package weblogic.entitlement.data.ldap;

import com.bea.common.security.saml.registry.SAMLPartnerLDAPSchema;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Properties;
import netscape.ldap.LDAPAttribute;
import netscape.ldap.LDAPAttributeSet;
import netscape.ldap.LDAPConnection;
import netscape.ldap.LDAPEntry;
import netscape.ldap.LDAPException;
import netscape.ldap.LDAPModification;
import netscape.ldap.LDAPSearchResults;
import weblogic.entitlement.data.EPolicyCollectionInfo;
import weblogic.entitlement.data.EResource;
import weblogic.entitlement.data.ERole;
import weblogic.entitlement.data.ERoleCollectionInfo;
import weblogic.entitlement.data.ERoleId;
import weblogic.entitlement.data.EnConflictException;
import weblogic.entitlement.data.EnCreateException;
import weblogic.entitlement.data.EnCursorResourceFilter;
import weblogic.entitlement.data.EnCursorRoleFilter;
import weblogic.entitlement.data.EnData;
import weblogic.entitlement.data.EnDataChangeListener;
import weblogic.entitlement.data.EnDuplicateKeyException;
import weblogic.entitlement.data.EnFinderException;
import weblogic.entitlement.data.EnRemoveException;
import weblogic.entitlement.data.EnResourceCursor;
import weblogic.entitlement.data.EnRoleCursor;
import weblogic.entitlement.data.EnStorageException;
import weblogic.entitlement.expression.EAuxiliary;
import weblogic.entitlement.expression.EExprRep;
import weblogic.entitlement.expression.EExpression;
import weblogic.entitlement.util.Escaping;
import weblogic.entitlement.util.TextFilter;
import weblogic.ldap.EmbeddedLDAP;
import weblogic.ldap.EmbeddedLDAPChange;
import weblogic.ldap.EmbeddedLDAPChangeListener;
import weblogic.security.utils.ProviderUtils;

/* loaded from: input_file:weblogic/entitlement/data/ldap/EData.class */
public class EData extends EnLDAP implements EnData {
    private String roleBaseDN;
    private String resourceBaseDN;
    private String predicateBaseDN;
    private String policyCollectionBaseDN;
    private String roleCollectionBaseDN;
    private static final String policyCollectionBaseName = "EPolicyCollectionInfo";
    private static final String roleCollectionBaseName = "ERoleCollectionInfo";
    private static final String WLSCREATORINFO = "wlsCreatorInfo";
    private static final String wlsCollectionName = "wlsCollectionName";
    private static final String roleBaseName = "ERole";
    private static final String[] ROLE_OBJ_CLASSES = {SAMLPartnerLDAPSchema.CLASS_TOP, roleBaseName};
    private static final String resourceBaseName = "EResource";
    private static final String[] RESOURCE_OBJ_CLASSES = {SAMLPartnerLDAPSchema.CLASS_TOP, resourceBaseName};
    private static final String predicateBaseName = "EPredicate";
    private static final String[] PREDICATE_OBJ_CLASSES = {SAMLPartnerLDAPSchema.CLASS_TOP, predicateBaseName};
    private static final String[] POLICY_COL_OBJ_CLASSES = {SAMLPartnerLDAPSchema.CLASS_TOP, "wlsPolicyCollectionInfo"};
    private static final String[] ROLE_COL_OBJ_CLASSES = {SAMLPartnerLDAPSchema.CLASS_TOP, "wlsRoleCollectionInfo"};
    private static final String eexprAttribute = "EExpr";
    private static final String auxAttribute = "EAux";
    private static final String[] eexprAttrList = {eexprAttribute, auxAttribute, "wlsCreatorInfo", "wlsCollectionName"};
    private static final String[] conflictAttrList = {"wlsCreatorInfo", "wlsCollectionName"};
    private static final String wlsCollectionVersion = "wlsCollectionVersion";
    private static final String wlsCollectionTimestamp = "wlsCollectionTimestamp";
    private static final String[] collectionAttrList = {"wlsCollectionName", wlsCollectionVersion, wlsCollectionTimestamp};
    private static final char[] SPECIAL_CHARS = {'@', '|', '&', '!', '=', '<', '>', '~', '(', ')', '*', ':', ',', ';', ' ', '\"', '\'', '\t', '\\', '+', '/'};
    public static final Escaping escaper = new Escaping(SPECIAL_CHARS);

    /* loaded from: input_file:weblogic/entitlement/data/ldap/EData$LDAPChangeListener.class */
    private class LDAPChangeListener implements EmbeddedLDAPChangeListener {
        private EnDataChangeListener listener;

        public LDAPChangeListener(EnDataChangeListener enDataChangeListener) {
            this.listener = enDataChangeListener;
        }

        @Override // weblogic.ldap.EmbeddedLDAPChangeListener
        public void entryChanged(EmbeddedLDAPChange embeddedLDAPChange) {
            int indexOf;
            String entryName = embeddedLDAPChange.getEntryName();
            if (EnLDAP.traceLogger != null && EnLDAP.traceLogger.isDebugEnabled()) {
                EnLDAP.traceLogger.debug("entryChanged: " + entryName);
            }
            if (entryName == null || !entryName.startsWith("cn=") || (indexOf = entryName.indexOf(44, 3)) <= 0) {
                return;
            }
            String substring = entryName.substring(3, indexOf);
            if (entryName.endsWith(EData.this.roleBaseDN)) {
                this.listener.roleChanged(EData.name2PK(substring));
            } else if (entryName.endsWith(EData.this.resourceBaseDN)) {
                this.listener.resourceChanged(EData.escaper.unescapeString(substring));
            } else if (entryName.endsWith(EData.this.predicateBaseDN)) {
                this.listener.predicateChanged(EData.escaper.unescapeString(substring));
            }
        }
    }

    public EData(Properties properties) {
        super(properties);
        this.roleBaseDN = null;
        this.resourceBaseDN = null;
        this.predicateBaseDN = null;
        this.policyCollectionBaseDN = null;
        this.roleCollectionBaseDN = null;
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("Initializing EData.");
        }
        this.roleBaseDN = "ou=ERole," + this.realmDN;
        this.resourceBaseDN = "ou=EResource," + this.realmDN;
        this.predicateBaseDN = "ou=EPredicate," + this.realmDN;
        this.policyCollectionBaseDN = "ou=EPolicyCollectionInfo," + this.realmDN;
        this.roleCollectionBaseDN = "ou=ERoleCollectionInfo," + this.realmDN;
        LDAPConnection lDAPConnection = null;
        try {
            try {
                lDAPConnection = getConnection();
                createHierachy(lDAPConnection);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            } catch (LDAPException e) {
                lDAPConnection = null;
                throw new EnStorageException(e.getMessage());
            }
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    private void createHierachy(LDAPConnection lDAPConnection) throws LDAPException {
        addStructuralEntry(lDAPConnection, this.roleBaseDN, false, roleBaseName);
        addStructuralEntry(lDAPConnection, this.resourceBaseDN, false, resourceBaseName);
        addStructuralEntry(lDAPConnection, this.predicateBaseDN, false, predicateBaseName);
        addStructuralEntry(lDAPConnection, this.policyCollectionBaseDN, false, policyCollectionBaseName);
        addStructuralEntry(lDAPConnection, this.roleCollectionBaseDN, false, roleCollectionBaseName);
    }

    private static void checkDuplicateException(LDAPException lDAPException) throws EnDuplicateKeyException {
        checkStorageException(lDAPException);
        if (lDAPException.getLDAPResultCode() == 68) {
            throw new EnDuplicateKeyException(lDAPException.toString());
        }
    }

    private static void checkFinderException(LDAPException lDAPException) throws EnFinderException {
        checkStorageException(lDAPException);
        if (lDAPException.getLDAPResultCode() == 32) {
            throw new EnFinderException(lDAPException.toString());
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public Collection fetchRoleIds(String str, TextFilter textFilter) {
        String textFilter2 = textFilter == null ? "*" : textFilter.toString(escaper, "*");
        String escapeString = escaper.escapeString(str);
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("fetchRoleIds: ");
        }
        return fetchERoleIds(PK2Name(escapeString, textFilter2), this.roleBaseDN, "cn");
    }

    private Collection fetchERoleIds(String str, String str2, String str3) {
        ArrayList arrayList = new ArrayList();
        LDAPConnection lDAPConnection = null;
        try {
            try {
                if (traceLogger != null && traceLogger.isDebugEnabled()) {
                    traceLogger.debug(str);
                }
                lDAPConnection = getConnection();
                LDAPSearchResults search = lDAPConnection.search(str2, 1, str3 + "=" + str, noAttrs, false);
                while (search.hasMoreElements()) {
                    arrayList.add(name2PK(getEntryName(search.next())));
                }
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            } catch (LDAPException e) {
                checkStorageException(e);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            }
            return arrayList;
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public Collection fetchResourceRoleIds(TextFilter textFilter) {
        String textFilter2 = textFilter == null ? "*" : textFilter.toString(escaper, "*");
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("fetchResourceRoleIds: ");
        }
        return fetchERoleIds(PK2Name(textFilter2, "*"), this.roleBaseDN, "cn");
    }

    @Override // weblogic.entitlement.data.EnData
    public Collection fetchGlobalRoles() {
        return fetchRoles("", (TextFilter) null);
    }

    @Override // weblogic.entitlement.data.EnData
    public Collection fetchRoles(String str) {
        return fetchRoles(str, (TextFilter) null);
    }

    @Override // weblogic.entitlement.data.EnData
    public Collection fetchRoles(String str, TextFilter textFilter) {
        ArrayList arrayList = new ArrayList();
        LDAPConnection lDAPConnection = null;
        try {
            try {
                String escapeString = escaper.escapeString(str);
                String textFilter2 = textFilter == null ? "*" : textFilter.toString(escaper, "*");
                if (traceLogger != null && traceLogger.isDebugEnabled()) {
                    traceLogger.debug("fetchRoles(" + escapeString + "," + textFilter2 + ") ==> ");
                }
                lDAPConnection = getConnection();
                LDAPSearchResults search = lDAPConnection.search(this.roleBaseDN, 1, "cn=" + PK2Name(escapeString, textFilter2), eexprAttrList, false);
                while (search.hasMoreElements()) {
                    arrayList.add(getRoleFromEntry(search.next()));
                }
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            } catch (LDAPException e) {
                checkStorageException(e);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            }
            return arrayList;
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    private Collection fetchNames(TextFilter textFilter, String str, String str2) {
        String textFilter2;
        ArrayList arrayList = new ArrayList();
        LDAPConnection lDAPConnection = null;
        try {
            if (textFilter == null) {
                textFilter2 = "*";
            } else {
                try {
                    textFilter2 = textFilter.toString(escaper, "*");
                } catch (LDAPException e) {
                    checkStorageException(e);
                    if (lDAPConnection != null) {
                        releaseConnection(lDAPConnection);
                    }
                }
            }
            String str3 = textFilter2;
            if (traceLogger != null && traceLogger.isDebugEnabled()) {
                traceLogger.debug(str3);
            }
            lDAPConnection = getConnection();
            LDAPSearchResults search = lDAPConnection.search(str, 1, str2 + "=" + str3, noAttrs, false);
            while (search.hasMoreElements()) {
                arrayList.add(escaper.unescapeString(getEntryName(search.next())));
            }
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            return arrayList;
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public Collection fetchResourceNames(TextFilter textFilter) {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("fetchResourceNames: ");
        }
        return fetchNames(textFilter, this.resourceBaseDN, "cn");
    }

    @Override // weblogic.entitlement.data.EnData
    public Collection fetchResources(TextFilter textFilter) {
        String textFilter2;
        ArrayList arrayList = new ArrayList();
        LDAPConnection lDAPConnection = null;
        try {
            if (textFilter == null) {
                textFilter2 = "*";
            } else {
                try {
                    textFilter2 = textFilter.toString(escaper, "*");
                } catch (LDAPException e) {
                    checkStorageException(e);
                    if (lDAPConnection != null) {
                        releaseConnection(lDAPConnection);
                    }
                }
            }
            String str = textFilter2;
            if (traceLogger != null && traceLogger.isDebugEnabled()) {
                traceLogger.debug("fetchResources(" + str + ")");
            }
            lDAPConnection = getConnection();
            LDAPSearchResults search = lDAPConnection.search(this.resourceBaseDN, 1, "cn=" + str, eexprAttrList, false);
            while (search.hasMoreElements()) {
                arrayList.add(getResourceFromEntry(search.next()));
            }
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            return arrayList;
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public ERole[] fetchRoles(ERoleId[] eRoleIdArr, boolean z) throws EnFinderException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("fetch roles");
        }
        ERole[] eRoleArr = new ERole[eRoleIdArr.length];
        LDAPConnection lDAPConnection = null;
        try {
            try {
                String[] roleNames = getRoleNames(eRoleIdArr);
                lDAPConnection = getConnection();
                LDAPSearchResults search = lDAPConnection.search(this.roleBaseDN, 1, makeNameFilter(roleNames), eexprAttrList, false);
                HashMap hashMap = new HashMap(eRoleIdArr.length);
                while (search.hasMoreElements()) {
                    ERole roleFromEntry = getRoleFromEntry(search.next());
                    hashMap.put(roleFromEntry.getPrimaryKey(), roleFromEntry);
                }
                for (int i = 0; i < eRoleIdArr.length; i++) {
                    eRoleArr[i] = (ERole) hashMap.get(eRoleIdArr[i]);
                    if (traceLogger != null && traceLogger.isDebugEnabled()) {
                        traceLogger.debug("role[" + i + "]=" + eRoleIdArr[i] + (eRoleArr[i] == null ? "Not Found" : eRoleArr[i].getEntitlement()));
                    }
                    if (eRoleArr[i] == null && !z) {
                        throw new EnFinderException("Role '" + eRoleIdArr[i].getRoleName() + "' not found.");
                    }
                }
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            } catch (LDAPException e) {
                checkStorageException(e);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            }
            return eRoleArr;
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public EResource[] fetchResources(String[] strArr, boolean z) throws EnFinderException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("fetch resources");
        }
        EResource[] eResourceArr = new EResource[strArr.length];
        LDAPConnection lDAPConnection = null;
        try {
            try {
                String[] strArr2 = new String[strArr.length];
                for (int i = 0; i < strArr2.length; i++) {
                    strArr2[i] = escaper.escapeString(strArr[i]);
                }
                lDAPConnection = getConnection();
                LDAPSearchResults search = lDAPConnection.search(this.resourceBaseDN, 1, makeNameFilter(strArr2), eexprAttrList, false);
                HashMap hashMap = new HashMap(strArr.length);
                while (search.hasMoreElements()) {
                    EResource resourceFromEntry = getResourceFromEntry(search.next());
                    hashMap.put(resourceFromEntry.getName(), resourceFromEntry);
                }
                for (int i2 = 0; i2 < strArr.length; i2++) {
                    eResourceArr[i2] = (EResource) hashMap.get(strArr[i2]);
                    if (traceLogger != null && traceLogger.isDebugEnabled()) {
                        traceLogger.debug("resource[" + i2 + "]=" + strArr[i2] + " : " + (eResourceArr[i2] == null ? "Not Found" : eResourceArr[i2].getEntitlement()));
                    }
                    if (eResourceArr[i2] == null && !z) {
                        throw new EnFinderException("Resource '" + strArr[i2] + "' not found.");
                    }
                }
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            } catch (LDAPException e) {
                checkStorageException(e);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            }
            return eResourceArr;
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void update(ERole[] eRoleArr, boolean z) throws EnFinderException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("update roles");
        }
        if (eRoleArr.length == 0) {
            return;
        }
        try {
            try {
                String[] roleNames = getRoleNames(eRoleArr);
                LDAPConnection connection = getConnection();
                if (countEntries(connection.search(this.roleBaseDN, 1, makeNameFilter(roleNames), noAttrs, true)) != eRoleArr.length) {
                    throw new EnFinderException("Attempt to modify unknown role");
                }
                for (int i = 0; i < eRoleArr.length; i++) {
                    EExpression expression = eRoleArr[i].getExpression();
                    LDAPModification lDAPModification = new LDAPModification(2, new LDAPAttribute(eexprAttribute, expression == null ? null : expression.serialize()));
                    LDAPModification lDAPModification2 = new LDAPModification(2, new LDAPAttribute("wlsCreatorInfo", z ? "deploy" : "mbean"));
                    String collectionName = eRoleArr[i].getCollectionName();
                    connection.modify("cn=" + roleNames[i] + "," + this.roleBaseDN, collectionName != null ? new LDAPModification[]{lDAPModification, lDAPModification2, new LDAPModification(2, new LDAPAttribute("wlsCollectionName", escaper.escapeString(collectionName)))} : new LDAPModification[]{lDAPModification, lDAPModification2});
                    if (traceLogger != null && traceLogger.isDebugEnabled()) {
                        traceLogger.debug("role[" + i + "]=" + eRoleArr[i].getPrimaryKey() + " : " + eRoleArr[i].getEntitlement());
                    }
                }
                if (connection != null) {
                    releaseConnection(connection);
                }
            } catch (LDAPException e) {
                checkStorageException(e);
                if (0 != 0) {
                    releaseConnection(null);
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                releaseConnection(null);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void updateAuxiliary(ERole[] eRoleArr, boolean z) throws EnFinderException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("update roles auxiliary");
        }
        if (eRoleArr.length == 0) {
            return;
        }
        try {
            try {
                String[] roleNames = getRoleNames(eRoleArr);
                LDAPConnection connection = getConnection();
                if (countEntries(connection.search(this.roleBaseDN, 1, makeNameFilter(roleNames), noAttrs, true)) != eRoleArr.length) {
                    throw new EnFinderException("Attempt to modify unknown role");
                }
                for (int i = 0; i < eRoleArr.length; i++) {
                    EAuxiliary auxiliary = eRoleArr[i].getAuxiliary();
                    connection.modify("cn=" + roleNames[i] + "," + this.roleBaseDN, new LDAPModification[]{new LDAPModification(2, new LDAPAttribute(auxAttribute, auxiliary == null ? null : auxiliary.toString())), new LDAPModification(2, new LDAPAttribute("wlsCreatorInfo", z ? "deploy" : "mbean"))});
                    if (traceLogger != null && traceLogger.isDebugEnabled()) {
                        traceLogger.debug("role[" + i + "]=" + eRoleArr[i].getPrimaryKey() + " : " + eRoleArr[i].getAuxiliary());
                    }
                }
                if (connection != null) {
                    releaseConnection(connection);
                }
            } catch (LDAPException e) {
                checkStorageException(e);
                if (0 != 0) {
                    releaseConnection(null);
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                releaseConnection(null);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void update(EResource[] eResourceArr, boolean z) throws EnFinderException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("update resources");
        }
        if (eResourceArr.length == 0) {
            return;
        }
        try {
            try {
                String[] resourceNames = getResourceNames(eResourceArr);
                LDAPConnection connection = getConnection();
                if (countEntries(connection.search(this.resourceBaseDN, 1, makeNameFilter(resourceNames), noAttrs, true)) != eResourceArr.length) {
                    throw new EnFinderException("Attempt to modify unknown resource.");
                }
                for (int i = 0; i < eResourceArr.length; i++) {
                    EExpression expression = eResourceArr[i].getExpression();
                    LDAPModification lDAPModification = new LDAPModification(2, new LDAPAttribute(eexprAttribute, expression == null ? null : expression.serialize()));
                    LDAPModification lDAPModification2 = new LDAPModification(2, new LDAPAttribute("wlsCreatorInfo", z ? "deploy" : "mbean"));
                    String collectionName = eResourceArr[i].getCollectionName();
                    connection.modify("cn=" + resourceNames[i] + "," + this.resourceBaseDN, collectionName != null ? new LDAPModification[]{lDAPModification, lDAPModification2, new LDAPModification(2, new LDAPAttribute("wlsCollectionName", escaper.escapeString(collectionName)))} : new LDAPModification[]{lDAPModification, lDAPModification2});
                    if (traceLogger != null && traceLogger.isDebugEnabled()) {
                        traceLogger.debug("resource[" + i + "]=" + eResourceArr[i].getName() + " : " + eResourceArr[i].getEntitlement());
                    }
                }
                if (connection != null) {
                    releaseConnection(connection);
                }
            } catch (LDAPException e) {
                checkStorageException(e);
                if (0 != 0) {
                    releaseConnection(null);
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                releaseConnection(null);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void create(ERole[] eRoleArr, boolean z) throws EnDuplicateKeyException, EnCreateException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("create roles");
        }
        try {
            try {
                String[] roleNames = getRoleNames(eRoleArr);
                LDAPConnection connection = getConnection();
                LDAPSearchResults search = connection.search(this.roleBaseDN, 1, makeNameFilter(roleNames), noAttrs, false);
                if (search.hasMoreElements()) {
                    String entryName = getEntryName(search.next());
                    throw new EnDuplicateKeyException("Role policy definition for '" + escaper.unescapeString(entryName.substring(entryName.indexOf("::") + "::".length())) + "' already exist.");
                }
                for (int i = 0; i < eRoleArr.length; i++) {
                    LDAPAttributeSet lDAPAttributeSet = new LDAPAttributeSet();
                    lDAPAttributeSet.add(new LDAPAttribute(SAMLPartnerLDAPSchema.ATTR_OBJECT_CLASS, ROLE_OBJ_CLASSES));
                    lDAPAttributeSet.add(new LDAPAttribute("cn", roleNames[i]));
                    EExpression expression = eRoleArr[i].getExpression();
                    if (expression != null) {
                        lDAPAttributeSet.add(new LDAPAttribute(eexprAttribute, expression.serialize()));
                    }
                    EAuxiliary auxiliary = eRoleArr[i].getAuxiliary();
                    if (auxiliary != null) {
                        lDAPAttributeSet.add(new LDAPAttribute(auxAttribute, auxiliary.toString()));
                    }
                    String str = "cn=" + roleNames[i] + "," + this.roleBaseDN;
                    lDAPAttributeSet.add(new LDAPAttribute("wlsCreatorInfo", z ? "deploy" : "mbean"));
                    String collectionName = eRoleArr[i].getCollectionName();
                    if (collectionName != null) {
                        lDAPAttributeSet.add(new LDAPAttribute("wlsCollectionName", escaper.escapeString(collectionName)));
                    }
                    connection.add(new LDAPEntry(str, lDAPAttributeSet));
                }
                if (connection != null) {
                    releaseConnection(connection);
                }
            } catch (LDAPException e) {
                checkDuplicateException(e);
                if (0 != 0) {
                    releaseConnection(null);
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                releaseConnection(null);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void createForCollection(ERole[] eRoleArr) throws EnConflictException, EnDuplicateKeyException, EnCreateException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("create roles for collection");
        }
        try {
            try {
                String[] roleNames = getRoleNames(eRoleArr);
                LDAPConnection connection = getConnection();
                LDAPSearchResults search = connection.search(this.roleBaseDN, 1, makeNameFilter(roleNames), conflictAttrList, false);
                if (search.hasMoreElements()) {
                    LDAPEntry next = search.next();
                    String entryName = getEntryName(next);
                    boolean entryDeployData = getEntryDeployData(next);
                    String str = "Entitlement role definition for '" + escaper.unescapeString(entryName) + "' ";
                    if (entryDeployData) {
                        throw new EnDuplicateKeyException(str + " already exist.");
                    }
                    if (traceLogger != null && traceLogger.isDebugEnabled()) {
                        traceLogger.debug("conflict: " + getEntryAttribute(next, "wlsCollectionName") + " -- " + entryName);
                    }
                    throw new EnConflictException(str + " is customized.");
                }
                for (int i = 0; i < eRoleArr.length; i++) {
                    LDAPAttributeSet lDAPAttributeSet = new LDAPAttributeSet();
                    lDAPAttributeSet.add(new LDAPAttribute(SAMLPartnerLDAPSchema.ATTR_OBJECT_CLASS, ROLE_OBJ_CLASSES));
                    lDAPAttributeSet.add(new LDAPAttribute("cn", roleNames[i]));
                    EExpression expression = eRoleArr[i].getExpression();
                    if (expression != null) {
                        lDAPAttributeSet.add(new LDAPAttribute(eexprAttribute, expression.serialize()));
                    }
                    EAuxiliary auxiliary = eRoleArr[i].getAuxiliary();
                    if (auxiliary != null) {
                        lDAPAttributeSet.add(new LDAPAttribute(auxAttribute, auxiliary.toString()));
                    }
                    String str2 = "cn=" + roleNames[i] + "," + this.roleBaseDN;
                    lDAPAttributeSet.add(new LDAPAttribute("wlsCreatorInfo", eRoleArr[i].isDeployData() ? "deploy" : "mbean"));
                    String collectionName = eRoleArr[i].getCollectionName();
                    if (collectionName != null) {
                        lDAPAttributeSet.add(new LDAPAttribute("wlsCollectionName", escaper.escapeString(collectionName)));
                    }
                    connection.add(new LDAPEntry(str2, lDAPAttributeSet));
                }
                if (connection != null) {
                    releaseConnection(connection);
                }
            } catch (LDAPException e) {
                checkDuplicateException(e);
                if (0 != 0) {
                    releaseConnection(null);
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                releaseConnection(null);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void create(EResource[] eResourceArr, boolean z) throws EnDuplicateKeyException, EnCreateException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("create resources");
        }
        try {
            try {
                String[] resourceNames = getResourceNames(eResourceArr);
                LDAPConnection connection = getConnection();
                LDAPSearchResults search = connection.search(this.resourceBaseDN, 1, makeNameFilter(resourceNames), noAttrs, false);
                if (search.hasMoreElements()) {
                    throw new EnDuplicateKeyException("Entitlement policy definition for '" + escaper.unescapeString(getEntryName(search.next())) + "' already exist.");
                }
                for (int i = 0; i < eResourceArr.length; i++) {
                    LDAPAttributeSet lDAPAttributeSet = new LDAPAttributeSet();
                    lDAPAttributeSet.add(new LDAPAttribute(SAMLPartnerLDAPSchema.ATTR_OBJECT_CLASS, RESOURCE_OBJ_CLASSES));
                    lDAPAttributeSet.add(new LDAPAttribute("cn", resourceNames[i]));
                    EExpression expression = eResourceArr[i].getExpression();
                    if (expression != null) {
                        lDAPAttributeSet.add(new LDAPAttribute(eexprAttribute, expression.serialize()));
                    }
                    String str = "cn=" + resourceNames[i] + "," + this.resourceBaseDN;
                    lDAPAttributeSet.add(new LDAPAttribute("wlsCreatorInfo", z ? "deploy" : "mbean"));
                    String collectionName = eResourceArr[i].getCollectionName();
                    if (collectionName != null) {
                        lDAPAttributeSet.add(new LDAPAttribute("wlsCollectionName", escaper.escapeString(collectionName)));
                    }
                    connection.add(new LDAPEntry(str, lDAPAttributeSet));
                }
                if (connection != null) {
                    releaseConnection(connection);
                }
            } catch (LDAPException e) {
                checkDuplicateException(e);
                if (0 != 0) {
                    releaseConnection(null);
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                releaseConnection(null);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void removeRoles(ERoleId[] eRoleIdArr) throws EnFinderException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("remove roles");
        }
        try {
            try {
                String[] roleNames = getRoleNames(eRoleIdArr);
                LDAPConnection connection = getConnection();
                if (countEntries(connection.search(this.roleBaseDN, 1, makeNameFilter(roleNames), noAttrs, true)) != eRoleIdArr.length) {
                    throw new EnFinderException("Attempt to remove unknown role");
                }
                for (int i = 0; i < eRoleIdArr.length; i++) {
                    if (traceLogger != null && traceLogger.isDebugEnabled()) {
                        traceLogger.debug("role[" + i + "]=" + eRoleIdArr[i]);
                    }
                    connection.delete("cn=" + roleNames[i] + "," + this.roleBaseDN);
                }
                if (connection != null) {
                    releaseConnection(connection);
                }
            } catch (LDAPException e) {
                checkStorageException(e);
                if (0 != 0) {
                    releaseConnection(null);
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                releaseConnection(null);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void removeResources(String[] strArr) throws EnFinderException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("remove resources");
        }
        try {
            try {
                String[] strArr2 = new String[strArr.length];
                for (int i = 0; i < strArr.length; i++) {
                    strArr2[i] = escaper.escapeString(strArr[i]);
                }
                LDAPConnection connection = getConnection();
                if (countEntries(connection.search(this.resourceBaseDN, 1, makeNameFilter(strArr2), noAttrs, true)) != strArr.length) {
                    throw new EnFinderException("Attempt to remove unknown resource.");
                }
                for (int i2 = 0; i2 < strArr.length; i2++) {
                    if (traceLogger != null && traceLogger.isDebugEnabled()) {
                        traceLogger.debug("resource[" + i2 + "]=" + strArr[i2]);
                    }
                    connection.delete("cn=" + strArr2[i2] + "," + this.resourceBaseDN);
                }
                if (connection != null) {
                    releaseConnection(connection);
                }
            } catch (LDAPException e) {
                checkStorageException(e);
                if (0 != 0) {
                    releaseConnection(null);
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                releaseConnection(null);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void createPredicate(String str) throws EnDuplicateKeyException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("create predicate: " + str);
        }
        LDAPConnection lDAPConnection = null;
        try {
            try {
                lDAPConnection = getConnection();
                LDAPAttributeSet lDAPAttributeSet = new LDAPAttributeSet();
                lDAPAttributeSet.add(new LDAPAttribute(SAMLPartnerLDAPSchema.ATTR_OBJECT_CLASS, PREDICATE_OBJ_CLASSES));
                lDAPAttributeSet.add(new LDAPAttribute("cn", str));
                lDAPConnection.add(new LDAPEntry("cn=" + str + "," + this.predicateBaseDN, lDAPAttributeSet));
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            } catch (LDAPException e) {
                checkDuplicateException(e);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            }
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void removePredicate(String str) throws EnFinderException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("remove predicate: " + str);
        }
        LDAPConnection lDAPConnection = null;
        try {
            try {
                lDAPConnection = getConnection();
                lDAPConnection.delete("cn=" + str + "," + this.predicateBaseDN);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            } catch (LDAPException e) {
                checkFinderException(e);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            }
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public boolean predicateExists(String str) {
        boolean z = false;
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("predicate exists: " + str);
        }
        LDAPConnection lDAPConnection = null;
        try {
            try {
                lDAPConnection = getConnection();
                z = lDAPConnection.search(this.predicateBaseDN, 1, "cn=" + str, noAttrs, false).hasMoreElements();
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            } catch (LDAPException e) {
                checkStorageException(e);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            }
            return z;
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public Collection fetchPredicates(TextFilter textFilter) {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("fetch predicates: ");
        }
        return fetchNames(textFilter, this.predicateBaseDN, "cn");
    }

    @Override // weblogic.entitlement.data.EnData
    public void setDataChangeListener(EnDataChangeListener enDataChangeListener) {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("setDataChangeListener()");
        }
        EmbeddedLDAP embeddedLDAP = EmbeddedLDAP.getEmbeddedLDAP();
        if (embeddedLDAP != null) {
            LDAPChangeListener lDAPChangeListener = new LDAPChangeListener(enDataChangeListener);
            embeddedLDAP.registerChangeListener(this.roleBaseDN, lDAPChangeListener);
            embeddedLDAP.registerChangeListener(this.resourceBaseDN, lDAPChangeListener);
            embeddedLDAP.registerChangeListener(this.predicateBaseDN, lDAPChangeListener);
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void applicationDeletedResources(String str, int i, String str2) throws EnFinderException, EnRemoveException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("application delete resources");
        }
        LDAPConnection lDAPConnection = null;
        try {
            try {
                lDAPConnection = getConnection();
                ProviderUtils.applicationDeleted(lDAPConnection, this.resourceBaseDN, str, i, str2, traceLogger);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            } catch (LDAPException e) {
                checkStorageException(e);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            }
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void cleanupAfterCollectionResources(String str, long j, List list) throws EnFinderException, EnRemoveException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("cleanup after collection resources");
        }
        LDAPConnection lDAPConnection = null;
        try {
            try {
                lDAPConnection = getConnection();
                ProviderUtils.cleanupAfterCollection(lDAPConnection, this.resourceBaseDN, str, j, list, traceLogger);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            } catch (LDAPException e) {
                checkStorageException(e);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            }
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void cleanupAfterCollectionRoles(String str, long j, List list) throws EnFinderException, EnRemoveException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("cleanup after collection roles");
        }
        LDAPConnection lDAPConnection = null;
        try {
            try {
                lDAPConnection = getConnection();
                ProviderUtils.cleanupAfterCollection(lDAPConnection, this.roleBaseDN, str, j, list, traceLogger);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            } catch (LDAPException e) {
                checkStorageException(e);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            }
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void cleanupAfterDeployResources(String str, int i, String str2, long j) throws EnFinderException, EnRemoveException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("cleanup after deploy resources");
        }
        LDAPConnection lDAPConnection = null;
        try {
            try {
                lDAPConnection = getConnection();
                ProviderUtils.cleanupAfterAppDeploy(lDAPConnection, this.resourceBaseDN, str, i, str2, j, traceLogger);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            } catch (LDAPException e) {
                checkStorageException(e);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            }
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void applicationCopyResources(String str, String str2) throws EnCreateException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("application copy resources");
        }
        LDAPConnection lDAPConnection = null;
        try {
            try {
                lDAPConnection = getConnection();
                ProviderUtils.applicationCopy(lDAPConnection, this.resourceBaseDN, str, str2, nameAttributeList, ProviderUtils.EXCLUDED_ON_COPY_ATTRS, traceLogger);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            } catch (LDAPException e) {
                if (traceLogger != null && traceLogger.isDebugEnabled()) {
                    traceLogger.debug("application copy resources exception: " + e.toString(), e);
                }
                throw new EnCreateException(e.toString());
            }
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void applicationDeletedRoles(String str, int i, String str2) throws EnFinderException, EnRemoveException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("application delete roles");
        }
        LDAPConnection lDAPConnection = null;
        try {
            try {
                lDAPConnection = getConnection();
                ProviderUtils.applicationDeleted(lDAPConnection, this.roleBaseDN, str, i, str2, traceLogger);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            } catch (LDAPException e) {
                checkStorageException(e);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            }
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void cleanupAfterDeployRoles(String str, int i, String str2, long j) throws EnFinderException, EnRemoveException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("cleanup after deploy roles");
        }
        LDAPConnection lDAPConnection = null;
        try {
            try {
                lDAPConnection = getConnection();
                ProviderUtils.cleanupAfterAppDeploy(lDAPConnection, this.roleBaseDN, str, i, str2, j, traceLogger);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            } catch (LDAPException e) {
                checkStorageException(e);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            }
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void applicationCopyRoles(String str, String str2) throws EnCreateException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("application copy roles");
        }
        LDAPConnection lDAPConnection = null;
        try {
            try {
                lDAPConnection = getConnection();
                ProviderUtils.applicationCopy(lDAPConnection, this.roleBaseDN, str, str2, nameAttributeList, ProviderUtils.EXCLUDED_ON_COPY_ATTRS, traceLogger);
                if (lDAPConnection != null) {
                    releaseConnection(lDAPConnection);
                }
            } catch (LDAPException e) {
                if (traceLogger != null && traceLogger.isDebugEnabled()) {
                    traceLogger.debug("application copy roles exception: " + e.toString(), e);
                }
                throw new EnCreateException(e.toString());
            }
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    public static String PK2Name(ERoleId eRoleId) {
        return PK2Name(escaper.escapeString(eRoleId.getResourceName()), escaper.escapeString(eRoleId.getRoleName()));
    }

    protected static String unescapeName(String str) {
        return escaper.unescapeString(str);
    }

    protected static ERoleId name2PK(String str) {
        int indexOf = str.indexOf("::");
        return new ERoleId(indexOf == 0 ? null : escaper.unescapeString(str.substring(0, indexOf)), escaper.unescapeString(str.substring(indexOf + "::".length())));
    }

    protected static String getEntryName(LDAPEntry lDAPEntry) {
        String dn = lDAPEntry.getDN();
        return dn.substring(dn.indexOf(61) + 1, dn.indexOf(44));
    }

    private EExpression getEntryExpression(LDAPEntry lDAPEntry) {
        String[] stringValueArray;
        LDAPAttribute attribute = lDAPEntry.getAttribute(eexprAttribute);
        String str = null;
        if (attribute != null && (stringValueArray = attribute.getStringValueArray()) != null && stringValueArray.length > 0) {
            str = stringValueArray[0];
        }
        if (str == null) {
            return null;
        }
        return EExprRep.deserialize(str);
    }

    protected static String getEntryAuxiliary(LDAPEntry lDAPEntry) {
        String[] stringValueArray;
        LDAPAttribute attribute = lDAPEntry.getAttribute(auxAttribute);
        String str = null;
        if (attribute != null && (stringValueArray = attribute.getStringValueArray()) != null && stringValueArray.length > 0) {
            str = stringValueArray[0];
        }
        return str;
    }

    protected static boolean getEntryDeployData(LDAPEntry lDAPEntry) {
        LDAPAttribute attribute = lDAPEntry.getAttribute("wlsCreatorInfo");
        boolean z = false;
        if (attribute != null) {
            String str = null;
            String[] stringValueArray = attribute.getStringValueArray();
            if (stringValueArray != null && stringValueArray.length > 0) {
                str = stringValueArray[0];
            }
            if ("deploy".equals(str)) {
                z = true;
            }
        }
        return z;
    }

    private static int countEntries(LDAPSearchResults lDAPSearchResults) throws LDAPException {
        int i = 0;
        while (lDAPSearchResults.hasMoreElements()) {
            lDAPSearchResults.next();
            i++;
        }
        return i;
    }

    private static String[] getRoleNames(ERoleId[] eRoleIdArr) {
        String[] strArr = new String[eRoleIdArr.length];
        for (int i = 0; i < eRoleIdArr.length; i++) {
            strArr[i] = PK2Name(eRoleIdArr[i]);
        }
        return strArr;
    }

    private static String[] getRoleNames(ERole[] eRoleArr) {
        String[] strArr = new String[eRoleArr.length];
        for (int i = 0; i < eRoleArr.length; i++) {
            strArr[i] = PK2Name((ERoleId) eRoleArr[i].getPrimaryKey());
        }
        return strArr;
    }

    private static String[] getResourceNames(EResource[] eResourceArr) {
        String[] strArr = new String[eResourceArr.length];
        for (int i = 0; i < eResourceArr.length; i++) {
            strArr[i] = escaper.escapeString(eResourceArr[i].getName());
        }
        return strArr;
    }

    private static String makeNameFilter(String[] strArr) {
        StringBuffer stringBuffer = new StringBuffer("(|");
        for (int i = 0; i < strArr.length; i++) {
            if (strArr[i] != null) {
                stringBuffer.append("(");
                stringBuffer.append("cn").append("=").append(strArr[i]);
                stringBuffer.append(')');
            }
        }
        stringBuffer.append(')');
        return stringBuffer.toString();
    }

    @Override // weblogic.entitlement.data.EnData
    public EnResourceCursor findResources(TextFilter textFilter, int i, EnCursorResourceFilter enCursorResourceFilter) {
        String textFilter2 = textFilter == null ? "*" : textFilter.toString(escaper, "*");
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("findResources: " + textFilter2);
        }
        EResourceCursor eResourceCursor = null;
        try {
            LDAPConnection connection = getConnection();
            LDAPSearchResults search = connection.search(this.resourceBaseDN, 1, "cn=" + textFilter2, eexprAttrList, false);
            eResourceCursor = enCursorResourceFilter == null ? new EResourceCursor(connection, search, i, this, traceLogger) : new EResourceCursor(enCursorResourceFilter, connection, search, i, this, traceLogger);
        } catch (LDAPException e) {
            if (traceLogger != null && traceLogger.isDebugEnabled()) {
                traceLogger.debug("LDAPException while trying to search for resources");
            }
            if (0 != 0) {
                releaseConnection(null);
            }
            checkStorageException(e);
        }
        return eResourceCursor;
    }

    @Override // weblogic.entitlement.data.EnData
    public EnRoleCursor findRoles(TextFilter textFilter, TextFilter textFilter2, int i, EnCursorRoleFilter enCursorRoleFilter) {
        String textFilter3 = textFilter == null ? "*" : textFilter.toString(escaper, "*");
        String str = textFilter3;
        if (textFilter2 != null) {
            str = PK2Name(textFilter3, textFilter2.toString(escaper, "*"));
        } else if (!str.endsWith("*")) {
            str = str + "*";
        }
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("findRoles: " + str);
        }
        ERoleCursor eRoleCursor = null;
        try {
            LDAPConnection connection = getConnection();
            LDAPSearchResults search = connection.search(this.roleBaseDN, 1, "cn=" + str, eexprAttrList, false);
            eRoleCursor = enCursorRoleFilter == null ? new ERoleCursor(connection, search, i, this, traceLogger) : new ERoleCursor(enCursorRoleFilter, connection, search, i, this, traceLogger);
        } catch (LDAPException e) {
            if (traceLogger != null && traceLogger.isDebugEnabled()) {
                traceLogger.debug("LDAPException while trying to search for roles");
            }
            if (0 != 0) {
                releaseConnection(null);
            }
            checkStorageException(e);
        }
        return eRoleCursor;
    }

    public EResource getResourceFromEntry(LDAPEntry lDAPEntry) {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("getResourceFromEntry");
        }
        EResource eResource = null;
        if (lDAPEntry != null) {
            String entryName = getEntryName(lDAPEntry);
            EExpression entryExpression = getEntryExpression(lDAPEntry);
            boolean entryDeployData = getEntryDeployData(lDAPEntry);
            String entryAttribute = getEntryAttribute(lDAPEntry, "wlsCollectionName");
            String unescapeName = unescapeName(entryName);
            if (entryAttribute != null) {
                entryAttribute = unescapeName(entryAttribute);
            }
            eResource = new EResource(unescapeName, entryExpression, entryDeployData, entryAttribute);
            if (traceLogger != null && traceLogger.isDebugEnabled()) {
                traceLogger.debug("  name: " + unescapeName);
                traceLogger.debug(" eexpr: " + eResource.getEntitlement());
                traceLogger.debug("deploy: " + entryDeployData);
                if (entryAttribute != null) {
                    traceLogger.debug(" cname: " + entryAttribute);
                }
            }
        }
        return eResource;
    }

    public ERole getRoleFromEntry(LDAPEntry lDAPEntry) {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("getRoleFromEntry");
        }
        ERole eRole = null;
        if (lDAPEntry != null) {
            String entryName = getEntryName(lDAPEntry);
            EExpression entryExpression = getEntryExpression(lDAPEntry);
            String entryAuxiliary = getEntryAuxiliary(lDAPEntry);
            boolean entryDeployData = getEntryDeployData(lDAPEntry);
            String entryAttribute = getEntryAttribute(lDAPEntry, "wlsCollectionName");
            ERoleId name2PK = name2PK(entryName);
            EAuxiliary eAuxiliary = null;
            if (entryAuxiliary != null) {
                eAuxiliary = new EAuxiliary(entryAuxiliary);
            }
            eRole = new ERole(name2PK, entryExpression, eAuxiliary, entryDeployData, entryAttribute);
            if (traceLogger != null && traceLogger.isDebugEnabled()) {
                traceLogger.debug("  name: " + name2PK.toString());
                traceLogger.debug(" eexpr: " + eRole.getEntitlement());
                traceLogger.debug("deploy: " + entryDeployData);
                traceLogger.debug("   aux: " + eAuxiliary);
                if (entryAttribute != null) {
                    traceLogger.debug(" cname: " + entryAttribute);
                }
            }
        }
        return eRole;
    }

    @Override // weblogic.entitlement.data.EnData
    public void createForCollection(EResource[] eResourceArr) throws EnConflictException, EnDuplicateKeyException, EnCreateException {
        if (traceLogger != null && traceLogger.isDebugEnabled()) {
            traceLogger.debug("create resources for collection");
        }
        try {
            try {
                String[] resourceNames = getResourceNames(eResourceArr);
                LDAPConnection connection = getConnection();
                LDAPSearchResults search = connection.search(this.resourceBaseDN, 1, makeNameFilter(resourceNames), conflictAttrList, false);
                if (search.hasMoreElements()) {
                    LDAPEntry next = search.next();
                    String entryName = getEntryName(next);
                    boolean entryDeployData = getEntryDeployData(next);
                    String str = "Entitlement policy definition for '" + escaper.unescapeString(entryName) + "' ";
                    if (entryDeployData) {
                        throw new EnDuplicateKeyException(str + "already exist.");
                    }
                    if (traceLogger != null && traceLogger.isDebugEnabled()) {
                        traceLogger.debug("conflict: " + getEntryAttribute(next, "wlsCollectionName") + " -- " + entryName);
                    }
                    throw new EnConflictException(str + "is customized.");
                }
                for (int i = 0; i < eResourceArr.length; i++) {
                    LDAPAttributeSet lDAPAttributeSet = new LDAPAttributeSet();
                    lDAPAttributeSet.add(new LDAPAttribute(SAMLPartnerLDAPSchema.ATTR_OBJECT_CLASS, RESOURCE_OBJ_CLASSES));
                    lDAPAttributeSet.add(new LDAPAttribute("cn", resourceNames[i]));
                    EExpression expression = eResourceArr[i].getExpression();
                    if (expression != null) {
                        lDAPAttributeSet.add(new LDAPAttribute(eexprAttribute, expression.serialize()));
                    }
                    String str2 = "cn=" + resourceNames[i] + "," + this.resourceBaseDN;
                    lDAPAttributeSet.add(new LDAPAttribute("wlsCreatorInfo", eResourceArr[i].isDeployData() ? "deploy" : "mbean"));
                    String collectionName = eResourceArr[i].getCollectionName();
                    if (collectionName != null) {
                        lDAPAttributeSet.add(new LDAPAttribute("wlsCollectionName", escaper.escapeString(collectionName)));
                    }
                    connection.add(new LDAPEntry(str2, lDAPAttributeSet));
                }
                if (connection != null) {
                    releaseConnection(connection);
                }
            } catch (LDAPException e) {
                checkDuplicateException(e);
                if (0 != 0) {
                    releaseConnection(null);
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                releaseConnection(null);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void createPolicyCollectionInfo(String str, String str2, String str3) throws EnCreateException, EnConflictException {
        try {
            try {
                String escapeString = escaper.escapeString(str);
                if (traceLogger != null && traceLogger.isDebugEnabled()) {
                    traceLogger.debug("createPolicyCollectionInfo(" + escapeString + ")");
                }
                String str4 = "wlsCollectionName=" + escapeString + "," + this.policyCollectionBaseDN;
                LDAPAttributeSet lDAPAttributeSet = new LDAPAttributeSet();
                lDAPAttributeSet.add(new LDAPAttribute(SAMLPartnerLDAPSchema.ATTR_OBJECT_CLASS, POLICY_COL_OBJ_CLASSES));
                lDAPAttributeSet.add(new LDAPAttribute("wlsCollectionName", escapeString));
                if (str2 != null) {
                    lDAPAttributeSet.add(new LDAPAttribute(wlsCollectionVersion, str2));
                }
                if (str3 != null) {
                    lDAPAttributeSet.add(new LDAPAttribute(wlsCollectionTimestamp, str3));
                }
                LDAPEntry lDAPEntry = new LDAPEntry(str4, lDAPAttributeSet);
                LDAPConnection connection = getConnection();
                try {
                    connection.add(lDAPEntry);
                } catch (LDAPException e) {
                    if (e.getLDAPResultCode() != 68) {
                        throw new EnCreateException(e.toString());
                    }
                    try {
                        connection.delete(lDAPEntry.getDN());
                        connection.add(lDAPEntry);
                    } catch (LDAPException e2) {
                        if (e2.getLDAPResultCode() != 32) {
                            throw new EnCreateException(e2.toString());
                        }
                        if (traceLogger != null && traceLogger.isDebugEnabled()) {
                            traceLogger.debug("createPolicyCollectionInfo(): conflict for " + escapeString);
                        }
                        throw new EnConflictException(escapeString + " conflict.");
                    }
                }
                if (connection != null) {
                    releaseConnection(connection);
                }
            } catch (LDAPException e3) {
                if (e3.getLDAPResultCode() != 68) {
                    throw new EnCreateException(e3.toString());
                }
                if (traceLogger != null && traceLogger.isDebugEnabled()) {
                    traceLogger.debug("createPolicyCollectionInfo(): conflict for " + str);
                }
                throw new EnConflictException(str + " conflict.");
            }
        } catch (Throwable th) {
            if (0 != 0) {
                releaseConnection(null);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public void createRoleCollectionInfo(String str, String str2, String str3) throws EnCreateException, EnConflictException {
        try {
            try {
                String escapeString = escaper.escapeString(str);
                if (traceLogger != null && traceLogger.isDebugEnabled()) {
                    traceLogger.debug("createRoleCollectionInfo(" + escapeString + ")");
                }
                String str4 = "wlsCollectionName=" + escapeString + "," + this.roleCollectionBaseDN;
                LDAPAttributeSet lDAPAttributeSet = new LDAPAttributeSet();
                lDAPAttributeSet.add(new LDAPAttribute(SAMLPartnerLDAPSchema.ATTR_OBJECT_CLASS, ROLE_COL_OBJ_CLASSES));
                lDAPAttributeSet.add(new LDAPAttribute("wlsCollectionName", escapeString));
                if (str2 != null) {
                    lDAPAttributeSet.add(new LDAPAttribute(wlsCollectionVersion, str2));
                }
                if (str3 != null) {
                    lDAPAttributeSet.add(new LDAPAttribute(wlsCollectionTimestamp, str3));
                }
                LDAPEntry lDAPEntry = new LDAPEntry(str4, lDAPAttributeSet);
                LDAPConnection connection = getConnection();
                try {
                    connection.add(lDAPEntry);
                } catch (LDAPException e) {
                    if (e.getLDAPResultCode() != 68) {
                        throw new EnCreateException(e.toString());
                    }
                    try {
                        connection.delete(lDAPEntry.getDN());
                        connection.add(lDAPEntry);
                    } catch (LDAPException e2) {
                        if (e2.getLDAPResultCode() != 32) {
                            throw new EnCreateException(e2.toString());
                        }
                        if (traceLogger != null && traceLogger.isDebugEnabled()) {
                            traceLogger.debug("createRoleCollectionInfo(): conflict for " + escapeString);
                        }
                        throw new EnConflictException(escapeString + " conflict.");
                    }
                }
                if (connection != null) {
                    releaseConnection(connection);
                }
            } catch (LDAPException e3) {
                if (e3.getLDAPResultCode() != 68) {
                    throw new EnCreateException(e3.toString());
                }
                if (traceLogger != null && traceLogger.isDebugEnabled()) {
                    traceLogger.debug("createRoleCollectionInfo(): conflict for " + str);
                }
                throw new EnConflictException(str + " conflict.");
            }
        } catch (Throwable th) {
            if (0 != 0) {
                releaseConnection(null);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public EPolicyCollectionInfo fetchPolicyCollectionInfo(String str) {
        LDAPConnection lDAPConnection = null;
        try {
            try {
                String escapeString = escaper.escapeString(str);
                if (traceLogger != null && traceLogger.isDebugEnabled()) {
                    traceLogger.debug("fetchPolicyCollectionInfo(" + escapeString + ")");
                }
                lDAPConnection = getConnection();
                LDAPSearchResults search = lDAPConnection.search(this.policyCollectionBaseDN, 1, "wlsCollectionName=" + escapeString, collectionAttrList, false);
                while (search.hasMoreElements()) {
                    LDAPEntry next = search.next();
                    if (next != null) {
                        String unescapeName = unescapeName(getEntryName(next));
                        String entryAttribute = getEntryAttribute(next, wlsCollectionVersion);
                        String entryAttribute2 = getEntryAttribute(next, wlsCollectionTimestamp);
                        if (traceLogger != null && traceLogger.isDebugEnabled()) {
                            traceLogger.debug("     name: " + unescapeName);
                            traceLogger.debug("  version: " + entryAttribute);
                            traceLogger.debug("timestamp: " + entryAttribute2);
                        }
                        EPolicyCollectionInfo ePolicyCollectionInfo = new EPolicyCollectionInfo(unescapeName, entryAttribute, entryAttribute2);
                        if (lDAPConnection != null) {
                            releaseConnection(lDAPConnection);
                        }
                        return ePolicyCollectionInfo;
                    }
                }
                if (lDAPConnection == null) {
                    return null;
                }
                releaseConnection(lDAPConnection);
                return null;
            } catch (LDAPException e) {
                checkStorageException(e);
                if (lDAPConnection == null) {
                    return null;
                }
                releaseConnection(lDAPConnection);
                return null;
            }
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    @Override // weblogic.entitlement.data.EnData
    public ERoleCollectionInfo fetchRoleCollectionInfo(String str) {
        LDAPConnection lDAPConnection = null;
        try {
            try {
                String escapeString = escaper.escapeString(str);
                if (traceLogger != null && traceLogger.isDebugEnabled()) {
                    traceLogger.debug("fetchRoleCollectionInfo(" + escapeString + ")");
                }
                lDAPConnection = getConnection();
                LDAPSearchResults search = lDAPConnection.search(this.roleCollectionBaseDN, 1, "wlsCollectionName=" + escapeString, collectionAttrList, false);
                while (search.hasMoreElements()) {
                    LDAPEntry next = search.next();
                    if (next != null) {
                        String unescapeName = unescapeName(getEntryName(next));
                        String entryAttribute = getEntryAttribute(next, wlsCollectionVersion);
                        String entryAttribute2 = getEntryAttribute(next, wlsCollectionTimestamp);
                        if (traceLogger != null && traceLogger.isDebugEnabled()) {
                            traceLogger.debug("     name: " + unescapeName);
                            traceLogger.debug("  version: " + entryAttribute);
                            traceLogger.debug("timestamp: " + entryAttribute2);
                        }
                        ERoleCollectionInfo eRoleCollectionInfo = new ERoleCollectionInfo(unescapeName, entryAttribute, entryAttribute2);
                        if (lDAPConnection != null) {
                            releaseConnection(lDAPConnection);
                        }
                        return eRoleCollectionInfo;
                    }
                }
                if (lDAPConnection == null) {
                    return null;
                }
                releaseConnection(lDAPConnection);
                return null;
            } catch (LDAPException e) {
                checkStorageException(e);
                if (lDAPConnection == null) {
                    return null;
                }
                releaseConnection(lDAPConnection);
                return null;
            }
        } catch (Throwable th) {
            if (lDAPConnection != null) {
                releaseConnection(lDAPConnection);
            }
            throw th;
        }
    }

    protected static String getEntryAttribute(LDAPEntry lDAPEntry, String str) {
        String[] stringValueArray;
        LDAPAttribute attribute = lDAPEntry.getAttribute(str);
        String str2 = null;
        if (attribute != null && (stringValueArray = attribute.getStringValueArray()) != null && stringValueArray.length > 0) {
            str2 = stringValueArray[0];
        }
        return str2;
    }
}
