package com.sun.identity.liberty.ws.disco;

import com.iplanet.am.util.AdminUtils;
import com.iplanet.am.util.Debug;
import com.iplanet.am.util.XMLUtils;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.internal.AuthPrincipal;
import com.sun.identity.liberty.ws.common.LogUtil;
import com.sun.identity.liberty.ws.common.jaxb.assertion.AssertionType;
import com.sun.identity.liberty.ws.disco.common.DiscoConstants;
import com.sun.identity.liberty.ws.disco.common.DiscoServiceManager;
import com.sun.identity.liberty.ws.disco.common.DiscoUtils;
import com.sun.identity.liberty.ws.disco.jaxb.AuthenticateRequesterElement;
import com.sun.identity.liberty.ws.disco.jaxb.AuthenticateSessionContextElement;
import com.sun.identity.liberty.ws.disco.jaxb.AuthorizeRequesterElement;
import com.sun.identity.liberty.ws.disco.jaxb.DescriptionType;
import com.sun.identity.liberty.ws.disco.jaxb.DirectiveType;
import com.sun.identity.liberty.ws.disco.jaxb.EncryptResourceIDElement;
import com.sun.identity.liberty.ws.disco.jaxb.EncryptedResourceIDType;
import com.sun.identity.liberty.ws.disco.jaxb.InsertEntryType;
import com.sun.identity.liberty.ws.disco.jaxb.ModifyResponseElement;
import com.sun.identity.liberty.ws.disco.jaxb.ModifyType;
import com.sun.identity.liberty.ws.disco.jaxb.QueryResponseElement;
import com.sun.identity.liberty.ws.disco.jaxb.QueryResponseType;
import com.sun.identity.liberty.ws.disco.jaxb.QueryType;
import com.sun.identity.liberty.ws.disco.jaxb.RemoveEntryType;
import com.sun.identity.liberty.ws.disco.jaxb.ResourceIDType;
import com.sun.identity.liberty.ws.disco.jaxb.ResourceOfferingType;
import com.sun.identity.liberty.ws.disco.jaxb.StatusType;
import com.sun.identity.liberty.ws.disco.plugins.DiscoEntryHandler;
import com.sun.identity.liberty.ws.interfaces.Authorizer;
import com.sun.identity.liberty.ws.interfaces.ResourceIDMapper;
import com.sun.identity.liberty.ws.security.SecurityAssertion;
import com.sun.identity.liberty.ws.security.SecurityTokenManager;
import com.sun.identity.liberty.ws.security.SessionContext;
import com.sun.identity.liberty.ws.soapbinding.Message;
import com.sun.identity.liberty.ws.soapbinding.ProviderHeader;
import com.sun.identity.liberty.ws.soapbinding.RequestHandler;
import com.sun.identity.liberty.ws.soapbinding.SOAPBindingConstants;
import com.sun.identity.liberty.ws.soapbinding.SOAPBindingException;
import com.sun.identity.liberty.ws.soapbinding.Utils;
import com.sun.identity.saml.assertion.NameIdentifier;
import java.io.StringReader;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.transform.stream.StreamSource;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:115766-10/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/liberty/ws/disco/DiscoveryService.class */
public final class DiscoveryService implements RequestHandler {
    private static final String OFFERINGS = "offerings";
    private static final String CREDENTIALS = "credentials";
    private static final String CREDENTIALS_OBJ = "credentialsObj";
    private static final String RES_STMT = "ResourceAccess";
    private static final String RES_SESSION_STMT = "ResourceAccess_Session";
    private static final String SESSION_STMT = "SessionContext";
    private static SecurityTokenManager stm;

    public DiscoveryService() {
        DiscoUtils.debug.message("In DiscoveryService constructor.");
    }

    @Override // com.sun.identity.liberty.ws.soapbinding.RequestHandler
    public Message processRequest(Message message) throws Exception {
        Message message2;
        List convertElementToJAXB = Utils.convertElementToJAXB(message.getBodies());
        if (convertElementToJAXB.size() != 1) {
            DiscoUtils.debug.error("DiscoService.processRequest: SOAP message didn't contain one SOAP body.");
            throw new Exception(DiscoUtils.bundle.getString("oneBody"));
        }
        String authenticationMechanism = message.getAuthenticationMechanism();
        if (DiscoUtils.debug.messageEnabled()) {
            DiscoUtils.debug.message(new StringBuffer().append("DiscoService.processRequest: authentication mechanism =").append(authenticationMechanism).toString());
        }
        Set supportedAuthenticationMechanisms = DiscoServiceManager.getSupportedAuthenticationMechanisms();
        if (supportedAuthenticationMechanisms == null || !supportedAuthenticationMechanisms.contains(authenticationMechanism)) {
            DiscoUtils.debug.error(new StringBuffer().append("DiscoService.processRequest: AuthenticationMechanism used is not supported by this service:").append(authenticationMechanism).toString());
            throw new Exception(DiscoUtils.bundle.getString("authnMechNotSupported"));
        }
        try {
            ProviderHeader providerHeader = new ProviderHeader(DiscoServiceManager.getDiscoProviderID());
            if (authenticationMechanism.equals(Message.NULL_X509) || authenticationMechanism.equals(Message.NULL_SAML) || authenticationMechanism.equals(Message.TLS_X509) || authenticationMechanism.equals(Message.TLS_SAML) || authenticationMechanism.equals(Message.CLIENT_TLS_X509) || authenticationMechanism.equals(Message.CLIENT_TLS_SAML)) {
                try {
                    message2 = new Message(providerHeader, stm.getX509CertificateToken());
                } catch (Exception e) {
                    DiscoUtils.debug.error("DiscoveryService.processRequest:couldn't generate Message with X509 token: ", e);
                    throw new DiscoveryException(e.getMessage());
                }
            } else {
                try {
                    message2 = new Message(providerHeader);
                } catch (Exception e2) {
                    DiscoUtils.debug.error("DiscoveryService.processRequest:couldn't generate Message with X509 token: ", e2);
                    throw new DiscoveryException(e2.getMessage());
                }
            }
            Object next = convertElementToJAXB.iterator().next();
            if (next instanceof QueryType) {
                message2.setSOAPBody(lookup((QueryType) next, message));
            } else {
                if (!(next instanceof ModifyType)) {
                    DiscoUtils.debug.error("DiscoService.processRequest: SOAPBody is not a Disco message.");
                    throw new Exception(DiscoUtils.bundle.getString("bodyNotDisco"));
                }
                message2.setSOAPBody(Utils.convertJAXBToElement(update((ModifyType) next, message)));
            }
            return message2;
        } catch (SOAPBindingException e3) {
            throw new DiscoveryException(e3.getMessage());
        }
    }

    private Element lookup(QueryType queryType, Message message) throws JAXBException {
        DiscoUtils.debug.message("in lookup.");
        try {
            QueryResponseElement createQueryResponseElement = DiscoUtils.getDiscoFactory().createQueryResponseElement();
            StatusType createStatusType = DiscoUtils.getDiscoFactory().createStatusType();
            createQueryResponseElement.setStatus(createStatusType);
            ResourceIDType resourceID = queryType.getResourceID();
            String resourceID2 = resourceID == null ? getResourceID(queryType.getEncryptedResourceID()) : resourceID.getValue();
            String discoProviderID = DiscoServiceManager.getDiscoProviderID();
            ResourceIDMapper resourceIDMapper = DiscoServiceManager.getResourceIDMapper(discoProviderID);
            if (resourceIDMapper == null) {
                resourceIDMapper = DiscoServiceManager.getDefaultResourceIDMapper();
            }
            String userID = resourceIDMapper.getUserID(discoProviderID, resourceID2);
            if (userID == null) {
                DiscoUtils.debug.error(new StringBuffer().append("DiscoService.lookup: couldn't find the user associated with the resourceID:").append(resourceID2).toString());
                createStatusType.setCode(DiscoConstants.QNAME_FAILED);
                Document document = null;
                try {
                    document = XMLUtils.newDocument();
                } catch (Exception e) {
                    DiscoUtils.debug.error("DiscoService.lookup:", e);
                }
                DiscoUtils.getDiscoMarshaller().marshal(createQueryResponseElement, document);
                return document.getDocumentElement();
            }
            if (DiscoUtils.debug.messageEnabled()) {
                DiscoUtils.debug.message(new StringBuffer().append("DiscoService.lookup: userDN=").append(userID).toString());
            }
            Collection values = DiscoServiceManager.getDiscoEntryHandler().getDiscoEntries(userID, queryType.getRequestedServiceType()).values();
            String stringBuffer = new StringBuffer().append(DiscoUtils.bundle.getString(SOAPBindingConstants.ATTR_MESSAGE_ID)).append("=").append(message.getCorrelationHeader().getMessageID()).append(".").append(DiscoUtils.bundle.getString(SOAPBindingConstants.ATTR_PROVIDER_ID)).append("=").append(discoProviderID).append(".").append(DiscoUtils.bundle.getString("securityMechID")).append("=").append(message.getAuthenticationMechanism()).append(".").append(DiscoUtils.bundle.getString("resourceOfferingID")).append("=").append(resourceID2).append(".").append(DiscoUtils.bundle.getString("operation")).append("=").append("Lookup").toString();
            Map map = null;
            if (values.size() == 0) {
                if (DiscoUtils.debug.messageEnabled()) {
                    DiscoUtils.debug.message(new StringBuffer().append("DiscoService.lookup: lookup NoResults for user:").append(userID).toString());
                }
                createStatusType.setCode(DiscoConstants.QNAME_FAILED);
                LogUtil.error(Level.INFO, stringBuffer, LogUtil.DS_LOOKUP_FAILURE);
            } else {
                if (DiscoUtils.debug.messageEnabled()) {
                    DiscoUtils.debug.message(new StringBuffer().append("DiscoService.lookup: find ").append(values.size()).append("ResourceOfferings for userDN:").append(userID).toString());
                }
                Authorizer authorizer = null;
                if (DiscoServiceManager.needPolicyEvalLookup()) {
                    DiscoUtils.debug.message("DiscoService.lookup:needPolicyEval.");
                    authorizer = DiscoServiceManager.getAuthorizer();
                }
                map = checkPolicyAndHandleDirectives(userID, message, values, authorizer);
                List list = (List) map.get(OFFERINGS);
                if (list.isEmpty()) {
                    if (DiscoUtils.debug.messageEnabled()) {
                        DiscoUtils.debug.message(new StringBuffer().append("DiscoService.lookup: after policy check and directive handling, NoResults for:").append(userID).toString());
                    }
                    createStatusType.setCode(DiscoConstants.QNAME_FAILED);
                    LogUtil.error(Level.INFO, stringBuffer, LogUtil.DS_LOOKUP_FAILURE);
                } else {
                    createQueryResponseElement.getResourceOffering().addAll(list);
                    DiscoUtils.debug.message("after resp.getresoff.addall");
                    Collection collection = (Collection) map.get(CREDENTIALS_OBJ);
                    if (collection != null && !collection.isEmpty()) {
                        DiscoUtils.debug.message("DiscoService.lookup: has cred.");
                        QueryResponseType.CredentialsType createQueryResponseTypeCredentialsType = DiscoUtils.getDiscoFactory().createQueryResponseTypeCredentialsType();
                        Iterator it = collection.iterator();
                        while (it.hasNext()) {
                            createQueryResponseTypeCredentialsType.getAny().add((AssertionType) it.next());
                        }
                        createQueryResponseElement.setCredentials(createQueryResponseTypeCredentialsType);
                    }
                    createStatusType.setCode(DiscoConstants.QNAME_OK);
                    LogUtil.access(Level.INFO, stringBuffer, LogUtil.DS_LOOKUP_SUCCESS);
                }
            }
            Document document2 = null;
            try {
                document2 = XMLUtils.newDocument();
            } catch (Exception e2) {
                DiscoUtils.debug.error("DiscoService.lookup:", e2);
            }
            DiscoUtils.getDiscoMarshaller().marshal(createQueryResponseElement, document2);
            NodeList elementsByTagNameNS = document2.getElementsByTagNameNS("*", "Credentials");
            if (elementsByTagNameNS.getLength() == 1) {
                Element documentElement = document2.getDocumentElement();
                Element createElement = document2.createElement("Credentials");
                Iterator it2 = ((List) map.get(CREDENTIALS)).iterator();
                while (it2.hasNext()) {
                    try {
                        createElement.appendChild(document2.importNode(XMLUtils.toDOMDocument(((SecurityAssertion) it2.next()).toString(true, true), (Debug) null).getDocumentElement(), true));
                    } catch (Exception e3) {
                        DiscoUtils.debug.error("lookup: cannot create credential node:", e3);
                    }
                }
                documentElement.replaceChild(createElement, elementsByTagNameNS.item(0));
            }
            return document2.getDocumentElement();
        } catch (JAXBException e4) {
            DiscoUtils.debug.error("DiscoService.lookup: couldn't form QueryResponse:", e4);
            throw e4;
        }
    }

    private Map checkPolicyAndHandleDirectives(String str, Message message, Collection collection, Authorizer authorizer) {
        DiscoUtils.debug.message("DiscoService.checkPolicyAndHandleDirectives");
        LinkedList linkedList = new LinkedList();
        LinkedList linkedList2 = new LinkedList();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = null;
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            InsertEntryType insertEntryType = (InsertEntryType) it.next();
            if (authorizer != null) {
                if (hashMap3 == null) {
                    hashMap3 = new HashMap();
                    hashMap3.put(Authorizer.USER_ID, str);
                    hashMap3.put(Authorizer.AUTH_TYPE, message.getAuthenticationMechanism());
                    hashMap3.put("message", message);
                }
                if (!authorizer.isAuthorized(message.getToken(), DiscoConstants.ACTION_LOOKUP, insertEntryType.getResourceOffering(), hashMap3)) {
                    DiscoUtils.debug.error("DiscoveryService.checkPolicyAndHandleDirectives: WSC is not authorized to do lookup");
                }
            }
            ResourceOfferingType resourceOffering = insertEntryType.getResourceOffering();
            List any = insertEntryType.getAny();
            if (any == null || any.isEmpty()) {
                DiscoUtils.debug.message("DiscoService: no directives.");
                linkedList.add(resourceOffering);
            } else {
                DiscoUtils.debug.message("DiscoService: has directives.");
                boolean z = false;
                boolean z2 = false;
                Iterator it2 = any.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    Object next = it2.next();
                    if (next instanceof EncryptResourceIDElement) {
                        DiscoUtils.debug.message("DiscoService: has encrypt D");
                    } else if ((next instanceof AuthenticateRequesterElement) || (next instanceof AuthorizeRequesterElement)) {
                        z = true;
                    } else {
                        if (!(next instanceof AuthenticateSessionContextElement)) {
                            DiscoUtils.debug.error("DiscoveryService: directive type is not supported. Skip this offering.");
                            resourceOffering = null;
                            break;
                        }
                        z2 = true;
                    }
                }
                if (DiscoUtils.debug.messageEnabled()) {
                    DiscoUtils.debug.message(new StringBuffer().append("DiscoService: includeResStmt=").append(z).append(" includeSessionStmt=").append(z2).toString());
                }
                if (resourceOffering != null) {
                    if (z || z2) {
                        Iterator it3 = any.iterator();
                        HashMap hashMap4 = new HashMap();
                        while (true) {
                            if (!it3.hasNext()) {
                                break;
                            }
                            Object next2 = it3.next();
                            if (!(next2 instanceof EncryptResourceIDElement)) {
                                String providerID = resourceOffering.getServiceInstance().getProviderID();
                                Map map = (Map) hashMap2.get(providerID);
                                String str2 = null;
                                AssertionType assertionType = null;
                                if (map != null && !map.isEmpty()) {
                                    if (!z) {
                                        str2 = (String) map.get("SessionContext");
                                        assertionType = (AssertionType) hashMap.get(str2);
                                    } else if (z2) {
                                        str2 = (String) map.get(RES_SESSION_STMT);
                                        assertionType = (AssertionType) hashMap.get(str2);
                                    } else {
                                        str2 = (String) map.get(RES_STMT);
                                        assertionType = (AssertionType) hashMap.get(str2);
                                    }
                                }
                                if (str2 == null || str2.equals("")) {
                                    SecurityAssertion credential = getCredential(message, z, z2, resourceOffering.getResourceID().getValue());
                                    if (credential == null) {
                                        DiscoUtils.debug.error("DiscoveryService: cannot generate credential.");
                                        resourceOffering = null;
                                        break;
                                    }
                                    linkedList2.add(credential);
                                    Unmarshaller discoUnmarshaller = DiscoUtils.getDiscoUnmarshaller();
                                    try {
                                        DiscoUtils.debug.message(new StringBuffer().append("lookup: cred=").append(credential.toString(true, true)).toString());
                                        assertionType = (AssertionType) discoUnmarshaller.unmarshal(new StreamSource(new StringReader(credential.toString())));
                                        String assertionID = credential.getAssertionID();
                                        hashMap.put(assertionID, assertionType);
                                        if (map == null) {
                                            map = new HashMap();
                                        }
                                        if (!z) {
                                            if (DiscoUtils.debug.messageEnabled()) {
                                                DiscoUtils.debug.message(new StringBuffer().append("DiscoService: credential generated for SESSION_STMT and providerID=").append(providerID).toString());
                                            }
                                            map.put("SessionContext", assertionID);
                                        } else if (z2) {
                                            if (DiscoUtils.debug.messageEnabled()) {
                                                DiscoUtils.debug.message(new StringBuffer().append("DiscoService: credential generated for RES_SESSION_STMT and providerID=").append(providerID).toString());
                                            }
                                            map.put(RES_SESSION_STMT, assertionID);
                                        } else {
                                            if (DiscoUtils.debug.messageEnabled()) {
                                                DiscoUtils.debug.message(new StringBuffer().append("DiscoService:credential generated for RES_STMT and providerID=").append(providerID).toString());
                                            }
                                            map.put(RES_STMT, assertionID);
                                        }
                                        hashMap2.put(providerID, map);
                                    } catch (JAXBException e) {
                                        DiscoUtils.debug.error("lookup: cannot add credRef", e);
                                        resourceOffering = null;
                                    }
                                }
                                Iterator it4 = ((DirectiveType) next2).getDescriptionIDRefs().iterator();
                                while (it4.hasNext()) {
                                    hashMap4.put(((DescriptionType) it4.next()).getId(), assertionType);
                                }
                            }
                        }
                        if (resourceOffering != null) {
                            if (!hashMap4.isEmpty()) {
                                for (DescriptionType descriptionType : resourceOffering.getServiceInstance().getDescription()) {
                                    String id = descriptionType.getId();
                                    if (id != null && !id.equals("") && hashMap4.containsKey(id)) {
                                        descriptionType.getCredentialRef().add((AssertionType) hashMap4.get(id));
                                    }
                                }
                            }
                            linkedList.add(resourceOffering);
                        }
                    } else {
                        linkedList.add(resourceOffering);
                    }
                }
            }
        }
        HashMap hashMap5 = new HashMap();
        hashMap5.put(OFFERINGS, linkedList);
        hashMap5.put(CREDENTIALS_OBJ, hashMap.values());
        hashMap5.put(CREDENTIALS, linkedList2);
        return hashMap5;
    }

    private SecurityAssertion getCredential(Message message, boolean z, boolean z2, Object obj) {
        SecurityAssertion securityAssertion = null;
        try {
            X509Certificate peerCertificate = message.getPeerCertificate();
            if (peerCertificate == null) {
                peerCertificate = message.getMessageCertificate();
                if (peerCertificate == null) {
                    if (!DiscoUtils.debug.messageEnabled()) {
                        return null;
                    }
                    DiscoUtils.debug.message("DiscoveryService.getCredential: client cert is null. Cannot generate credential.");
                    return null;
                }
            }
            NameIdentifier nameIdentifier = new NameIdentifier(message.getProviderHeader().getProviderID(), null, DiscoConstants.PROVIDER_ID_FORMAT);
            SecurityTokenManager securityTokenManager = new SecurityTokenManager((SSOToken) message.getToken());
            securityTokenManager.setCertificate(peerCertificate);
            securityAssertion = obj instanceof String ? securityTokenManager.getSAMLAuthorizationToken(nameIdentifier, (SessionContext) null, (String) obj, true, z) : securityTokenManager.getSAMLAuthorizationToken(nameIdentifier, (SessionContext) null, (EncryptedResourceID) obj, true, z);
        } catch (Exception e) {
            DiscoUtils.debug.error("DiscoveryService.getCredential:couldn't generate credential: ", e);
        }
        return securityAssertion;
    }

    private ModifyResponseElement update(ModifyType modifyType, Message message) throws JAXBException {
        DiscoUtils.debug.message("in update.");
        try {
            ModifyResponseElement createModifyResponseElement = DiscoUtils.getDiscoFactory().createModifyResponseElement();
            StatusType createStatusType = DiscoUtils.getDiscoFactory().createStatusType();
            createModifyResponseElement.setStatus(createStatusType);
            ResourceIDType resourceID = modifyType.getResourceID();
            String resourceID2 = resourceID == null ? getResourceID(modifyType.getEncryptedResourceID()) : resourceID.getValue();
            String discoProviderID = DiscoServiceManager.getDiscoProviderID();
            ResourceIDMapper resourceIDMapper = DiscoServiceManager.getResourceIDMapper(discoProviderID);
            if (resourceIDMapper == null) {
                resourceIDMapper = DiscoServiceManager.getDefaultResourceIDMapper();
            }
            String userID = resourceIDMapper.getUserID(discoProviderID, resourceID2);
            String stringBuffer = new StringBuffer().append(DiscoUtils.bundle.getString(SOAPBindingConstants.ATTR_MESSAGE_ID)).append("=").append(message.getCorrelationHeader().getMessageID()).append(".").append(DiscoUtils.bundle.getString(SOAPBindingConstants.ATTR_PROVIDER_ID)).append("=").append(discoProviderID).append(".").append(DiscoUtils.bundle.getString("securityMechID")).append("=").append(message.getAuthenticationMechanism()).append(".").append(DiscoUtils.bundle.getString("resourceOfferingID")).append("=").append(resourceID2).append(".").append(DiscoUtils.bundle.getString("operation")).append("=").append("Update").toString();
            if (userID == null) {
                DiscoUtils.debug.error(new StringBuffer().append("DiscoService.update: couldn't find user from resourceID: ").append(resourceID2).toString());
                createStatusType.setCode(DiscoConstants.QNAME_FAILED);
                LogUtil.error(Level.INFO, stringBuffer, LogUtil.DS_UPDATE_FAILURE);
                return createModifyResponseElement;
            }
            DiscoEntryHandler discoEntryHandler = DiscoServiceManager.getDiscoEntryHandler();
            if (DiscoServiceManager.needPolicyEvalUpdate()) {
                DiscoUtils.debug.message("DiscoService.lookup: needPolicyEval.");
                if (!isUpdateAllowed(userID, message, modifyType.getRemoveEntry(), modifyType.getInsertEntry(), discoEntryHandler, DiscoServiceManager.getAuthorizer())) {
                    createStatusType.setCode(DiscoConstants.QNAME_FAILED);
                    LogUtil.error(Level.INFO, stringBuffer, LogUtil.DS_UPDATE_FAILURE);
                    return createModifyResponseElement;
                }
            }
            Map modifyDiscoEntries = discoEntryHandler.modifyDiscoEntries(userID, modifyType.getRemoveEntry(), modifyType.getInsertEntry());
            if (((String) modifyDiscoEntries.get(DiscoEntryHandler.STATUS_CODE)).equals(DiscoConstants.STATUS_OK)) {
                if (DiscoUtils.debug.messageEnabled()) {
                    DiscoUtils.debug.message("DiscoService.update: modified DiscoEntries through DiscoEntryHandler successfully.");
                }
                createStatusType.setCode(DiscoConstants.QNAME_OK);
                List list = (List) modifyDiscoEntries.get(DiscoEntryHandler.NEW_ENTRY_IDS);
                if (list != null && list.size() != 0) {
                    createModifyResponseElement.getNewEntryIDs().addAll(list);
                }
                LogUtil.access(Level.INFO, stringBuffer, LogUtil.DS_UPDATE_SUCCESS);
            } else {
                DiscoUtils.debug.error("DiscoService.update: couldn't modify DiscoEntries through DiscoEntryHandler.");
                createStatusType.setCode(DiscoConstants.QNAME_FAILED);
                LogUtil.error(Level.INFO, stringBuffer, LogUtil.DS_UPDATE_FAILURE);
            }
            return createModifyResponseElement;
        } catch (JAXBException e) {
            DiscoUtils.debug.error("DiscoService.update: couldn't form ModifyResponse.");
            throw e;
        }
    }

    private boolean isUpdateAllowed(String str, Message message, List list, List list2, DiscoEntryHandler discoEntryHandler, Authorizer authorizer) {
        DiscoUtils.debug.message("DiscoService.isUpdateAllowed.");
        HashMap hashMap = null;
        if (list != null && list.size() != 0) {
            Map discoEntries = discoEntryHandler.getDiscoEntries(str, null);
            Iterator it = list.iterator();
            while (it.hasNext()) {
                String entryID = ((RemoveEntryType) it.next()).getEntryID();
                if (!discoEntries.containsKey(entryID)) {
                    DiscoUtils.debug.error(new StringBuffer().append("DiscoveryService.isUpdateAllowed: remove entry not exits: ").append(entryID).toString());
                    return false;
                }
                if (hashMap == null) {
                    hashMap = new HashMap();
                    hashMap.put(Authorizer.USER_ID, str);
                    hashMap.put(Authorizer.AUTH_TYPE, message.getAuthenticationMechanism());
                    hashMap.put("message", message);
                }
                if (!authorizer.isAuthorized(message.getToken(), DiscoConstants.ACTION_UPDATE, ((InsertEntryType) discoEntries.get(entryID)).getResourceOffering(), hashMap)) {
                    DiscoUtils.debug.error(new StringBuffer().append("DiscoveryService.isUpdateAllowed: WSC is not authorized to remove entry: ").append(entryID).toString());
                    return false;
                }
            }
        }
        if (list2 == null || list2.size() == 0) {
            return true;
        }
        Iterator it2 = list2.iterator();
        while (it2.hasNext()) {
            if (hashMap == null) {
                hashMap = new HashMap();
                hashMap.put(Authorizer.USER_ID, str);
                hashMap.put(Authorizer.AUTH_TYPE, message.getAuthenticationMechanism());
                hashMap.put("message", message);
            }
            if (!authorizer.isAuthorized(message.getToken(), DiscoConstants.ACTION_UPDATE, ((InsertEntryType) it2.next()).getResourceOffering(), hashMap)) {
                DiscoUtils.debug.error("DiscoveryService.isUpdateAllowed: WSC is not authorized to insert entry.");
                return false;
            }
        }
        return true;
    }

    private String getResourceID(EncryptedResourceIDType encryptedResourceIDType) {
        return null;
    }

    static {
        stm = null;
        try {
            stm = new SecurityTokenManager(SSOTokenManager.getInstance().createSSOToken(new AuthPrincipal(AdminUtils.getAdminDN()), new String(AdminUtils.getAdminPassword())));
        } catch (Exception e) {
            DiscoUtils.debug.error("DiscoveryService.static: unable to get SecurityTokenManager: ", e);
        }
    }
}
