package com.metamatrix.platform.security.authorization.service;

import com.metamatrix.admin.api.exception.security.InvalidSessionException;
import com.metamatrix.admin.api.exception.security.MetaMatrixSecurityException;
import com.metamatrix.admin.api.objects.AdminOptions;
import com.metamatrix.api.exception.MetaMatrixComponentException;
import com.metamatrix.api.exception.MetaMatrixException;
import com.metamatrix.api.exception.security.AuthorizationException;
import com.metamatrix.api.exception.security.AuthorizationMgmtException;
import com.metamatrix.api.exception.security.InvalidPrincipalException;
import com.metamatrix.api.exception.security.MembershipServiceException;
import com.metamatrix.cache.Cache;
import com.metamatrix.cache.CacheConfiguration;
import com.metamatrix.cache.CacheFactory;
import com.metamatrix.common.actions.ActionDefinition;
import com.metamatrix.common.actions.CreateObject;
import com.metamatrix.common.actions.DestroyObject;
import com.metamatrix.common.connection.ManagedConnectionException;
import com.metamatrix.common.connection.TransactionMgr;
import com.metamatrix.common.jdbc.JDBCReservedWords;
import com.metamatrix.common.log.LogManager;
import com.metamatrix.common.properties.UnmodifiableProperties;
import com.metamatrix.dqp.ResourceFinder;
import com.metamatrix.platform.PlatformPlugin;
import com.metamatrix.platform.admin.api.EntitlementMigrationReport;
import com.metamatrix.platform.admin.api.PermissionDataNode;
import com.metamatrix.platform.admin.api.exception.PermissionNodeException;
import com.metamatrix.platform.admin.apiimpl.PermissionDataNodeTreeViewImpl;
import com.metamatrix.platform.security.api.AuthorizationObjectEditor;
import com.metamatrix.platform.security.api.AuthorizationPermission;
import com.metamatrix.platform.security.api.AuthorizationPolicy;
import com.metamatrix.platform.security.api.AuthorizationPolicyID;
import com.metamatrix.platform.security.api.AuthorizationRealm;
import com.metamatrix.platform.security.api.GranteeEntitlementEntry;
import com.metamatrix.platform.security.api.MetaMatrixPrincipal;
import com.metamatrix.platform.security.api.MetaMatrixPrincipalName;
import com.metamatrix.platform.security.api.SessionToken;
import com.metamatrix.platform.security.api.UserEntitlementInfo;
import com.metamatrix.platform.security.api.service.AuthorizationServiceInterface;
import com.metamatrix.platform.security.api.service.AuthorizationServicePropertyNames;
import com.metamatrix.platform.security.api.service.MembershipServiceInterface;
import com.metamatrix.platform.security.audit.AuditLevel;
import com.metamatrix.platform.security.audit.AuditManager;
import com.metamatrix.platform.security.audit.SecurityAuditContexts;
import com.metamatrix.platform.security.authorization.cache.AuthorizationCache;
import com.metamatrix.platform.security.authorization.spi.AuthorizationSourceConnectionException;
import com.metamatrix.platform.security.authorization.spi.AuthorizationSourceException;
import com.metamatrix.platform.security.authorization.spi.AuthorizationSourceTransaction;
import com.metamatrix.platform.security.util.RolePermissionFactory;
import com.metamatrix.platform.service.api.exception.ServiceClosedException;
import com.metamatrix.platform.service.api.exception.ServiceException;
import com.metamatrix.platform.service.api.exception.ServiceNotInitializedException;
import com.metamatrix.platform.service.api.exception.ServiceStateException;
import com.metamatrix.platform.service.controller.AbstractService;
import com.metamatrix.platform.util.ErrorMessageKeys;
import com.metamatrix.platform.util.LogMessageKeys;
import com.metamatrix.platform.util.PlatformProxyHelper;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;

/* loaded from: input_file:com/metamatrix/platform/security/authorization/service/AuthorizationServiceImpl.class */
public class AuthorizationServiceImpl extends AbstractService implements AuthorizationServiceInterface {
    protected AuthorizationCache authorizationCache;
    private Properties environment;
    private boolean serviceClosed;
    protected MembershipServiceInterface membershipServiceProxy;
    private TransactionMgr transMgr;
    private AuditManager auditManager;
    private int retries = 1;
    private SessionToken privlegedToken = new SessionToken();

    @Override // com.metamatrix.platform.service.controller.AbstractService
    protected void initService(Properties properties) {
        try {
            this.auditManager = new AuditManager();
            this.membershipServiceProxy = PlatformProxyHelper.getMembershipServiceProxy(PlatformProxyHelper.ROUND_ROBIN_LOCAL);
            if (properties == null) {
                this.environment = new Properties();
            } else {
                synchronized (properties) {
                    this.environment = (Properties) properties.clone();
                }
            }
            if (!(this.environment instanceof UnmodifiableProperties)) {
                this.environment = new UnmodifiableProperties(this.environment);
            }
            String property = this.environment.getProperty(AuthorizationServicePropertyNames.CONNECTION_RETRIES);
            if (property != null) {
                try {
                    this.retries = Integer.parseInt(property);
                } catch (Exception e) {
                    LogManager.logWarning(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0001, new Object[]{property, Integer.toString(this.retries)}));
                }
            }
            if (properties.getProperty(AuthorizationServicePropertyNames.CONNECTION_FACTORY) == null) {
                properties.setProperty(AuthorizationServicePropertyNames.CONNECTION_FACTORY, AuthorizationServicePropertyNames.DEFAULT_FACTORY_CLASS);
            }
            properties.setProperty(TransactionMgr.FACTORY, properties.getProperty(AuthorizationServicePropertyNames.CONNECTION_FACTORY));
            this.transMgr = new TransactionMgr(properties, getInstanceName());
            CacheFactory cacheFactory = ResourceFinder.getCacheFactory();
            CacheConfiguration cacheConfiguration = new CacheConfiguration(CacheConfiguration.Policy.LRU, 0, 0);
            this.authorizationCache = new AuthorizationCache(cacheFactory.get(Cache.Type.AUTHORIZATION_POLICY, cacheConfiguration), cacheFactory.get(Cache.Type.AUTHORIZATION_PRINCIPLE, cacheConfiguration), this.environment);
            this.serviceClosed = false;
        } catch (Throwable th) {
            throw new ServiceException(th, ErrorMessageKeys.SEC_AUTHORIZATION_0004, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0004, new Object[]{getID()}));
        }
    }

    protected AuthorizationSourceTransaction getReadTransaction() throws ManagedConnectionException {
        return (AuthorizationSourceTransaction) this.transMgr.getReadTransaction();
    }

    protected AuthorizationSourceTransaction getWriteTransaction() throws ManagedConnectionException {
        return (AuthorizationSourceTransaction) this.transMgr.getWriteTransaction();
    }

    @Override // com.metamatrix.platform.service.controller.AbstractService
    protected void closeService() throws Exception {
        if (this.serviceClosed) {
            return;
        }
        String instanceName = getInstanceName();
        LogManager.logInfo(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(LogMessageKeys.SEC_AUTHORIZATION_0001, new Object[]{instanceName}));
        this.serviceClosed = true;
        this.auditManager.stop();
        LogManager.logInfo(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(LogMessageKeys.SEC_AUTHORIZATION_0002, new Object[]{instanceName}));
    }

    @Override // com.metamatrix.platform.service.controller.AbstractService
    protected void waitForServiceToClear() throws Exception {
        try {
            closeService();
        } catch (Exception e) {
            LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, e, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0009));
        }
    }

    @Override // com.metamatrix.platform.service.controller.AbstractService
    protected void killService() {
        try {
            closeService();
        } catch (Exception e) {
            LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, e, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0009));
        }
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public boolean checkAccess(SessionToken sessionToken, String str, AuthorizationPermission authorizationPermission) throws InvalidSessionException, AuthorizationMgmtException {
        LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"checkAccess(", sessionToken, ", ", str, ", ", authorizationPermission, JDBCReservedWords.RIGHT_PAREN});
        this.auditManager.record(str, "checkAccess-request", sessionToken.getUsername(), authorizationPermission.getResourceName());
        boolean checkAccess = checkAccess(sessionToken, str, authorizationPermission, false);
        if (!checkAccess) {
            this.auditManager.record(str, "checkAccess-denied", sessionToken.getUsername(), authorizationPermission.getResourceName());
        }
        return checkAccess;
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public boolean checkAccess(SessionToken sessionToken, String str, AuthorizationPermission authorizationPermission, boolean z) throws InvalidSessionException, AuthorizationMgmtException {
        Collection arrayList = new ArrayList();
        if (z) {
            arrayList = getDependantRequests(authorizationPermission);
        } else {
            arrayList.add(authorizationPermission);
        }
        return getInaccessibleResources(sessionToken, str, arrayList).isEmpty();
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public Collection getInaccessibleResources(SessionToken sessionToken, String str, Collection collection) throws InvalidSessionException, AuthorizationMgmtException {
        LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getInaccessibleResources(", sessionToken, ", ", str, ", ", collection, JDBCReservedWords.RIGHT_PAREN});
        this.auditManager.record(str, "getInaccessibleResources-request", sessionToken.getUsername(), collection);
        if (isEntitled(sessionToken.getUsername())) {
            return Collections.EMPTY_LIST;
        }
        HashSet hashSet = new HashSet(collection);
        try {
            Iterator it = getPoliciesForPrincipal(new MetaMatrixPrincipalName(sessionToken.getUsername(), 0), sessionToken, getRequestedRealm(collection)).iterator();
            while (it.hasNext() && !hashSet.isEmpty()) {
                Iterator it2 = hashSet.iterator();
                AuthorizationPolicy authorizationPolicy = (AuthorizationPolicy) it.next();
                while (it2.hasNext()) {
                    if (authorizationPolicy.implies((AuthorizationPermission) it2.next())) {
                        it2.remove();
                    }
                }
            }
            if (hashSet.isEmpty()) {
                this.auditManager.record(str, "getInaccessibleResources-granted all", sessionToken.getUsername(), collection);
            } else {
                this.auditManager.record(str, "getInaccessibleResources-denied", sessionToken.getUsername(), hashSet);
            }
            return hashSet;
        } catch (InvalidPrincipalException e) {
            throw new InvalidSessionException(e, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0020));
        }
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public List getGroupEntitlements(AuthorizationRealm authorizationRealm, Collection collection) throws AuthorizationMgmtException {
        ArrayList arrayList = new ArrayList();
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            arrayList.addAll(getGroupEntitlements(authorizationRealm, (String) it.next()));
        }
        return arrayList;
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public List getGroupEntitlements(AuthorizationRealm authorizationRealm, String str) throws AuthorizationMgmtException {
        LogManager.logTrace(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getGroupEntitlements(", authorizationRealm, str, JDBCReservedWords.RIGHT_PAREN});
        boolean z = false;
        MetaMatrixException metaMatrixException = null;
        String str2 = null;
        if (str.indexOf(37) > 0) {
            throw new AuthorizationMgmtException(ErrorMessageKeys.SEC_AUTHORIZATION_0022, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0022));
        }
        Map hashMap = new HashMap();
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        int i = 0;
        while (true) {
            if (i >= this.retries) {
                break;
            }
            try {
                try {
                    authorizationSourceTransaction = getReadTransaction();
                    hashMap = authorizationSourceTransaction.getGroupEntitlements(authorizationRealm, str);
                    z = true;
                    completeTransaction(true, authorizationSourceTransaction);
                    break;
                } catch (AuthorizationSourceConnectionException e) {
                    str2 = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0024);
                    LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0024, new Object[]{e, str2}));
                    metaMatrixException = e;
                    z = false;
                    completeTransaction(false, authorizationSourceTransaction);
                }
            } catch (ManagedConnectionException e2) {
                try {
                    str2 = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0023);
                    LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0023, new Object[]{e2, str2}));
                    metaMatrixException = e2;
                    z = false;
                    completeTransaction(false, authorizationSourceTransaction);
                } catch (Throwable th) {
                    completeTransaction(z, authorizationSourceTransaction);
                    throw th;
                }
            } catch (AuthorizationSourceException e3) {
                throw new AuthorizationMgmtException(e3, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0025));
            }
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry getting entitlements for resource."});
            i++;
        }
        if (z) {
            return buildEntitlementList(authorizationRealm, hashMap, true);
        }
        throw new AuthorizationMgmtException(metaMatrixException, str2);
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public List getElementEntitlements(AuthorizationRealm authorizationRealm, Collection collection) throws AuthorizationMgmtException {
        ArrayList arrayList = new ArrayList();
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            arrayList.addAll(getElementEntitlements(authorizationRealm, (String) it.next()));
        }
        return arrayList;
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public List getElementEntitlements(AuthorizationRealm authorizationRealm, String str) throws AuthorizationMgmtException {
        LogManager.logTrace(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getElementEntitlements(", authorizationRealm, str, JDBCReservedWords.RIGHT_PAREN});
        boolean z = false;
        MetaMatrixSecurityException metaMatrixSecurityException = null;
        String str2 = null;
        Map hashMap = new HashMap();
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        int i = 0;
        while (true) {
            if (i >= this.retries) {
                break;
            }
            try {
                try {
                    authorizationSourceTransaction = getReadTransaction();
                    hashMap = authorizationSourceTransaction.getElementEntitlements(authorizationRealm, str);
                    z = true;
                    completeTransaction(true, authorizationSourceTransaction);
                    break;
                } catch (ManagedConnectionException e) {
                    try {
                        str2 = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0023);
                        LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0023, new Object[]{e, str2}));
                        metaMatrixSecurityException = e;
                        z = false;
                        completeTransaction(false, authorizationSourceTransaction);
                    } catch (Throwable th) {
                        completeTransaction(z, authorizationSourceTransaction);
                        throw th;
                    }
                }
            } catch (AuthorizationSourceConnectionException e2) {
                str2 = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0024);
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0024, new Object[]{e2, str2}));
                metaMatrixSecurityException = e2;
                z = false;
                completeTransaction(false, authorizationSourceTransaction);
            } catch (AuthorizationSourceException e3) {
                throw new AuthorizationMgmtException(e3, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0025));
            }
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry getting entitlements for resource."});
            i++;
        }
        if (z) {
            return buildEntitlementList(authorizationRealm, hashMap, false);
        }
        throw new AuthorizationMgmtException(metaMatrixSecurityException, str2);
    }

    private List buildEntitlementList(AuthorizationRealm authorizationRealm, Map map, boolean z) {
        String substring;
        ArrayList arrayList = new ArrayList();
        for (String str : map.keySet()) {
            String str2 = null;
            if (z) {
                substring = str;
            } else {
                int lastIndexOf = str.lastIndexOf(46);
                substring = str.substring(0, lastIndexOf);
                str2 = str.substring(lastIndexOf + 1, str.length());
            }
            UserEntitlementInfo userEntitlementInfo = new UserEntitlementInfo(authorizationRealm, substring, str2);
            Iterator it = ((Set) map.get(str)).iterator();
            while (it.hasNext()) {
                userEntitlementInfo.addTriplet((GranteeEntitlementEntry) it.next());
            }
            arrayList.add(userEntitlementInfo);
        }
        return arrayList;
    }

    private Collection getRealmNames() throws AuthorizationMgmtException {
        LogManager.logTrace(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getRealmNames()"});
        boolean z = false;
        MetaMatrixException metaMatrixException = null;
        String str = null;
        Collection arrayList = new ArrayList();
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        int i = 0;
        while (true) {
            if (i >= this.retries) {
                break;
            }
            try {
                try {
                    authorizationSourceTransaction = getReadTransaction();
                    arrayList = authorizationSourceTransaction.getRealmNames();
                    z = true;
                    completeTransaction(true, authorizationSourceTransaction);
                    break;
                } catch (AuthorizationSourceConnectionException e) {
                    str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0024);
                    LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0024, new Object[]{e, str}));
                    metaMatrixException = e;
                    z = false;
                    completeTransaction(false, authorizationSourceTransaction);
                }
            } catch (ManagedConnectionException e2) {
                try {
                    str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0023);
                    LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0023, new Object[]{e2, str}));
                    metaMatrixException = e2;
                    z = false;
                    completeTransaction(false, authorizationSourceTransaction);
                } catch (Throwable th) {
                    completeTransaction(z, authorizationSourceTransaction);
                    throw th;
                }
            } catch (AuthorizationSourceException e3) {
                throw new AuthorizationMgmtException(e3, ErrorMessageKeys.SEC_AUTHORIZATION_0025, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0025));
            }
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry getting entitlements for resource."});
            i++;
        }
        if (!z) {
            throw new AuthorizationMgmtException(metaMatrixException, str);
        }
        if (arrayList != null) {
            return arrayList;
        }
        if (metaMatrixException != null) {
            throw new AuthorizationMgmtException(metaMatrixException, str);
        }
        throw new AuthorizationMgmtException(ErrorMessageKeys.SEC_AUTHORIZATION_0028, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0028));
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public Collection getRealmNames(SessionToken sessionToken) throws InvalidSessionException, AuthorizationException, AuthorizationMgmtException {
        LogManager.logTrace(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getRealmNames(", sessionToken, JDBCReservedWords.RIGHT_PAREN});
        return getRealmNames();
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public boolean containsPolicy(SessionToken sessionToken, AuthorizationPolicyID authorizationPolicyID) throws InvalidSessionException, AuthorizationException, AuthorizationMgmtException {
        LogManager.logTrace(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"containsPolicy(", sessionToken, ", ", authorizationPolicyID, JDBCReservedWords.RIGHT_PAREN});
        boolean z = false;
        MetaMatrixSecurityException metaMatrixSecurityException = null;
        String str = null;
        boolean z2 = false;
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        int i = 0;
        while (true) {
            if (i >= this.retries) {
                break;
            }
            try {
                try {
                    authorizationSourceTransaction = getReadTransaction();
                    z2 = authorizationSourceTransaction.containsPolicy(authorizationPolicyID);
                    z = true;
                    completeTransaction(true, authorizationSourceTransaction);
                    break;
                } catch (AuthorizationSourceException e) {
                    String string = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0031, new Object[]{authorizationPolicyID});
                    LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0031, new Object[]{e, string}));
                    throw new AuthorizationMgmtException(e, ErrorMessageKeys.SEC_AUTHORIZATION_0031, string);
                }
            } catch (ManagedConnectionException e2) {
                try {
                    str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0029, new Object[]{authorizationPolicyID});
                    LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0029, new Object[]{e2, str}));
                    metaMatrixSecurityException = e2;
                    z = false;
                    completeTransaction(false, authorizationSourceTransaction);
                } catch (Throwable th) {
                    completeTransaction(z, authorizationSourceTransaction);
                    throw th;
                }
            } catch (AuthorizationSourceConnectionException e3) {
                str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0030, new Object[]{authorizationPolicyID});
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0030, new Object[]{e3, str}));
                metaMatrixSecurityException = e3;
                z = false;
                completeTransaction(false, authorizationSourceTransaction);
            }
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry search for policy ID."});
            i++;
        }
        if (z) {
            return z2;
        }
        throw new AuthorizationMgmtException(metaMatrixSecurityException, str);
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public Collection findAllPolicyIDs(SessionToken sessionToken) throws InvalidSessionException, AuthorizationException, AuthorizationMgmtException {
        LogManager.logTrace(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"findAllPolicyIDs(", sessionToken, JDBCReservedWords.RIGHT_PAREN});
        boolean z = false;
        MetaMatrixException metaMatrixException = null;
        String str = null;
        HashSet hashSet = new HashSet();
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        int i = 0;
        while (true) {
            if (i >= this.retries) {
                break;
            }
            try {
                try {
                    authorizationSourceTransaction = getReadTransaction();
                    hashSet.addAll(authorizationSourceTransaction.findAllPolicyIDs());
                    z = true;
                    completeTransaction(true, authorizationSourceTransaction);
                    break;
                } catch (AuthorizationSourceConnectionException e) {
                    str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0033);
                    LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0033, new Object[]{e, str}));
                    metaMatrixException = e;
                    z = false;
                    completeTransaction(false, authorizationSourceTransaction);
                }
            } catch (ManagedConnectionException e2) {
                try {
                    str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0032);
                    LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0032, new Object[]{e2, str}));
                    metaMatrixException = e2;
                    z = false;
                    completeTransaction(false, authorizationSourceTransaction);
                } catch (Throwable th) {
                    completeTransaction(z, authorizationSourceTransaction);
                    throw th;
                }
            } catch (AuthorizationSourceException e3) {
                String string = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0034);
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0034, new Object[]{e3, string}));
                throw new AuthorizationMgmtException(e3, ErrorMessageKeys.SEC_AUTHORIZATION_0034, string);
            }
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry search for all policy IDs."});
            i++;
        }
        if (z) {
            return hashSet;
        }
        throw new AuthorizationMgmtException(metaMatrixException, str);
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public Collection findPolicyIDs(SessionToken sessionToken, Collection collection) throws InvalidSessionException, AuthorizationException, AuthorizationMgmtException {
        LogManager.logTrace(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"findPolicyIDs(", sessionToken, ", ", collection, JDBCReservedWords.RIGHT_PAREN});
        HashSet hashSet = new HashSet();
        Iterator it = collection.iterator();
        MetaMatrixPrincipalName metaMatrixPrincipalName = null;
        while (it.hasNext()) {
            try {
                metaMatrixPrincipalName = (MetaMatrixPrincipalName) it.next();
                Iterator it2 = findPolicyIDs(getGroupsForPrincipal(metaMatrixPrincipalName)).iterator();
                while (it2.hasNext()) {
                    hashSet.add(it2.next());
                }
            } catch (MetaMatrixSecurityException e) {
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0035, new Object[]{e, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0035, new Object[]{metaMatrixPrincipalName})}));
                return Collections.EMPTY_SET;
            }
        }
        return hashSet;
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public Collection getPolicies(SessionToken sessionToken, Collection collection) throws InvalidSessionException, AuthorizationException, AuthorizationMgmtException {
        LogManager.logTrace(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getPolicies(", sessionToken, ", ", collection, JDBCReservedWords.RIGHT_PAREN});
        return getPolicies(collection);
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public AuthorizationPolicy getPolicy(SessionToken sessionToken, AuthorizationPolicyID authorizationPolicyID) throws InvalidSessionException, AuthorizationException, AuthorizationMgmtException {
        LogManager.logTrace(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getPolicy(", sessionToken, ", ", authorizationPolicyID, JDBCReservedWords.RIGHT_PAREN});
        boolean z = false;
        MetaMatrixSecurityException metaMatrixSecurityException = null;
        String str = null;
        AuthorizationPolicy authorizationPolicy = null;
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        int i = 0;
        while (true) {
            if (i >= this.retries) {
                break;
            }
            try {
                try {
                    authorizationSourceTransaction = getReadTransaction();
                    authorizationPolicy = authorizationSourceTransaction.getPolicy(authorizationPolicyID);
                    z = true;
                    completeTransaction(true, authorizationSourceTransaction);
                    break;
                } catch (AuthorizationSourceException e) {
                    throw new AuthorizationMgmtException(e, ErrorMessageKeys.SEC_AUTHORIZATION_0039, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0039, new Object[]{authorizationPolicyID}));
                }
            } catch (ManagedConnectionException e2) {
                try {
                    str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0037, new Object[]{authorizationPolicyID});
                    LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0037, new Object[]{e2, str}));
                    metaMatrixSecurityException = e2;
                    z = false;
                    completeTransaction(false, authorizationSourceTransaction);
                } catch (Throwable th) {
                    completeTransaction(z, authorizationSourceTransaction);
                    throw th;
                }
            } catch (AuthorizationSourceConnectionException e3) {
                str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0038, new Object[]{authorizationPolicyID});
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0038, new Object[]{e3, str}));
                metaMatrixSecurityException = e3;
                z = false;
                completeTransaction(false, authorizationSourceTransaction);
            }
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry getting policy for ID (", authorizationPolicyID, JDBCReservedWords.RIGHT_PAREN});
            i++;
        }
        if (z) {
            return authorizationPolicy;
        }
        throw new AuthorizationMgmtException(metaMatrixSecurityException, str);
    }

    private void completeTransaction(boolean z, AuthorizationSourceTransaction authorizationSourceTransaction) {
        if (authorizationSourceTransaction != null) {
            try {
                if (z) {
                    authorizationSourceTransaction.commit();
                } else {
                    authorizationSourceTransaction.rollback();
                }
                authorizationSourceTransaction.close();
            } catch (Exception e) {
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0015, new Object[]{e}));
            }
        }
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public boolean isCallerInRole(SessionToken sessionToken, String str) throws AuthorizationMgmtException {
        LogManager.logTrace(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"isCallerInRole(", sessionToken, str, JDBCReservedWords.RIGHT_PAREN});
        try {
            return hasPolicy(sessionToken, RolePermissionFactory.getRealm(), str);
        } catch (MembershipServiceException e) {
            throw new AuthorizationMgmtException(e);
        }
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public Map getRoleDescriptions(SessionToken sessionToken) throws InvalidSessionException, AuthorizationException, AuthorizationMgmtException {
        boolean z = false;
        MetaMatrixException metaMatrixException = null;
        String str = null;
        Map map = null;
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        int i = 0;
        while (true) {
            if (i >= this.retries) {
                break;
            }
            try {
                try {
                    authorizationSourceTransaction = getReadTransaction();
                    map = authorizationSourceTransaction.getRoleDescriptions();
                    z = true;
                    completeTransaction(true, authorizationSourceTransaction);
                    break;
                } catch (AuthorizationSourceConnectionException e) {
                    str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0041);
                    LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0041, new Object[]{e, str}));
                    metaMatrixException = e;
                    z = false;
                    completeTransaction(false, authorizationSourceTransaction);
                }
            } catch (ManagedConnectionException e2) {
                try {
                    str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0040);
                    LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0040, new Object[]{e2, str}));
                    metaMatrixException = e2;
                    z = false;
                    completeTransaction(false, authorizationSourceTransaction);
                } catch (Throwable th) {
                    completeTransaction(z, authorizationSourceTransaction);
                    throw th;
                }
            } catch (AuthorizationSourceException e3) {
                throw new AuthorizationMgmtException(e3, ErrorMessageKeys.SEC_AUTHORIZATION_0042, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0042));
            }
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry getting role descriptions."});
            i++;
        }
        if (z) {
            return map;
        }
        throw new AuthorizationMgmtException(metaMatrixException, str);
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public Collection getPrincipalsForRole(SessionToken sessionToken, String str) throws InvalidSessionException, AuthorizationException, AuthorizationMgmtException {
        boolean z = false;
        MetaMatrixSecurityException metaMatrixSecurityException = null;
        String str2 = null;
        Collection collection = null;
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        int i = 0;
        while (true) {
            if (i >= this.retries) {
                break;
            }
            try {
                authorizationSourceTransaction = getReadTransaction();
                collection = authorizationSourceTransaction.getPrincipalsForRole(str);
                z = true;
                completeTransaction(true, authorizationSourceTransaction);
                break;
            } catch (ManagedConnectionException e) {
                try {
                    str2 = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0043, new Object[]{str.toString()});
                    LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0043, new Object[]{e, str2}));
                    metaMatrixSecurityException = e;
                    z = false;
                    completeTransaction(false, authorizationSourceTransaction);
                } catch (Throwable th) {
                    completeTransaction(z, authorizationSourceTransaction);
                    throw th;
                }
            } catch (AuthorizationSourceConnectionException e2) {
                str2 = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0044, new Object[]{str.toString()});
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0044, new Object[]{e2, str2}));
                metaMatrixSecurityException = e2;
                z = false;
                completeTransaction(false, authorizationSourceTransaction);
            } catch (AuthorizationSourceException e3) {
                throw new AuthorizationMgmtException(e3, ErrorMessageKeys.SEC_AUTHORIZATION_0045, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0045, new Object[]{str.toString()}));
            }
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry getting principals for role \"", str.toString(), "\"."});
            i++;
        }
        if (z) {
            return collection;
        }
        throw new AuthorizationMgmtException(metaMatrixSecurityException, str2);
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public Collection getRoleNamesForPrincipal(SessionToken sessionToken, MetaMatrixPrincipalName metaMatrixPrincipalName) throws AuthorizationMgmtException {
        try {
            if (isEntitled(metaMatrixPrincipalName.getName())) {
                return new HashSet(getRoleDescriptions(this.privlegedToken).keySet());
            }
            try {
                Collection policiesForPrincipal = getPoliciesForPrincipal(metaMatrixPrincipalName, sessionToken, RolePermissionFactory.getRealm());
                HashSet hashSet = new HashSet();
                Iterator it = policiesForPrincipal.iterator();
                while (it.hasNext()) {
                    hashSet.add(((AuthorizationPolicy) it.next()).getAuthorizationPolicyID().getDisplayName());
                }
                return hashSet;
            } catch (InvalidPrincipalException e) {
                throw new AuthorizationMgmtException(e);
            }
        } catch (MetaMatrixSecurityException e2) {
            throw new AuthorizationMgmtException(e2, ErrorMessageKeys.SEC_AUTHORIZATION_0075, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0075));
        }
    }

    protected boolean isEntitled(String str) {
        try {
            if (!this.membershipServiceProxy.isSuperUser(str) && this.membershipServiceProxy.isSecurityEnabled()) {
                return false;
            }
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Automatically entitling principal", str});
            return true;
        } catch (MembershipServiceException e) {
            throw new ServiceException(e, ErrorMessageKeys.SEC_AUTHORIZATION_0075, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0075));
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:14:0x041f, code lost:
    
        return r11;
     */
    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean removePrincipalFromAllPolicies(com.metamatrix.platform.security.api.SessionToken r9, com.metamatrix.platform.security.api.MetaMatrixPrincipalName r10) throws com.metamatrix.api.exception.security.AuthorizationException, com.metamatrix.api.exception.security.AuthorizationMgmtException {
        /*
            Method dump skipped, instructions count: 1056
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.metamatrix.platform.security.authorization.service.AuthorizationServiceImpl.removePrincipalFromAllPolicies(com.metamatrix.platform.security.api.SessionToken, com.metamatrix.platform.security.api.MetaMatrixPrincipalName):boolean");
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public Collection getPolicyIDsWithPermissionsInRealm(SessionToken sessionToken, AuthorizationRealm authorizationRealm) throws AuthorizationException, AuthorizationMgmtException {
        boolean z = false;
        MetaMatrixSecurityException metaMatrixSecurityException = null;
        String str = null;
        Collection collection = null;
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        int i = 0;
        while (true) {
            if (i >= this.retries) {
                break;
            }
            try {
                authorizationSourceTransaction = getReadTransaction();
                collection = authorizationSourceTransaction.getPolicyIDsWithPermissionsInRealm(authorizationRealm);
                z = true;
                completeTransaction(true, authorizationSourceTransaction);
                break;
            } catch (ManagedConnectionException e) {
                try {
                    str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0055, new Object[]{authorizationRealm.toString()});
                    LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0055, new Object[]{e, str}));
                    metaMatrixSecurityException = e;
                    z = false;
                    completeTransaction(false, authorizationSourceTransaction);
                } catch (Throwable th) {
                    completeTransaction(z, authorizationSourceTransaction);
                    throw th;
                }
            } catch (AuthorizationSourceConnectionException e2) {
                str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0056, new Object[]{authorizationRealm.toString()});
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0056, new Object[]{e2, str}));
                metaMatrixSecurityException = e2;
                z = false;
                completeTransaction(false, authorizationSourceTransaction);
            } catch (AuthorizationSourceException e3) {
                throw new AuthorizationMgmtException(e3, ErrorMessageKeys.SEC_AUTHORIZATION_0057, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0057, new Object[]{authorizationRealm.toString()}));
            }
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry getting Authorization PolicyIDs with permissions belonging to realm \"", authorizationRealm.toString(), "\"."});
            i++;
        }
        if (z) {
            return collection;
        }
        throw new AuthorizationMgmtException(metaMatrixSecurityException, str);
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public Collection getPolicyIDsInRealm(SessionToken sessionToken, AuthorizationRealm authorizationRealm) throws AuthorizationException, AuthorizationMgmtException {
        boolean z = false;
        MetaMatrixSecurityException metaMatrixSecurityException = null;
        String str = null;
        Collection collection = null;
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        int i = 0;
        while (true) {
            if (i >= this.retries) {
                break;
            }
            try {
                try {
                    authorizationSourceTransaction = getReadTransaction();
                    collection = authorizationSourceTransaction.getPolicyIDsInRealm(authorizationRealm);
                    z = true;
                    completeTransaction(true, authorizationSourceTransaction);
                    break;
                } catch (ManagedConnectionException e) {
                    try {
                        str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0058, new Object[]{authorizationRealm.toString()});
                        LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0058, new Object[]{e, str}));
                        metaMatrixSecurityException = e;
                        z = false;
                        completeTransaction(false, authorizationSourceTransaction);
                    } catch (Throwable th) {
                        completeTransaction(z, authorizationSourceTransaction);
                        throw th;
                    }
                }
            } catch (AuthorizationSourceConnectionException e2) {
                str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0059, new Object[]{authorizationRealm.toString()});
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0059, new Object[]{e2, str}));
                metaMatrixSecurityException = e2;
                z = false;
                completeTransaction(false, authorizationSourceTransaction);
            } catch (AuthorizationSourceException e3) {
                throw new AuthorizationMgmtException(e3, ErrorMessageKeys.SEC_AUTHORIZATION_0060, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0060, new Object[]{authorizationRealm.toString()}));
            }
            authorizationSourceTransaction = null;
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry getting Authorization Policies belonging to realm \"", authorizationRealm.toString(), "\"."});
            i++;
        }
        if (z) {
            return collection;
        }
        throw new AuthorizationMgmtException(metaMatrixSecurityException, str);
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public Collection getPoliciesInRealm(SessionToken sessionToken, AuthorizationRealm authorizationRealm) throws AuthorizationException, AuthorizationMgmtException {
        return getPolicies(getPolicyIDsInRealm(sessionToken, authorizationRealm));
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public Collection getPolicyIDsInPartialRealm(SessionToken sessionToken, AuthorizationRealm authorizationRealm) throws AuthorizationException, AuthorizationMgmtException {
        boolean z = false;
        MetaMatrixSecurityException metaMatrixSecurityException = null;
        String str = null;
        Collection collection = null;
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        int i = 0;
        while (true) {
            if (i >= this.retries) {
                break;
            }
            try {
                try {
                    authorizationSourceTransaction = getReadTransaction();
                    collection = authorizationSourceTransaction.getPolicyIDsInPartialRealm(authorizationRealm);
                    z = true;
                    completeTransaction(true, authorizationSourceTransaction);
                    break;
                } catch (ManagedConnectionException e) {
                    try {
                        str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0058, new Object[]{authorizationRealm.toString()});
                        LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0058, new Object[]{e, str}));
                        metaMatrixSecurityException = e;
                        z = false;
                        completeTransaction(false, authorizationSourceTransaction);
                    } catch (Throwable th) {
                        completeTransaction(z, authorizationSourceTransaction);
                        throw th;
                    }
                }
            } catch (AuthorizationSourceConnectionException e2) {
                str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0059, new Object[]{authorizationRealm.toString()});
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0059, new Object[]{e2, str}));
                metaMatrixSecurityException = e2;
                z = false;
                completeTransaction(false, authorizationSourceTransaction);
            } catch (AuthorizationSourceException e3) {
                throw new AuthorizationMgmtException(e3, ErrorMessageKeys.SEC_AUTHORIZATION_0060, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0060, new Object[]{authorizationRealm.toString()}));
            }
            authorizationSourceTransaction = null;
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry getting Authorization Policies belonging to realm \"", authorizationRealm.toString(), "\"."});
            i++;
        }
        if (z) {
            return collection;
        }
        throw new AuthorizationMgmtException(metaMatrixSecurityException, str);
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public Collection getPolicIDsForResourceInRealm(SessionToken sessionToken, AuthorizationRealm authorizationRealm, String str) throws AuthorizationException, AuthorizationMgmtException {
        return getPolicIDsForResourceInRealm(authorizationRealm, str);
    }

    private Collection getPolicIDsForResourceInRealm(AuthorizationRealm authorizationRealm, String str) throws AuthorizationMgmtException {
        boolean z = false;
        MetaMatrixSecurityException metaMatrixSecurityException = null;
        String str2 = null;
        Collection collection = null;
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        int i = 0;
        while (true) {
            if (i >= this.retries) {
                break;
            }
            try {
                try {
                    authorizationSourceTransaction = getReadTransaction();
                    collection = authorizationSourceTransaction.getPolicyIDsForResourceInRealm(authorizationRealm, str);
                    z = true;
                    completeTransaction(true, authorizationSourceTransaction);
                    break;
                } catch (ManagedConnectionException e) {
                    try {
                        str2 = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0058, new Object[]{authorizationRealm.toString()});
                        LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0058, new Object[]{e, str2}));
                        metaMatrixSecurityException = e;
                        z = false;
                        completeTransaction(false, authorizationSourceTransaction);
                    } catch (Throwable th) {
                        completeTransaction(z, authorizationSourceTransaction);
                        throw th;
                    }
                }
            } catch (AuthorizationSourceConnectionException e2) {
                str2 = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0059, new Object[]{authorizationRealm.toString()});
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0059, new Object[]{e2, str2}));
                metaMatrixSecurityException = e2;
                z = false;
                completeTransaction(false, authorizationSourceTransaction);
            } catch (AuthorizationSourceException e3) {
                throw new AuthorizationMgmtException(e3, ErrorMessageKeys.SEC_AUTHORIZATION_0060, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0060, new Object[]{authorizationRealm.toString()}));
            }
            authorizationSourceTransaction = null;
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry getting Authorization Policies belonging to realm \"", authorizationRealm.toString(), "\"."});
            i++;
        }
        if (z) {
            return collection;
        }
        throw new AuthorizationMgmtException(metaMatrixSecurityException, str2);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v28, types: [java.util.Collection] */
    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public PermissionDataNode fillPermissionNodeTree(PermissionDataNode permissionDataNode, AuthorizationPolicyID authorizationPolicyID) throws AuthorizationMgmtException {
        LogManager.logTrace(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"fillPermissionNodeTree(", permissionDataNode, authorizationPolicyID, JDBCReservedWords.RIGHT_PAREN});
        Set permissionsForPolicy = getPermissionsForPolicy(authorizationPolicyID);
        List<PermissionNodeException> list = Collections.EMPTY_LIST;
        PermissionDataNodeTreeViewImpl permissionDataNodeTreeViewImpl = new PermissionDataNodeTreeViewImpl(permissionDataNode);
        if (permissionsForPolicy.size() > 0) {
            list = permissionDataNodeTreeViewImpl.setPermissions(permissionsForPolicy);
        }
        if (list.size() <= 0) {
            return permissionDataNode;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (PermissionNodeException permissionNodeException : list) {
            stringBuffer.append(permissionNodeException.getClass().getSimpleName() + " ");
            stringBuffer.append(permissionNodeException.getMessage());
            stringBuffer.append(", ");
        }
        stringBuffer.setLength(stringBuffer.length() - 2);
        throw new AuthorizationMgmtException(stringBuffer.toString());
    }

    private Set getPermissionsForPolicy(AuthorizationPolicyID authorizationPolicyID) throws AuthorizationMgmtException {
        boolean z = false;
        MetaMatrixSecurityException metaMatrixSecurityException = null;
        String str = null;
        Set set = Collections.EMPTY_SET;
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        int i = 0;
        while (true) {
            if (i >= this.retries) {
                break;
            }
            try {
                authorizationSourceTransaction = getReadTransaction();
                set = authorizationSourceTransaction.getPermissionsForPolicy(authorizationPolicyID);
                z = true;
                completeTransaction(true, authorizationSourceTransaction);
                break;
            } catch (ManagedConnectionException e) {
                try {
                    str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0061, new Object[]{authorizationPolicyID.toString()});
                    LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0061, new Object[]{e, str}));
                    metaMatrixSecurityException = e;
                    z = false;
                    completeTransaction(false, authorizationSourceTransaction);
                } catch (Throwable th) {
                    completeTransaction(z, authorizationSourceTransaction);
                    throw th;
                }
            } catch (AuthorizationSourceConnectionException e2) {
                str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0062, new Object[]{authorizationPolicyID.toString()});
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0062, new Object[]{e2, str}));
                metaMatrixSecurityException = e2;
                z = false;
                completeTransaction(false, authorizationSourceTransaction);
            } catch (AuthorizationSourceException e3) {
                throw new AuthorizationMgmtException(e3, ErrorMessageKeys.SEC_AUTHORIZATION_0063, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0063, new Object[]{authorizationPolicyID.toString()}));
            }
            authorizationSourceTransaction = null;
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry getting permissions for policy \"", authorizationPolicyID.toString(), "\"."});
            i++;
        }
        if (z) {
            return set;
        }
        throw new AuthorizationMgmtException(metaMatrixSecurityException, str);
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public Set executeTransaction(SessionToken sessionToken, List list) throws InvalidSessionException, AuthorizationException, AuthorizationMgmtException {
        LogManager.logTrace(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"executeTransaction(", sessionToken, list, JDBCReservedWords.RIGHT_PAREN});
        if (sessionToken == null) {
            throw new IllegalArgumentException(PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0064));
        }
        if (list == null) {
            throw new IllegalArgumentException(PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0065));
        }
        LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Executing transaction with ", new Integer(list.size()), " action(s)"});
        HashSet hashSet = new HashSet();
        if (list.isEmpty()) {
            return hashSet;
        }
        this.auditManager.record(SecurityAuditContexts.CTX_AUTHORIZATION, "executeTransaction-modify", sessionToken.getUsername(), printActions(list));
        ArrayList arrayList = new ArrayList(7);
        Object obj = null;
        ActionDefinition actionDefinition = null;
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        boolean z = false;
        int i = -1;
        try {
            try {
                authorizationSourceTransaction = getWriteTransaction();
                boolean z2 = false;
                Iterator it = list.iterator();
                if (it.hasNext()) {
                    actionDefinition = (ActionDefinition) it.next();
                    obj = actionDefinition.getTarget();
                    arrayList.add(actionDefinition);
                    LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Target: <", obj, "> First action: <", actionDefinition, ">"});
                }
                while (it.hasNext()) {
                    ActionDefinition actionDefinition2 = (ActionDefinition) it.next();
                    if (actionDefinition instanceof CreateObject) {
                        z2 = true;
                    }
                    if (actionDefinition instanceof DestroyObject) {
                        if (!z2) {
                            executeTransactionsOnTarget(authorizationSourceTransaction, arrayList, obj, sessionToken, hashSet);
                        }
                        i += arrayList.size();
                        arrayList.clear();
                        z2 = false;
                        obj = actionDefinition2.getTarget();
                    } else if (obj != actionDefinition2.getTarget()) {
                        executeTransactionsOnTarget(authorizationSourceTransaction, arrayList, obj, sessionToken, hashSet);
                        i += arrayList.size();
                        arrayList.clear();
                        z2 = false;
                        obj = actionDefinition2.getTarget();
                    }
                    actionDefinition = actionDefinition2;
                    arrayList.add(actionDefinition);
                    LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Target: ", obj, " action: ", actionDefinition});
                }
                if (arrayList.size() != 0) {
                    executeTransactionsOnTarget(authorizationSourceTransaction, arrayList, obj, sessionToken, hashSet);
                }
                this.authorizationCache.clearCaches();
                z = true;
                if (authorizationSourceTransaction != null) {
                    if (1 != 0) {
                        try {
                            authorizationSourceTransaction.commit();
                        } catch (ManagedConnectionException e) {
                            LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, e, PlatformPlugin.Util.getString("AuthorizationServiceImpl.Error_committing_transaction_after_executing_actions__{0}", new Object[]{new Object[]{printActions(list)}}));
                        }
                    } else {
                        try {
                            authorizationSourceTransaction.rollback();
                        } catch (ManagedConnectionException e2) {
                            LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, e2, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0067, new Object[]{printActions(list)}));
                        }
                    }
                    try {
                        authorizationSourceTransaction.close();
                    } catch (Exception e3) {
                        LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, e3, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0015, new Object[]{printActions(list)}));
                    }
                }
                return hashSet;
            } catch (AuthorizationMgmtException e4) {
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, e4, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0066, new Object[]{printActions(list)}));
                throw e4;
            } catch (Exception e5) {
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, e5, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0066, new Object[]{printActions(list)}));
                throw new AuthorizationMgmtException(e5);
            }
        } catch (Throwable th) {
            if (authorizationSourceTransaction != null) {
                if (z) {
                    try {
                        authorizationSourceTransaction.commit();
                    } catch (ManagedConnectionException e6) {
                        LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, e6, PlatformPlugin.Util.getString("AuthorizationServiceImpl.Error_committing_transaction_after_executing_actions__{0}", new Object[]{new Object[]{printActions(list)}}));
                    }
                } else {
                    try {
                        authorizationSourceTransaction.rollback();
                    } catch (ManagedConnectionException e7) {
                        LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, e7, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0067, new Object[]{printActions(list)}));
                    }
                }
                try {
                    authorizationSourceTransaction.close();
                } catch (Exception e8) {
                    LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, e8, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0015, new Object[]{printActions(list)}));
                }
            }
            throw th;
        }
    }

    private Collection findPolicyIDs(Collection collection, AuthorizationRealm authorizationRealm) throws AuthorizationMgmtException {
        boolean z = false;
        MetaMatrixSecurityException metaMatrixSecurityException = null;
        String str = null;
        HashSet hashSet = new HashSet();
        if (collection == null || collection.size() == 0) {
            return hashSet;
        }
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        int i = 0;
        while (true) {
            if (i >= this.retries) {
                break;
            }
            try {
                try {
                    authorizationSourceTransaction = getReadTransaction();
                    hashSet.addAll(authorizationSourceTransaction.findPolicyIDs(collection, authorizationRealm));
                    z = true;
                    completeTransaction(true, authorizationSourceTransaction);
                    break;
                } catch (ManagedConnectionException e) {
                    try {
                        str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0068);
                        LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0068, new Object[]{e, str}));
                        metaMatrixSecurityException = e;
                        z = false;
                        completeTransaction(false, authorizationSourceTransaction);
                    } catch (Throwable th) {
                        completeTransaction(z, authorizationSourceTransaction);
                        throw th;
                    }
                } catch (AuthorizationSourceException e2) {
                    throw new AuthorizationMgmtException(e2, ErrorMessageKeys.SEC_AUTHORIZATION_0070, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0070));
                }
            } catch (AuthorizationSourceConnectionException e3) {
                str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0069);
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0069, new Object[]{e3, str}));
                metaMatrixSecurityException = e3;
                z = false;
                completeTransaction(false, authorizationSourceTransaction);
            } catch (Exception e4) {
                throw new AuthorizationMgmtException(e4, ErrorMessageKeys.SEC_AUTHORIZATION_0071, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0071));
            }
            authorizationSourceTransaction = null;
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry search for policy IDs belonging to principal collection."});
            i++;
        }
        if (z) {
            return hashSet;
        }
        throw new AuthorizationMgmtException(metaMatrixSecurityException, str);
    }

    private Collection findPolicyIDs(Collection collection) throws AuthorizationMgmtException {
        boolean z = false;
        MetaMatrixSecurityException metaMatrixSecurityException = null;
        String str = null;
        HashSet hashSet = new HashSet();
        if (collection == null || collection.size() == 0) {
            return hashSet;
        }
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        int i = 0;
        while (true) {
            if (i >= this.retries) {
                break;
            }
            try {
                try {
                    try {
                        try {
                            authorizationSourceTransaction = getReadTransaction();
                            hashSet.addAll(authorizationSourceTransaction.findPolicyIDs(collection));
                            z = true;
                            completeTransaction(true, authorizationSourceTransaction);
                            break;
                        } catch (ManagedConnectionException e) {
                            try {
                                str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0068);
                                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0068, new Object[]{e, str}));
                                metaMatrixSecurityException = e;
                                z = false;
                                completeTransaction(false, authorizationSourceTransaction);
                            } catch (Throwable th) {
                                completeTransaction(z, authorizationSourceTransaction);
                                throw th;
                            }
                        }
                    } catch (AuthorizationSourceConnectionException e2) {
                        str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0069);
                        LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0069, new Object[]{e2, str}));
                        metaMatrixSecurityException = e2;
                        z = false;
                        completeTransaction(false, authorizationSourceTransaction);
                    }
                } catch (Exception e3) {
                    throw new AuthorizationMgmtException(e3, ErrorMessageKeys.SEC_AUTHORIZATION_0071, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0071));
                }
            } catch (AuthorizationSourceException e4) {
                throw new AuthorizationMgmtException(e4, ErrorMessageKeys.SEC_AUTHORIZATION_0070, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0070));
            }
            authorizationSourceTransaction = null;
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry search for policy IDs belonging to principal collection."});
            i++;
        }
        if (z) {
            return hashSet;
        }
        throw new AuthorizationMgmtException(metaMatrixSecurityException, str);
    }

    private Collection getPolicies(Collection collection) throws AuthorizationMgmtException {
        boolean z = false;
        MetaMatrixSecurityException metaMatrixSecurityException = null;
        String str = null;
        Collection synchronizedCollection = Collections.synchronizedCollection(collection);
        HashSet hashSet = new HashSet();
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        int i = 0;
        while (true) {
            if (i >= this.retries) {
                break;
            }
            try {
                try {
                    authorizationSourceTransaction = getReadTransaction();
                    hashSet.addAll(authorizationSourceTransaction.getPolicies(synchronizedCollection));
                    z = true;
                    completeTransaction(true, authorizationSourceTransaction);
                    break;
                } catch (ManagedConnectionException e) {
                    try {
                        str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0072);
                        LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0072, new Object[]{e, str}));
                        metaMatrixSecurityException = e;
                        z = false;
                        completeTransaction(false, authorizationSourceTransaction);
                    } catch (Throwable th) {
                        completeTransaction(z, authorizationSourceTransaction);
                        throw th;
                    }
                }
            } catch (AuthorizationSourceConnectionException e2) {
                str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0073);
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0073, new Object[]{e2, str}));
                metaMatrixSecurityException = e2;
                z = false;
                completeTransaction(false, authorizationSourceTransaction);
            } catch (AuthorizationSourceException e3) {
                throw new AuthorizationMgmtException(e3, ErrorMessageKeys.SEC_AUTHORIZATION_0074, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0074));
            }
            authorizationSourceTransaction = null;
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry search for policies with ID collection."});
            i++;
        }
        if (z) {
            return hashSet;
        }
        throw new AuthorizationMgmtException(metaMatrixSecurityException, str);
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public boolean hasPolicy(SessionToken sessionToken, AuthorizationRealm authorizationRealm, String str) throws AuthorizationMgmtException, MembershipServiceException {
        if (isEntitled(sessionToken.getUsername())) {
            return true;
        }
        try {
            Collection policiesForPrincipal = getPoliciesForPrincipal(new MetaMatrixPrincipalName(sessionToken.getUsername(), 0), sessionToken, authorizationRealm);
            HashSet hashSet = new HashSet();
            hashSet.add(str);
            if (authorizationRealm == RolePermissionFactory.getRealm()) {
                if ("Admin.ProductAdmin".equals(str)) {
                    hashSet.add("Admin.SystemAdmin");
                } else if ("Admin.ReadOnlyAdmin".equals(str)) {
                    hashSet.add("Admin.ProductAdmin");
                    hashSet.add("Admin.SystemAdmin");
                }
            }
            Iterator it = policiesForPrincipal.iterator();
            while (it.hasNext()) {
                if (hashSet.contains(((AuthorizationPolicy) it.next()).getAuthorizationPolicyID().getDisplayName())) {
                    return true;
                }
            }
            return false;
        } catch (InvalidPrincipalException e) {
            throw new AuthorizationMgmtException(e);
        }
    }

    private Collection getPoliciesForPrincipal(MetaMatrixPrincipalName metaMatrixPrincipalName, SessionToken sessionToken, AuthorizationRealm authorizationRealm) throws AuthorizationMgmtException, InvalidPrincipalException {
        LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getPoliciesForPrincipal(", metaMatrixPrincipalName, ", ", authorizationRealm, ") - Trying cache first."});
        Collection findPolicyIDs = this.authorizationCache.findPolicyIDs(metaMatrixPrincipalName, sessionToken);
        if (findPolicyIDs != null && findPolicyIDs.size() > 0) {
            if (hasPolicyIDsForRealm(findPolicyIDs, authorizationRealm)) {
                LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getPoliciesForPrincipal(", metaMatrixPrincipalName, ", ", authorizationRealm, ") - Found poliyIDs cached for the principal in the given realm."});
            } else {
                LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getPoliciesForPrincipal(", metaMatrixPrincipalName, ", ", authorizationRealm, ") - Principal has no policyIDs cached for the given realm."});
                findPolicyIDs.clear();
            }
        }
        if (findPolicyIDs == null || findPolicyIDs.size() == 0) {
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getPoliciesForPrincipal(", metaMatrixPrincipalName, ", ", authorizationRealm, ") - No policyIDs found in cache, going to store."});
            findPolicyIDs = findPolicyIDs(getGroupsForPrincipal(metaMatrixPrincipalName), authorizationRealm);
            if (findPolicyIDs == null || findPolicyIDs.size() == 0) {
                LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getPoliciesForPrincipal(", metaMatrixPrincipalName, ", ", authorizationRealm, ") - No policyIDs found for realm - no authorization."});
                return Collections.EMPTY_SET;
            }
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getPoliciesForPrincipal(", metaMatrixPrincipalName, ", ", authorizationRealm, ") - Found policyIDs in store - caching: ", findPolicyIDs});
            this.authorizationCache.cachePolicyIDsForPrincipal(metaMatrixPrincipalName, sessionToken, findPolicyIDs);
        }
        new HashSet();
        LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getPoliciesForPrincipal(", metaMatrixPrincipalName, ", ", authorizationRealm, ") - Looking up policies in cache by policyID."});
        Collection findPolicies = this.authorizationCache.findPolicies(findPolicyIDs);
        if (findPolicies == null || findPolicies.size() == 0 || findPolicies.size() < findPolicyIDs.size()) {
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getPoliciesForPrincipal(", metaMatrixPrincipalName, ", ", authorizationRealm, ") - No policies were found in cache, going to store."});
            findPolicies = getPolicies(findPolicyIDs);
            if (findPolicies != null && findPolicies.size() > 0) {
                LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getPoliciesForPrincipal(", metaMatrixPrincipalName, ", ", authorizationRealm, ") - Found policies in store - caching."});
                this.authorizationCache.cachePoliciesWithIDs(findPolicies);
            }
        } else {
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getPoliciesForPrincipal(", metaMatrixPrincipalName, ", ", authorizationRealm, ") - Found policies <", findPolicies, "> in cache."});
        }
        LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getPoliciesForPrincipal(", metaMatrixPrincipalName, ", ", authorizationRealm, ") - Returning these Policies for principal: <", findPolicies, ">"});
        return findPolicies;
    }

    private boolean hasPolicyIDsForRealm(Collection collection, AuthorizationRealm authorizationRealm) {
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            AuthorizationRealm realm = ((AuthorizationPolicyID) it.next()).getRealm();
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"hasPolicyIDsForRealm() - Comparing realms: <", realm, "> <", authorizationRealm, ">"});
            if (realm.equals(authorizationRealm)) {
                LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"hasPolicyIDsForRealm() - Realms are equal."});
                return true;
            }
        }
        LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"hasPolicyIDsForRealm() - No realms found to be equal."});
        return false;
    }

    private Collection getGroupsForPrincipal(MetaMatrixPrincipalName metaMatrixPrincipalName) throws AuthorizationMgmtException, InvalidPrincipalException {
        LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getGroupsForPrincipal(", metaMatrixPrincipalName, ") - Getting all group memberships."});
        HashSet hashSet = new HashSet();
        try {
            Set set = Collections.EMPTY_SET;
            if (metaMatrixPrincipalName.getType() == 0 || metaMatrixPrincipalName.getType() == 2) {
                set = this.membershipServiceProxy.getGroupsForUser(metaMatrixPrincipalName.getName());
            } else if (metaMatrixPrincipalName.getType() == 1) {
                MetaMatrixPrincipal principal = this.membershipServiceProxy.getPrincipal(metaMatrixPrincipalName);
                set = new HashSet();
                set.add(principal.getName());
            }
            Iterator it = set.iterator();
            while (it.hasNext()) {
                MetaMatrixPrincipalName metaMatrixPrincipalName2 = new MetaMatrixPrincipalName((String) it.next(), 1);
                LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"getGroupsForPrincipal(", metaMatrixPrincipalName, ") - Adding membership <", metaMatrixPrincipalName2, ">"});
                hashSet.add(metaMatrixPrincipalName2);
            }
            hashSet.add(metaMatrixPrincipalName);
            return hashSet;
        } catch (InvalidPrincipalException e) {
            throw e;
        } catch (ServiceException e2) {
            throw new AuthorizationMgmtException(e2, ErrorMessageKeys.SEC_AUTHORIZATION_0075, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0075));
        } catch (MetaMatrixSecurityException e3) {
            throw new AuthorizationMgmtException(e3, ErrorMessageKeys.SEC_AUTHORIZATION_0035, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0035));
        }
    }

    private Collection getDependantRequests(AuthorizationPermission authorizationPermission) throws AuthorizationMgmtException {
        boolean z = false;
        MetaMatrixSecurityException metaMatrixSecurityException = null;
        String str = null;
        HashSet hashSet = new HashSet();
        AuthorizationSourceTransaction authorizationSourceTransaction = null;
        int i = 0;
        while (true) {
            if (i >= this.retries) {
                break;
            }
            try {
                authorizationSourceTransaction = getReadTransaction();
                hashSet.addAll(authorizationSourceTransaction.getDependantPermissions(authorizationPermission));
                z = true;
                if (authorizationSourceTransaction != null) {
                    try {
                        if (1 != 0) {
                            authorizationSourceTransaction.commit();
                        } else {
                            authorizationSourceTransaction.rollback();
                        }
                        authorizationSourceTransaction.close();
                    } catch (Exception e) {
                        LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, e, PlatformPlugin.Util.getString("AuthorizationServiceImpl.Unable_to_close_transaction."));
                    }
                }
            } catch (ManagedConnectionException e2) {
                try {
                    str = PlatformPlugin.Util.getString("AuthorizationServiceImpl.Exception_while_getting_dependant_permissions_for_request_{0}", new Object[]{authorizationPermission});
                    LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, e2, str);
                    metaMatrixSecurityException = e2;
                    z = false;
                    if (authorizationSourceTransaction != null) {
                        if (0 != 0) {
                            try {
                                authorizationSourceTransaction.commit();
                            } catch (Exception e3) {
                                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, e3, PlatformPlugin.Util.getString("AuthorizationServiceImpl.Unable_to_close_transaction."));
                                authorizationSourceTransaction = null;
                                LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry search for policies with ID collection."});
                                i++;
                            }
                        } else {
                            authorizationSourceTransaction.rollback();
                        }
                        authorizationSourceTransaction.close();
                        authorizationSourceTransaction = null;
                    }
                } catch (Throwable th) {
                    if (authorizationSourceTransaction != null) {
                        try {
                            if (z) {
                                authorizationSourceTransaction.commit();
                            } else {
                                authorizationSourceTransaction.rollback();
                            }
                            authorizationSourceTransaction.close();
                        } catch (Exception e4) {
                            LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, e4, PlatformPlugin.Util.getString("AuthorizationServiceImpl.Unable_to_close_transaction."));
                        }
                    }
                    throw th;
                }
            } catch (AuthorizationSourceConnectionException e5) {
                str = PlatformPlugin.Util.getString("AuthorizationServiceImpl.Failure_communicating_with_authorization_source_while_getting_dependant_permissions_for_request_{0}", new Object[]{authorizationPermission});
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, e5, str);
                metaMatrixSecurityException = e5;
                z = false;
                if (authorizationSourceTransaction != null) {
                    if (0 != 0) {
                        try {
                            authorizationSourceTransaction.commit();
                        } catch (Exception e6) {
                            LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, e6, PlatformPlugin.Util.getString("AuthorizationServiceImpl.Unable_to_close_transaction."));
                            authorizationSourceTransaction = null;
                            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry search for policies with ID collection."});
                            i++;
                        }
                    } else {
                        authorizationSourceTransaction.rollback();
                    }
                    authorizationSourceTransaction.close();
                    authorizationSourceTransaction = null;
                }
            } catch (AuthorizationSourceException e7) {
                String string = PlatformPlugin.Util.getString("AuthorizationServiceImpl.Unknown_exception_communicating_with_authorization_source_while_getting_dependant_permissions_for_request_{0}", new Object[]{authorizationPermission});
                LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, e7, string);
                throw new AuthorizationMgmtException(e7, string);
            }
            LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Attempting to retry search for policies with ID collection."});
            i++;
        }
        if (z) {
            return hashSet;
        }
        throw new AuthorizationMgmtException(metaMatrixSecurityException, str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v19, types: [java.lang.Throwable] */
    private void executeTransactionsOnTarget(AuthorizationSourceTransaction authorizationSourceTransaction, List list, Object obj, SessionToken sessionToken, Set set) throws AuthorizationMgmtException {
        boolean z;
        LogManager.logTrace(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"executeTransactionsOnTarget(", sessionToken, list, obj, JDBCReservedWords.RIGHT_PAREN});
        Set set2 = null;
        AuthorizationSourceException authorizationSourceException = null;
        String str = null;
        LogManager.logTrace(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"Executing ", new Integer(list.size()), " action(s) on target \"", obj, "\""});
        if (!(obj instanceof AuthorizationPolicyID)) {
            throw new AuthorizationMgmtException(ErrorMessageKeys.SEC_AUTHORIZATION_0077, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0077, new Object[]{obj}));
        }
        try {
            set2 = authorizationSourceTransaction.executeActions((AuthorizationPolicyID) obj, list, sessionToken.getUsername());
            z = true;
        } catch (AuthorizationSourceConnectionException e) {
            str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0076, new Object[]{obj});
            LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0076, new Object[]{e, str}));
            authorizationSourceException = e;
            z = false;
        } catch (AuthorizationSourceException e2) {
            str = PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0076, new Object[]{obj});
            LogManager.logError(SecurityAuditContexts.CTX_AUTHORIZATION, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0076, new Object[]{e2, str}));
            authorizationSourceException = e2;
            z = false;
        }
        if (!z) {
            throw new AuthorizationMgmtException(authorizationSourceException, ErrorMessageKeys.SEC_AUTHORIZATION_0076, str);
        }
        set.addAll(set2);
    }

    private static AuthorizationRealm getRequestedRealm(Collection collection) throws AuthorizationMgmtException {
        AuthorizationRealm authorizationRealm = null;
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            AuthorizationRealm realm = ((AuthorizationPermission) it.next()).getRealm();
            if (authorizationRealm == null) {
                authorizationRealm = realm;
            } else if (!authorizationRealm.equals(realm)) {
                throw new AuthorizationMgmtException(ErrorMessageKeys.SEC_AUTHORIZATION_0078, PlatformPlugin.Util.getString(ErrorMessageKeys.SEC_AUTHORIZATION_0078));
            }
        }
        if (authorizationRealm == null) {
            throw new AuthorizationMgmtException(PlatformPlugin.Util.getString("AuthorizationServiceImpl.Authorization_Realm_is_null"));
        }
        return authorizationRealm;
    }

    private String printActions(Collection collection) {
        StringBuffer stringBuffer = new StringBuffer();
        Iterator it = collection.iterator();
        if (it.hasNext()) {
            stringBuffer.append(it.next().toString());
        }
        while (it.hasNext()) {
            stringBuffer.append("; ");
            stringBuffer.append(it.next().toString());
        }
        return stringBuffer.toString();
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer("AuthorizationService - ");
        try {
            stringBuffer.append(super.getInstanceName());
        } catch (ServiceClosedException e) {
            stringBuffer.append("closed.");
        } catch (ServiceNotInitializedException e2) {
            stringBuffer.append("not initialized.");
        } catch (ServiceStateException e3) {
            stringBuffer.append("in invalid state.");
        }
        stringBuffer.append("\n");
        return stringBuffer.toString();
    }

    @Override // com.metamatrix.platform.security.api.service.AuthorizationServiceInterface
    public void migratePolicies(SessionToken sessionToken, EntitlementMigrationReport entitlementMigrationReport, String str, String str2, Set set, Collection collection, AdminOptions adminOptions) throws MetaMatrixComponentException, InvalidSessionException, AuthorizationException, AuthorizationMgmtException {
        AuthorizationPolicy authorizationPolicy;
        AuthorizationPolicy createAuthorizationPolicy;
        AuthorizationRealm authorizationRealm = new AuthorizationRealm(str, str2);
        AuthorizationObjectEditor authorizationObjectEditor = new AuthorizationObjectEditor();
        Iterator it = collection.iterator();
        int i = 0;
        while (it.hasNext()) {
            AuthorizationPolicy authorizationPolicy2 = (AuthorizationPolicy) it.next();
            AuthorizationPolicyID authorizationPolicyID = authorizationPolicy2.getAuthorizationPolicyID();
            AuthorizationPolicyID authorizationPolicyID2 = new AuthorizationPolicyID(authorizationPolicyID.getDisplayName(), str, str2);
            try {
                authorizationPolicy = getPolicy(sessionToken, authorizationPolicyID2);
            } catch (AuthorizationMgmtException e) {
                authorizationPolicy = null;
            }
            boolean z = false;
            try {
                if (authorizationPolicy != null) {
                    if (adminOptions.containsOption(4)) {
                        throw new AuthorizationException(PlatformPlugin.Util.getString("AuthorizationServiceImpl.role_exists", new Object[]{authorizationPolicyID.getDisplayName()}));
                    }
                    if (adminOptions.containsOption(1)) {
                        z = true;
                        LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"overwriting existing role", authorizationPolicyID.getDisplayName()});
                        authorizationObjectEditor.remove(authorizationPolicy.getAuthorizationPolicyID());
                    }
                    if (adminOptions.containsOption(2)) {
                        if (entitlementMigrationReport != null) {
                            entitlementMigrationReport.addResourceEntry(PlatformPlugin.Util.getString("AuthorizationServiceImpl.Succeeded_migration"), "", authorizationPolicy2.getAuthorizationPolicyID().getDisplayName(), authorizationPolicy2.getAuthorizationPolicyID().getDisplayName(), AuditLevel.DisplayNames.NONE, PlatformPlugin.Util.getString("AuthorizationServiceImpl.Ignored"));
                        }
                        LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"ignoring existing role", authorizationPolicyID.getDisplayName()});
                    }
                }
                i += authorizationObjectEditor.clonePolicyPermissions(authorizationPolicy2, authorizationObjectEditor.clonePolicyPrincipals(authorizationPolicy2, createAuthorizationPolicy, this.membershipServiceProxy.getGroupNames(), entitlementMigrationReport), authorizationRealm, set, entitlementMigrationReport).getPermissionCount();
            } catch (MembershipServiceException e2) {
                throw new AuthorizationException(e2);
            }
            createAuthorizationPolicy = authorizationObjectEditor.createAuthorizationPolicy(authorizationPolicyID2);
            if (entitlementMigrationReport != null) {
                entitlementMigrationReport.addResourceEntry(PlatformPlugin.Util.getString("AuthorizationServiceImpl.Succeeded_migration"), "", authorizationPolicy2.getAuthorizationPolicyID().getDisplayName(), createAuthorizationPolicy.getAuthorizationPolicyID().getDisplayName(), AuditLevel.DisplayNames.NONE, z ? PlatformPlugin.Util.getString("AuthorizationServiceImpl.Overwritten") : PlatformPlugin.Util.getString("AuthorizationServiceImpl.Migrated"));
            }
        }
        List actions = authorizationObjectEditor.getDestination().getActions();
        LogManager.logDetail(SecurityAuditContexts.CTX_AUTHORIZATION, new Object[]{"migrateEntitlements(" + str + " " + str2 + ") executing [" + actions.size() + "] for [" + i + "] cloned permissions"});
        executeTransaction(sessionToken, actions);
    }
}
