package oracle.security.idm.providers.wlsldap;

import java.security.Principal;
import java.util.HashMap;
import java.util.logging.Level;
import javax.naming.InvalidNameException;
import javax.naming.NamingException;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.ModificationItem;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.Rdn;
import oracle.security.idm.IMException;
import oracle.security.idm.ObjectNotFoundException;
import oracle.security.idm.OperationFailureException;
import oracle.security.idm.Role;
import oracle.security.idm.RoleProfile;
import oracle.security.idm.SearchResponse;
import oracle.security.idm.providers.stdldap.LDConfiguration;
import oracle.security.idm.providers.stdldap.LDPrincipal;
import oracle.security.idm.providers.stdldap.LDRole;
import oracle.security.idm.providers.stdldap.LDRoleManager;
import oracle.security.idm.providers.stdldap.LDRolePrincipal;
import oracle.security.idm.providers.stdldap.LDSearchResponse;
import oracle.security.idm.providers.stdldap.LDUserPrincipal;
import oracle.security.idm.providers.stdldap.util.IDMUtils;
import oracle.security.idm.providers.stdldap.util.IdentitySearchResponse;
import oracle.security.idm.providers.stdldap.util.LDAPRealm;

/* loaded from: input_file:oracle/security/idm/providers/wlsldap/WLSLDAPRoleManager.class */
public class WLSLDAPRoleManager extends LDRoleManager {
    private String classname;

    public WLSLDAPRoleManager(WLSLDAPIdentityStore wLSLDAPIdentityStore) throws IMException {
        super(wLSLDAPIdentityStore);
        this.classname = "oracle.security.idm.providers.wlsldap.WLSLDAPRoleManager";
    }

    @Override // oracle.security.idm.providers.stdldap.LDRoleManager, oracle.security.idm.RoleManager
    public SearchResponse getGrantedRoles(Principal principal, boolean z) throws IMException {
        LdapContext ldapContext = null;
        boolean z2 = false;
        try {
            ldapContext = this.store.acquireConnection();
            LDSearchResponse lDSearchResponse = new LDSearchResponse(this.store, ldapContext, getGrantedRolesImpl(ldapContext, principal, z));
            z2 = true;
            if (1 == 0 && ldapContext != null) {
                try {
                    this.store.releaseConnection(ldapContext);
                } catch (IMException e) {
                }
            }
            return lDSearchResponse;
        } catch (Throwable th) {
            if (!z2 && ldapContext != null) {
                try {
                    this.store.releaseConnection(ldapContext);
                } catch (IMException e2) {
                }
            }
            throw th;
        }
    }

    public IdentitySearchResponse getGrantedRolesImpl(LdapContext ldapContext, Principal principal, boolean z) throws IMException {
        IdentitySearchResponse identitySearchResponse = null;
        if (principal instanceof LDUserPrincipal) {
            identitySearchResponse = new UserMembershipSearchResponse(ldapContext, this.store.realm, ((LDUserPrincipal) principal).getDN(), !z, this.store.factory.logr);
        } else if (principal instanceof LDRolePrincipal) {
            identitySearchResponse = this.store.realm.getGrantedRoles(ldapContext, ((LDRolePrincipal) principal).getDN(), z, null);
        }
        return identitySearchResponse;
    }

    @Override // oracle.security.idm.providers.stdldap.LDRoleManager, oracle.security.idm.spi.AbstractRoleManager, oracle.security.idm.RoleManager
    public SearchResponse getOwnedRoles(Principal principal, boolean z) throws IMException {
        boolean z2 = false;
        LdapContext ldapContext = null;
        try {
            ldapContext = this.store.acquireConnection();
            LDSearchResponse lDSearchResponse = new LDSearchResponse(this.store, ldapContext, new WLSLDAPGrantedRelationSearchResponse(ldapContext, this.store.realm, principal, new String[]{this.store.realm.getConfig().getRoleOwnerAttribute()}, !z, this, this.store.factory.logr));
            z2 = true;
            if (1 == 0 && ldapContext != null) {
                try {
                    this.store.releaseConnection(ldapContext);
                } catch (IMException e) {
                }
            }
            return lDSearchResponse;
        } catch (Throwable th) {
            if (!z2 && ldapContext != null) {
                try {
                    this.store.releaseConnection(ldapContext);
                } catch (IMException e2) {
                }
            }
            throw th;
        }
    }

    @Override // oracle.security.idm.providers.stdldap.LDRoleManager, oracle.security.idm.spi.AbstractRoleManager, oracle.security.idm.RoleManager
    public SearchResponse getManagedRoles(Principal principal, boolean z) throws IMException {
        boolean z2 = false;
        LdapContext ldapContext = null;
        try {
            ldapContext = this.store.acquireConnection();
            LDSearchResponse lDSearchResponse = new LDSearchResponse(this.store, ldapContext, new WLSLDAPGrantedRelationSearchResponse(ldapContext, this.store.realm, principal, new String[]{this.store.realm.getConfig().getRoleManagerAttribute()}, !z, this, this.store.factory.logr));
            z2 = true;
            if (1 == 0 && ldapContext != null) {
                try {
                    this.store.releaseConnection(ldapContext);
                } catch (IMException e) {
                }
            }
            return lDSearchResponse;
        } catch (Throwable th) {
            if (!z2 && ldapContext != null) {
                try {
                    this.store.releaseConnection(ldapContext);
                } catch (IMException e2) {
                }
            }
            throw th;
        }
    }

    @Override // oracle.security.idm.providers.stdldap.LDRoleManager, oracle.security.idm.RoleManager
    public boolean isGranted(Role role, Principal principal) throws IMException {
        if (principal instanceof LDRolePrincipal) {
            return super.isGranted(role, principal);
        }
        boolean z = false;
        LdapContext ldapContext = null;
        String str = null;
        String str2 = null;
        try {
            try {
                ldapContext = this.store.acquireConnection();
                if (principal instanceof LDPrincipal) {
                    str2 = ((LDPrincipal) principal).getDN();
                }
                try {
                    str = IDMUtils.normalizeDN(((LDRole) role).jndirole.getDN());
                } catch (InvalidNameException e) {
                    HashMap hashMap = new HashMap();
                    hashMap.put("InvalidNameException", "Unable to normalize the DN");
                    LDAPRealm.throwException(e, this.classname, "isGranted(Role parent, Principal principal)", hashMap, this.store.factory.logr);
                }
                UserMembershipSearchResponse userMembershipSearchResponse = new UserMembershipSearchResponse(ldapContext, this.store.realm, str2, true, this.store.factory.logr);
                while (true) {
                    if (!userMembershipSearchResponse.hasNext(ldapContext)) {
                        break;
                    }
                    String str3 = null;
                    try {
                        str3 = IDMUtils.normalizeDN(userMembershipSearchResponse.next(ldapContext).getDN());
                    } catch (InvalidNameException e2) {
                        HashMap hashMap2 = new HashMap();
                        hashMap2.put("InvalidNameException", "Unable to normalize the DN");
                        LDAPRealm.throwException(e2, this.classname, "isGranted(LdapContext ctx, String idtyDN)", hashMap2, this.store.factory.logr);
                    }
                    if (str.equals(str3)) {
                        z = true;
                        break;
                    }
                }
                if (ldapContext != null) {
                    try {
                        this.store.releaseConnection(ldapContext);
                    } catch (IMException e3) {
                    }
                }
                return z;
            } catch (ObjectNotFoundException e4) {
                this.store.factory.logr.logp(Level.FINEST, this.classname, "isGranted()", "Exception occured while checking the principal " + str2 + " is Granted to :  to the Role : " + str + "\t" + e4);
                if (ldapContext != null) {
                    try {
                        this.store.releaseConnection(ldapContext);
                    } catch (IMException e5) {
                    }
                }
                return false;
            }
        } catch (Throwable th) {
            if (ldapContext != null) {
                try {
                    this.store.releaseConnection(ldapContext);
                } catch (IMException e6) {
                }
            }
            throw th;
        }
    }

    @Override // oracle.security.idm.providers.stdldap.LDRoleManager, oracle.security.idm.spi.AbstractRoleManager, oracle.security.idm.RoleManager
    public boolean isOwnedBy(Role role, Principal principal) throws IMException {
        boolean z = false;
        LdapContext ldapContext = null;
        String str = null;
        String str2 = null;
        try {
            try {
                ldapContext = this.store.acquireConnection();
                if (principal instanceof LDPrincipal) {
                    str2 = ((LDPrincipal) principal).getDN();
                }
                try {
                    str = IDMUtils.normalizeDN(((LDRole) role).jndirole.getDN());
                } catch (InvalidNameException e) {
                    HashMap hashMap = new HashMap();
                    hashMap.put("InvalidNameException", "Unable to normalize the DN");
                    LDAPRealm.throwException(e, this.classname, "isOwnedBy(Role parent, Principal principal)", hashMap, this.store.factory.logr);
                }
                WLSLDAPGrantedRelationSearchResponse wLSLDAPGrantedRelationSearchResponse = new WLSLDAPGrantedRelationSearchResponse(ldapContext, this.store.realm, principal, new String[]{this.store.realm.getConfig().getRoleOwnerAttribute()}, true, this, this.store.factory.logr);
                while (true) {
                    if (!wLSLDAPGrantedRelationSearchResponse.hasNext(ldapContext)) {
                        break;
                    }
                    String str3 = null;
                    try {
                        str3 = IDMUtils.normalizeDN(wLSLDAPGrantedRelationSearchResponse.next(ldapContext).getDN());
                    } catch (InvalidNameException e2) {
                        HashMap hashMap2 = new HashMap();
                        hashMap2.put("InvalidNameException", "Unable to normalize the DN");
                        LDAPRealm.throwException(e2, this.classname, "isOwnedBy(LdapContext ctx, String idtyDN)", hashMap2, this.store.factory.logr);
                    }
                    if (str.equals(str3)) {
                        z = true;
                        break;
                    }
                }
                if (ldapContext != null) {
                    try {
                        this.store.releaseConnection(ldapContext);
                    } catch (IMException e3) {
                    }
                }
                return z;
            } catch (ObjectNotFoundException e4) {
                this.store.factory.logr.logp(Level.FINEST, this.classname, "isOwnedBy()", "Exception occured while checking -- whether the role " + role.getUniqueName() + " is owned by the principal : " + str2 + "\t" + e4);
                if (ldapContext != null) {
                    try {
                        this.store.releaseConnection(ldapContext);
                    } catch (IMException e5) {
                    }
                }
                return false;
            }
        } catch (Throwable th) {
            if (ldapContext != null) {
                try {
                    this.store.releaseConnection(ldapContext);
                } catch (IMException e6) {
                }
            }
            throw th;
        }
    }

    @Override // oracle.security.idm.providers.stdldap.LDRoleManager, oracle.security.idm.spi.AbstractRoleManager, oracle.security.idm.RoleManager
    public boolean isManagedBy(Role role, Principal principal) throws IMException {
        boolean z = false;
        LdapContext ldapContext = null;
        String str = null;
        String str2 = null;
        try {
            try {
                ldapContext = this.store.acquireConnection();
                if (principal instanceof LDPrincipal) {
                    str2 = ((LDPrincipal) principal).getDN();
                }
                try {
                    str = IDMUtils.normalizeDN(((LDRole) role).jndirole.getDN());
                } catch (InvalidNameException e) {
                    HashMap hashMap = new HashMap();
                    hashMap.put("InvalidNameException", "Unable to normalize the DN");
                    LDAPRealm.throwException(e, this.classname, "isManagedBy(Role parent, Principal principal)", hashMap, this.store.factory.logr);
                }
                WLSLDAPGrantedRelationSearchResponse wLSLDAPGrantedRelationSearchResponse = new WLSLDAPGrantedRelationSearchResponse(ldapContext, this.store.realm, principal, new String[]{this.store.realm.getConfig().getRoleManagerAttribute()}, true, this, this.store.factory.logr);
                while (true) {
                    if (!wLSLDAPGrantedRelationSearchResponse.hasNext(ldapContext)) {
                        break;
                    }
                    String str3 = null;
                    try {
                        str3 = IDMUtils.normalizeDN(wLSLDAPGrantedRelationSearchResponse.next(ldapContext).getDN());
                    } catch (InvalidNameException e2) {
                        HashMap hashMap2 = new HashMap();
                        hashMap2.put("InvalidNameException", "Unable to normalize the DN");
                        LDAPRealm.throwException(e2, this.classname, "isManagedBy(LdapContext ctx, String idtyDN)", hashMap2, this.store.factory.logr);
                    }
                    if (str.equals(str3)) {
                        z = true;
                        break;
                    }
                }
                if (ldapContext != null) {
                    try {
                        this.store.releaseConnection(ldapContext);
                    } catch (IMException e3) {
                    }
                }
                return z;
            } catch (ObjectNotFoundException e4) {
                this.store.factory.logr.logp(Level.FINEST, this.classname, "isManagedBy()", "Exception occured while checking -- whether the role " + role.getUniqueName() + " is managed by the principal : " + str2 + "\t" + e4);
                if (ldapContext != null) {
                    try {
                        this.store.releaseConnection(ldapContext);
                    } catch (IMException e5) {
                    }
                }
                return false;
            }
        } catch (Throwable th) {
            if (ldapContext != null) {
                try {
                    this.store.releaseConnection(ldapContext);
                } catch (IMException e6) {
                }
            }
            throw th;
        }
    }

    @Override // oracle.security.idm.providers.stdldap.LDRoleManager, oracle.security.idm.RoleManager
    public void dropRole(RoleProfile roleProfile) throws IMException {
        dropRole((Role) roleProfile);
    }

    @Override // oracle.security.idm.providers.stdldap.LDRoleManager, oracle.security.idm.RoleManager
    public void dropRole(Role role) throws IMException {
        this.store.factory.logr.entering(this.classname, "dropRole(Role)");
        try {
            SearchResponse grantees = role.getRoleProfile().getGrantees(null, true);
            while (grantees.hasNext()) {
                revokeRole(role, grantees.next().getPrincipal());
            }
        } catch (IMException e) {
            this.store.factory.logr.logp(Level.FINEST, this.classname, "fetchNextIdentity()", "Exception occured while revoking the role to principal " + e.getMessage());
        }
        super.dropRole(role);
    }

    @Override // oracle.security.idm.providers.stdldap.LDRoleManager, oracle.security.idm.RoleManager
    public Role createRole(String str, int i) throws IMException {
        BasicAttributes basicAttributes = new BasicAttributes();
        BasicAttribute basicAttribute = new BasicAttribute("memberURL");
        String roleSelectedCreateBase = this.store.realm.getConfig().getRoleSelectedCreateBase();
        String[] userSearchBase = this.store.realm.getConfig().getUserSearchBase();
        if (userSearchBase == null || userSearchBase.length == 0) {
            throw new OperationFailureException("CreateRole Failed: User CreateBase is not set.");
        }
        basicAttribute.add("ldap:///" + userSearchBase[0] + "??sub?(&(objectclass=person)(wlsMemberOf=" + this.store.realm.getConfig().getRoleNameAttr() + "=" + Rdn.escapeValue(str) + "," + roleSelectedCreateBase + "))");
        basicAttributes.put(basicAttribute);
        return createRole(str, i, basicAttributes);
    }

    @Override // oracle.security.idm.providers.stdldap.LDRoleManager, oracle.security.idm.RoleManager
    public void grantRole(Role role, Principal principal) throws IMException {
        try {
            LdapContext acquireConnection = this.store.acquireConnection();
            String str = null;
            boolean z = false;
            if (principal instanceof LDUserPrincipal) {
                str = ((LDUserPrincipal) principal).getDN();
                z = true;
            } else if (principal instanceof LDRolePrincipal) {
                str = ((LDRolePrincipal) principal).getDN();
            }
            if (z) {
                setProperties(acquireConnection, new ModificationItem[]{new ModificationItem(1, new BasicAttribute((String) ((LDConfiguration) this.store.realm.getConfig()).getProperty("USER_GROUP_MEMBER_ATTRS"), ((LDRole) role).jndirole.getDN()))}, str);
            } else {
                ((LDRole) role).jndirole.addMember(acquireConnection, str);
            }
            if (acquireConnection != null) {
                try {
                    this.store.releaseConnection(acquireConnection);
                } catch (IMException e) {
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    this.store.releaseConnection(null);
                } catch (IMException e2) {
                }
            }
            throw th;
        }
    }

    @Override // oracle.security.idm.providers.stdldap.LDRoleManager, oracle.security.idm.RoleManager
    public void revokeRole(Role role, Principal principal) throws IMException {
        try {
            LdapContext acquireConnection = this.store.acquireConnection();
            String str = null;
            boolean z = false;
            if (principal instanceof LDUserPrincipal) {
                str = ((LDUserPrincipal) principal).getDN();
                z = true;
            } else if (principal instanceof LDRolePrincipal) {
                str = ((LDRolePrincipal) principal).getDN();
            }
            if (z) {
                setProperties(acquireConnection, new ModificationItem[]{new ModificationItem(3, new BasicAttribute((String) ((LDConfiguration) this.store.realm.getConfig()).getProperty("USER_GROUP_MEMBER_ATTRS"), ((LDRole) role).jndirole.getDN()))}, str);
            } else {
                ((LDRole) role).jndirole.dropMember(acquireConnection, str);
            }
            if (acquireConnection != null) {
                try {
                    this.store.releaseConnection(acquireConnection);
                } catch (IMException e) {
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    this.store.releaseConnection(null);
                } catch (IMException e2) {
                }
            }
            throw th;
        }
    }

    private void setProperties(LdapContext ldapContext, ModificationItem[] modificationItemArr, String str) throws IMException {
        try {
            ldapContext.modifyAttributes(ldapContext.getNameParser("").parse(str), modificationItemArr);
        } catch (NamingException e) {
            HashMap hashMap = new HashMap();
            hashMap.put("NameNotFoundException", "Role does not exist anymore !!");
            hashMap.put("NoPermissionException", "No permission to modify the user!!");
            LDAPRealm.throwException(e, this.classname, "setProperties(LdapContext ctx, ModificationItem[] modItems, String memberDN)", hashMap, this.store.factory.logr);
        }
    }
}
