package com.ibm.wbimonitor.rest.security.accesscontrol;

import com.ibm.wbimonitor.log.LoggerConstants;
import com.ibm.wbimonitor.rest.dbhelper.ConnectionHelper;
import com.ibm.wbimonitor.rest.security.util.Role;
import com.ibm.wbimonitor.rest.security.util.RoleTable;
import com.ibm.wbimonitor.rest.util.MemberHelper;
import com.ibm.wbimonitor.rest.util.URIMatcher;
import com.ibm.wbimonitor.util.ProfileUtil;
import com.ibm.websphere.logging.WsLevel;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.WSSecurityHelper;
import com.ibm.ws.ffdc.FFDCFilter;
import java.net.URLDecoder;
import java.rmi.RemoteException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:runtime/com.ibm.wbimonitor.repository_6.1.0.jar:com/ibm/wbimonitor/rest/security/accesscontrol/AuthorizationService.class */
public class AuthorizationService {
    public static final String COPYRIGHT = "(C) Copyright IBM Corporation 2006, 2007.";
    URIMatcher allowedURIs = new URIMatcher();
    public final String RESOURCE = "resource1";
    public Map<String, URIMatcher> matchers = new HashMap();
    private static final Logger logger = Logger.getLogger("com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService");
    private static final String CLASSNAME = AuthorizationService.class.getName();
    private static final String[] allowedUriList = {"/models", "/models/", "/alerts/*", "/dashboards/*", "/security/*", "/userdata", "/userdata/*", "/icons/kpi", "/bpc_host/*"};
    private static AuthorizationService instance = null;
    private static RoleTable t = new RoleTable();
    static ArrayList allowedURICache = new ArrayList(1500);
    static long refreshInterval = 10000;
    static long timestamp = System.currentTimeMillis();
    static long customRestSecurityRefreshInterval = 0;
    public static String SCHEMA_NAME = ProfileUtil.getSchemaQualifier();

    public static AuthorizationService getInstance() {
        if (instance == null) {
            instance = new AuthorizationService();
        }
        return instance;
    }

    protected AuthorizationService() {
        for (int i = 0; i < allowedUriList.length; i++) {
            try {
                this.allowedURIs.put(allowedUriList[i], new String("allow"));
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService", "111");
                logWarning("AuthorizationService()::Error initializing allowedURIs list");
            }
        }
        try {
            customRestSecurityRefreshInterval = new Long(System.getProperty("rest.security.refreshInterval")).longValue();
        } catch (NumberFormatException e2) {
            logFine(CLASSNAME, "AuthorizationService()", " system property rest.security.refreshInterval wasn't set.");
            customRestSecurityRefreshInterval = 0L;
        }
        logFiner(CLASSNAME, "AuthorizationService()", LoggerConstants.LEVEL_ENTRY_NAME);
        SCHEMA_NAME = ProfileUtil.getSchemaQualifier();
        logFine(CLASSNAME, "AuthorizationService()", ":: SCHEMA_NAME = " + SCHEMA_NAME);
        if (SCHEMA_NAME == null) {
            SCHEMA_NAME = "MONITOR";
            logFine(CLASSNAME, "AuthorizationService()", "AuthorizationService():: using default schema name of MONITOR");
        }
        logFiner(CLASSNAME, "AuthorizationService()", LoggerConstants.LEVEL_EXIT_NAME);
    }

    public static ArrayList getUserRoles(HttpServletRequest httpServletRequest) {
        logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", LoggerConstants.LEVEL_ENTRY_NAME);
        if (!WSSecurityHelper.isServerSecurityEnabled()) {
            logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", "Security is disabled. Returning all roles from RoleTable");
            return new RoleTable().getAllRoleNames();
        }
        List<String> list = null;
        try {
            list = MemberHelper.getGroupDNsFromUserDN();
        } catch (RemoteException e) {
            FFDCFilter.processException(e, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.getUserRoles", "134");
            logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", e.getMessage());
        } catch (WSSecurityException e2) {
            FFDCFilter.processException(e2, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.getUserRoles", "131");
            logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", e2.getMessage());
        }
        try {
            List superUsers = getSuperUsers();
            String userDNFromWAS = MemberHelper.getUserDNFromWAS();
            if (superUsers.contains(userDNFromWAS)) {
                logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", "The user is a super user. Returning all roles from RoleTable");
                logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", LoggerConstants.LEVEL_EXIT_NAME);
                return new RoleTable().getAllRoleNames();
            }
            for (int i = 0; i < list.size(); i++) {
                if (superUsers.contains(list.get(i))) {
                    logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", "One of the groups the user belongs to is a super user. Returning all roles from RoleTable");
                    return new RoleTable().getAllRoleNames();
                }
            }
            String pathInfo = httpServletRequest.getPathInfo();
            if ((pathInfo.equalsIgnoreCase("/models") || pathInfo.equalsIgnoreCase("/models/") || pathInfo.indexOf("models") == -1) && !pathInfo.equals("/security/roles")) {
                return new ArrayList();
            }
            logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", " request.getPathInfo()");
            StringTokenizer stringTokenizer = new StringTokenizer(pathInfo, "/");
            String str = null;
            if (stringTokenizer.hasMoreTokens()) {
                stringTokenizer.nextToken();
                if (stringTokenizer.hasMoreTokens()) {
                    str = stringTokenizer.nextToken();
                    logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", "Model = " + str);
                }
            }
            logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", LoggerConstants.LEVEL_EXIT_NAME);
            logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", "### URI = " + pathInfo);
            if (!pathInfo.equals("/security/roles")) {
                return getUserRoles(userDNFromWAS, str);
            }
            logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", "#### safeDecode(request.getQueryString() = " + safeDecode(httpServletRequest.getQueryString()));
            logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", "#### request.getCharacterEncoding() = " + httpServletRequest.getCharacterEncoding());
            logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", "#### request.getContentType() = " + httpServletRequest.getContentType());
            logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", "#### request.getLocale() = " + httpServletRequest.getLocale());
            logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", "#### request.getRequestURL() = " + ((Object) httpServletRequest.getRequestURL()));
            logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", "#### request.getQueryString() = " + httpServletRequest.getQueryString());
            safeDecode(httpServletRequest.getParameter("resource"));
            String safeDecode = safeDecode(httpServletRequest.getQueryString());
            String substring = safeDecode.substring(safeDecode.indexOf("resource=") + 9);
            logFine(CLASSNAME, "getUserRoles(HttpServletRequest request)", "#### tModel= " + substring);
            return getUserRoles(userDNFromWAS, substring);
        } catch (WSSecurityException e3) {
            FFDCFilter.processException(e3, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.getUserRoles", "157");
            logWarning(CLASSNAME + "::getUserRoles(HttpServletRequest request)::getUserRoles() - An exception occurred in MemberHelper.getUserDNFromWAS(). Returning null user roles.");
            return new ArrayList();
        }
    }

    public static ArrayList getUserRoles(String str, String str2) {
        logFine(CLASSNAME, "getUserRoles(String userDN, String resource)", LoggerConstants.LEVEL_ENTRY_NAME);
        if (str2 == null) {
            return new ArrayList();
        }
        if (isMalicious(str2)) {
            logWarning(CLASSNAME + "::getUserRoles(String userDN, String resource)::getUserRoles()URL failed SQL injection check! Ignoring resource = " + str2);
            return new ArrayList();
        }
        if (!WSSecurityHelper.isServerSecurityEnabled()) {
            logFine(CLASSNAME, "getUserRoles(String userDN, String resource)", "Security is disabled. Returning all roles from RoleTable");
            return new RoleTable().getAllRoleNames();
        }
        List superUsers = getSuperUsers();
        if (superUsers.contains(str)) {
            logFine(CLASSNAME, "getUserRoles(String userDN, String resource)", "The user is a super user. Returning all roles from RoleTable");
            return new RoleTable().getAllRoleNames();
        }
        List<String> list = null;
        try {
            list = MemberHelper.getGroupDNsFromUserDN();
        } catch (WSSecurityException e) {
            FFDCFilter.processException(e, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.getUserRoles", "216");
            logFine(CLASSNAME, "getUserRoles(String userDN, String resource)", e.getMessage());
        } catch (RemoteException e2) {
            FFDCFilter.processException(e2, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.getUserRoles", "220");
            logFine(CLASSNAME, "getUserRoles(String userDN, String resource)", e2.getMessage());
        }
        for (int i = 0; i < list.size(); i++) {
            if (superUsers.contains(list.get(i))) {
                logFine(CLASSNAME, "getUserRoles(String userDN, String resource)", "One of the groups the user belongs to is a super user. Returning all roles from RoleTable");
                return new RoleTable().getAllRoleNames();
            }
        }
        Connection connection = ConnectionHelper.getConnection();
        Statement statement = null;
        ResultSet resultSet = null;
        long currentTimeMillis = System.currentTimeMillis();
        StringBuilder sb = new StringBuilder("select role from " + SCHEMA_NAME + ".rat_party_roles where ( userid ='");
        ArrayList arrayList = new ArrayList();
        try {
            if (str == null) {
                try {
                    try {
                        try {
                            str = MemberHelper.getUserDNFromWAS();
                        } catch (RemoteException e3) {
                            FFDCFilter.processException(e3, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.getUserRoles", "306");
                            logWarning("getUserRoles::RemoteException - returning empty list");
                            ArrayList arrayList2 = new ArrayList();
                            closeResources(resultSet, statement, connection);
                            return arrayList2;
                        }
                    } catch (SQLException e4) {
                        FFDCFilter.processException(e4, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.getUserRoles", "291");
                        logFine(CLASSNAME, "getUserRoles(String userDN, String resource)", "::SQLException::ErrorCode = " + e4.getErrorCode());
                        logFine(CLASSNAME, "getUserRoles(String userDN, String resource)", "::SQLException::ErrorCode = " + e4.getSQLState());
                        logFine(CLASSNAME, "getUserRoles(String userDN, String resource)", "::SQLException::ErrorCode = " + e4.getCause());
                        closeResources(resultSet, statement, connection);
                        logFine(CLASSNAME, "getUserRoles(String userDN, String resource)", LoggerConstants.LEVEL_EXIT_NAME);
                        return arrayList;
                    }
                } catch (WSSecurityException e5) {
                    FFDCFilter.processException(e5, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.getUserRoles", "301");
                    logWarning("getUserRoles::WSSecurityException - returning empty list");
                    ArrayList arrayList3 = new ArrayList();
                    closeResources(resultSet, statement, connection);
                    return arrayList3;
                }
            }
            List<String> groupDNsFromUserDN = MemberHelper.getGroupDNsFromUserDN(str);
            groupDNsFromUserDN.add(str);
            int size = groupDNsFromUserDN.size();
            for (int i2 = 0; i2 < size; i2++) {
                if (i2 == size - 1) {
                    sb.append(((Object) groupDNsFromUserDN.get(i2)) + "')  and (resource_group =(select resource_group from " + SCHEMA_NAME + ".rat_auth_domain where resource1 ='");
                } else {
                    sb.append(((Object) groupDNsFromUserDN.get(i2)) + "' or userid ='");
                }
            }
            sb.append(str2);
            sb.append("')");
            List parentResourceGroups = getParentResourceGroups(getResourceGroup(str2, SCHEMA_NAME));
            for (int i3 = 0; i3 < parentResourceGroups.size(); i3++) {
                sb.append(" or resource_group ='" + parentResourceGroups.get(i3) + "'");
            }
            sb.append(")");
            logFine(CLASSNAME, "getUserRoles(String userDN, String resource)", "getUserRoles::userRoleQuery = " + ((Object) sb));
            Statement createStatement = connection.createStatement();
            resultSet = createStatement.executeQuery(sb.toString());
            while (resultSet.next()) {
                arrayList.add(resultSet.getString(1));
            }
            logFine(CLASSNAME, "getUserRoles(String userDN, String resource)", "::Roles list = " + arrayList);
            createStatement.close();
            statement = null;
            logFine(CLASSNAME, "getUserRoles(String userDN, String resource)", "Time to get user roles =  " + (System.currentTimeMillis() - currentTimeMillis));
            closeResources(resultSet, null, connection);
            return arrayList;
        } catch (Throwable th) {
            closeResources(resultSet, statement, connection);
            throw th;
        }
    }

    public static ArrayList getUserRoles(String str) {
        logFine(CLASSNAME, "getUserRoles(String userDN)", LoggerConstants.LEVEL_ENTRY_NAME);
        Connection connection = ConnectionHelper.getConnection();
        Statement statement = null;
        ResultSet resultSet = null;
        StringBuilder sb = new StringBuilder("select role from " + SCHEMA_NAME + ".rat_party_roles where ( userid ='");
        ArrayList arrayList = new ArrayList();
        try {
            try {
                try {
                    try {
                        List<String> groupDNsFromUserDN = MemberHelper.getGroupDNsFromUserDN(str);
                        groupDNsFromUserDN.add(str);
                        int size = groupDNsFromUserDN.size();
                        for (int i = 0; i < size; i++) {
                            if (i == size - 1) {
                                sb.append(((Object) groupDNsFromUserDN.get(i)) + "')");
                            } else {
                                sb.append(((Object) groupDNsFromUserDN.get(i)) + "' or userid ='");
                            }
                        }
                        logFine(CLASSNAME, "getUserRoles(String userDN)", "::userRoleQuery = " + ((Object) sb));
                        statement = connection.createStatement();
                        resultSet = statement.executeQuery(sb.toString());
                        while (resultSet.next()) {
                            arrayList.add(resultSet.getString(1));
                        }
                        logFine(CLASSNAME, "getUserRoles(String userDN)", "::Roles list = " + arrayList);
                        statement.close();
                        logFine(CLASSNAME, "getUserRoles(String userDN)", LoggerConstants.LEVEL_EXIT_NAME);
                        closeResources(resultSet, statement, connection);
                        return arrayList;
                    } catch (RemoteException e) {
                        FFDCFilter.processException(e, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.getUserRoles", "374");
                        logWarning("getUserRoles::RemoteException - returning empty list");
                        logFine(CLASSNAME, "getUserRoles(String userDN)", LoggerConstants.LEVEL_EXIT_NAME);
                        ArrayList arrayList2 = new ArrayList();
                        closeResources(resultSet, statement, connection);
                        return arrayList2;
                    }
                } catch (WSSecurityException e2) {
                    FFDCFilter.processException(e2, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.getUserRoles", "368");
                    logSevere("getUserRoles::WSSecurityException - returning empty list");
                    logFine(CLASSNAME, "getUserRoles(String userDN)", LoggerConstants.LEVEL_EXIT_NAME);
                    ArrayList arrayList3 = new ArrayList();
                    closeResources(resultSet, statement, connection);
                    return arrayList3;
                }
            } catch (SQLException e3) {
                FFDCFilter.processException(e3, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.getUserRoles", "358");
                logFine(CLASSNAME, "getUserRoles(String userDN)", "::SQLException::ErrorCode = " + e3.getErrorCode());
                logFine(CLASSNAME, "getUserRoles(String userDN)", "::SQLException::ErrorCode = " + e3.getSQLState());
                logFine(CLASSNAME, "getUserRoles(String userDN)", "::SQLException::ErrorCode = " + e3.getCause());
                closeResources(resultSet, statement, connection);
                logFine(CLASSNAME, "getUserRoles(String userDN)", LoggerConstants.LEVEL_EXIT_NAME);
                return arrayList;
            }
        } catch (Throwable th) {
            closeResources(resultSet, statement, connection);
            throw th;
        }
    }

    private static Connection getConnection() {
        return ConnectionHelper.getConnection();
    }

    private boolean isMalicious(String str, String[] strArr) {
        if (SQLInjectionChecker.containsSQLKeywords(str)) {
            logWarning(CLASSNAME + ":: isMalicious(String resource,  String[] groups)  returning true. Failed SQL Injection check!");
            return true;
        }
        for (String str2 : strArr) {
            if (SQLInjectionChecker.containsSQLKeywords(str2)) {
                return true;
            }
        }
        return false;
    }

    public static boolean isMalicious(String str) {
        if (!SQLInjectionChecker.containsSQLKeywords(str)) {
            return false;
        }
        logWarning(CLASSNAME + ":: isMalicious(String queryParm)  returning true. Failed SQL Injection check!");
        return true;
    }

    private ArrayList parseGroups(String str, ArrayList arrayList) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, "#");
        ArrayList arrayList2 = new ArrayList(12);
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (arrayList.contains(nextToken)) {
                arrayList2.add(nextToken);
            }
        }
        return arrayList2;
    }

    private boolean matchGroups(List list, List<String> list2) {
        logFine(CLASSNAME, "matchGroups", " groups = " + list2);
        int size = list2.size();
        for (int i = 0; i < size; i++) {
            if (list.contains(list2.get(i))) {
                return true;
            }
        }
        return false;
    }

    private ArrayList buildResult(ResultSet resultSet, String str, ArrayList arrayList, String str2, ArrayList arrayList2) {
        new ArrayList(20);
        String str3 = "" + str2 + "#";
        String str4 = "";
        try {
            str4 = resultSet.getString(str);
        } catch (SQLException e) {
            FFDCFilter.processException(e, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.buildResult", "447", this);
            logFine(CLASSNAME, "buildResult(rs,action,result,resource,groupFilter)", e.getMessage());
        }
        String str5 = str3 + str.substring(0, 1).toUpperCase() + "#";
        ArrayList parseGroups = parseGroups(str4, arrayList2);
        int size = parseGroups.size();
        for (int i = 0; i < size; i++) {
            arrayList.add(str5 + parseGroups.get(i));
        }
        return arrayList;
    }

    public static boolean isActionAllowed(String str, String str2, String str3) {
        String str4;
        logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", LoggerConstants.LEVEL_ENTRY_NAME);
        logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", "URI = " + str);
        logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", "REST method = " + str2);
        logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", "userId = " + str3);
        logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", "Current time in ms = " + System.currentTimeMillis());
        logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", "timestamp + refreshInterval =" + timestamp + refreshInterval);
        if (System.currentTimeMillis() > timestamp + refreshInterval) {
            try {
                refreshInterval = customRestSecurityRefreshInterval;
            } catch (Exception e) {
                logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", ":: The system property monitor.security.refreshInterval was not set. Using a default refresh interval of 10 seconds ");
            }
            if (hasRATChanged(SCHEMA_NAME)) {
                allowedURICache = new ArrayList();
                resetRATMonitor(SCHEMA_NAME);
                logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", " The system property monitor.security.refreshInterval was not set. Using a default refresh interval of 10 seconds ");
            }
            timestamp = System.currentTimeMillis();
        }
        if (allowedURICache != null && allowedURICache.contains(str3 + "#" + str + "#" + str2)) {
            logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", "Returning true from cache");
            logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", LoggerConstants.LEVEL_EXIT_NAME);
            return true;
        }
        List<Role> matchRole = t.matchRole(str, str2);
        if (matchRole == null || matchRole.size() == 0) {
            return false;
        }
        logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", "REQUIRED ROLES = " + matchRole);
        StringTokenizer stringTokenizer = new StringTokenizer(str, "/");
        str4 = "";
        if (stringTokenizer.hasMoreTokens()) {
            stringTokenizer.nextToken();
            str4 = stringTokenizer.hasMoreTokens() ? stringTokenizer.nextToken() : "";
            logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", " Model = " + str4);
        }
        String str5 = SCHEMA_NAME;
        String resourceGroup = getResourceGroup(str4, str5);
        if (resourceGroup == null) {
            logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", "returning null as resourceGroup was null");
            logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", LoggerConstants.LEVEL_EXIT_NAME);
            return false;
        }
        List parentResourceGroups = getParentResourceGroups(resourceGroup);
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < parentResourceGroups.size(); i++) {
            String str6 = str3 + "#" + parentResourceGroups.get(i) + "#";
            int size = matchRole.size();
            for (int i2 = 0; i2 < size; i2++) {
                arrayList.add(str6 + matchRole.get(i2));
            }
        }
        logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", "required roles = " + arrayList);
        ArrayList generatePartyRoles = generatePartyRoles(str5);
        logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", "Party Roles i.e. user's current roles  = " + generatePartyRoles);
        for (int i3 = 0; i3 < arrayList.size(); i3++) {
            for (int i4 = 0; i4 < generatePartyRoles.size(); i4++) {
                if (arrayList.get(i3).toString().equalsIgnoreCase(generatePartyRoles.get(i4).toString())) {
                    logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", "Action is permitted  -- Method = " + str2 + " -- URI = " + str + "--- userId = " + str3);
                    allowedURICache.add(str3 + "#" + str + "#" + str2);
                    logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", LoggerConstants.LEVEL_EXIT_NAME);
                    return true;
                }
            }
        }
        logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", "Action NOT ALLOWED  -- Method = " + str2 + " -- URI = " + str + "  --- userId = " + str3);
        logFine(CLASSNAME, "isActionAllowed(String uri, String method, String userId)", LoggerConstants.LEVEL_EXIT_NAME);
        return false;
    }

    public boolean isActionAllowed(String str, String str2) {
        logFine(CLASSNAME, "isActionAllowed(String uri, String method)", LoggerConstants.LEVEL_ENTRY_NAME);
        if ("allow".equals(this.allowedURIs.match(str).getTarget())) {
            logFine(CLASSNAME, "isActionAllowed(String uri, String method)", "The URI " + str + "  is in the 'always allow' list.");
            if (!SQLInjectionChecker.containsSQLKeywords(str)) {
                return true;
            }
            logFine(CLASSNAME, "isActionAllowed(String uri, String method)", "The URI was in allowed list but failed SQL Injection check.");
            return false;
        }
        long currentTimeMillis = System.currentTimeMillis();
        List superUsers = getSuperUsers();
        int size = superUsers.size();
        try {
            List<String> groupDNsFromUserDN = MemberHelper.getGroupDNsFromUserDN();
            groupDNsFromUserDN.add(MemberHelper.getUserDNFromWAS());
            logFine(CLASSNAME, "isActionAllowed(String uri, String method)", "Groups received in isActionAllowed = " + groupDNsFromUserDN);
            for (int i = 0; i < size; i++) {
                if (groupDNsFromUserDN.contains(superUsers.get(i))) {
                    logFine(CLASSNAME, "isActionAllowed(String uri, String method)", "The user " + superUsers.get(i) + " is a super user.");
                    logFine(CLASSNAME, "isActionAllowed(String uri, String method)", LoggerConstants.LEVEL_EXIT_NAME);
                    return true;
                }
            }
            logFine(CLASSNAME, "isActionAllowed(String uri, String method)", "The user  is a NOT a super user.");
            for (int i2 = 0; i2 < groupDNsFromUserDN.size(); i2++) {
                if (isActionAllowed(str, str2, groupDNsFromUserDN.get(i2).toString())) {
                    logFine(CLASSNAME, "isActionAllowed(String uri, String method)", "Total time to process authorization = " + (System.currentTimeMillis() - currentTimeMillis));
                    return true;
                }
            }
            logFine(CLASSNAME, "isActionAllowed(String uri, String method)", LoggerConstants.LEVEL_EXIT_NAME);
            return false;
        } catch (RemoteException e) {
            FFDCFilter.processException(e, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.isActionAllowed", "611", this);
            logSevere(CLASSNAME + "::isActionAllowed(String uri, String method)RESTFilter: Problem (RemoteException) getting user's group membership");
            logFine(CLASSNAME, "isActionAllowed(String uri, String method)", LoggerConstants.LEVEL_EXIT_NAME);
            return false;
        } catch (WSSecurityException e2) {
            FFDCFilter.processException(e2, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.isActionAllowed", "602", this);
            logSevere(CLASSNAME + "::isActionAllowed(String uri, String method)RESTFilter: Problem (WSSecurityException) getting user's group membership");
            logFine(CLASSNAME, "isActionAllowed(String uri, String method)", LoggerConstants.LEVEL_EXIT_NAME);
            return false;
        }
    }

    static boolean hasRATChanged(String str) {
        logFine(CLASSNAME, "hasRATChanged(String schema)", LoggerConstants.LEVEL_ENTRY_NAME);
        Connection connection = ConnectionHelper.getConnection();
        try {
            try {
                Statement createStatement = connection.createStatement();
                ResultSet executeQuery = createStatement.executeQuery(new StringBuffer("select marker from " + SCHEMA_NAME + ".rat_update_monitor").toString());
                while (executeQuery.next()) {
                    if (executeQuery.getString("marker").trim().equalsIgnoreCase("NEW")) {
                        logFine(CLASSNAME, "hasRATChanged(String schema)", "Exiting with TRUE");
                        logFine(CLASSNAME, "hasRATChanged(String schema)", LoggerConstants.LEVEL_EXIT_NAME);
                        closeResources(executeQuery, createStatement, connection);
                        return true;
                    }
                }
                logFine(CLASSNAME, "hasRATChanged(String schema)", "Exiting with FALSE");
                logFine(CLASSNAME, "hasRATChanged(String schema)", LoggerConstants.LEVEL_EXIT_NAME);
                closeResources(executeQuery, createStatement, connection);
                return false;
            } catch (SQLException e) {
                FFDCFilter.processException(e, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.hasRATChanged", "666");
                logFine(CLASSNAME, "hasRATChanged(String schema)", e.getMessage());
                closeResources(null, null, connection);
                logFine(CLASSNAME, "hasRATChanged(String schema)", "Exiting with FALSE");
                logFine(CLASSNAME, "hasRATChanged(String schema)", LoggerConstants.LEVEL_EXIT_NAME);
                return false;
            }
        } catch (Throwable th) {
            closeResources(null, null, connection);
            throw th;
        }
    }

    static void resetRATMonitor(String str) {
        logFine(CLASSNAME, "resetRATMonitor(String schema)", LoggerConstants.LEVEL_ENTRY_NAME);
        Connection connection = ConnectionHelper.getConnection();
        Statement statement = null;
        try {
            try {
                statement = connection.createStatement();
                statement.executeUpdate(new StringBuffer("update " + SCHEMA_NAME + ".rat_update_monitor set marker ='OLD' where marker ='NEW'").toString());
                closeResources(null, statement, connection);
            } catch (SQLException e) {
                FFDCFilter.processException(e, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.resetRATMonitor", "691");
                logFine(CLASSNAME, "resetRATMonitor(String schema)", e.getMessage());
                closeResources(null, statement, connection);
            }
            logFine(CLASSNAME, "resetRATMonitor(String schema)", LoggerConstants.LEVEL_EXIT_NAME);
        } catch (Throwable th) {
            closeResources(null, statement, connection);
            throw th;
        }
    }

    static List getSuperUsers() {
        logFine(CLASSNAME, "getSuperUsers", LoggerConstants.LEVEL_ENTRY_NAME);
        Connection connection = ConnectionHelper.getConnection();
        Statement statement = null;
        ResultSet resultSet = null;
        ArrayList arrayList = new ArrayList();
        try {
            try {
                statement = connection.createStatement();
                resultSet = statement.executeQuery("select * from " + SCHEMA_NAME + ".rat_superusers");
                while (resultSet.next()) {
                    arrayList.add(resultSet.getString("userid"));
                }
                logFine(CLASSNAME, "getSuperUsers", LoggerConstants.LEVEL_EXIT_NAME);
                logFine(CLASSNAME, "getSuperUsers", "SuperUsers = " + arrayList.toString());
                closeResources(resultSet, statement, connection);
                return arrayList;
            } catch (SQLException e) {
                FFDCFilter.processException(e, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.getSuperUsers", "722");
                logFine(CLASSNAME, "getSuperUsers", e.getMessage());
                closeResources(resultSet, statement, connection);
                logFine(CLASSNAME, "getSuperUsers", LoggerConstants.LEVEL_EXIT_NAME);
                return new ArrayList();
            }
        } catch (Throwable th) {
            closeResources(resultSet, statement, connection);
            throw th;
        }
    }

    static ArrayList generatePartyRoles(String str) {
        logFine(CLASSNAME, "generatePartyRoles(String schema)", LoggerConstants.LEVEL_ENTRY_NAME);
        logFine(CLASSNAME, "generatePartyRoles(String schema)", "Not using the cached party roles");
        Connection connection = ConnectionHelper.getConnection();
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                preparedStatement = connection.prepareStatement("select * from " + SCHEMA_NAME + ".rat_party_roles");
                resultSet = preparedStatement.executeQuery();
                ArrayList arrayList = new ArrayList();
                while (resultSet.next()) {
                    StringBuilder sb = new StringBuilder("");
                    sb.append(resultSet.getString("userid").trim() + "#" + resultSet.getString("resource_group").trim() + "#" + resultSet.getString("role").trim());
                    arrayList.add(sb);
                }
                preparedStatement.close();
                logFine(CLASSNAME, "generatePartyRoles(String schema)", "Party roles = " + arrayList);
                logFine(CLASSNAME, "generatePartyRoles(String schema)", LoggerConstants.LEVEL_EXIT_NAME);
                closeResources(resultSet, preparedStatement, connection);
                return arrayList;
            } catch (SQLException e) {
                FFDCFilter.processException(e, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.generatePartyRoles", "781");
                logFine(CLASSNAME, "generatePartyRoles(String schema)", e.getMessage());
                closeResources(resultSet, preparedStatement, connection);
                logFine(CLASSNAME, "generatePartyRoles(String schema)", LoggerConstants.LEVEL_EXIT_NAME);
                return new ArrayList();
            }
        } catch (Throwable th) {
            closeResources(resultSet, preparedStatement, connection);
            throw th;
        }
    }

    private static String getResourceGroup(String str, String str2) {
        logFine(CLASSNAME, "getResourceGroup(String resource, String schema)", LoggerConstants.LEVEL_ENTRY_NAME);
        Connection connection = ConnectionHelper.getConnection();
        logFine(CLASSNAME, "getResourceGroup(String resource, String schema)", "resource =" + str);
        try {
            try {
                PreparedStatement prepareStatement = connection.prepareStatement("select resource_group from " + SCHEMA_NAME + ".rat_auth_domain where resource1 = '" + str + "'");
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (!executeQuery.next()) {
                    closeResources(executeQuery, prepareStatement, connection);
                    return null;
                }
                String string = executeQuery.getString("resource_group");
                if (executeQuery.wasNull()) {
                    logFine(CLASSNAME, "getResourceGroup(String resource, String schema)", " A NULL resource group was returned");
                    prepareStatement.close();
                    logFine(CLASSNAME, "getResourceGroup(String resource, String schema)", LoggerConstants.LEVEL_EXIT_NAME);
                    closeResources(executeQuery, prepareStatement, connection);
                    return null;
                }
                prepareStatement.close();
                logFine(CLASSNAME, "getResourceGroup(String resource, String schema)", "resource group =  " + string);
                logFine(CLASSNAME, "getResourceGroup(String resource, String schema)", LoggerConstants.LEVEL_EXIT_NAME);
                closeResources(executeQuery, prepareStatement, connection);
                return string;
            } catch (SQLException e) {
                FFDCFilter.processException(e, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.getResourceGroup", "832");
                logFine(CLASSNAME, "getResourceGroup(String resource, String schema)", e.getMessage());
                logFine(CLASSNAME, "getResourceGroup(String resource, String schema)", e.getSQLState());
                logFine(CLASSNAME, "getResourceGroup(String resource, String schema)", "SQL Error Code = " + e.getErrorCode());
                logFine(CLASSNAME, "getResourceGroup(String resource, String schema)", LoggerConstants.LEVEL_EXIT_NAME);
                closeResources(null, null, connection);
                logFine(CLASSNAME, "getResourceGroup(String resource, String schema)", LoggerConstants.LEVEL_EXIT_NAME);
                return null;
            }
        } catch (Throwable th) {
            closeResources(null, null, connection);
            throw th;
        }
    }

    static String getParent(String str) {
        logFine(CLASSNAME, "getParent(String resourceGroup)", LoggerConstants.LEVEL_ENTRY_NAME);
        Connection connection = ConnectionHelper.getConnection();
        try {
            try {
                PreparedStatement prepareStatement = connection.prepareStatement("select PARENT_ID from " + SCHEMA_NAME + ".rat_resource_groups where ID = '" + str + "'");
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (!executeQuery.next()) {
                    closeResources(executeQuery, prepareStatement, connection);
                    return null;
                }
                String string = executeQuery.getString("PARENT_ID");
                if (!executeQuery.wasNull()) {
                    prepareStatement.close();
                    logFine(CLASSNAME, "getParent(String resourceGroup)", LoggerConstants.LEVEL_EXIT_NAME);
                    closeResources(executeQuery, prepareStatement, connection);
                    return string;
                }
                logFine(CLASSNAME, "getParent(String resourceGroup)", "returning NULL as rs.wasNull()=true");
                prepareStatement.close();
                logFine(CLASSNAME, "getParent(String resourceGroup)", LoggerConstants.LEVEL_EXIT_NAME);
                closeResources(executeQuery, prepareStatement, connection);
                return null;
            } catch (SQLException e) {
                FFDCFilter.processException(e, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.getParent", "878");
                logFine(CLASSNAME, "getParent(String resourceGroup)", "Exception! " + e.getMessage());
                closeResources(null, null, connection);
                logFine(CLASSNAME, "getParent(String resourceGroup)", LoggerConstants.LEVEL_EXIT_NAME);
                return null;
            }
        } catch (Throwable th) {
            closeResources(null, null, connection);
            throw th;
        }
    }

    static List getParentResourceGroups(String str) {
        logFine(CLASSNAME, "getParentResourceGroups(String resourceGroup)", LoggerConstants.LEVEL_ENTRY_NAME);
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(str);
            boolean z = false;
            do {
                String parent = getParent(str);
                if (parent != null) {
                    arrayList.add(parent);
                    str = parent;
                }
                if (parent == null || parent.equals("root")) {
                    z = true;
                }
            } while (!z);
            logFine(CLASSNAME, "getParentResourceGroups(String resourceGroup) ", "ResourceGroup Hierarchy = " + arrayList);
            logFine(CLASSNAME, "getParentResourceGroups(String resourceGroup)", LoggerConstants.LEVEL_EXIT_NAME);
            return arrayList;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.getParentResourceGroups", "911");
            logFine(CLASSNAME, "getParentResourceGroups(String resourceGroup)", e.getLocalizedMessage());
            logFine(CLASSNAME, "getParentResourceGroups(String resourceGroup)", "Exit with null");
            return null;
        }
    }

    public static Role getRoleDefinition(String str) {
        return t.getRoleDefinition(str);
    }

    public static boolean isUserInResourceGroup(String str) {
        logFine(CLASSNAME, "isUserInResourceGroup(String userDN)", LoggerConstants.LEVEL_ENTRY_NAME);
        logFine(CLASSNAME, "isUserInResourceGroup(String userDN)", "userDN  = " + str);
        if (str == null) {
            logFine(CLASSNAME, "isUserInResourceGroup(String userDN)", LoggerConstants.LEVEL_EXIT_NAME);
            logFine(CLASSNAME, "isUserInResourceGroup(String userDN)", "returning FALSE as userDN was NULL");
            return false;
        }
        if (str.length() == 0) {
            logFine(CLASSNAME, "isUserInResourceGroup(String userDN)", LoggerConstants.LEVEL_EXIT_NAME);
            logFine(CLASSNAME, "isUserInResourceGroup(String userDN)", "returning FALSE as userDN was of zero length");
            return false;
        }
        Connection connection = ConnectionHelper.getConnection();
        try {
            try {
                PreparedStatement prepareStatement = connection.prepareStatement("select * from " + SCHEMA_NAME + ".rat_party_roles where USERID = '" + str + "' and resource_group = 'root' ");
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    logFine(CLASSNAME, "isUserInResourceGroup(String userDN)", LoggerConstants.LEVEL_EXIT_NAME);
                    logFine(CLASSNAME, "isUserInResourceGroup(String userDN)", "returning TRUE");
                    closeResources(executeQuery, prepareStatement, connection);
                    return true;
                }
                logFine(CLASSNAME, "isUserInResourceGroup(String userDN)", LoggerConstants.LEVEL_EXIT_NAME);
                logFine(CLASSNAME, "isUserInResourceGroup(String userDN)", "returning FALSE");
                closeResources(executeQuery, prepareStatement, connection);
                return false;
            } catch (SQLException e) {
                FFDCFilter.processException(e, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.isUserInResourceGroup", "897");
                logFine(CLASSNAME, "isUserInResourceGroup(String userDN)", "Exception! " + e.getMessage());
                logFine(CLASSNAME, "isUserInResourceGroup(String userDN)", "SQL State = " + e.getSQLState());
                logFine(CLASSNAME, "isUserInResourceGroup(String userDN)", "SQL Error code = " + e.getErrorCode());
                logFine(CLASSNAME, "isUserInResourceGroup(String userDN)", "SQL Error Cause  = " + e.getCause());
                closeResources(null, null, connection);
                return false;
            }
        } catch (Throwable th) {
            closeResources(null, null, connection);
            throw th;
        }
    }

    private static void logWarning(String str) {
        if (logger.isLoggable(WsLevel.WARNING)) {
            logger.warning(str);
        }
    }

    private static void logSevere(String str) {
        if (logger.isLoggable(WsLevel.SEVERE)) {
            logger.severe(str);
        }
    }

    private static void logFine(String str, String str2, String str3) {
        if (logger.isLoggable(WsLevel.FINE)) {
            logger.logp(WsLevel.FINE, str, str2, str3);
        }
    }

    private static void logFiner(String str, String str2, String str3) {
        if (logger.isLoggable(WsLevel.FINER)) {
            logger.logp(WsLevel.FINER, str, str2, str3);
        }
    }

    static void closeResources(ResultSet resultSet, Statement statement, Connection connection) {
        logFine(CLASSNAME, "closeResources", LoggerConstants.LEVEL_ENTRY_NAME);
        if (resultSet != null) {
            try {
                resultSet.close();
            } catch (SQLException e) {
                FFDCFilter.processException(e, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.closeResources", "952");
                logFine(CLASSNAME, "closeResources", "Exception in closing ResultSet");
            }
        }
        logFine(CLASSNAME, "closeResources", "Closed ResultSet");
        if (statement != null) {
            try {
                statement.close();
            } catch (SQLException e2) {
                FFDCFilter.processException(e2, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.closeResources", "961");
                logFine(CLASSNAME, "closeResources", "Exception in closing Statement");
            }
        }
        logFine(CLASSNAME, "closeResources", "Closed Statement");
        if (connection != null) {
            try {
                connection.close();
            } catch (SQLException e3) {
                FFDCFilter.processException(e3, "com.ibm.wbimonitor.rest.security.accesscontrol.AuthorizationService.closeResources", "970");
                logFine(CLASSNAME, "closeResources", "Exception in closing Connection");
            }
        }
        logFine(CLASSNAME, "closeResources", "Closed Connection");
        logFine(CLASSNAME, "closeResources", LoggerConstants.LEVEL_EXIT_NAME);
    }

    private static String safeDecode(String str) {
        if (str != null) {
            try {
                str = URLDecoder.decode(str, "UTF-8");
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.wbimonitor.rest.web.URIRouterServlet.safeDecode", "806");
            }
        }
        return str;
    }
}
