package com.bea.security.providers.xacml.store;

import com.bea.common.security.store.data.WLSPolicyCollectionInfo;
import com.bea.common.security.store.data.WLSPolicyCollectionInfoId;
import com.bea.common.security.store.data.XACMLAuthorizationPolicy;
import com.bea.common.security.store.data.XACMLAuthorizationPolicyId;
import com.bea.common.security.store.data.XACMLEntry;
import com.bea.common.security.store.data.XACMLEntryId;
import com.bea.common.security.utils.HashCodeUtil;
import com.bea.common.security.xacml.DocumentParseException;
import com.bea.common.security.xacml.URISyntaxException;
import com.bea.common.security.xacml.attr.AttributeRegistry;
import com.bea.common.security.xacml.policy.AbstractPolicy;
import com.bea.common.security.xacml.policy.Policy;
import com.bea.common.store.bootstrap.internal.DefaultBootStrapPersistenceImpl;
import com.bea.common.store.service.RemoteCommitEvent;
import com.bea.common.store.service.RemoteCommitListener;
import com.bea.security.providers.xacml.BasicEvaluationCtx;
import com.bea.security.providers.xacml.store.BasePolicyStore;
import com.bea.security.xacml.EvaluationCtx;
import com.bea.security.xacml.IOException;
import com.bea.security.xacml.PolicyStoreException;
import com.bea.security.xacml.cache.resource.MultipleResourceTargetException;
import com.bea.security.xacml.cache.resource.ResourceMatchUtil;
import com.bea.security.xacml.store.Record;
import com.bea.security.xacml.target.KnownMatch;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.jdo.PersistenceManager;
import javax.jdo.Query;
import weblogic.security.spi.Resource;
import weblogic.utils.collections.ConcurrentHashMap;
import weblogic.utils.collections.ConcurrentHashSet;
import weblogic.utils.collections.SecondChanceCacheMap;

/* loaded from: input_file:com/bea/security/providers/xacml/store/AuthorizationPolicyStore.class */
public class AuthorizationPolicyStore extends BasePolicyStore implements ApplicableAuthorizationPolicyFinder {
    private static final String HEADER = "AuthorizationPolicyStore: ";
    private static final String WLS_POLICY_INFO = "WLSPolicyInfo";
    private static final String PCI_KEY = "PolicyCollectionInfo#";
    private static final int PCI_KEY_LEN = "PolicyCollectionInfo#".length();
    private final SecondChanceCacheMap authorizationCache;
    private final Map<String, Set<BasePolicyStore.Entry>> activeAuthorizationEntries;
    private final Map<String, BasePolicyStore.Entry> entitlementAuthorizationEntries;
    private final ResourceMatchUtil rmu;
    private boolean disableLazyLoadPolicies;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/bea/security/providers/xacml/store/AuthorizationPolicyStore$AuthorizationCacheEntry.class */
    public static class AuthorizationCacheEntry {
        private Set<Record> authorizationPolicy;

        public AuthorizationCacheEntry(Set<Record> set) {
            this.authorizationPolicy = set;
        }

        public Set<Record> getAuthorizationPolicy() {
            return this.authorizationPolicy;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/bea/security/providers/xacml/store/AuthorizationPolicyStore$ResourceEntry.class */
    public class ResourceEntry extends BasePolicyStore.Entry {
        private String resource;

        public ResourceEntry(XACMLEntryId xACMLEntryId, AbstractPolicy abstractPolicy, int i, String str) {
            super(xACMLEntryId, abstractPolicy, i);
            this.resource = str;
        }

        public ResourceEntry(XACMLEntry xACMLEntry, String str) throws URISyntaxException {
            super(xACMLEntry, false);
            this.resource = str;
        }

        public ResourceEntry(XACMLEntry xACMLEntry, String str, boolean z) throws URISyntaxException {
            super(xACMLEntry, z);
            this.resource = str;
        }

        public String getResource() {
            return this.resource;
        }

        @Override // com.bea.security.providers.xacml.store.BasePolicyStore.Entry
        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!super.equals(obj) || !(obj instanceof ResourceEntry)) {
                return false;
            }
            ResourceEntry resourceEntry = (ResourceEntry) obj;
            return this.resource == resourceEntry.resource || (this.resource != null && this.resource.equals(resourceEntry.resource));
        }

        @Override // com.bea.security.providers.xacml.store.BasePolicyStore.Entry
        public int hashCode() {
            int hashCode = super.hashCode();
            HashCodeUtil.hash(hashCode, this.resource);
            return hashCode;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.bea.security.providers.xacml.store.BasePolicyStore.Entry
        public void update(AbstractPolicy abstractPolicy, int i, String str, String str2) {
            boolean isDebugEnabled = AuthorizationPolicyStore.this.log.isDebugEnabled();
            if (isDebugEnabled) {
                AuthorizationPolicyStore.this.log.debug("Entering AuthorizationPolicyStore::update()");
            }
            int status = getStatus();
            super.update(abstractPolicy, i, str, str2);
            boolean z = (str == null || this.resource == str || str.equals(this.resource)) ? false : true;
            boolean z2 = status != i || z;
            boolean z3 = status == 0 && z2;
            boolean z4 = i == 0 && z2;
            synchronized (AuthorizationPolicyStore.this.allEntries) {
                if (z3) {
                    Collection collection = (Collection) AuthorizationPolicyStore.this.activeAuthorizationEntries.get(this.resource);
                    if (collection != null && collection.remove(this) && collection.isEmpty()) {
                        AuthorizationPolicyStore.this.activeAuthorizationEntries.remove(this.resource);
                    }
                }
                if (z4) {
                    Set set = (Set) AuthorizationPolicyStore.this.activeAuthorizationEntries.get(str);
                    if (set == null) {
                        set = new ConcurrentHashSet();
                        AuthorizationPolicyStore.this.activeAuthorizationEntries.put(str, set);
                    }
                    set.add(this);
                }
                if (z) {
                    this.resource = str;
                }
            }
            if (isDebugEnabled) {
                AuthorizationPolicyStore.this.log.debug("Refreshing cache");
            }
            AuthorizationPolicyStore.this.authorizationCache.clear();
            if (isDebugEnabled) {
                AuthorizationPolicyStore.this.log.debug("Exiting AuthorizationPolicyStore::update()");
            }
        }

        @Override // com.bea.security.providers.xacml.store.BasePolicyStore.Entry
        protected byte[] loadXACMLEntryData() throws PolicyStoreException {
            if (getID() == null || getID().getCn() == null) {
                return null;
            }
            boolean isDebugEnabled = AuthorizationPolicyStore.this.log.isDebugEnabled();
            if (isDebugEnabled) {
                AuthorizationPolicyStore.this.log.debug("AuthorizationPolicyStore: Entering AuthorizationPolicyStore.loadXACMLEntryData()");
            }
            Class policyObjectClass = AuthorizationPolicyStore.this.getPolicyObjectClass();
            PersistenceManager persistenceManager = AuthorizationPolicyStore.this.storeService.getPersistenceManager();
            Query query = null;
            try {
                query = persistenceManager.newQuery(policyObjectClass, "this.domainName == domainName && this.realmName == realmName && this.cn == id");
                query.declareParameters("String domainName, String realmName, String id");
                Collection collection = (Collection) query.execute(AuthorizationPolicyStore.this.domainName, AuthorizationPolicyStore.this.realmName, getID().getCn());
                if (collection == null || collection.isEmpty()) {
                    if (query != null) {
                        query.closeAll();
                    }
                    persistenceManager.close();
                    return null;
                }
                XACMLAuthorizationPolicy xACMLAuthorizationPolicy = (XACMLAuthorizationPolicy) collection.iterator().next();
                if (isDebugEnabled) {
                    AuthorizationPolicyStore.this.log.debug("AuthorizationPolicyStore: Found policy" + xACMLAuthorizationPolicy);
                }
                byte[] xacmlDocument = xACMLAuthorizationPolicy.getXacmlDocument();
                if (query != null) {
                    query.closeAll();
                }
                persistenceManager.close();
                return xacmlDocument;
            } catch (Throwable th) {
                if (query != null) {
                    query.closeAll();
                }
                persistenceManager.close();
                throw th;
            }
        }
    }

    public AuthorizationPolicyStore(PolicyStoreConfigInfo policyStoreConfigInfo, AttributeRegistry attributeRegistry) throws URISyntaxException {
        super(policyStoreConfigInfo, attributeRegistry);
        this.disableLazyLoadPolicies = Boolean.getBoolean("weblogic.security.disableLazyLoadPolicies");
        this.authorizationCache = new SecondChanceCacheMap(cacheCapacity);
        this.activeAuthorizationEntries = new ConcurrentHashMap();
        this.entitlementAuthorizationEntries = new ConcurrentHashMap();
        this.rmu = new ResourceMatchUtil();
    }

    @Override // com.bea.security.providers.xacml.store.BasePolicyStore
    public void init() throws PolicyStoreException, DocumentParseException, URISyntaxException {
        if (this.log.isDebugEnabled()) {
            this.log.debug("AuthorizationPolicyStore: Loading Bootstrap template");
        }
        this.bootstrapService.loadLDIFXACMLAuthorizerTemplate(this.log, this.storeService, new XACMLEntryConverter(this.domainName, this.realmName), this.domainName, this.realmName);
        this.bootstrapService.updateXACMLAuthorizerPolicies(this.log, new GlobalPolicyUpdateImpl(this, this.log), new DefaultBootStrapPersistenceImpl(this.storeService), this.domainName, this.realmName);
        super.init();
    }

    @Override // com.bea.security.providers.xacml.store.BasePolicyStore
    protected Class getPolicyObjectClass() throws PolicyStoreException {
        try {
            return Class.forName("com.bea.common.security.store.data.XACMLAuthorizationPolicy");
        } catch (ClassNotFoundException e) {
            throw new PolicyStoreException(e);
        }
    }

    @Override // com.bea.security.providers.xacml.store.BasePolicyStore
    protected XACMLEntryId newPolicyObjectId(String str, String str2, String str3) {
        return new XACMLAuthorizationPolicyId(this.domainName, this.realmName, str, str2, str3);
    }

    @Override // com.bea.security.providers.xacml.store.BasePolicyStore
    protected XACMLEntry newPolicyObject(String str, String str2, String str3) {
        return new XACMLAuthorizationPolicy(this.domainName, this.realmName, str, str2, str3, null, null);
    }

    @Override // com.bea.security.providers.xacml.store.BasePolicyStore
    protected XACMLEntryId getPolicyObjectId(XACMLEntry xACMLEntry) {
        XACMLAuthorizationPolicy xACMLAuthorizationPolicy = (XACMLAuthorizationPolicy) xACMLEntry;
        return newPolicyObjectId(xACMLAuthorizationPolicy.getTypeName(), xACMLAuthorizationPolicy.getCn(), xACMLAuthorizationPolicy.getXacmlVersion());
    }

    @Override // com.bea.security.providers.xacml.store.BasePolicyStore
    protected String getMetaDataElementName() {
        return WLS_POLICY_INFO;
    }

    @Override // com.bea.security.providers.xacml.store.BasePolicyStore
    protected void addXacmlScope(XACMLEntry xACMLEntry, int i, AbstractPolicy abstractPolicy) {
        XACMLAuthorizationPolicy xACMLAuthorizationPolicy = (XACMLAuthorizationPolicy) xACMLEntry;
        boolean isDebugEnabled = this.log.isDebugEnabled();
        String str = "";
        if (i == 3) {
            str = this.converter.getResourceId(abstractPolicy.getId().toString());
        } else {
            try {
                str = this.rmu.getTargetResource(abstractPolicy.getTarget());
            } catch (MultipleResourceTargetException e) {
                if (isDebugEnabled) {
                    this.log.debug("Unable to generate xacmlResourceScope for " + (abstractPolicy instanceof Policy ? "Policy" : "PolicySet") + ": " + abstractPolicy.getId() + " Version: " + abstractPolicy.getVersion());
                }
            }
        }
        if (str == null || "".equals(str)) {
            return;
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("Using xacmlResourceScope: " + str);
        }
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(str);
        xACMLAuthorizationPolicy.setXacmlResourceScope(arrayList);
    }

    @Override // com.bea.security.providers.xacml.store.BasePolicyStore
    protected void modifyXacmlScope(XACMLEntry xACMLEntry, int i, AbstractPolicy abstractPolicy) {
        XACMLAuthorizationPolicy xACMLAuthorizationPolicy = (XACMLAuthorizationPolicy) xACMLEntry;
        boolean isDebugEnabled = this.log.isDebugEnabled();
        if (i == 0) {
            String str = null;
            try {
                str = this.rmu.getTargetResource(abstractPolicy.getTarget());
            } catch (MultipleResourceTargetException e) {
                if (isDebugEnabled) {
                    this.log.debug("Unable to generate xacmlResourceScope for " + (abstractPolicy instanceof Policy ? "Policy" : "PolicySet") + ": " + abstractPolicy.getId() + " Version: " + abstractPolicy.getVersion());
                }
            }
            if (str == null || "".equals(str)) {
                return;
            }
            if (isDebugEnabled) {
                this.log.debug("Using xacmlResourceScope: " + str);
            }
            ArrayList arrayList = new ArrayList(1);
            arrayList.add(str);
            xACMLAuthorizationPolicy.setXacmlResourceScope(arrayList);
        }
    }

    @Override // com.bea.security.providers.xacml.store.BasePolicyStore
    protected void load() throws PolicyStoreException, DocumentParseException, URISyntaxException {
        boolean isDebugEnabled = this.log.isDebugEnabled();
        if (isDebugEnabled) {
            this.log.debug("AuthorizationPolicyStore: Entering AuthorizationPolicyStore.load()");
        }
        Class policyObjectClass = getPolicyObjectClass();
        PersistenceManager persistenceManager = this.storeService.getPersistenceManager();
        Query query = null;
        try {
            query = persistenceManager.newQuery(policyObjectClass, "this.domainName == domainName && this.realmName == realmName && this.xacmlStatus == xacmlStatus");
            query.declareParameters("String domainName, String realmName, String xacmlStatus");
            Collection<XACMLAuthorizationPolicy> collection = (Collection) query.execute(this.domainName, this.realmName, new Integer(0).toString());
            if (isDebugEnabled) {
                this.log.debug("AuthorizationPolicyStore: Found " + collection.size() + " general authorization policies or policy sets");
            }
            for (XACMLAuthorizationPolicy xACMLAuthorizationPolicy : collection) {
                String str = "";
                Collection<String> xacmlResourceScope = xACMLAuthorizationPolicy.getXacmlResourceScope();
                if (xacmlResourceScope != null && xacmlResourceScope.size() > 0) {
                    str = xacmlResourceScope.iterator().next();
                }
                Set<BasePolicyStore.Entry> set = this.activeAuthorizationEntries.get(str);
                if (set == null) {
                    set = new ConcurrentHashSet();
                    this.activeAuthorizationEntries.put(str, set);
                }
                ResourceEntry resourceEntry = new ResourceEntry(xACMLAuthorizationPolicy, str);
                set.add(resourceEntry);
                this.allEntries.put(resourceEntry.getID(), resourceEntry);
            }
            Collection collection2 = (Collection) query.execute(this.domainName, this.realmName, new Integer(1).toString());
            if (isDebugEnabled) {
                this.log.debug("AuthorizationPolicyStore: Found " + collection2.size() + " general 'if referenced' authorization policies or policy sets");
            }
            Iterator it = collection2.iterator();
            while (it.hasNext()) {
                ResourceEntry resourceEntry2 = new ResourceEntry((XACMLAuthorizationPolicy) it.next(), null);
                this.allEntries.put(resourceEntry2.getID(), resourceEntry2);
            }
            Collection<XACMLAuthorizationPolicy> collection3 = (Collection) query.execute(this.domainName, this.realmName, new Integer(3).toString());
            if (isDebugEnabled) {
                this.log.debug("AuthorizationPolicyStore: Found " + collection3.size() + " entitlement authorization policies");
            }
            for (XACMLAuthorizationPolicy xACMLAuthorizationPolicy2 : collection3) {
                String str2 = "";
                Collection<String> xacmlResourceScope2 = xACMLAuthorizationPolicy2.getXacmlResourceScope();
                if (xacmlResourceScope2 != null && xacmlResourceScope2.size() > 0) {
                    str2 = xacmlResourceScope2.iterator().next();
                }
                ResourceEntry resourceEntry3 = new ResourceEntry(xACMLAuthorizationPolicy2, str2, !this.disableLazyLoadPolicies);
                this.entitlementAuthorizationEntries.put(str2, resourceEntry3);
                this.allEntries.put(resourceEntry3.getID(), resourceEntry3);
            }
            if (query != null) {
                query.closeAll();
            }
            persistenceManager.close();
            if (isDebugEnabled) {
                this.log.debug("AuthorizationPolicyStore: Exiting AuthorizationPolicyStore.load()");
            }
        } catch (Throwable th) {
            if (query != null) {
                query.closeAll();
            }
            persistenceManager.close();
            throw th;
        }
    }

    private AuthorizationCacheEntry retrieveAuthorizationEntry(Resource resource) throws DocumentParseException, IOException, URISyntaxException {
        AuthorizationCacheEntry authorizationCacheEntry = (AuthorizationCacheEntry) this.authorizationCache.get(resource);
        if (authorizationCacheEntry == null) {
            authorizationCacheEntry = new AuthorizationCacheEntry(loadAuthorizationPolicyForResource(resource));
            this.authorizationCache.put(resource, authorizationCacheEntry);
        }
        return authorizationCacheEntry;
    }

    @Override // com.bea.security.providers.xacml.store.ApplicableAuthorizationPolicyFinder
    public Set<Record> findAuthorizationPolicy(EvaluationCtx evaluationCtx) throws DocumentParseException, IOException, URISyntaxException {
        AuthorizationCacheEntry retrieveAuthorizationEntry;
        if (!(evaluationCtx instanceof BasicEvaluationCtx) || (retrieveAuthorizationEntry = retrieveAuthorizationEntry(((BasicEvaluationCtx) evaluationCtx).getResource())) == null) {
            return null;
        }
        return retrieveAuthorizationEntry.getAuthorizationPolicy();
    }

    private Set<Record> loadAuthorizationPolicyForResource(Resource resource) throws DocumentParseException, IOException, URISyntaxException {
        BasePolicyStore.Entry entry;
        Collection<KnownMatch> calculateKnownMatch = calculateKnownMatch(resource);
        HashSet hashSet = new HashSet();
        Resource resource2 = resource;
        boolean z = true;
        while (true) {
            String resource3 = resource2 != null ? resource2.toString() : "";
            Set<BasePolicyStore.Entry> set = this.activeAuthorizationEntries.get(resource3);
            if (set != null) {
                Iterator<BasePolicyStore.Entry> it = set.iterator();
                while (it.hasNext()) {
                    hashSet.add(generateRecord(it.next(), calculateKnownMatch));
                }
            }
            if (z && (entry = this.entitlementAuthorizationEntries.get(resource3)) != null) {
                hashSet.add(generateRecord(entry, calculateKnownMatch));
                z = false;
            }
            if (resource2 == null) {
                break;
            }
            resource2 = resource2.getParentResource();
        }
        if (hashSet.isEmpty()) {
            return null;
        }
        return hashSet;
    }

    @Override // com.bea.security.providers.xacml.store.BasePolicyStore
    protected void entryAdded(XACMLEntryId xACMLEntryId, AbstractPolicy abstractPolicy, int i, String str, String str2) {
        boolean isDebugEnabled = this.log.isDebugEnabled();
        if (isDebugEnabled) {
            this.log.debug("Entering AuthorizationPolicyStore::entryAdded(" + xACMLEntryId + ", " + i + ")");
        }
        ResourceEntry resourceEntry = new ResourceEntry(xACMLEntryId, abstractPolicy, i, str);
        synchronized (this.allEntries) {
            switch (i) {
                case 0:
                    Set<BasePolicyStore.Entry> set = this.activeAuthorizationEntries.get(str);
                    if (set == null) {
                        set = new ConcurrentHashSet();
                        this.activeAuthorizationEntries.put(str, set);
                    }
                    set.add(resourceEntry);
                    this.allEntries.put(xACMLEntryId, resourceEntry);
                    break;
                case 1:
                    this.allEntries.put(xACMLEntryId, resourceEntry);
                    break;
                case 3:
                    this.entitlementAuthorizationEntries.put(str, resourceEntry);
                    this.allEntries.put(xACMLEntryId, resourceEntry);
                    break;
            }
        }
        if (isDebugEnabled) {
            this.log.debug("Refreshing cache");
        }
        this.authorizationCache.clear();
        if (isDebugEnabled) {
            this.log.debug("Exiting AuthorizationPolicyStore::entryAdded()");
        }
    }

    @Override // com.bea.security.providers.xacml.store.BasePolicyStore
    protected void entryRemoved(BasePolicyStore.Entry entry) {
        boolean isDebugEnabled = this.log.isDebugEnabled();
        if (isDebugEnabled) {
            this.log.debug("Entering AuthorizationPolicyStore::entryRemoved(" + entry.getID() + ")");
        }
        synchronized (this.allEntries) {
            this.allEntries.remove(entry.getID());
            switch (entry.getStatus()) {
                case 0:
                    String resource = entry instanceof ResourceEntry ? ((ResourceEntry) entry).getResource() : "";
                    Set<BasePolicyStore.Entry> set = this.activeAuthorizationEntries.get(resource);
                    if (set != null && set.remove(entry) && set.isEmpty()) {
                        this.activeAuthorizationEntries.remove(resource);
                        break;
                    }
                    break;
                case 3:
                    this.entitlementAuthorizationEntries.remove(entry instanceof ResourceEntry ? ((ResourceEntry) entry).getResource() : "");
                    break;
            }
        }
        if (isDebugEnabled) {
            this.log.debug("Refreshing cache");
        }
        this.authorizationCache.clear();
        if (isDebugEnabled) {
            this.log.debug("Exiting AuthorizationPolicyStore::entryRemoved()");
        }
    }

    @Override // com.bea.security.providers.xacml.store.BasePolicyStore
    protected RemoteCommitListener getChangeListener() {
        return new RemoteCommitListener() { // from class: com.bea.security.providers.xacml.store.AuthorizationPolicyStore.1
            @Override // com.bea.common.store.service.RemoteCommitListener
            public void afterCommit(RemoteCommitEvent remoteCommitEvent) {
                try {
                    Collection addedObjectIds = remoteCommitEvent.getAddedObjectIds();
                    if (addedObjectIds != null && addedObjectIds.size() > 0) {
                        AuthorizationPolicyStore.this.changeAdd(addedObjectIds);
                    }
                    Collection deletedObjectIds = remoteCommitEvent.getDeletedObjectIds();
                    if (deletedObjectIds != null && deletedObjectIds.size() > 0) {
                        AuthorizationPolicyStore.this.changeDelete(deletedObjectIds);
                    }
                    Collection updatedObjectIds = remoteCommitEvent.getUpdatedObjectIds();
                    if (updatedObjectIds != null && updatedObjectIds.size() > 0) {
                        AuthorizationPolicyStore.this.changeUpdate(updatedObjectIds);
                    }
                } catch (Exception e) {
                    if (AuthorizationPolicyStore.this.log.isDebugEnabled()) {
                        AuthorizationPolicyStore.this.log.debug("Failed to honor change notification", e);
                    }
                }
                AuthorizationPolicyStore.this.authorizationCache.clear();
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:24:0x00dd. Please report as an issue. */
    public void changeAdd(Collection collection) throws URISyntaxException {
        if (this.log.isDebugEnabled()) {
            this.log.debug("AuthorizationPolicyStore: Entering changeAdd(" + collection.size() + ")");
        }
        PersistenceManager persistenceManager = this.storeService.getPersistenceManager();
        try {
            for (Object obj : collection) {
                if (obj instanceof XACMLAuthorizationPolicyId) {
                    if (!isPreEssexGlobalPolicy(obj)) {
                        XACMLAuthorizationPolicy xACMLAuthorizationPolicy = (XACMLAuthorizationPolicy) ((XACMLAuthorizationPolicyId) obj).getObject(persistenceManager);
                        int parseInt = Integer.parseInt(xACMLAuthorizationPolicy.getXacmlStatus());
                        String str = "";
                        Collection<String> xacmlResourceScope = xACMLAuthorizationPolicy.getXacmlResourceScope();
                        if (xacmlResourceScope != null && xacmlResourceScope.size() > 0) {
                            str = xacmlResourceScope.iterator().next();
                        }
                        ResourceEntry resourceEntry = new ResourceEntry(xACMLAuthorizationPolicy, str);
                        synchronized (this.allEntries) {
                            switch (parseInt) {
                                case 0:
                                    Set<BasePolicyStore.Entry> set = this.activeAuthorizationEntries.get(str);
                                    if (set == null) {
                                        set = new HashSet();
                                        this.activeAuthorizationEntries.put(str, set);
                                    }
                                    set.add(resourceEntry);
                                    this.allEntries.put(obj, resourceEntry);
                                    break;
                                case 1:
                                    this.allEntries.put(obj, resourceEntry);
                                    break;
                                case 3:
                                    this.entitlementAuthorizationEntries.put(str, resourceEntry);
                                    this.allEntries.put(obj, resourceEntry);
                                    break;
                            }
                        }
                    } else if (this.log.isDebugEnabled()) {
                        this.log.debug("AuthorizationPolicyStore: Skip pre-essex style global policy add remote commit message");
                    }
                }
            }
        } finally {
            persistenceManager.close();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void changeDelete(Collection collection) {
        if (this.log.isDebugEnabled()) {
            this.log.debug("AuthorizationPolicyStore: Entering changeDelete(" + collection.size() + ")");
        }
        for (Object obj : collection) {
            if (obj instanceof XACMLAuthorizationPolicyId) {
                if (!isPreEssexGlobalPolicy(obj)) {
                    BasePolicyStore.Entry remove = this.allEntries.remove(obj);
                    if (remove != null) {
                        switch (remove.getStatus()) {
                            case 0:
                                String resource = remove instanceof ResourceEntry ? ((ResourceEntry) remove).getResource() : "";
                                Set<BasePolicyStore.Entry> set = this.activeAuthorizationEntries.get(resource);
                                boolean z = false;
                                if (set != null) {
                                    z = set.remove(remove);
                                    if (z && set.isEmpty()) {
                                        this.activeAuthorizationEntries.remove(resource);
                                    }
                                }
                                if (this.log.isDebugEnabled()) {
                                    this.log.debug("Active entry " + (z ? "removed" : "not removed") + " from cache");
                                    break;
                                } else {
                                    break;
                                }
                                break;
                            case 3:
                                this.entitlementAuthorizationEntries.remove(remove instanceof ResourceEntry ? ((ResourceEntry) remove).getResource() : "");
                                break;
                        }
                    }
                } else if (this.log.isDebugEnabled()) {
                    this.log.debug("AuthorizationPolicyStore: Skip pre-essex style global policy add remote commit message");
                }
            }
        }
    }

    @Override // com.bea.security.providers.xacml.store.BasePolicyStore
    protected boolean isPreEssexGlobalPolicy(Object obj) {
        String xACMLAuthorizationPolicyId = ((XACMLAuthorizationPolicyId) obj).toString();
        String substring = xACMLAuthorizationPolicyId.substring(0, xACMLAuthorizationPolicyId.indexOf(44));
        if (this.log.isDebugEnabled()) {
            this.log.debug("AuthorizationPolicyStore: isPreEssexGlobalPolicy: shortId=" + substring + ", longId=" + xACMLAuthorizationPolicyId);
        }
        return substring.startsWith("cn=urn:bea:xacml:2.0:entitlement:") && substring.endsWith(":top");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void changeUpdate(Collection collection) throws URISyntaxException {
        if (this.log.isDebugEnabled()) {
            this.log.debug("Entering changeUpdate(" + collection.size() + ")");
        }
        changeDelete(collection);
        changeAdd(collection);
    }

    @Override // com.bea.security.providers.xacml.store.MetaDataPolicyStore
    public void setMetaDataEntry(String str, String str2) throws PolicyStoreException {
        String metaDataKeyName = getMetaDataKeyName(str);
        if (this.log.isDebugEnabled()) {
            this.log.debug("AuthorizationPolicyStore: setMetaDataEntry(" + metaDataKeyName + ")");
        }
        PersistenceManager persistenceManager = this.storeService.getPersistenceManager();
        try {
            try {
                persistenceManager.currentTransaction().begin();
                try {
                    WLSPolicyCollectionInfo wLSPolicyCollectionInfo = (WLSPolicyCollectionInfo) getObjectById(persistenceManager, new WLSPolicyCollectionInfoId(this.domainName, this.realmName, metaDataKeyName));
                    if (wLSPolicyCollectionInfo == null) {
                        wLSPolicyCollectionInfo = new WLSPolicyCollectionInfo(this.domainName, this.realmName, metaDataKeyName);
                        persistenceManager.makePersistent(wLSPolicyCollectionInfo);
                    }
                    wLSPolicyCollectionInfo.setWlsXmlFragment(str2.getBytes("UTF8"));
                    persistenceManager.currentTransaction().commit();
                    persistenceManager.close();
                } catch (Throwable th) {
                    persistenceManager.currentTransaction().rollback();
                    throw th;
                }
            } catch (Throwable th2) {
                throw new PolicyStoreException(th2);
            }
        } catch (Throwable th3) {
            persistenceManager.close();
            throw th3;
        }
    }

    @Override // com.bea.security.providers.xacml.store.MetaDataPolicyStore
    public String getMetaDataEntry(String str) throws PolicyStoreException {
        PolicyStoreException policyStoreException;
        String metaDataKeyName = getMetaDataKeyName(str);
        if (this.log.isDebugEnabled()) {
            this.log.debug("AuthorizationPolicyStore: getMetaDataEntry(" + metaDataKeyName + ")");
        }
        PersistenceManager persistenceManager = this.storeService.getPersistenceManager();
        try {
            try {
                WLSPolicyCollectionInfo wLSPolicyCollectionInfo = (WLSPolicyCollectionInfo) getObjectById(persistenceManager, new WLSPolicyCollectionInfoId(this.domainName, this.realmName, metaDataKeyName));
                if (wLSPolicyCollectionInfo == null) {
                    return null;
                }
                byte[] wlsXmlFragment = wLSPolicyCollectionInfo.getWlsXmlFragment();
                if (wlsXmlFragment == null) {
                    persistenceManager.close();
                    return null;
                }
                String str2 = new String(wlsXmlFragment, "UTF8");
                persistenceManager.close();
                return str2;
            } finally {
            }
        } finally {
            persistenceManager.close();
        }
    }

    private String getMetaDataKeyName(String str) throws PolicyStoreException {
        if (str == null) {
            throw new PolicyStoreException("Key not supplied!");
        }
        int indexOf = str.indexOf("PolicyCollectionInfo#");
        if (indexOf == -1) {
            throw new PolicyStoreException("Unknown key!");
        }
        String substring = str.substring(indexOf + PCI_KEY_LEN);
        if (substring.length() == 0) {
            throw new PolicyStoreException("Key name not supplied!");
        }
        return substring;
    }

    @Override // com.bea.security.providers.xacml.store.MetaDataPolicyStore
    public List<String> readAllMetaDataEntries() throws PolicyStoreException {
        if (this.log.isDebugEnabled()) {
            this.log.debug("AuthorizationPolicyStore: readAllMetaDataEntries()");
        }
        PersistenceManager persistenceManager = this.storeService.getPersistenceManager();
        Query query = null;
        try {
            try {
                query = persistenceManager.newQuery(WLSPolicyCollectionInfo.class, "this.domainName == domainName && this.realmName == realmName");
                query.declareParameters("String domainName, String realmName");
                Collection collection = (Collection) query.execute(this.domainName, this.realmName);
                LinkedList linkedList = new LinkedList();
                Iterator it = collection.iterator();
                while (it.hasNext()) {
                    byte[] wlsXmlFragment = ((WLSPolicyCollectionInfo) it.next()).getWlsXmlFragment();
                    if (wlsXmlFragment != null) {
                        linkedList.add(new String(wlsXmlFragment, "UTF8"));
                    }
                }
                if (query != null) {
                    query.closeAll();
                }
                persistenceManager.close();
                return linkedList;
            } catch (Exception e) {
                throw new PolicyStoreException(e);
            }
        } catch (Throwable th) {
            if (query != null) {
                query.closeAll();
            }
            persistenceManager.close();
            throw th;
        }
    }
}
