuleRef != null) {
            String altDD = eJBModuleRef.getModule().getAltDD();
            if (altDD == null || altDD.length() == 0) {
                str = eJBModuleRef.getUri();
            } else {
                str = altDD;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "getEJBModuleName using altDD: " + altDD);
                }
            }
        } else {
            str = webModuleRef.getUri() + CommonConstants.JACC_EJB_IN_WAR_CONTEXT;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getEJBModuleName: " + str);
        }
        return str;
    }

    private PolicyConfigurationFactory getPCF(boolean z) {
        if (this.pcf == null) {
            try {
                if (System.getProperty(FACTORY_NAME) == null) {
                    if (z) {
                        this.policyCfgFactoryImplClassName = getLocalPCFName();
                    } else {
                        this.policyCfgFactoryImplClassName = SecurityObjectLocator.getSecurityConfig().getAuthorizationConfig().getAuthorizationProvider().getString(AuthorizationProviderConfig.POLICY_CONFIGURATION_FACTORY_IMPL_CLASS_NAME);
                    }
                    if (this.policyCfgFactoryImplClassName != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "The policy configuration factory name is:" + this.policyCfgFactoryImplClassName);
                        }
                        System.setProperty(FACTORY_NAME, this.policyCfgFactoryImplClassName);
                        this.pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();
                    }
                } else {
                    this.pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();
                }
            } catch (WorkSpaceException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authorize.AppInstallNotify.initialize", "1466", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception during getPolicyConfigurationFactory.getPolicyConfigurationFactory:", new Object[]{e});
                }
                this.pcf = null;
            } catch (ClassNotFoundException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.authorize.AppInstallNotify.initialize", "1458", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception during getPolicyConfigurationFactory.getPolicyConfigurationFactory:", new Object[]{e2});
                }
                this.pcf = null;
            } catch (PolicyContextException e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.security.authorize.AppInstallNotify.initialize", "1462", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception during getPolicyConfigurationFactory.getPolicyConfigurationFactory:", new Object[]{e3});
                }
                this.pcf = null;
            }
        }
        return this.pcf;
    }

    private RoleConfigurationFactory getRCF(boolean z) {
        if (this.rcf == null) {
            String str = null;
            try {
                str = !z ? SecurityObjectLocator.getSecurityConfig().getAuthorizationConfig().getAuthorizationProvider().getString(AuthorizationProviderConfig.ROLE_CONFIGURATION_FACTORY_IMPL_CLASS_NAME) : getLocalRCFName();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "rcfClassName: ", str);
                }
                if (str != null && str.length() > 0) {
                    this.rcf = (RoleConfigurationFactory) Class.forName(str, true, Thread.currentThread().getContextClassLoader()).newInstance();
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authorize.AppInstallNotify.initialize", "1493", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception during the initialization of the roleConfigurationImplClass:", new Object[]{str, e});
                }
                this.rcf = null;
            }
        }
        return this.rcf;
    }

    public void linkConfiguration(String str, PolicyConfiguration policyConfiguration, PolicyConfiguration policyConfiguration2) throws PolicyContextException {
        if (policyConfiguration2 != null) {
            policyConfiguration.linkConfiguration(policyConfiguration2);
        } else if (this.pcConfigsMap.containsKey(str)) {
            policyConfiguration.linkConfiguration((PolicyConfiguration) this.pcConfigsMap.get(str));
        } else {
            this.pcConfigsMap.put(str, policyConfiguration);
        }
    }

    public PolicyConfiguration getPolicyConfiguration(String str, String str2, String str3, boolean z, boolean z2) {
        PolicyConfiguration policyConfiguration = null;
        String moduleContextID = getModuleContextID(str3, str);
        try {
            if (this.pcf == null) {
                this.pcf = getPCF(z);
            }
            if (this.pcf != null) {
                policyConfiguration = this.pcf.getPolicyConfiguration(moduleContextID, z2);
            }
        } catch (PolicyContextException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.authorize.AppInstallNotify.getPolicyConfiguration", "1527", this);
            Tr.error(tc, "security.jacc.tools.pcf", new Object[]{moduleContextID, e});
            this.pcf = null;
            policyConfiguration = null;
        }
        return policyConfiguration;
    }

    public void deleteModule(ModuleRef moduleRef, String str, String str2, boolean z) throws Exception {
        deleteModule(moduleRef.getUri(), str, str2, z);
    }

    public void deleteModule(String str, String str2, String str3, boolean z) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "deleteModule", new Object[]{str, str2, str3});
        }
        String moduleContextID = getModuleContextID(str3, str);
        try {
            if (this.pcf == null) {
                this.pcf = getPCF(z);
            }
            if (this.pcf == null) {
                throw new Exception("Cannot get the PolicyConfigurationFactory of the JACC provider");
            }
            PolicyConfiguration policyConfiguration = this.pcf.getPolicyConfiguration(moduleContextID, false);
            if (policyConfiguration == null) {
                Tr.error(tc, "security.jacc.tools.pcf.null", new Object[]{moduleContextID});
                throw new Exception("The PolicyConfiguration object is null");
            }
            policyConfiguration.delete();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "deleteModule");
            }
        } catch (ClassNotFoundException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.authorize.AppInstallNotify.deleteModule", "1553", this);
            Tr.error(tc, "security.jacc.tools.pcf", new Object[]{moduleContextID, e});
            this.pcf = null;
            throw new Exception("Failed to get the PolicyConfiguration object", e);
        } catch (PolicyContextException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.authorize.AppInstallNotify.deleteModule", "1559", this);
            Tr.error(tc, "security.jacc.tools.pcf", new Object[]{moduleContextID, e2});
            this.pcf = null;
            throw new Exception("Failed to get the PolicyConfiguration object", e2);
        }
    }

    private Permissions getEJBPermCollection(EList eList) {
        List methodParams;
        Permissions permissions = new Permissions();
        if (eList == null || eList.size() <= 0) {
            permissions = null;
        } else {
            for (int i = 0; i < eList.size(); i++) {
                MethodElement methodElement = (MethodElement) eList.get(i);
                String name = methodElement.getName();
                EnterpriseBean enterpriseBean = methodElement.getEnterpriseBean();
                if (enterpriseBean != null) {
                    String name2 = enterpriseBean.getName();
                    methodElement.getType().getValue();
                    String name3 = methodElement.getType().getName();
                    if (name.equals("*")) {
                        name = null;
                    }
                    if (name3 != null && name3.equals("Unspecified")) {
                        name3 = null;
                    }
                    String[] strArr = null;
                    if (methodElement.hasMethodParams() && (methodParams = methodElement.getMethodParams()) != null) {
                        strArr = (String[]) methodParams.toArray(new String[methodParams.size()]);
                    }
                    if (tc.isDebugEnabled()) {
                        StringBuffer stringBuffer = new StringBuffer("addingEJBPermCollection: ejbName = ");
                        stringBuffer.append(name2).append(", methodName = ").append(name).append(", methodInfName = ").append(name3).append(", paramArray = ").append(strArr);
                        Tr.debug(tc, stringBuffer.toString());
                    }
                    permissions.add(new EJBMethodPermission(name2, name, name3, strArr));
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "EnterpriseBean for method='" + name + "' was not found.");
                }
            }
        }
        return permissions;
    }

    private int urlType(String str) {
        String str2 = str.toString();
        if (str2.startsWith("*.")) {
            return 0;
        }
        if (str2.startsWith("/") && str2.endsWith("/*")) {
            return 1;
        }
        return str2.equals("/") ? 3 : 2;
    }

    protected boolean urlPatternMatch(String str, String str2) {
        if (str.equals(str2) || str.equals("/*")) {
            return true;
        }
        if (str.startsWith("/") && str.endsWith("/*")) {
            String substring = str.substring(0, str.length() - 2);
            int length = substring.length();
            if (str2.startsWith(substring) && (str2.length() == length || str2.charAt(length) == '/')) {
                return true;
            }
        }
        return (str.startsWith("*.") && str2.endsWith(str.substring(1))) || str.equals("/");
    }

    private boolean unqualified(String str, String str2) {
        boolean z = false;
        if (str2.indexOf(":") != -1) {
            StringTokenizer stringTokenizer = new StringTokenizer(str2.substring(str2.indexOf(":") + 1), ":");
            while (true) {
                if (!stringTokenizer.hasMoreTokens()) {
                    break;
                }
                if (urlPatternMatch(stringTokenizer.nextToken(), str)) {
                    z = true;
                    break;
                }
            }
        }
        return z;
    }

    private String getModuleContextID(String str, String str2) {
        String str3;
        if (str == null || str2 == null) {
            str3 = str2;
        } else {
            StringBuffer stringBuffer = new StringBuffer(str);
            stringBuffer.append("/").append(str2);
            str3 = stringBuffer.toString();
        }
        return str3;
    }

    private AuthorizationProvider getAuthorizationProvider() throws WorkSpaceException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuthorizationProvider");
        }
        WorkSpace workSpace = null;
        Resource resource = null;
        try {
            try {
                workSpace = WorkSpaceManagerFactory.getManager().getWorkSpace("" + System.currentTimeMillis());
                RepositoryContextType contextType = RepositoryMetaDataFactory.getRepositoryMetaData().getContextType(AdminAuthzConstants.CELL_RES);
                URI createURI = URI.createURI(WorkSpaceQueryUtil.SECURITY_URI);
                Security security = null;
                Iterator it = workSpace.findContext(contextType).iterator();
                if (it.hasNext()) {
                    resource = ((RepositoryContext) it.next()).getResourceSet().createResource(createURI);
                    resource.load(new HashMap());
                    security = (Security) resource.getContents().get(0);
                }
                AuthorizationConfig authorizationConfig = null;
                if (security != null) {
                    authorizationConfig = security.getAuthConfig();
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authorization config in local mode is: " + authorizationConfig);
                }
                if (authorizationConfig != null) {
                    authzProvider = (AuthorizationProvider) authorizationConfig.getAuthorizationProviders().get(0);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authorization provider in local mode is: " + authzProvider);
                }
                if (resource != null) {
                    resource.unload();
                }
                if (workSpace != null) {
                    WorkSpaceManagerFactory.getManager().removeWorkSpace(workSpace.getUserName());
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authorize.AppInstallNotify.getLocalPCFName", "1762", this);
                Tr.error(tc, "security.jacc.tools.authzprovider.error", new Object[]{e});
                if (resource != null) {
                    resource.unload();
                }
                if (workSpace != null) {
                    WorkSpaceManagerFactory.getManager().removeWorkSpace(workSpace.getUserName());
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.entry(tc, "getAuthorizationProvider");
            }
            return authzProvider;
        } catch (Throwable th) {
            if (resource != null) {
                resource.unload();
            }
            if (workSpace != null) {
                WorkSpaceManagerFactory.getManager().removeWorkSpace(workSpace.getUserName());
            }
            throw th;
        }
    }

    private String getLocalPCFName() throws WorkSpaceException {
        String str = null;
        if (authzProvider == null) {
            authzProvider = getAuthorizationProvider();
        }
        if (authzProvider != null) {
            str = authzProvider.getPolicyConfigurationFactoryImplClassName();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "PolicyConfigurationFactory in localMode is: " + str);
        }
        return str;
    }

    private String getLocalRCFName() throws WorkSpaceException {
        String str = null;
        if (authzProvider == null) {
            authzProvider = getAuthorizationProvider();
        }
        if (authzProvider != null) {
            str = authzProvider.getRoleConfigurationFactoryImplClassName();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "RoleConfigurationFactory in localMode is: " + str);
        }
        return str;
    }

    private Policy getLocalPolicy() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getLocalPolicy");
        }
        if (this.jPolicy == null) {
            String property = System.getProperty(CommonConstants.JACC_POLICY_PROVIDER);
            if (property == null) {
                if (authzProvider == null) {
                    authzProvider = getAuthorizationProvider();
                }
                if (authzProvider != null) {
                    property = authzProvider.getJ2eePolicyImplClassName();
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "PolicyName in local mode is: " + property);
                }
            }
            if (property != null) {
                Policy.setPolicy((Policy) Class.forName(property, true, Thread.currentThread().getContextClassLoader()).newInstance());
                this.jPolicy = Policy.getPolicy();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getLocalPolicy");
        }
        return this.jPolicy;
    }

    private URLMap getNewURLMap(String str, HashMap hashMap) {
        URLMap uRLMap = new URLMap(str);
        for (String str2 : hashMap.keySet()) {
            int urlType = urlType(str2);
            switch (urlType(str)) {
                case 0:
                    if (urlType != 1 && (urlType != 2 || !urlPatternMatch(str, str2))) {
                        if (urlType == 3) {
                            ((URLMap) hashMap.get(str2)).appendURLPattern(str);
                            break;
                        } else {
                            break;
                        }
                    } else {
                        uRLMap.appendURLPattern(str2);
                        break;
                    }
                case 1:
                    if ((urlType != 1 && urlType != 2) || !urlPatternMatch(str, str2)) {
                        if (urlType != 1 || !urlPatternMatch(str2, str)) {
                            if (urlType != 0 && urlType != 3) {
                                break;
                            } else {
                                ((URLMap) hashMap.get(str2)).appendURLPattern(str);
                                break;
                            }
                        } else {
                            ((URLMap) hashMap.get(str2)).appendURLPattern(str);
                            break;
                        }
                    } else {
                        uRLMap.appendURLPattern(str2);
                        break;
                    }
                    break;
                case 2:
                    if ((urlType != 0 && urlType != 1) || !urlPatternMatch(str2, str)) {
                        if (urlType == 3) {
                            ((URLMap) hashMap.get(str2)).appendURLPattern(str);
                            break;
                        } else {
                            break;
                        }
                    } else {
                        ((URLMap) hashMap.get(str2)).appendURLPattern(str);
                        break;
                    }
                    break;
                case 3:
                    if (urlType != 3) {
                        uRLMap.appendURLPattern(str2);
                        break;
                    } else {
                        break;
                    }
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "full urlPattern created is: " + uRLMap.getURLPattern());
        }
        hashMap.put(str, uRLMap);
        return uRLMap;
    }

    public void processDynamicServlet(HashMap hashMap, Map<String, ? extends ServletRegistration> map, WebConstraintsTable webConstraintsTable) throws Exception {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Dynamic/Static Servlet.....)");
        }
        try {
            for (Map.Entry<String, ? extends ServletRegistration> entry : map.entrySet()) {
                String key = entry.getKey();
                IServletConfig iServletConfig = (ServletRegistration) entry.getValue();
                Collection<String> mappings = iServletConfig.getMappings();
                ServletSecurityElement servletSecurity = iServletConfig.getServletSecurity();
                if (servletSecurity != null && mappings != null && !mappings.isEmpty()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "*** Add dynamic/static security constraints: " + key);
                    }
                    String runAsRole = iServletConfig.getRunAsRole();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "runAsRole->" + runAsRole);
                    }
                    for (String str : mappings) {
                        if (webConstraintsTable == null || !webConstraintsTable.existsExactMatchURI(str)) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Dynamic/static servlet url being processed is: " + str);
                            }
                            URLMap uRLMap = getURLMap(hashMap, str);
                            ArrayList dynamicMethodOmissions = getDynamicMethodOmissions(servletSecurity);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "httpMethodOmission: " + (dynamicMethodOmissions != null ? dynamicMethodOmissions.toString() : "null"));
                            }
                            URLMap processHttpConstraint = processHttpConstraint(servletSecurity, uRLMap, dynamicMethodOmissions);
                            Collection<HttpMethodConstraintElement> httpMethodConstraints = servletSecurity.getHttpMethodConstraints();
                            if (httpMethodConstraints != null && httpMethodConstraints.size() > 0) {
                                for (HttpMethodConstraintElement httpMethodConstraintElement : httpMethodConstraints) {
                                    processHttpConstraint = processHttpMethodConstraint(httpMethodConstraintElement, processHttpConstraint, getDynamicMethod(httpMethodConstraintElement));
                                }
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Skip an exact match URL: " + str);
                        }
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "*** Skip dynamic/static servlet: " + key);
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.authorize.AppInstallNotify.addWebPermissions", "1955", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error dynamic/static servlet security annotation, exception: " + e);
            }
            throw e;
        }
    }

    public ArrayList getDynamicMethodOmissions(ServletSecurityElement servletSecurityElement) {
        ArrayList arrayList = null;
        if (servletSecurityElement != null) {
            Collection<String> methodNames = servletSecurityElement.getMethodNames();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "HttpConstraint: " + methodNames);
            }
            if (methodNames != null && methodNames.size() > 0) {
                arrayList = new ArrayList();
                Iterator<String> it = methodNames.iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next());
                }
            }
        }
        return arrayList;
    }

    public String[] getDynamicSecurityRoles(HttpConstraintElement httpConstraintElement) {
        String[] strArr = null;
        if (httpConstraintElement != null) {
            strArr = httpConstraintElement.getRolesAllowed();
            if (tc.isDebugEnabled() && strArr != null && strArr.length > 0) {
                StringBuffer stringBuffer = new StringBuffer();
                for (String str : strArr) {
                    stringBuffer.append(str + ",");
                }
                Tr.debug(tc, "rolesAllowed->" + ((Object) stringBuffer));
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDynamicSecurityRoles ->" + (strArr == null ? "<null>" : strArr.toString()));
        }
        return strArr;
    }

    public ArrayList getDynamicMethod(HttpMethodConstraintElement httpMethodConstraintElement) {
        ArrayList arrayList = null;
        if (httpMethodConstraintElement != null) {
            String methodName = httpMethodConstraintElement.getMethodName();
            if (methodName != null && methodName.length() > 0) {
                arrayList = new ArrayList();
                arrayList.add(methodName);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "httpMethods: " + arrayList.toString());
            }
        }
        return arrayList;
    }

    public String getDynamicTransportGuarantee(HttpConstraintElement httpConstraintElement) {
        String str = null;
        if (httpConstraintElement != null) {
            str = httpConstraintElement.getTransportGuarantee().toString();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "transportGuarantee:" + str);
            }
        }
        return str;
    }

    public URLMap setMethodRolesAllowed(HttpConstraintElement httpConstraintElement, URLMap uRLMap, ArrayList arrayList, boolean z) {
        if (httpConstraintElement != null) {
            ServletSecurity.EmptyRoleSemantic emptyRoleSemantic = httpConstraintElement.getEmptyRoleSemantic();
            String[] dynamicSecurityRoles = getDynamicSecurityRoles(httpConstraintElement);
            if ((dynamicSecurityRoles == null || dynamicSecurityRoles.length < 1) && emptyRoleSemantic != null && emptyRoleSemantic.equals(ServletSecurity.EmptyRoleSemantic.DENY)) {
                uRLMap.setExcludedSet(arrayList, z);
            } else if ((dynamicSecurityRoles == null || dynamicSecurityRoles.length < 1) && emptyRoleSemantic != null && emptyRoleSemantic.equals(ServletSecurity.EmptyRoleSemantic.PERMIT)) {
                uRLMap.setUncheckedSet(arrayList, z);
            } else if (dynamicSecurityRoles != null && dynamicSecurityRoles.length > 0) {
                for (int i = 0; i < dynamicSecurityRoles.length; i++) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Setting role map for role = " + dynamicSecurityRoles[i]);
                    }
                    uRLMap.setRoleMap(dynamicSecurityRoles[i], arrayList, z);
                }
            }
        }
        return uRLMap;
    }

    public URLMap getURLMap(HashMap hashMap, String str) {
        URLMap uRLMap = null;
        if (hashMap != null) {
            uRLMap = (URLMap) hashMap.get(str);
        }
        if (uRLMap == null) {
            uRLMap = getNewURLMap(str, hashMap);
        }
        return uRLMap;
    }

    public URLMap processHttpConstraint(ServletSecurityElement servletSecurityElement, URLMap uRLMap, ArrayList arrayList) {
        URLMap methodRolesAllowed = setMethodRolesAllowed(servletSecurityElement, uRLMap, arrayList, true);
        methodRolesAllowed.setUserDataMap(getDynamicTransportGuarantee(servletSecurityElement), arrayList, true);
        return methodRolesAllowed;
    }

    public URLMap processHttpMethodConstraint(HttpMethodConstraintElement httpMethodConstraintElement, URLMap uRLMap, ArrayList arrayList) {
        URLMap methodRolesAllowed = setMethodRolesAllowed(httpMethodConstraintElement, uRLMap, arrayList, false);
        methodRolesAllowed.setUserDataMap(getDynamicTransportGuarantee(httpMethodConstraintElement), arrayList, false);
        return methodRolesAllowed;
    }
}
