package com.sun.identity.console.dm.model;

import com.iplanet.am.sdk.AMException;
import com.iplanet.am.sdk.AMFilteredRole;
import com.iplanet.am.sdk.AMOrganization;
import com.iplanet.am.sdk.AMOrganizationalUnit;
import com.iplanet.am.sdk.AMRole;
import com.iplanet.am.sdk.AMSearchControl;
import com.iplanet.am.sdk.AMSearchResults;
import com.iplanet.sso.SSOException;
import com.sun.identity.authentication.share.AuthXMLTags;
import com.sun.identity.common.admin.AdminInterfaceUtils;
import com.sun.identity.console.base.model.AMAdminUtils;
import com.sun.identity.console.base.model.AMConsoleException;
import com.sun.identity.console.base.model.AMFormatUtils;
import com.sun.identity.console.base.model.AMModelBase;
import com.sun.identity.console.base.model.Debugger;
import com.sun.identity.console.property.PropertyTemplate;
import com.sun.identity.console.property.PropertyXMLBuilder;
import com.sun.identity.sm.AttributeSchema;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.SchemaType;
import com.sun.identity.sm.ServiceSchema;
import com.sun.identity.sm.ServiceSchemaManager;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:120954-01/SUNWamcon/reloc/SUNWam/console.war:WEB-INF/lib/console.jar:com/sun/identity/console/dm/model/RoleModelImpl.class */
public class RoleModelImpl extends DMModelBase implements RoleModel {
    private static final String USERS = "users";
    private final String CONTAINER_DEFAULT_TEMPLATE_ROLE = "cn=ContainerDefaultTemplateRole,";
    private Set roles;
    private AMRole role;
    private Map defaultACIMap;
    private String roleName;
    private ServiceSchemaManager userSvcMgr;
    private boolean filter;
    private static final int ACI_DESCRIPTION = 0;
    private static final int DEFAULT_PERMISSION = 1;
    private static final String NS_ROLE_FILTER = "nsRoleFilter";
    private Map mapAttributeValues;
    private static final String CREATE_PROPERTIES = "<section name=\"general\" defaultValue=\"\" > <property required=\"true\"> <label name=\"roleNameLabel\" labelFor=\"entryName\" defaultValue=\"create.role.name.label\" /> <cc name=\"entryName\" tagclass=\"com.sun.web.ui.taglib.html.CCTextFieldTag\" > <attribute name=\"size\" value=\"75\" /> </cc> </property> <property> <label name=\"roleDescriptionLabel\" defaultValue=\"create.role.description.label\" labelFor=\"iplanet-am-role-description\" /> <cc name=\"iplanet-am-role-description\" tagclass=\"com.sun.web.ui.taglib.html.CCTextFieldTag\" > <attribute name=\"size\" value=\"75\" /> </cc> </property> <property required=\"true\"> <label name=\"roleTypeLabel\" defaultValue=\"create.role.type.label\" labelFor=\"iplanet-am-role-type\" /> <cc name=\"iplanet-am-role-type\" tagclass=\"com.sun.web.ui.taglib.html.CCDropDownMenuTag\"> </cc> </property> <property required=\"true\"> <label name=\"rolePermissionLabel\" defaultValue=\"create.role.permission.label\" labelFor=\"iplanet-am-role-aci-list\" /> <cc name=\"iplanet-am-role-aci-list\" tagclass=\"com.sun.web.ui.taglib.html.CCDropDownMenuTag\"> </cc> </property>";
    private static final String PROFILE_PROPERTIES = "<property><label name=\"roleDescriptionLabel\" defaultValue=\"create.role.description.label\" labelFor=\"iplanet-am-role-description\" /> <cc name=\"iplanet-am-role-description\" tagclass=\"com.sun.web.ui.taglib.html.CCTextFieldTag\" > <attribute name=\"size\" value=\"75\" /></cc></property>  <property><label name=\"rolePermissionLabel\" defaultValue=\"create.role.permission.label\" labelFor=\"iplanet-am-role-aci-description\" /> <cc name=\"iplanet-am-role-aci-description\" tagclass=\"com.sun.web.ui.taglib.html.CCTextFieldTag\" > <attribute name=\"size\" value=\"75\" /></cc></property>";
    private static final String FILTER_ATTRIBUTE = "<property> <label name=\"filterLabel\" labelFor=\"nsRoleFilter\" defaultValue=\"role.properties.name.filter\" /> <cc name=\"nsRoleFilter\" tagclass=\"com.sun.web.ui.taglib.html.CCTextFieldTag\" > <attribute name=\"size\" value=\"75\" /> </cc> </property>";
    private static final String START_SECTION = "<section name=\"general\" defaultValue=\"\" >";

    public RoleModelImpl(HttpServletRequest httpServletRequest, Map map) {
        super(httpServletRequest, map);
        this.CONTAINER_DEFAULT_TEMPLATE_ROLE = "cn=ContainerDefaultTemplateRole,";
        this.roles = null;
        this.role = null;
        this.defaultACIMap = null;
        this.roleName = null;
        this.userSvcMgr = null;
        this.filter = false;
        this.mapAttributeValues = null;
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public Map getDataMap(int i) {
        HashMap hashMap = new HashMap(20);
        if (i == 8) {
            Iterator it = getFilterAttributeNames().iterator();
            while (it.hasNext()) {
                hashMap.put((String) it.next(), Collections.EMPTY_SET);
            }
        }
        hashMap.put("nsRoleFilter", Collections.EMPTY_SET);
        hashMap.put(DMConstants.ENTRY_NAME_ATTRIBUTE_NAME, Collections.EMPTY_SET);
        hashMap.put(DMConstants.ROLE_DESCRIPTION_ATTR, Collections.EMPTY_SET);
        hashMap.put(DMConstants.ROLE_TYPE_ATTR, Collections.EMPTY_SET);
        hashMap.put(DMConstants.ROLE_ACI_LIST_ATTR, Collections.EMPTY_SET);
        return hashMap;
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public void removeUsers(String str, Set set) throws AMConsoleException {
        String string = AMAdminUtils.getString(set, ",", false);
        try {
            if (getObjectType(str) == 8) {
                throw new AMConsoleException(getLocalizedString("unsupported.operation"));
            }
            String[] strArr = {str, string};
            logEvent("ATTEMPT_DIR_MGR_REMOVE_USERS_FROM_ROLE", strArr);
            ((AMRole) AMAdminUtils.getAMObject(this, str)).removeUsers(set);
            logEvent("SUCCEED_DIR_MGR_REMOVE_USERS_FROM_ROLE", strArr);
        } catch (AMException e) {
            String errorString = getErrorString(e);
            logEvent("AM_EXCEPTION_DIR_MGR_REMOVE_USERS_FROM_ROLE", new String[]{str, string, errorString});
            AMModelBase.debug.warning("RoleModel.removeUsers failed", e);
            throw new AMConsoleException(errorString);
        } catch (SSOException e2) {
            String errorString2 = getErrorString(e2);
            logEvent("SSO_EXCEPTION_DIR_MGR_REMOVE_USERS_FROM_ROLE", new String[]{str, string, errorString2});
            AMModelBase.debug.warning("RoleModel.removeUsers failed", e2);
            throw new AMConsoleException(errorString2);
        }
    }

    private Set getDescriptionValue(AMRole aMRole) {
        HashSet hashSet = new HashSet(2);
        try {
            String stringAttribute = aMRole.getStringAttribute(DMConstants.ROLE_DESCRIPTION_ATTR);
            if (stringAttribute != null && stringAttribute.length() > 0) {
                String replace = stringAttribute.trim().replace(' ', '-');
                String localizedString = getLocalizedString(replace);
                if (!localizedString.equals(replace)) {
                    stringAttribute = localizedString;
                }
                hashSet.add(stringAttribute);
            }
        } catch (AMException e) {
            AMModelBase.debug.warning("couldn't get role description", e);
        } catch (SSOException e2) {
            AMModelBase.debug.warning("couldn't get role description", e2);
        }
        return hashSet == null ? Collections.EMPTY_SET : hashSet;
    }

    private Set getPermissionValue(AMRole aMRole) {
        HashSet hashSet = new HashSet(2);
        try {
            String stringAttribute = aMRole.getStringAttribute(DMConstants.ROLE_ACI_DESCRIPTION_ATTR);
            if (stringAttribute != null && stringAttribute.length() > 0) {
                String replace = stringAttribute.trim().replace(' ', '-');
                String localizedString = getLocalizedString(replace);
                if (!localizedString.equals(replace)) {
                    stringAttribute = localizedString;
                }
                hashSet.add(stringAttribute);
            }
        } catch (AMException e) {
            AMModelBase.debug.warning("couldn't get role aci description");
        } catch (SSOException e2) {
            AMModelBase.debug.warning("couldn't get role aci description");
        }
        return hashSet == null ? Collections.EMPTY_SET : hashSet;
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public Map getValues(String str) throws AMConsoleException {
        HashMap hashMap = new HashMap(6);
        String[] strArr = {str};
        logEvent("ATTEMPT_DIR_MGR_GET_ROLE_ATTR_VALUES", strArr);
        try {
            AMRole aMRole = (AMRole) AMAdminUtils.getAMObject(this, str);
            hashMap.put(DMConstants.ROLE_DESCRIPTION_ATTR, getDescriptionValue(aMRole));
            hashMap.put(DMConstants.ROLE_ACI_DESCRIPTION_ATTR, getPermissionValue(aMRole));
            if (getObjectType(str) == 8) {
                HashSet hashSet = new HashSet(2);
                hashSet.add(((AMFilteredRole) aMRole).getFilter());
                hashMap.put("nsRoleFilter", hashSet);
            }
            logEvent("SUCCEED_DIR_MGR_GET_ROLE_ATTR_VALUES", strArr);
            return hashMap == null ? Collections.EMPTY_MAP : hashMap;
        } catch (AMException e) {
            String errorString = getErrorString(e);
            logEvent("SSO_EXCEPTION_DIR_MGR_GET_ROLE_ATTR_VALUES", new String[]{str, errorString});
            Debugger.error("RoleModelImpl.getValues", e);
            throw new AMConsoleException(errorString);
        } catch (SSOException e2) {
            String errorString2 = getErrorString(e2);
            logEvent("SSO_EXCEPTION_DIR_MGR_GET_ROLE_ATTR_VALUES", new String[]{str, errorString2});
            Debugger.error("RoleModelImpl.getValues", e2);
            throw new AMConsoleException(errorString2);
        }
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public void updateRole(String str, Map map) throws AMConsoleException {
        try {
            String[] strArr = {str};
            logEvent("ATTEMPT_DIR_MGR_MODIFY_ROLE", strArr);
            AMRole aMRole = (AMRole) AMAdminUtils.getAMObject(this, str);
            aMRole.setAttributes(map);
            aMRole.store();
            logEvent("SUCCEED_DIR_MGR_MODIFY_ROLE", strArr);
        } catch (AMException e) {
            logEvent("AM_EXCEPTION_DIR_MGR_MODIFY_ROLE", new String[]{str, getErrorString(e)});
            AMModelBase.debug.warning("RoleModel.updateRole", e);
            throw new AMConsoleException(getErrorString(e));
        } catch (SSOException e2) {
            logEvent("SSO_EXCEPTION_DIR_MGR_MODIFY_ROLE", new String[]{str, getErrorString(e2)});
            AMModelBase.debug.warning("RoleModel.updateRole", e2);
            throw new AMConsoleException(getErrorString(e2));
        }
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public Set getMembers(String str, String str2) throws AMConsoleException {
        Set set = Collections.EMPTY_SET;
        try {
            String[] strArr = {str, str2};
            logEvent("ATTEMPT_DIR_MGR_GET_ROLE_MEMBERS", strArr);
            AMRole aMRole = (AMRole) AMAdminUtils.getAMObject(this, str);
            AMSearchControl aMSearchControl = new AMSearchControl();
            String organizationDN = aMRole.getOrganizationDN();
            setSearchControlAttributes(organizationDN, null, 1, aMSearchControl, "users");
            if (getObjectType(organizationDN) == 2) {
                setSearchControlLimits(this.dpStoreConn.getOrganization(organizationDN), aMSearchControl);
            } else {
                setSearchControlLimits(this.dpStoreConn.getOrganizationalUnit(organizationDN), aMSearchControl);
            }
            Set searchResults = aMRole.searchUsers(aMSearchControl, getSearchFilter(organizationDN, str2)).getSearchResults();
            logEvent("SUCCEED_DIR_MGR_GET_ROLE_MEMBERS", strArr);
            return searchResults;
        } catch (AMException e) {
            String errorString = getErrorString(e);
            logEvent("AM_EXCEPTION_DIR_MGR_GET_ROLE_MEMBERS", new String[]{str, str2, errorString});
            AMModelBase.debug.warning("RoleModel.getMembers", e);
            throw new AMConsoleException(errorString);
        } catch (SSOException e2) {
            String errorString2 = getErrorString(e2);
            logEvent("SSO_EXCEPTION_DIR_MGR_GET_ROLE_MEMBERS", new String[]{str, str2, errorString2});
            AMModelBase.debug.warning("RoleModel.getMembers", e2);
            throw new AMConsoleException(errorString2);
        }
    }

    private String getSearchFilter(String str, String str2) throws SSOException {
        String userSearchAttribute = getUserSearchAttribute(str);
        StringBuffer stringBuffer = new StringBuffer(10);
        stringBuffer.append("(").append(userSearchAttribute).append("=").append(str2).append(")");
        return stringBuffer.toString();
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public String getServiceXML(String str) {
        if (Debugger.messageEnabled()) {
            Debugger.message("RoleModel.getServiceXML - beginning...");
            Debugger.message(new StringBuffer().append("getting display string for ").append(str).toString());
        }
        StringBuffer stringBuffer = new StringBuffer(2000);
        stringBuffer.append(PropertyTemplate.DEFINITION).append(PropertyTemplate.START_TAG);
        try {
            ServiceSchema serviceSchema = getServiceSchema(str, SchemaType.DYNAMIC);
            if (serviceSchema != null) {
                Set attributeSchemas = serviceSchema.getAttributeSchemas();
                Iterator it = attributeSchemas.iterator();
                while (it.hasNext()) {
                    String i18NKey = ((AttributeSchema) it.next()).getI18NKey();
                    if (i18NKey == null || i18NKey.trim().length() == 0) {
                        it.remove();
                    }
                }
                stringBuffer.append(new PropertyXMLBuilder(str, this, attributeSchemas).getXML(false));
            }
        } catch (SSOException e) {
            Debugger.error("RoleModelImpl.getServiceXML", e);
        } catch (AMConsoleException e2) {
            Debugger.error("RoleModelImpl.getServiceXML", e2);
        } catch (SMSException e3) {
            Debugger.error("RoleModelImpl.getServiceXML", e3);
        }
        stringBuffer.append(PropertyTemplate.END_TAG);
        return stringBuffer.toString();
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public String getRoleProfileXML(int i) {
        StringBuffer stringBuffer = new StringBuffer(2000);
        stringBuffer.append(PropertyTemplate.DEFINITION).append(PropertyTemplate.START_TAG).append(START_SECTION).append(PROFILE_PROPERTIES);
        if (i == 8) {
            stringBuffer.append(FILTER_ATTRIBUTE);
        }
        stringBuffer.append(PropertyTemplate.SECTION_END_TAG).append(PropertyTemplate.END_TAG);
        return stringBuffer.toString();
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public String getRoleCreateXML(int i) {
        StringBuffer stringBuffer = new StringBuffer(2000);
        stringBuffer.append(PropertyTemplate.DEFINITION).append(PropertyTemplate.START_TAG).append(CREATE_PROPERTIES);
        if (i == 8) {
            stringBuffer.append(getFilterAttributesXML());
        }
        stringBuffer.append(PropertyTemplate.SECTION_END_TAG).append(PropertyTemplate.END_TAG);
        return stringBuffer.toString();
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public Set getRoles(String str, String str2) {
        if (this.roles == null) {
            AMSearchResults aMSearchResults = null;
            this.locationType = getObjectType(str);
            this.locationDN = str;
            AMSearchControl aMSearchControl = new AMSearchControl();
            aMSearchControl.setSearchScope(2);
            setSearchControlAttributes(this.locationDN, DMConstants.SUB_SCHEMA_FILTERED_ROLE, 6, aMSearchControl, "roles");
            String[] strArr = {str, str2};
            try {
                switch (this.locationType) {
                    case 2:
                        logEvent("ATTEMPT_DIR_MGR_GET_ROLES_IN_ORG", strArr);
                        AMOrganization organization = this.dpStoreConn.getOrganization(this.locationDN);
                        setSearchControlLimits(organization, aMSearchControl);
                        aMSearchResults = organization.searchAllRoles(str2, aMSearchControl);
                        logEvent("SUCCEED_DIR_MGR_GET_ROLES_IN_ORG", strArr);
                        break;
                    case 3:
                        logEvent("ATTEMPT_DIR_MGR_GET_ROLES_IN_CONTAINER", strArr);
                        AMOrganizationalUnit organizationalUnit = this.dpStoreConn.getOrganizationalUnit(this.locationDN);
                        setSearchControlLimits(organizationalUnit, aMSearchControl);
                        aMSearchResults = organizationalUnit.searchAllRoles(str2, aMSearchControl);
                        logEvent("SUCCEED_DIR_MGR_GET_ROLES_IN_CONTAINER", strArr);
                        break;
                    default:
                        if (AMModelBase.debug.warningEnabled()) {
                            AMModelBase.debug.warning(new StringBuffer().append("RoleModelImpl.getRoles invalid location ").append(this.locationType).toString());
                            break;
                        }
                        break;
                }
            } catch (AMException e) {
                this.searchErrorMsg = getErrorString(e);
                logEvent(0 != 0 ? "AM_EXCEPTION_DIR_MGR_GET_ROLES_IN_ORG" : "AM_EXCEPTION_DIR_MGR_GET_ROLES_IN_CONTAINER", new String[]{str, str2, this.searchErrorMsg});
                AMModelBase.debug.warning("RoleModelImpl.getRoles", e);
            } catch (SSOException e2) {
                logEvent(0 != 0 ? "SSO_EXCEPTION_DIR_MGR_GET_ROLES_IN_ORG" : "SSO_EXCEPTION_DIR_MGR_GET_ROLES_IN_CONTAINER", new String[]{str, str2, getErrorString(e2)});
                AMModelBase.debug.warning("RoleModelImpl.getRoles", e2);
            }
            if (aMSearchResults != null) {
                this.roles = getSearchResultsSet(aMSearchResults);
                this.resultsMap = aMSearchResults.getResultAttributes();
            }
        }
        if (this.roles == null) {
            this.roles = Collections.EMPTY_SET;
        } else {
            this.roles.remove(new StringBuffer().append("cn=ContainerDefaultTemplateRole,").append(str).toString());
        }
        return this.roles;
    }

    @Override // com.sun.identity.console.dm.model.DMModelBase, com.sun.identity.console.dm.model.DMModel
    public Set getAttrList() {
        return this.roles;
    }

    @Override // com.sun.identity.console.dm.model.DMModelBase, com.sun.identity.console.dm.model.DMModel
    public void setAttrList(Set set) {
        this.roles = set;
    }

    protected boolean isCurrentLocationTypeValid() {
        boolean z = false;
        switch (this.locationType) {
            case 2:
            case 3:
                z = true;
                break;
            default:
                if (AMModelBase.debug.warningEnabled()) {
                    AMModelBase.debug.warning(new StringBuffer().append("RoleModelImpl.isCurrentLocationTypeValid: invalid location type, ").append(this.locationType).toString());
                    break;
                }
                break;
        }
        return z;
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public List getSearchReturnAttributes() {
        return getSearchReturnAttributes(null, 6, "roles");
    }

    private Set getRoleAttributeNames() {
        Set set = Collections.EMPTY_SET;
        try {
            Map attributes = this.dpStoreConn.getRole(new StringBuffer().append(AdminInterfaceUtils.getNamingAttribute(6, AMModelBase.debug)).append("=").append(new StringBuffer().append(AdminInterfaceUtils.getNamingAttribute(5, AMModelBase.debug)).append("=").append(AdminInterfaceUtils.defaultPeopleContainerName()).append(",").append(this.locationDN).toString().replace(',', '_')).append(",").append(this.locationDN).toString()).getAttributes();
            if (attributes != null && !attributes.isEmpty()) {
                set = attributes.keySet();
            }
        } catch (AMException e) {
            AMModelBase.debug.error("RoleModelImpl.getRoleAttributeNames", e);
        } catch (SSOException e2) {
            AMModelBase.debug.error("RoleModelImpl.getRoleAttributeNames", e2);
        }
        return set;
    }

    @Override // com.sun.identity.console.dm.model.DMModelBase
    protected List getValidatedAttributes(String str, String str2, int i, String str3) {
        List<String> objectDisplayList;
        List list = Collections.EMPTY_LIST;
        if (str != null && str.length() > 0 && (objectDisplayList = getObjectDisplayList(str, str3)) != null && !objectDisplayList.isEmpty()) {
            list = new ArrayList(objectDisplayList.size());
            Set roleAttributeNames = getRoleAttributeNames();
            Set filteredRoleAttributeNames = getFilteredRoleAttributeNames();
            int i2 = 0;
            if (roleAttributeNames != null && !roleAttributeNames.isEmpty()) {
                i2 = roleAttributeNames.size();
            }
            if (filteredRoleAttributeNames != null && !filteredRoleAttributeNames.isEmpty()) {
                i2 += filteredRoleAttributeNames.size();
            }
            if (i2 > 0) {
                HashSet hashSet = new HashSet(i2);
                hashSet.addAll(roleAttributeNames);
                hashSet.addAll(filteredRoleAttributeNames);
                for (String str4 : objectDisplayList) {
                    if (hashSet.contains(str4) && !list.contains(str4)) {
                        list.add(str4);
                    }
                }
            }
        }
        if (list == null || list.isEmpty()) {
            list = new ArrayList(1);
            list.add(AdminInterfaceUtils.getNamingAttribute(i, AMModelBase.debug));
        }
        return list;
    }

    @Override // com.sun.identity.console.dm.model.DMModelBase, com.sun.identity.console.dm.model.DMModel
    public String getAttributeValue(String str, String str2) {
        String namingAttribute = AdminInterfaceUtils.getNamingAttribute(6, AMModelBase.debug);
        String str3 = "";
        if (!str2.equals(namingAttribute) && this.resultsMap != null && !this.resultsMap.isEmpty()) {
            Map map = (Map) this.resultsMap.get(str);
            if (map != null && !map.isEmpty()) {
                Set set = (Set) map.get(str2);
                if (set != null && !set.isEmpty()) {
                    str3 = getMultiValue(set);
                } else if (getObjectType(str) == 8 && getFilteredRoleAttributeNames().contains(str2)) {
                    str3 = getMultiValue(getFilteredRoleAttributeValues(str));
                }
            }
        } else if (str2.equals(namingAttribute)) {
            str3 = str;
        }
        return str3;
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public String getAttributeLocalizedName(String str) {
        return getAttributeLocalizedName(str, DMConstants.SUB_SCHEMA_FILTERED_ROLE);
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public String getAttributeName() {
        return getAttributeName(DMConstants.SUB_SCHEMA_FILTERED_ROLE, 6, "roles");
    }

    private Set getFilteredRoleAttributeNames() {
        try {
            getServiceSchemaManager(DMConstants.ENTRY_SPECIFIC_SERVICE);
        } catch (SSOException e) {
            AMModelBase.debug.error("RoleModelImpl.getFilteredRoleAttributeNames", e);
        } catch (SMSException e2) {
            AMModelBase.debug.error("RoleModelImpl.getFilteredRoleAttributeNames", e2);
        }
        Set attributesToDisplay = getAttributesToDisplay(null, SchemaType.GLOBAL, DMConstants.SUB_SCHEMA_FILTERED_ROLE);
        Set set = Collections.EMPTY_SET;
        if (attributesToDisplay != null && !attributesToDisplay.isEmpty()) {
            Iterator it = attributesToDisplay.iterator();
            set = new HashSet(attributesToDisplay.size());
            while (it.hasNext()) {
                set.add(((AttributeSchema) it.next()).getName());
            }
        }
        return set;
    }

    private AMFilteredRole getFilteredRoleObject(String str) {
        AMFilteredRole aMFilteredRole = null;
        try {
            aMFilteredRole = this.dpStoreConn.getFilteredRole(str);
            if (aMFilteredRole == null || !aMFilteredRole.isExists()) {
                if (AMModelBase.debug.warningEnabled()) {
                    AMModelBase.debug.warning(new StringBuffer().append("RoleModelImpl.getFilteredRoleObject role does not exists ").append(str).toString());
                }
                aMFilteredRole = null;
            }
        } catch (SSOException e) {
            AMModelBase.debug.warning("RoleModelImpl.getFilteredRoleObject", e);
        }
        return aMFilteredRole;
    }

    private Set getFilteredRoleAttributeValues(String str) {
        Set attributesToDisplay;
        try {
            getServiceSchemaManager(DMConstants.ENTRY_SPECIFIC_SERVICE);
        } catch (SSOException e) {
            AMModelBase.debug.error("RoleModelImpl.getFilteredRoleAttributeValues", e);
        } catch (SMSException e2) {
            AMModelBase.debug.error("RoleModelImpl.getFilteredRoleAttributeValues", e2);
        }
        AMFilteredRole filteredRoleObject = getFilteredRoleObject(str);
        Set set = Collections.EMPTY_SET;
        if (0 != 0 && filteredRoleObject != null && (attributesToDisplay = getAttributesToDisplay(null, SchemaType.GLOBAL, DMConstants.SUB_SCHEMA_FILTERED_ROLE)) != null && !attributesToDisplay.isEmpty()) {
            Iterator it = attributesToDisplay.iterator();
            while (it.hasNext()) {
                String name = ((AttributeSchema) it.next()).getName();
                try {
                    if (name.equals("filterinfo")) {
                        set = new HashSet(1);
                        set.add(filteredRoleObject.getFilter());
                    } else {
                        set = filteredRoleObject.getAttribute(name);
                    }
                } catch (AMException e3) {
                    if (AMModelBase.debug.warningEnabled()) {
                        AMModelBase.debug.warning(new StringBuffer().append("Could not get value for ").append(name).toString(), e3);
                    }
                } catch (SSOException e4) {
                    if (AMModelBase.debug.warningEnabled()) {
                        AMModelBase.debug.warning(new StringBuffer().append("Could not get value for ").append(name).toString(), e4);
                    }
                }
            }
        }
        return set;
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public String getAttributeValue(String str) {
        getSearchReturnAttributes();
        if (this.searchReturnAttrs.isEmpty()) {
            return AMFormatUtils.DNToName(this, str, true);
        }
        return getAttributeValue(str, (String) this.searchReturnAttrs.get(this.searchReturnAttrs.size() - 1));
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public void createRole(String str, Map map) throws AMConsoleException {
        if (map == null || map.isEmpty()) {
            AMModelBase.debug.error("null or missing data values");
            throw new AMConsoleException(getLocalizedString("createFailure.message"));
        }
        int roleType = getRoleType(map);
        addACIDescription(map);
        Map createRoleMap = getCreateRoleMap(map, map);
        String str2 = (String) createRoleMap.keySet().iterator().next();
        Set set = Collections.EMPTY_SET;
        String[] strArr = {str, str2};
        try {
            if (getObjectType(str) == 2) {
                logEvent("ATTEMPT_DIR_MGR_CREATE_ROLES_IN_ORG", strArr);
                AMOrganization organization = this.dpStoreConn.getOrganization(str);
                if (roleType == 8) {
                    createFilter(map, createRoleMap);
                    organization.createFilteredRoles(createRoleMap);
                } else {
                    organization.createRoles(createRoleMap);
                }
                logEvent("SUCCEED_DIR_MGR_CREATE_ROLES_IN_ORG", strArr);
            } else {
                logEvent("ATTEMPT_DIR_MGR_CREATE_ROLES_IN_CONTAINER", strArr);
                AMOrganizationalUnit organizationalUnit = this.dpStoreConn.getOrganizationalUnit(str);
                if (roleType == 8) {
                    createFilter(map, createRoleMap);
                    organizationalUnit.createFilteredRoles(createRoleMap);
                } else {
                    organizationalUnit.createRoles(createRoleMap);
                }
                logEvent("SUCCEED_DIR_MGR_CREATE_ROLES_IN_CONTAINER", strArr);
            }
        } catch (AMException e) {
            String errorString = getErrorString(e);
            logEvent(0 != 0 ? "AM_EXCEPTION_DIR_MGR_CREATE_ROLES_IN_ORG" : "AM_EXCEPTION_DIR_MGR_CREATE_ROLES_IN_CONTAINER", new String[]{str, str2, errorString});
            throw new AMConsoleException(errorString);
        } catch (SSOException e2) {
            String errorString2 = getErrorString(e2);
            logEvent(0 != 0 ? "SSO_EXCEPTION_DIR_MGR_CREATE_ROLES_IN_ORG" : "SSO_EXCEPTION_DIR_MGR_CREATE_ROLES_IN_CONTAINER", new String[]{str, str2, errorString2});
            throw new AMConsoleException(errorString2);
        }
    }

    private void addACIDescription(Map map) {
        String str;
        String str2 = (String) ((Set) map.get(DMConstants.ROLE_ACI_LIST_ATTR)).iterator().next();
        if (str2 == null) {
            str = (String) map.remove("aciDescription");
        } else {
            if (this.defaultACIMap == null) {
                createACIMap();
            }
            List list = (List) this.defaultACIMap.get(str2);
            str = (String) list.get(0);
        }
        Set set = Collections.EMPTY_SET;
        if (str != null) {
            set = new HashSet(1);
            set.add(str);
        }
        map.put(DMConstants.ROLE_ACI_DESCRIPTION_ATTR, set);
    }

    private Map getCreateRoleMap(Map map, Map map2) {
        String str = (String) ((Set) map.remove(DMConstants.ENTRY_NAME_ATTRIBUTE_NAME)).iterator().next();
        HashMap hashMap = new HashMap(2);
        hashMap.put(str, map2);
        return hashMap;
    }

    private int getRoleType(Map map) {
        int i = 6;
        String str = (String) map.remove(AuthXMLTags.INDEX_TYPE_ROLE_ATTR);
        if (str != null && str.length() != 0) {
            try {
                i = Integer.parseInt(str);
            } catch (NumberFormatException e) {
                AMModelBase.debug.warning("RoleModel.getRoleType", e);
            }
        }
        return i;
    }

    private void createFilter(Map map, Map map2) {
        String stringBuffer;
        Set set = (Set) map.remove(DMConstants.ATTR_NAME_LOGICAL_OPERATOR);
        String str = (set == null || set.isEmpty()) ? DMConstants.STRING_LOGICAL_AND : (String) set.iterator().next();
        Set set2 = (Set) map.remove("filterinfo");
        if (set2 == null || set2.isEmpty()) {
            HashMap hashMap = new HashMap(map);
            StringBuffer stringBuffer2 = new StringBuffer(100);
            for (String str2 : getFilterAttributeNames()) {
                Set set3 = (Set) map.remove(str2);
                if (set3 != null && !set3.isEmpty()) {
                    String str3 = (String) set3.iterator().next();
                    if (str2.equalsIgnoreCase("inetuserstatus")) {
                        if (str3.equalsIgnoreCase("active")) {
                            stringBuffer2.append("(|(").append("inetuserstatus").append("=active)(!(").append("inetuserstatus").append("=*)))");
                        } else {
                            stringBuffer2.append("(").append("inetuserstatus").append("=").append(str3).append(")");
                        }
                    } else if (str3.length() > 0) {
                        stringBuffer2.append("(").append(str2).append("=").append(str3).append(")");
                    } else if (str2.equals(DMConstants.USER_SERVICE_UID)) {
                        stringBuffer2.append("(uid=*)");
                    }
                } else if (str2.equals(DMConstants.USER_SERVICE_UID)) {
                    stringBuffer2.append(new StringBuffer().append("(").append(str2).append("=*)").toString());
                }
            }
            StringBuffer stringBuffer3 = new StringBuffer(100);
            stringBuffer3.append("(&(objectclass=inetorgperson)");
            if (stringBuffer2.length() != 0) {
                if (hashMap.size() > 1) {
                    if (str == null || !str.equalsIgnoreCase(DMConstants.STRING_LOGICAL_AND)) {
                        stringBuffer3.append("(|");
                    } else {
                        stringBuffer3.append("(&");
                    }
                    stringBuffer3.append(new StringBuffer().append((Object) stringBuffer2).append(")").toString());
                } else {
                    stringBuffer3.append(stringBuffer2);
                }
            }
            stringBuffer3.append(")");
            stringBuffer = stringBuffer3.toString();
        } else {
            stringBuffer = (String) set2.iterator().next();
            if (!stringBuffer.startsWith("(") && !stringBuffer.endsWith(")")) {
                stringBuffer = new StringBuffer().append("(").append(stringBuffer).append(")").toString();
            }
        }
        if (stringBuffer == null || stringBuffer.length() <= 0) {
            return;
        }
        HashSet hashSet = new HashSet(2);
        hashSet.add(stringBuffer);
        ((Map) map2.get((String) map2.keySet().iterator().next())).put("nsRoleFilter", hashSet);
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public Set getDefaultPermissions() {
        if (this.defaultACIMap == null) {
            createACIMap();
        }
        return this.defaultACIMap.keySet();
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public Map getDefaultTypes() {
        HashMap hashMap = new HashMap(2);
        hashMap.put(getLocalizedString("roleType.2"), Integer.toString(2));
        hashMap.put(getLocalizedString("roleType.3"), Integer.toString(3));
        return hashMap;
    }

    private void createACIMap() {
        try {
            Set<String> set = (Set) getServiceSchemaManager("iPlanetAMAdminConsoleService").getSchema(SchemaType.GLOBAL).getAttributeDefaults().get(DMConstants.ROLE_DEFAULT_ACI_ATTR);
            this.defaultACIMap = new HashMap(set.size());
            for (String str : set) {
                int indexOf = str.indexOf("|");
                if (indexOf != -1) {
                    String substring = str.substring(0, indexOf);
                    int i = indexOf + 1;
                    int indexOf2 = str.indexOf("|", i);
                    if (indexOf2 != -1) {
                        String substring2 = str.substring(i, indexOf2);
                        String substring3 = str.substring(indexOf2 + 1, str.length());
                        ArrayList arrayList = new ArrayList(2);
                        arrayList.add(0, substring2);
                        arrayList.add(1, substring3);
                        this.defaultACIMap.put(substring, arrayList);
                    } else if (AMModelBase.debug.warningEnabled()) {
                        AMModelBase.debug.warning(new StringBuffer().append("invalid default aci entry found: ").append(str).toString());
                    }
                } else if (AMModelBase.debug.warningEnabled()) {
                    AMModelBase.debug.warning(new StringBuffer().append("invalid default aci entry found: ").append(str).toString());
                }
            }
        } catch (SSOException e) {
            AMModelBase.debug.warning("RoleModelImpl.createACIMap", e);
        } catch (SMSException e2) {
            AMModelBase.debug.error("RoleModelImpl.createACIMap", e2);
        }
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public String getEmptyPermission() {
        return "No Permission";
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public String getOptionString(String str) {
        String replace = str.trim().replace(' ', '-');
        String localizedString = getLocalizedString(replace);
        if (replace.equals(localizedString)) {
            localizedString = str;
            if (AMModelBase.debug.warningEnabled()) {
                AMModelBase.debug.warning(new StringBuffer().append("RoleModelImpl.getOptionString() no localized value for ").append(replace).toString());
            }
        }
        return localizedString;
    }

    private boolean hasDynamicAttributes(String str) {
        Set attributeSchemas;
        ServiceSchema serviceSchema = null;
        try {
            serviceSchema = getServiceSchema(str, SchemaType.DYNAMIC);
        } catch (SSOException e) {
            Debugger.warning("RoleModelImpl.hasDynamicAttributes", e);
        } catch (SMSException e2) {
            Debugger.warning("RoleModelImpl.hasDynamicAttributes", e2);
        }
        boolean z = false;
        if (serviceSchema != null && (attributeSchemas = serviceSchema.getAttributeSchemas()) != null && !attributeSchemas.isEmpty()) {
            Iterator it = attributeSchemas.iterator();
            while (it.hasNext() && !z) {
                if (isDisplayed((AttributeSchema) it.next())) {
                    z = true;
                }
            }
        }
        return z;
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public Map getAssignedServices(String str) {
        HashMap hashMap = null;
        try {
            Set<String> registeredServiceNames = this.dpStoreConn.getOrganization(str).getRegisteredServiceNames();
            if (registeredServiceNames != null && !registeredServiceNames.isEmpty()) {
                hashMap = new HashMap(registeredServiceNames.size() * 2);
                for (String str2 : registeredServiceNames) {
                    if (!str2.equals("iPlanetAMAuthConfiguration")) {
                        String localizedServiceName = getLocalizedServiceName(str2);
                        if (!str2.equals(localizedServiceName) && hasDynamicAttributes(str2)) {
                            hashMap.put(str2, localizedServiceName);
                        }
                    }
                }
            }
        } catch (AMException e) {
            Debugger.warning("OrganizationModel.getOrganizations", e);
        } catch (SSOException e2) {
            Debugger.warning("OrganizationModel.getOrganizations", e2);
        }
        return hashMap == null ? Collections.EMPTY_MAP : hashMap;
    }

    @Override // com.sun.identity.console.dm.model.RoleModel
    public boolean isFilteredRole(String str) {
        return getObjectType(str) == 8;
    }
}
