package com.ibm.ws.security.authorize;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.etools.commonarchive.EARFile;
import com.ibm.etools.commonarchive.EJBModuleRef;
import com.ibm.etools.commonarchive.WebModuleRef;
import com.ibm.websphere.management.application.sync.AbstractAppSyncTask;
import com.ibm.websphere.management.application.sync.AppData;
import com.ibm.websphere.management.application.sync.AppSyncConstants;
import com.ibm.websphere.models.config.appdeployment.ApplicationDeployment;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.util.ConfigUtils;
import com.ibm.ws.security.util.DomainContextHelper;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import javax.security.jacc.PolicyConfiguration;

/* loaded from: input_file:WEB-INF/lib/admin-8.5.0.jar:com/ibm/ws/security/authorize/JaccModifiedTask.class */
public class JaccModifiedTask extends AbstractAppSyncTask {
    private static TraceComponent tc = Tr.register((Class<?>) JaccModifiedTask.class, (String) null, AdminConstants.MSG_BUNDLE_NAME);
    private static String nativeJACC = CommonConstants.DEFAULT_JACC_POLICY_PROVIDER;
    private static final int MODULE_ADDED = 0;
    private static final int MODULE_DELETED = 1;
    private static final int MODULE_UPDATED = 2;
    private static final String EJB_DD = "/META-INF/ejb-jar.xml";
    private static final String WEB_DD = "/WEB-INF/web.xml";
    private static final String APP_UPDATE = "com.ibm.websphere.security.jacc.propagateonappupdate";

    @Override // com.ibm.websphere.management.application.sync.AbstractAppSyncTask
    public boolean performTask(AppData appData, AppData appData2, Hashtable hashtable) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "sec-modify performTask");
        }
        if (JaccTaskUtil.skipJaccOperation(this._isLocal, this._isInNodeSync)) {
            return true;
        }
        int operations = appData2.getOperations();
        if ((operations & 65536) == 0 && (operations & 1048576) == 0) {
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "sec performTask: not a full or partial update.");
            return true;
        }
        String appName = appData2.getAppName();
        try {
            try {
                boolean switchToAppDomainIfDmgr = DomainContextHelper.switchToAppDomainIfDmgr(appName);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Check to see if JACC is enabled");
                }
                boolean z = false;
                if (JaccTaskUtil.checkForJacc(this._repository, this._isLocal, this._cellName, false) && !"false".equalsIgnoreCase(System.getProperty(APP_UPDATE))) {
                    z = true;
                    ApplicationDeployment applicationDeployment = (ApplicationDeployment) appData2.getProperties().get("OLDDEPLOY_KEY");
                    if (applicationDeployment != null && "false".equalsIgnoreCase((String) ConfigUtils.getProperties(applicationDeployment.getProperties()).get(APP_UPDATE))) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Propagate set to false for application: " + appData2.getAppName());
                        }
                        z = false;
                    }
                }
                if (z) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "JACC is enabled and the propagation is set to true");
                    }
                    EARFile ear = appData2.getEAR();
                    String appContextIDForSecurity = appData2.getAppContextIDForSecurity();
                    if ((operations & 65536) != 0) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, " processing for full updates");
                        }
                        AppInstallNotify.getInstance().appUninstall((ApplicationDeployment) appData.getProperties().get("OLDDEPLOY_KEY"), appName, appContextIDForSecurity, this._isLocal);
                        AppInstallNotify.getInstance().appInstall(ear, appName, appContextIDForSecurity, this._isLocal);
                    } else if ((operations & 1048576) != 0) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "processing for partial updates");
                        }
                        boolean z2 = false;
                        ArrayList arrayList = new ArrayList();
                        ArrayList arrayList2 = new ArrayList();
                        ArrayList arrayList3 = new ArrayList();
                        ArrayList arrayList4 = new ArrayList();
                        ArrayList arrayList5 = new ArrayList();
                        ArrayList arrayList6 = new ArrayList();
                        Hashtable fileChangesInRepository = appData2.getFileChangesInRepository();
                        List list = (List) fileChangesInRepository.get(AppSyncConstants.SYNC_DOCADDED);
                        for (int i = 0; i < list.size(); i++) {
                            String str = (String) list.get(i);
                            if (str.endsWith(EJB_DD)) {
                                arrayList.add(getModule(str, appName, true));
                                z2 = true;
                            } else if (str.endsWith(WEB_DD)) {
                                arrayList2.add(getModule(str, appName, false));
                                z2 = true;
                            }
                        }
                        if (tc.isDebugEnabled()) {
                            if (arrayList.size() > 0) {
                                Tr.debug(tc, "EJB modules added are: " + arrayList);
                            }
                            if (arrayList2.size() > 0) {
                                Tr.debug(tc, "Web modules added are: " + arrayList2);
                            }
                        }
                        List list2 = (List) fileChangesInRepository.get(AppSyncConstants.SYNC_DOCREMOVED);
                        for (int i2 = 0; i2 < list2.size(); i2++) {
                            String str2 = (String) list2.get(i2);
                            if (str2.endsWith(EJB_DD)) {
                                arrayList3.add(getModule(str2, appName, true));
                                z2 = true;
                            } else if (str2.endsWith(WEB_DD)) {
                                arrayList4.add(getModule(str2, appName, false));
                                z2 = true;
                            }
                        }
                        if (tc.isDebugEnabled()) {
                            if (arrayList3.size() > 0) {
                                Tr.debug(tc, "EJB modules removed are: " + arrayList3);
                            }
                            if (arrayList4.size() > 0) {
                                Tr.debug(tc, "Web modules removed are: " + arrayList4);
                            }
                        }
                        List list3 = (List) fileChangesInRepository.get(AppSyncConstants.SYNC_DOCMODIFIED);
                        for (int i3 = 0; i3 < list3.size(); i3++) {
                            String str3 = (String) list3.get(i3);
                            if (str3.endsWith(EJB_DD)) {
                                arrayList5.add(getModule(str3, appName, true));
                                z2 = true;
                            } else if (str3.endsWith(WEB_DD)) {
                                arrayList6.add(getModule(str3, appName, false));
                                z2 = true;
                            }
                        }
                        if (tc.isDebugEnabled()) {
                            if (arrayList5.size() > 0) {
                                Tr.debug(tc, "EJB modules modified are: " + arrayList5);
                            }
                            if (arrayList6.size() > 0) {
                                Tr.debug(tc, "Web modules modified are: " + arrayList6);
                            }
                        }
                        if (z2) {
                            String oldModuleName = getOldModuleName(ear, arrayList, arrayList3, arrayList5, arrayList2, arrayList4, arrayList6, appData2);
                            PolicyConfiguration policyConfiguration = oldModuleName != null ? AppInstallNotify.getInstance().getPolicyConfiguration(oldModuleName, appName, appContextIDForSecurity, this._isLocal, false) : null;
                            if (arrayList.size() > 0) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, " processing the new EJB modules");
                                }
                                processEJBModules(ear, appName, appContextIDForSecurity, arrayList, policyConfiguration, 0);
                            }
                            if (arrayList3.size() > 0) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, " processing the removed EJB modules");
                                }
                                processRemovedModules(appName, appContextIDForSecurity, arrayList3);
                            }
                            if (arrayList5.size() > 0) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, " processing the modified EJB modules");
                                }
                                processEJBModules(ear, appName, appContextIDForSecurity, arrayList5, policyConfiguration, 2);
                            }
                            if (arrayList2.size() > 0) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, " processing the new Web modules");
                                }
                                processWebModules(ear, appName, appContextIDForSecurity, arrayList2, policyConfiguration, 0);
                            }
                            if (arrayList4.size() > 0) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, " processing the removed Web modules");
                                }
                                processRemovedModules(appName, appContextIDForSecurity, arrayList4);
                            }
                            if (arrayList6.size() > 0) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, " processing the modified Web modules");
                                }
                                processEJBModules(ear, appName, appContextIDForSecurity, arrayList6, policyConfiguration, 2);
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "processing the authorization table");
                            }
                            AppInstallNotify.getInstance().addAuthorizationTable(ear, appName, appContextIDForSecurity, this._isLocal);
                        }
                    }
                }
                if (switchToAppDomainIfDmgr) {
                    DomainContextHelper.unwindAppDomain(appName);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authorize.JaccModifiedTask.performTask", "133", this);
                Tr.error(tc, "security.jacc.updated.task", new Object[]{appData2.getAppName(), e});
                if (0 != 0) {
                    DomainContextHelper.unwindAppDomain(appName);
                }
            }
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "sec performTask");
            return true;
        } catch (Throwable th) {
            if (0 != 0) {
                DomainContextHelper.unwindAppDomain(appName);
            }
            throw th;
        }
    }

    private String getModule(String str, String str2, boolean z) throws Exception {
        String substring;
        int length = str2.length();
        if (z) {
            substring = str.substring(str.lastIndexOf(str2) + length + 1, str.lastIndexOf(EJB_DD));
        } else {
            substring = str.substring(str.lastIndexOf(str2) + length + 1, str.lastIndexOf(WEB_DD));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "moduleName is = " + substring);
        }
        return substring;
    }

    private void processWebModules(EARFile eARFile, String str, String str2, List list, PolicyConfiguration policyConfiguration, int i) throws Exception {
        List<WebModuleRef> webModuleRefs = eARFile.getWebModuleRefs();
        if (webModuleRefs == null || webModuleRefs.size() <= 0) {
            return;
        }
        for (WebModuleRef webModuleRef : webModuleRefs) {
            switch (i) {
                case 0:
                    if (list.contains(webModuleRef.getUri())) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Adding web module: " + webModuleRef.getUri() + " to the JACC provider");
                        }
                        AppInstallNotify.getInstance().addWebPermissions(webModuleRef, str, str2, this._isLocal, policyConfiguration);
                        break;
                    } else {
                        break;
                    }
                case 2:
                    if (list.contains(webModuleRef.getUri())) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Modifying web module: " + webModuleRef.getUri() + " in the JACC provider");
                        }
                        AppInstallNotify.getInstance().addWebPermissions(webModuleRef, str, str2, this._isLocal, policyConfiguration);
                        break;
                    } else {
                        break;
                    }
            }
        }
    }

    private void processEJBModules(EARFile eARFile, String str, String str2, List list, PolicyConfiguration policyConfiguration, int i) throws Exception {
        List<EJBModuleRef> eJBModuleRefs = eARFile.getEJBModuleRefs();
        if (eJBModuleRefs == null || eJBModuleRefs.size() <= 0) {
            return;
        }
        for (EJBModuleRef eJBModuleRef : eJBModuleRefs) {
            switch (i) {
                case 0:
                    if (list.contains(eJBModuleRef.getUri())) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Adding EJB module: " + eJBModuleRef.getUri() + " to the JACC provider");
                        }
                        AppInstallNotify.getInstance().addEJBPermissions(eJBModuleRef, str, str2, this._isLocal, policyConfiguration);
                        break;
                    } else {
                        break;
                    }
                case 2:
                    if (list.contains(eJBModuleRef.getUri())) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Modifying EJB module: " + eJBModuleRef.getUri() + " in the JACC provider");
                        }
                        AppInstallNotify.getInstance().addEJBPermissions(eJBModuleRef, str, str2, this._isLocal, policyConfiguration);
                        break;
                    } else {
                        break;
                    }
            }
        }
    }

    private void processRemovedModules(String str, String str2, List list) throws Exception {
        for (int i = 0; i < list.size(); i++) {
            String str3 = (String) list.get(i);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Removing the module: " + str3 + " from the JACC provider");
            }
            AppInstallNotify.getInstance().deleteModule(str3, str, str2, this._isLocal);
        }
    }

    private String getOldModuleName(EARFile eARFile, List list, List list2, List list3, List list4, List list5, List list6, AppData appData) throws Exception {
        if (list2.size() > 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "URI for linking policyConfigs is : " + list2.get(0));
            }
            return (String) list2.get(0);
        }
        if (list5.size() > 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "URI for linking policyConfigs is : " + list5.get(0));
            }
            return (String) list5.get(0);
        }
        if (list3.size() > 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "URI for linking policyConfigs is = " + list3.get(0));
            }
            return (String) list3.get(0);
        }
        if (list6.size() > 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "URI for linking policyConfigs is = " + list6.get(0));
            }
            return (String) list6.get(0);
        }
        List webModuleRefs = eARFile.getWebModuleRefs();
        if (webModuleRefs != null && webModuleRefs.size() > 0) {
            Iterator it = webModuleRefs.iterator();
            while (it.hasNext()) {
                String uri = ((WebModuleRef) it.next()).getUri();
                if (!list4.contains(uri)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "URI for linking policyConfigs is: " + uri);
                    }
                    return uri;
                }
            }
        }
        List eJBModuleRefs = eARFile.getEJBModuleRefs();
        if (eJBModuleRefs != null && eJBModuleRefs.size() > 0) {
            Iterator it2 = eJBModuleRefs.iterator();
            while (it2.hasNext()) {
                String uri2 = ((EJBModuleRef) it2.next()).getUri();
                if (!list.contains(uri2)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "URI for linking policyConfigs is: " + uri2);
                    }
                    return uri2;
                }
            }
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "Cannot obtain the original module for the app " + appData.getAppName());
        return null;
    }
}
