package com.ibm.ws.management.cmdframework.impl;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.authorizer.AdminAuthorizer;
import com.ibm.websphere.management.authorizer.AdminAuthorizerFactory;
import com.ibm.websphere.management.cmdframework.AdminCommand;
import com.ibm.websphere.management.cmdframework.CommandStep;
import com.ibm.websphere.management.cmdframework.TaskCommand;
import com.ibm.websphere.management.cmdframework.commandmetadata.CommandMetadata;
import com.ibm.websphere.management.cmdframework.commandmetadata.CommandStepMetadata;
import com.ibm.websphere.management.cmdframework.commandmetadata.CustomProperties;
import com.ibm.websphere.management.cmdframework.commandmetadata.ParameterMetadata;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.ws.security.common.util.AuditConstants;
import com.ibm.wsspi.cmdframework.CommandAuditHelper;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.StringTokenizer;
import javax.management.ObjectName;
import org.eclipse.emf.common.util.EList;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ws/management/cmdframework/impl/CommandSecurityUtil.class */
public class CommandSecurityUtil {
    private static TraceComponent tc = Tr.register((Class<?>) CommandSecurityUtil.class, "CommandSecurityUtil", "com.ibm.ws.management.cmdframework");
    private static CommandSecurityUtil cmdSecUtil = new CommandSecurityUtil();
    public static final String REQUIRED_ROLES = "RequiredRoles";
    public static final String DELEGATION_MODE = "DelegationMode";
    public static final String RESOURCE_IDENTIFIER = "ResourceIdentifier";
    public static final String ROLE_DELIM = ":|";
    public static final String RESID_DELIM = "/";
    public static final String PARAM_DELIM = "|";
    public static final String TARGET_OBJECT = "targetObject";
    private String action = "";

    private CommandSecurityUtil() {
    }

    public static CommandSecurityUtil getInstance() {
        return cmdSecUtil;
    }

    public boolean checkAccess(AdminCommand adminCommand, String str) {
        this.action = str;
        return checkAccess(adminCommand);
    }

    public boolean checkAccess(AdminCommand adminCommand) {
        EList value;
        EList value2;
        boolean z = true;
        ArrayList<String> arrayList = new ArrayList();
        String str = new String();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AuditConstants.CHECK_ACCESS, adminCommand);
        }
        AdminAuthorizer adminAuthorizer = AdminAuthorizerFactory.getAdminAuthorizer();
        if (adminAuthorizer == null) {
            try {
                CommandAuditHelper.cmdAudit(adminCommand, this.action, true, arrayList);
            } catch (Throwable th) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "audit failed");
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, AuditConstants.CHECK_ACCESS, "No Authorizer (true) ");
            }
            return true;
        }
        EList<CustomProperties> custom = adminCommand.getCommandMetadata().getCustom();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " custom = ", custom);
        }
        if (custom != null && !custom.isEmpty()) {
            for (CustomProperties customProperties : custom) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, " custom = ", custom);
                }
                if (customProperties.getKey().equals(REQUIRED_ROLES) && (value2 = customProperties.getValue()) != null && !value2.isEmpty()) {
                    StringTokenizer stringTokenizer = new StringTokenizer((String) value2.iterator().next(), ROLE_DELIM);
                    while (stringTokenizer.hasMoreTokens()) {
                        String nextToken = stringTokenizer.nextToken();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, " required role = ", nextToken);
                        }
                        arrayList.add(nextToken);
                    }
                }
                if (customProperties.getKey().equals(RESOURCE_IDENTIFIER) && (value = customProperties.getValue()) != null && !value.isEmpty()) {
                    StringTokenizer stringTokenizer2 = new StringTokenizer((String) value.iterator().next(), ":");
                    String str2 = new String();
                    while (stringTokenizer2.hasMoreTokens()) {
                        String nextToken2 = stringTokenizer2.nextToken();
                        if (nextToken2.indexOf("/") < 0) {
                            str = getParamValue(adminCommand, nextToken2, true);
                        } else {
                            StringTokenizer stringTokenizer3 = new StringTokenizer(nextToken2, "/");
                            boolean z2 = true;
                            boolean z3 = true;
                            while (stringTokenizer3.hasMoreTokens()) {
                                if (!z2) {
                                    str = str + "/";
                                }
                                String nextToken3 = stringTokenizer3.nextToken();
                                String paramValue = getParamValue(adminCommand, stringTokenizer3.nextToken(), false);
                                if (paramValue == null) {
                                    z3 = false;
                                }
                                str = str + nextToken3 + "/" + paramValue;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, " scope = ", str);
                                }
                                z2 = false;
                            }
                            if (z3) {
                                str2 = str;
                            }
                            str = new String();
                        }
                    }
                    if (str == null || str.length() == 0) {
                        str = str2;
                    }
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, " final scope = ", str);
            }
            if (str == null) {
                str = new String();
            }
            for (String str3 : arrayList) {
                z = !str3.startsWith("Any-") ? adminAuthorizer.checkAccess(str, str3) : true;
                if (!z) {
                }
            }
        }
        try {
            CommandAuditHelper.cmdAudit(adminCommand, this.action, z, arrayList);
        } catch (Throwable th2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "audit failed");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, AuditConstants.CHECK_ACCESS, new Boolean(z));
        }
        return z;
    }

    public String getDelegationMode(AdminCommand adminCommand) {
        EList value;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDelegationMode", adminCommand);
        }
        String str = "CallerIdentity";
        if (AdminAuthorizerFactory.getAdminAuthorizer() == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getDelegationMode", "No Authorizer ");
            }
            return str;
        }
        EList<CustomProperties> custom = adminCommand.getCommandMetadata().getCustom();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " custom = ", custom);
        }
        if (custom != null && !custom.isEmpty()) {
            for (CustomProperties customProperties : custom) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, " custom = ", custom);
                }
                if (customProperties.getKey().equals(DELEGATION_MODE) && (value = customProperties.getValue()) != null && !value.isEmpty()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, " delegation mode = ", value);
                    }
                    str = (String) value.iterator().next();
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDelegationMode", str);
        }
        return str;
    }

    private String getParamValue(AdminCommand adminCommand, String str, boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getParamValue", str);
        }
        String str2 = null;
        try {
            StringTokenizer stringTokenizer = new StringTokenizer(str, PARAM_DELIM);
            boolean z2 = false;
            String str3 = null;
            while (stringTokenizer.hasMoreTokens()) {
                str3 = stringTokenizer.nextToken();
                if (str3.equals("targetObject")) {
                    str3 = null;
                    z2 = true;
                }
            }
            if (z2) {
                Object targetObject = adminCommand.getTargetObject();
                if (targetObject instanceof ObjectName) {
                    ObjectName objectName = ObjectName.getInstance((ObjectName) targetObject);
                    str2 = !z ? ConfigServiceHelper.getDisplayName(objectName) : ConfigServiceHelper.getConfigDataId(objectName).getContextUri();
                } else {
                    str2 = z ? convertVal((String) targetObject) : (String) targetObject;
                }
            }
            if (str2 == null) {
                str2 = (String) adminCommand.getParameter(str3);
                if (z) {
                    str2 = convertVal(str2);
                }
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getParamValue", e.getMessage());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getParamValue", str2);
        }
        return str2;
    }

    private String convertVal(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "convertVal", str);
        }
        String str2 = str;
        String str3 = new String(str);
        StringBuffer stringBuffer = new StringBuffer();
        StringTokenizer stringTokenizer = new StringTokenizer(str3, "=,");
        while (true) {
            if (!stringTokenizer.hasMoreTokens()) {
                break;
            }
            String context = getContext(stringTokenizer.nextToken());
            if (context != null) {
                if (!stringTokenizer.hasMoreTokens()) {
                    stringBuffer.setLength(0);
                    break;
                }
                stringBuffer.append("/").append(context).append("/").append(stringTokenizer.nextToken());
            } else {
                stringBuffer.setLength(0);
                break;
            }
        }
        if (stringBuffer.length() != 0) {
            str2 = stringBuffer.toString();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "convertVal", str2);
        }
        return str2;
    }

    private String getContext(String str) {
        String str2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getContext", str);
        }
        try {
            Class<?> cls = Class.forName("com.ibm.ws.management.authorizer.ResourceInstanceRelations");
            str2 = (String) cls.getMethod("getUniversalResourceType", String.class).invoke(cls.getMethod("getInstance", new Class[0]).invoke(null, new Object[0]), str);
        } catch (Throwable th) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "cannot invoke getUniversalResourceType() method ", th);
            }
            str2 = null;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getContext", str2);
        }
        return str2;
    }

    private String getCmdStepsAndParams(AdminCommand adminCommand, String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCmdStepsAndParams", new Object[]{adminCommand, str});
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(adminCommand.getName()).append("(");
        HashMap commandParamters = getCommandParamters(adminCommand.getCommandMetadata(), adminCommand);
        if (commandParamters != null && !commandParamters.isEmpty()) {
            boolean z = true;
            for (String str2 : commandParamters.keySet()) {
                Object obj = commandParamters.get(str2);
                if (!z) {
                    stringBuffer.append(",");
                }
                stringBuffer.append(str2).append("=").append(obj);
                z = false;
            }
        }
        stringBuffer.append(")");
        stringBuffer.append("Steps{");
        CommandMetadata commandMetadata = adminCommand.getCommandMetadata();
        if (commandMetadata instanceof TaskCommandMetadata) {
            TaskCommand taskCommand = (TaskCommand) adminCommand;
            EList steps = ((TaskCommandMetadata) commandMetadata).getSteps();
            for (int i = 0; steps != null && i < steps.size(); i++) {
                CommandStepMetadata commandStepMetadata = (CommandStepMetadata) steps.get(i);
                String name = commandStepMetadata.getName();
                HashMap commandStepParamters = getCommandStepParamters(commandStepMetadata, taskCommand.getCommandStep(name));
                if (commandStepParamters != null && !commandStepParamters.isEmpty()) {
                    stringBuffer.append(name).append("(");
                    boolean z2 = true;
                    for (String str3 : commandStepParamters.keySet()) {
                        Object obj2 = commandParamters.get(str3);
                        if (!z2) {
                            stringBuffer.append(",");
                        }
                        stringBuffer.append(str3).append("=").append(obj2);
                        z2 = false;
                    }
                    stringBuffer.append(")");
                }
            }
        }
        stringBuffer.append("}");
        String stringBuffer2 = stringBuffer.toString();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCmdStepsAndParams", stringBuffer2);
        }
        return stringBuffer2;
    }

    private static HashMap getCommandParamters(CommandMetadata commandMetadata, AdminCommand adminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCommandParamters", new Object[]{commandMetadata, adminCommand});
        }
        HashMap hashMap = new HashMap();
        if (commandMetadata.isTargetObjectAllowed() && adminCommand.getTargetObject() != null) {
            hashMap.put("targetObject", adminCommand.getTargetObject());
        }
        EList parameters = commandMetadata.getParameters();
        for (int i = 0; parameters != null && i < parameters.size(); i++) {
            ParameterMetadata parameterMetadata = (ParameterMetadata) parameters.get(i);
            if (adminCommand.getParameter(parameterMetadata.getName()) != null) {
                String name = parameterMetadata.getName();
                String obj = adminCommand.getParameter(name).toString();
                String lowerCase = name.toLowerCase();
                if (lowerCase.contains("password") || lowerCase.contains("passwd")) {
                    obj = "******";
                }
                hashMap.put(name, obj);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCommandParamters", hashMap);
        }
        return hashMap;
    }

    private static HashMap getCommandStepParamters(CommandStepMetadata commandStepMetadata, CommandStep commandStep) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCommandStepParamters", new Object[]{commandStepMetadata, commandStep});
        }
        HashMap hashMap = new HashMap();
        if (commandStepMetadata.isTargetObjectAllowed() && commandStep.getTargetObject() != null) {
            hashMap.put("targetObject", commandStep.getTargetObject());
        }
        EList parameters = commandStepMetadata.getParameters();
        for (int i = 0; parameters != null && i < parameters.size(); i++) {
            ParameterMetadata parameterMetadata = (ParameterMetadata) parameters.get(i);
            if (commandStep.getParameter(parameterMetadata.getName()) != null) {
                String name = parameterMetadata.getName();
                Object parameter = commandStep.getParameter(name);
                String lowerCase = name.toLowerCase();
                if (lowerCase.contains("password") || lowerCase.contains("passwd")) {
                    parameter = "******";
                }
                hashMap.put(name, parameter);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCommandStepParamters", hashMap);
        }
        return hashMap;
    }
}
