package com.iplanet.am.console.user.model;

import com.iplanet.am.console.base.model.AMAdminConstants;
import com.iplanet.am.console.base.model.AMAdminUtils;
import com.iplanet.am.console.base.model.AMConsoleException;
import com.iplanet.am.console.base.model.AMFormatUtils;
import com.iplanet.am.console.base.model.AMModelBase;
import com.iplanet.am.console.settings.Setting;
import com.iplanet.am.console.settings.SettingConstants;
import com.iplanet.am.sdk.AMAssignableDynamicGroup;
import com.iplanet.am.sdk.AMException;
import com.iplanet.am.sdk.AMGroup;
import com.iplanet.am.sdk.AMOrganization;
import com.iplanet.am.sdk.AMStoreConnection;
import com.iplanet.am.sdk.AMUser;
import com.iplanet.sso.SSOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import netscape.ldap.util.DN;

/* loaded from: input_file:120954-03/SUNWamconsdk/reloc/usr/share/lib/identity/console-war/WEB-INF/lib/am_console.jar:com/iplanet/am/console/user/model/UMUserGroupSelectModelImpl.class */
public class UMUserGroupSelectModelImpl extends UMUserViewModelImpl implements UMUserGroupSelectModel {
    private Set groups;
    private boolean groupsModified;
    private Set userGroups;

    public UMUserGroupSelectModelImpl(HttpServletRequest httpServletRequest, Map map) {
        super(httpServletRequest, map);
        this.groups = null;
        this.groupsModified = false;
        this.userGroups = null;
        getUserGroupDNs();
    }

    @Override // com.iplanet.am.console.user.model.UMUserGroupSelectModel
    public void removeGroups(Set set) throws AMConsoleException {
        if (this.curUser == null || set == null) {
            return;
        }
        AMStoreConnection aMStoreConnection = null;
        if (!isAdministrator()) {
            aMStoreConnection = (AMStoreConnection) AccessController.doPrivileged(new PrivilegedAction(this) { // from class: com.iplanet.am.console.user.model.UMUserGroupSelectModelImpl.1
                private final UMUserGroupSelectModelImpl this$0;

                {
                    this.this$0 = this;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    try {
                        return AMAdminUtils.getStoreConnAsAdmin();
                    } catch (SecurityException e) {
                        AMModelBase.debug.error("UMUserGroupSelectModelImpl.updateGroups", e);
                        return null;
                    }
                }
            });
        }
        if (aMStoreConnection == null) {
            aMStoreConnection = this.dpStoreConn;
        }
        ArrayList arrayList = new ArrayList(10);
        AMUser aMUser = this.curUser;
        try {
            aMUser = aMStoreConnection.getUser(this.curUser.getDN());
        } catch (SSOException e) {
            AMModelBase.debug.error("UMUserGroupSelectModelImpl.updateGroups", e);
            arrayList.add(getErrorString(e));
        }
        if (set != null && !set.isEmpty()) {
            Iterator it = set.iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                try {
                    int objectType = getObjectType(str);
                    if (objectType == 9 || objectType == 10) {
                        aMUser.removeStaticGroup(str);
                    } else {
                        aMUser.removeAssignableDynamicGroup(str);
                    }
                    this.groupsModified = true;
                    StringBuffer stringBuffer = new StringBuffer(100);
                    stringBuffer.append(getLocalizedString("removedUserFromGroup.message")).append(new StringBuffer().append(" ").append(str).toString()).append(new StringBuffer().append(":[").append(this.curUser.getDN()).append("]").toString());
                    this.logger.doLog(stringBuffer.toString());
                } catch (AMException e2) {
                    AMModelBase.debug.warning("removing groups from user", e2);
                    arrayList.add(getErrorString(e2));
                } catch (SSOException e3) {
                    AMModelBase.debug.error("removing groups from user", e3);
                    arrayList.add(getErrorString(e3));
                }
            }
        }
        if (!arrayList.isEmpty()) {
            throw new AMConsoleException(arrayList);
        }
    }

    @Override // com.iplanet.am.console.user.model.UMUserGroupSelectModel
    public Set getGroups(String str) {
        if (!getShowUserGroupFlag()) {
            return Collections.EMPTY_SET;
        }
        if (this.groups == null) {
            Set hashSet = new HashSet();
            hashSet.addAll(getUserGroupDNs());
            if (!getUserGroupSubscribe()) {
                this.groups = convertToOrderedSet(hashSet);
                return this.groups;
            }
            HashMap hashMap = new HashMap(1);
            HashSet hashSet2 = new HashSet(1);
            if (isAdministrator() && canPerform(Setting.ACTION_GROUP, SettingConstants.MENU_OPTION_MODIFY_PROPERTIES)) {
                hashSet2.add("*");
            } else {
                hashSet2.add("true");
            }
            hashMap.put("iplanet-am-group-subscribable", hashSet2);
            AMOrganization userOrg = getUserOrg();
            if (userOrg != null) {
                Set set = null;
                try {
                    Set groupContainers = userOrg.getGroupContainers(1);
                    set = (groupContainers == null || groupContainers.isEmpty()) ? getGroupsInOrg(userOrg, hashMap, str) : getGroupsInContainers(groupContainers, hashMap, str);
                    if (set != null && !isAdminGroupsEnabled()) {
                        set = removeHiddenGroups(set);
                    }
                } catch (AMException e) {
                    AMModelBase.debug.warning("UMUserGroupSelectModelImpl.getGroups", e);
                } catch (SSOException e2) {
                    AMModelBase.debug.error("UMUserGroupSelectModelImpl.getGroups", e2);
                }
                if (hashSet == null || hashSet.isEmpty()) {
                    hashSet = set;
                } else {
                    combineGroups(hashSet, set);
                }
            }
            this.groups = convertToOrderedSet(hashSet);
        }
        return this.groups;
    }

    @Override // com.iplanet.am.console.user.model.UMUserGroupSelectModel
    public String getGroupDisplayName(String str) {
        return AMFormatUtils.DNToName(this, str);
    }

    @Override // com.iplanet.am.console.user.model.UMUserGroupSelectModel
    public String getNoGroupTitle() {
        return getLocalizedString("nosubscribablegroups.title");
    }

    @Override // com.iplanet.am.console.user.model.UMUserGroupSelectModel
    public String getNoGroupMessage() {
        return getLocalizedString("nosubscribablegroups.message");
    }

    @Override // com.iplanet.am.console.user.model.UMUserGroupSelectModel
    public String getNoGroupsAvailableMsg() {
        return getLocalizedString("noAddGroupEntries.message");
    }

    @Override // com.iplanet.am.console.user.model.UMUserGroupSelectModel
    public Set getUserGroupDNs() {
        if (this.curUser != null) {
            try {
                this.userGroups = this.curUser.getStaticGroupDNs();
                this.userGroups.addAll(this.curUser.getAssignableDynamicGroupDNs());
            } catch (AMException e) {
                AMModelBase.debug.warning("UMUserGroupSelectModelImpl.getUserGroupDNs", e);
            } catch (SSOException e2) {
                AMModelBase.debug.error("UMUserGroupSelectModelImpl.getUserGroupDNs", e2);
            }
        }
        if (!isAdminGroupsEnabled()) {
            this.userGroups = removeHiddenGroups(this.userGroups);
        }
        if (this.userGroups == null) {
            this.userGroups = Collections.EMPTY_SET;
        }
        return this.userGroups;
    }

    private Set getGroupsInOrg(AMOrganization aMOrganization, Map map, String str) throws AMException, SSOException {
        Set searchGroups = searchGroups(aMOrganization, str, map, 1);
        HashSet hashSet = new HashSet(25);
        if (searchGroups != null) {
            Iterator it = searchGroups.iterator();
            while (it.hasNext()) {
                AMGroup groupObjectByDN = getGroupObjectByDN((String) it.next());
                if (groupObjectByDN != null) {
                    hashSet.addAll(groupObjectByDN.searchGroups("*", map, 2));
                }
            }
        }
        return hashSet;
    }

    private Set getGroupsInContainers(Set set, Map map, String str) throws AMException, SSOException {
        AMStoreConnection aMStoreConnection = null;
        if (!isAdministrator()) {
            aMStoreConnection = (AMStoreConnection) AccessController.doPrivileged(new PrivilegedAction(this) { // from class: com.iplanet.am.console.user.model.UMUserGroupSelectModelImpl.2
                private final UMUserGroupSelectModelImpl this$0;

                {
                    this.this$0 = this;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    try {
                        return AMAdminUtils.getStoreConnAsAdmin();
                    } catch (SecurityException e) {
                        AMModelBase.debug.error("UMUserGroupSelectModelImpl.getGroupsInContainers", e);
                        return null;
                    }
                }
            });
        }
        if (aMStoreConnection == null) {
            aMStoreConnection = this.dpStoreConn;
        }
        HashSet hashSet = new HashSet(25);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            hashSet.addAll(aMStoreConnection.getGroupContainer((String) it.next()).searchGroups(str, map, 2));
        }
        return hashSet;
    }

    private Set searchGroups(AMOrganization aMOrganization, String str, Map map, int i) throws AMException, SSOException {
        Set searchStaticGroups = aMOrganization.searchStaticGroups(str, map, i);
        searchStaticGroups.addAll(aMOrganization.searchAssignableDynamicGroups(str, map, i));
        return searchStaticGroups;
    }

    private AMGroup getGroupObjectByDN(String str) throws AMException, SSOException {
        AMAssignableDynamicGroup assignableDynamicGroup;
        AMStoreConnection aMStoreConnection = null;
        if (!isAdministrator()) {
            aMStoreConnection = (AMStoreConnection) AccessController.doPrivileged(new PrivilegedAction(this) { // from class: com.iplanet.am.console.user.model.UMUserGroupSelectModelImpl.3
                private final UMUserGroupSelectModelImpl this$0;

                {
                    this.this$0 = this;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    try {
                        return AMAdminUtils.getStoreConnAsAdmin();
                    } catch (SecurityException e) {
                        AMModelBase.debug.error("UMUserGroupSelectModelImpl.getGroupObjectByDN", e);
                        return null;
                    }
                }
            });
        }
        if (aMStoreConnection == null) {
            aMStoreConnection = this.dpStoreConn;
        }
        switch (aMStoreConnection.getAMObjectType(str)) {
            case 9:
            case 10:
                assignableDynamicGroup = aMStoreConnection.getStaticGroup(str);
                break;
            case 11:
                assignableDynamicGroup = aMStoreConnection.getDynamicGroup(str);
                break;
            default:
                assignableDynamicGroup = aMStoreConnection.getAssignableDynamicGroup(str);
                break;
        }
        return assignableDynamicGroup;
    }

    private Set removeHiddenGroups(Set set) {
        Set set2 = Collections.EMPTY_SET;
        if (set != null && !set.isEmpty()) {
            set2 = new HashSet(set.size());
            Iterator it = set.iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                String DNToName = AMFormatUtils.DNToName(this, str);
                if (!DNToName.equalsIgnoreCase("DomainAdministrators") && !DNToName.equalsIgnoreCase("DomainHelpDeskAdministrators") && !DNToName.equalsIgnoreCase("ServiceAdministrators") && !DNToName.equalsIgnoreCase("ServiceHelpDeskAdministrators")) {
                    set2.add(str);
                }
            }
        }
        return set2;
    }

    private void combineGroups(Set set, Set set2) {
        if (set2 == null || set2.isEmpty() || set == null) {
            return;
        }
        Iterator it = set2.iterator();
        while (it.hasNext()) {
            boolean z = false;
            String str = (String) it.next();
            DN dn = new DN(str);
            Iterator it2 = set.iterator();
            while (it2.hasNext() && !z) {
                z = dn.equals(new DN((String) it2.next()));
            }
            if (!z) {
                set.add(str);
            }
        }
    }

    public String getHeaderLabel() {
        return getLocalizedString("groups.header");
    }

    @Override // com.iplanet.am.console.base.model.AMProfileModelBase, com.iplanet.am.console.base.model.AMProfileModel
    public String getSuccessMessage() {
        return this.groupsModified ? getLocalizedString("updateUser.message") : getLocalizedString("noChangesMade.message");
    }

    @Override // com.iplanet.am.console.base.model.AMProfileModelBase, com.iplanet.am.console.base.model.AMProfileModel
    public String getAddButtonLabel() {
        return getLocalizedString("dynGUIAddToList.button");
    }

    @Override // com.iplanet.am.console.base.model.AMProfileModelBase, com.iplanet.am.console.base.model.AMProfileModel
    public String getRemoveButtonLabel() {
        return getLocalizedString("dynGUIRemoveFromList.button");
    }

    @Override // com.iplanet.am.console.user.model.UMUserGroupSelectModel
    public Set getAssignedGroups() {
        return getUserGroupDNs();
    }

    @Override // com.iplanet.am.console.user.model.UMUserViewModelImpl, com.iplanet.am.console.base.model.AMModelBase, com.iplanet.am.console.base.model.AMModel
    public String getHelpAnchorTag() {
        String localizedString = getLocalizedString("userGroups.help");
        if (localizedString.equals("userGroups.help")) {
            localizedString = AMAdminConstants.DEFAULT_HELP_FILE;
        }
        return getHelpURL(localizedString);
    }

    @Override // com.iplanet.am.console.user.model.UMUserGroupSelectModel
    public String getGroupNotSelectedMessage() {
        return getLocalizedString("groupNotSelected.message");
    }

    @Override // com.iplanet.am.console.user.model.UMUserGroupSelectModel
    public String getGroupNotSelectedTitle() {
        return getLocalizedString("groupNotSelected.title");
    }

    @Override // com.iplanet.am.console.user.model.UMUserGroupSelectModel
    public Set getUnAssignedGroups(String str) {
        Set excludedObjFromSet = excludedObjFromSet(getGroups(str), getUserGroupDNs());
        return excludedObjFromSet == null ? Collections.EMPTY_SET : excludedObjFromSet;
    }

    @Override // com.iplanet.am.console.user.model.UMUserGroupSelectModel
    public void updateGroups(Set set) throws AMConsoleException {
        if (this.curUser == null || !(isAdministrator() || getUserGroupSubscribe())) {
            AMModelBase.debug.warning("User has no permission to update the groups.");
            return;
        }
        Set userGroupDNs = getUserGroupDNs();
        Set excludedObjFromSet = excludedObjFromSet(userGroupDNs, set);
        Set excludedObjFromSet2 = excludedObjFromSet(set, userGroupDNs);
        removeGroups(excludedObjFromSet);
        addGroups(excludedObjFromSet2);
    }

    public void addGroups(Set set) throws AMConsoleException {
        setAttrList(null);
        if (this.curUser == null || set == null) {
            return;
        }
        Set userGroupDNs = getUserGroupDNs();
        if (userGroupDNs.equals(set)) {
            return;
        }
        AMStoreConnection aMStoreConnection = isAdministrator() ? null : (AMStoreConnection) AccessController.doPrivileged(new PrivilegedAction(this) { // from class: com.iplanet.am.console.user.model.UMUserGroupSelectModelImpl.4
            private final UMUserGroupSelectModelImpl this$0;

            {
                this.this$0 = this;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    return AMAdminUtils.getStoreConnAsAdmin();
                } catch (SecurityException e) {
                    AMModelBase.debug.error("UMUserGroupSelectModelImpl.addGroups", e);
                    return null;
                }
            }
        });
        if (aMStoreConnection == null) {
            aMStoreConnection = this.dpStoreConn;
        }
        ArrayList arrayList = new ArrayList(10);
        AMUser aMUser = this.curUser;
        try {
            aMUser = aMStoreConnection.getUser(this.curUser.getDN());
        } catch (SSOException e) {
            AMModelBase.debug.error("UMUserGroupSelectModelImpl.addGroups", e);
            arrayList.add(getErrorString(e));
        }
        Set<String> excludedObjFromSet = excludedObjFromSet(set, userGroupDNs);
        if (excludedObjFromSet != null && !excludedObjFromSet.isEmpty()) {
            for (String str : excludedObjFromSet) {
                try {
                    int objectType = getObjectType(str);
                    if (objectType == 9 || objectType == 10) {
                        aMUser.assignStaticGroup(str);
                    } else {
                        aMUser.assignAssignableDynamicGroup(str);
                    }
                    this.groupsModified = true;
                    StringBuffer stringBuffer = new StringBuffer(100);
                    stringBuffer.append(getLocalizedString("assignedUserToGroup.message")).append(new StringBuffer().append(" ").append(str).toString()).append(new StringBuffer().append(":[").append(this.curUser.getDN()).append("]").toString());
                    this.logger.doLog(stringBuffer.toString());
                } catch (AMException e2) {
                    AMModelBase.debug.warning("assigning groups to user", e2);
                    arrayList.add(getErrorString(e2));
                } catch (SSOException e3) {
                    AMModelBase.debug.error("assigning groups to user", e3);
                    arrayList.add(getErrorString(e3));
                }
            }
        }
        if (!arrayList.isEmpty()) {
            throw new AMConsoleException(arrayList);
        }
    }

    @Override // com.iplanet.am.console.user.model.UMUserGroupSelectModel
    public String getDisplayGroupsMessage() {
        return getLocalizedString("displayGroups.message");
    }

    @Override // com.iplanet.am.console.user.model.UMUserGroupSelectModel
    public String getDisplayEndUserGroupsLabel() {
        return getLocalizedString("displayEndUserGroups.label");
    }

    @Override // com.iplanet.am.console.user.model.UMUserGroupSelectModel
    public String getNoGroupsAssignedMessage() {
        return getLocalizedString("noGroupsAssigned.message");
    }
}
