package com.ibm.isclite.service.security.roles.impl;

import com.ibm.isc.datastore.DatastoreConstants;
import com.ibm.isc.datastore.exceptions.RoleAlreadyExistsException;
import com.ibm.isc.datastore.exceptions.RoleInvalidNameException;
import com.ibm.isc.ha.runtime.RepositoryException;
import com.ibm.isclite.common.util.SecurityUtil;
import com.ibm.isclite.runtime.Constants;
import com.ibm.isclite.service.security.roles.IRolePersistenceManager;
import com.ibm.isclite.service.security.roles.IRoleService;
import com.ibm.isclite.service.security.roles.RoleServiceUtil;
import java.io.File;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/ibm/isclite/service/security/roles/impl/GenericRoleServiceImpl.class */
public class GenericRoleServiceImpl implements IRoleService {
    private static final String CLASS_NAME = GenericRoleServiceImpl.class.getName();
    private static Logger logger = Logger.getLogger(GenericRoleServiceImpl.class.getName());
    private Map<String, Set<String>> _role2UserMap;
    private Map<String, Set<String>> _role2GroupMap;
    private Map<String, Set<String>> _user2RoleMap;
    private Map<String, Set<String>> _group2RoleMap;
    private final ReentrantReadWriteLock reentrantLck = new ReentrantReadWriteLock();
    private final Lock _readLock = this.reentrantLck.readLock();
    private final Lock _writeLock = this.reentrantLck.writeLock();
    private IRolePersistenceManager _rolePersistenceMgr;
    private static IRoleService _roleStore;
    private volatile String baseURI;

    private GenericRoleServiceImpl(String str) {
        this.baseURI = "";
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "GenericRoleStoreImpl");
        }
        this.baseURI = str;
        this._role2UserMap = new HashMap();
        this._role2GroupMap = new HashMap();
        this._user2RoleMap = new HashMap();
        this._group2RoleMap = new HashMap();
        this._rolePersistenceMgr = FileBasedRolePersistenceManager.getInstance();
        _loadRepository();
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASS_NAME, "GenericRoleStoreImpl");
        }
    }

    public static synchronized IRoleService getInstance(String str) {
        if (_roleStore == null) {
            if (str == null || str.isEmpty()) {
                throw new IllegalArgumentException("Repository base is empty");
            }
            _roleStore = new GenericRoleServiceImpl(str);
        }
        return _roleStore;
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public boolean addRole(String str) throws RoleAlreadyExistsException, RoleInvalidNameException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "addRole", str);
        }
        boolean z = true;
        try {
            this._writeLock.lock();
            if (RoleServiceUtil.isRoleValid(str)) {
                z = _addRole(str);
            }
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(CLASS_NAME, "addRole");
            }
            return z;
        } finally {
            this._writeLock.unlock();
        }
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public boolean addRoles(List<String> list) throws RoleAlreadyExistsException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "addRoles");
        }
        boolean z = true;
        try {
            if (list == null) {
                throw new IllegalArgumentException("Role list is NULL");
            }
            this._writeLock.lock();
            for (String str : list) {
                try {
                    if (RoleServiceUtil.isRoleValid(str)) {
                        try {
                            _addRole(str);
                        } catch (RoleAlreadyExistsException e) {
                            logger.log(Level.WARNING, "role:" + str + " already exists. skipping..");
                            z = false;
                        }
                    }
                } catch (RoleInvalidNameException e2) {
                    logger.log(Level.WARNING, "role:" + str + " is invalid. skipping..");
                    z = false;
                }
            }
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(CLASS_NAME, "addRoles", Boolean.valueOf(z));
            }
            return z;
        } finally {
            this._writeLock.unlock();
        }
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public boolean removeRoles(List<String> list) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "removeAllRoles");
        }
        boolean z = true;
        try {
            this._writeLock.lock();
            for (String str : list) {
                try {
                    if (!_removeRole(str)) {
                        z = false;
                    }
                } catch (RoleInvalidNameException e) {
                    logger.warning("Could not remove role " + str);
                    z = false;
                }
            }
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(CLASS_NAME, "removeAllRoles", Boolean.valueOf(z));
            }
            return z;
        } finally {
            this._writeLock.unlock();
        }
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public boolean addGroupsToRole(String str, List<String> list) throws RoleInvalidNameException {
        Set<String> set;
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "addGroupsToRole", str);
        }
        if (!RoleServiceUtil.isRoleValid(str) || list == null) {
            logger.warning("List of groups is null ");
            throw new IllegalArgumentException("List of groups is null skipping");
        }
        try {
            this._writeLock.lock();
            if (this._role2GroupMap.containsKey(str)) {
                set = this._role2GroupMap.get(str);
                set.addAll(list);
            } else {
                set = new HashSet(list);
                this._role2GroupMap.put(str, set);
                if (!this._role2UserMap.containsKey(str)) {
                    this._role2UserMap.put(str, new HashSet());
                }
            }
            for (String str2 : set) {
                if (this._group2RoleMap.containsKey(str2.toUpperCase())) {
                    this._group2RoleMap.get(str2.toUpperCase()).add(str);
                } else {
                    HashSet hashSet = new HashSet();
                    hashSet.add(str);
                    this._group2RoleMap.put(str2.toUpperCase(), hashSet);
                }
            }
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(CLASS_NAME, "addGroupsToRole", true);
            }
            return true;
        } finally {
            this._writeLock.unlock();
        }
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public boolean addUsersToRole(String str, List<String> list) throws RoleInvalidNameException {
        Set<String> set;
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "addUsersToRole", str);
        }
        boolean z = true;
        if (!RoleServiceUtil.isRoleValid(str)) {
            logger.warning("role name is empty, failed to map this role to users ");
            throw new RoleInvalidNameException("role name is empty, failed to map this role to groups ");
        }
        if (list == null || list.size() <= 0) {
            try {
                logger.log(Level.FINE, "7->");
                z = addRole(str);
                logger.log(Level.FINE, "8->");
            } catch (RoleAlreadyExistsException e) {
                logger.warning("role name is existed, failed to map this role to users ");
                z = false;
            } catch (RoleInvalidNameException e2) {
                logger.warning("role name is empty, failed to map this role to users ");
                throw new RoleInvalidNameException("role name is empty, failed to map this role to users ");
            }
        } else {
            try {
                this._writeLock.lock();
                logger.log(Level.FINE, "0->" + this._role2UserMap.toString());
                if (this._role2UserMap.containsKey(str)) {
                    set = this._role2UserMap.get(str);
                    set.addAll(list);
                    logger.log(Level.FINE, "1->" + set.toString());
                } else {
                    set = new HashSet(list);
                    this._role2UserMap.put(str, set);
                    if (!this._role2GroupMap.containsKey(str)) {
                        this._role2GroupMap.put(str, new HashSet());
                    }
                }
                logger.log(Level.FINE, "2->" + this._user2RoleMap.toString());
                for (String str2 : set) {
                    logger.log(Level.FINE, "3->" + str2.toUpperCase());
                    if (this._user2RoleMap.containsKey(str2.toUpperCase())) {
                        Set<String> set2 = this._user2RoleMap.get(str2.toUpperCase());
                        logger.log(Level.FINE, "4->" + set2);
                        set2.add(str);
                    } else {
                        HashSet hashSet = new HashSet();
                        hashSet.add(str);
                        this._user2RoleMap.put(str2.toUpperCase(), hashSet);
                    }
                }
            } finally {
                this._writeLock.unlock();
            }
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASS_NAME, "addUsersToRole", true);
        }
        return z;
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public Set<String> getRoles() {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "getRoles");
        }
        try {
            this._readLock.lock();
            Set<String> unmodifiableSet = Collections.unmodifiableSet(this._role2UserMap.keySet());
            this._readLock.unlock();
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(CLASS_NAME, "getRoles", unmodifiableSet);
            }
            return unmodifiableSet;
        } catch (Throwable th) {
            this._readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public List<String> getUsersInRole(String str) throws RoleInvalidNameException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "getUsersInRole", str);
        }
        ArrayList arrayList = null;
        if (RoleServiceUtil.isRoleValid(str)) {
            try {
                this._readLock.lock();
                arrayList = this._role2UserMap.containsKey(str) ? new ArrayList(this._role2UserMap.get(str)) : new ArrayList();
            } finally {
                this._readLock.unlock();
            }
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASS_NAME, "getUsersInRole", arrayList);
        }
        return arrayList;
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public List<String> getGroupsInRole(String str) throws RoleInvalidNameException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "getGroupsInRole", str);
        }
        ArrayList arrayList = null;
        if (RoleServiceUtil.isRoleValid(str)) {
            try {
                this._readLock.lock();
                arrayList = this._role2GroupMap.containsKey(str) ? new ArrayList(this._role2GroupMap.get(str)) : new ArrayList();
            } finally {
                this._readLock.unlock();
            }
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASS_NAME, "getGroupsInRole", arrayList);
        }
        return arrayList;
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public boolean removeRole(String str) throws RoleInvalidNameException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "removeRole", str);
        }
        try {
            this._writeLock.lock();
            _removeRole(str);
            this._writeLock.unlock();
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(CLASS_NAME, "removeRole", true);
            }
            return true;
        } catch (Throwable th) {
            this._writeLock.unlock();
            throw th;
        }
    }

    private boolean _removeRole(String str) throws RoleInvalidNameException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "_removeRole", str);
        }
        boolean z = true;
        if (RoleServiceUtil.isRoleValid(str)) {
            if (this._role2UserMap.containsKey(str)) {
                Iterator<String> it = this._role2UserMap.get(str).iterator();
                while (it.hasNext()) {
                    Set<String> set = this._user2RoleMap.get(it.next().toUpperCase());
                    if (set != null && !set.isEmpty()) {
                        set.remove(str);
                    }
                }
                this._role2UserMap.remove(str);
            } else {
                z = false;
            }
            if (this._role2GroupMap.containsKey(str)) {
                Iterator<String> it2 = this._role2GroupMap.get(str).iterator();
                while (it2.hasNext()) {
                    Set<String> set2 = this._group2RoleMap.get(it2.next().toUpperCase());
                    if (set2 != null && !set2.isEmpty()) {
                        set2.remove(str);
                    }
                }
                this._role2GroupMap.remove(str);
            } else {
                z = false;
            }
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASS_NAME, "_removeRole", Boolean.valueOf(z));
        }
        return z;
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public boolean removeUsersFromRole(String str, List<String> list) throws RoleInvalidNameException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "removeUsersFromRole", str);
        }
        boolean z = true;
        if (RoleServiceUtil.isRoleValid(str)) {
            try {
                this._writeLock.lock();
                if (this._role2UserMap.containsKey(str)) {
                    Set<String> set = this._role2UserMap.get(str);
                    for (String str2 : list) {
                        set.remove(str2);
                        Set<String> set2 = this._user2RoleMap.get(str2.toUpperCase());
                        if (set2 != null && !set2.isEmpty()) {
                            set2.remove(str);
                        }
                    }
                } else {
                    z = false;
                }
            } finally {
                this._writeLock.unlock();
            }
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASS_NAME, "removeUsersFromRole", Boolean.valueOf(z));
        }
        return z;
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public boolean removeGroupsFromRole(String str, List<String> list) throws RoleInvalidNameException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "removeGroupsFromRole", str);
        }
        boolean z = true;
        if (RoleServiceUtil.isRoleValid(str)) {
            try {
                this._writeLock.lock();
                if (this._role2GroupMap.containsKey(str)) {
                    Set<String> set = this._role2GroupMap.get(str);
                    for (String str2 : list) {
                        set.remove(str2);
                        Set<String> set2 = this._group2RoleMap.get(str2.toUpperCase());
                        if (set2 != null && !set2.isEmpty()) {
                            set2.remove(str);
                        }
                    }
                } else {
                    z = false;
                }
            } finally {
                this._writeLock.unlock();
            }
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASS_NAME, "removeGroupsFromRole", Boolean.valueOf(z));
        }
        return z;
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public void save() throws RepositoryException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "save");
        }
        try {
            _saveRepository();
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(CLASS_NAME, "save");
            }
        } catch (Exception e) {
            throw new RepositoryException(e.getMessage());
        }
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public boolean isEveryOneInRole(String str) throws RoleInvalidNameException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "isEveryOneInRole", "user:all authenticated portal usersroleName:" + str);
        }
        boolean isUserInRole = isUserInRole(str, Constants.ALL_USERS);
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASS_NAME, "isEveryOneInRole", Boolean.valueOf(isUserInRole));
        }
        return isUserInRole;
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public boolean isUserInRole(String str, String str2) throws RoleInvalidNameException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "isUserInRole", "user:" + str2 + "roleName:" + str);
        }
        boolean z = false;
        if (RoleServiceUtil.isRoleValid(str) && str2 != null && !str2.isEmpty()) {
            try {
                this._readLock.lock();
                if (this._role2UserMap.containsKey(str)) {
                    Set<String> set = this._role2UserMap.get(str);
                    String _escapeUserName = _escapeUserName(str2);
                    z = set.contains(Constants.ALL_USERS) || set.contains(_escapeUserName);
                    if (!z) {
                        for (String str3 : set) {
                            if (str3.equalsIgnoreCase(_escapeUserName) || str3.contains(_escapeUserName)) {
                                z = true;
                                break;
                            }
                        }
                    }
                } else {
                    logger.warning("role does not exist" + str);
                }
            } finally {
                this._readLock.unlock();
            }
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASS_NAME, "isUserInRole", Boolean.valueOf(z));
        }
        return z;
    }

    private static String _escapeUserName(String str) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "_escapeUserName", str);
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASS_NAME, "_escapeUserName", str);
        }
        return str;
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public boolean isGroupInRole(String str, String str2) throws RoleInvalidNameException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "isGroupInRole", "group:" + str2 + "roleName:" + str);
        }
        boolean z = false;
        if (RoleServiceUtil.isRoleValid(str) && str2 != null && !str2.isEmpty()) {
            try {
                this._readLock.lock();
                if (this._role2GroupMap.containsKey(str)) {
                    Set<String> set = this._role2GroupMap.get(str);
                    String _escapeUserName = _escapeUserName(str2);
                    z = set.contains(_escapeUserName);
                    if (!z) {
                        for (String str3 : set) {
                            if (str3.equalsIgnoreCase(_escapeUserName) || str3.contains(_escapeUserName)) {
                                z = true;
                                break;
                            }
                        }
                    }
                } else {
                    logger.warning("role does not exist" + str);
                }
            } finally {
                this._readLock.unlock();
            }
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASS_NAME, "isGroupInRole", Boolean.valueOf(z));
        }
        return z;
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public boolean isRoleExists(String str) throws RoleInvalidNameException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "isRoleExists", str);
        }
        boolean z = false;
        if (RoleServiceUtil.isRoleValid(str)) {
            try {
                this._readLock.lock();
                if (this._role2UserMap.containsKey(str)) {
                    z = true;
                }
            } finally {
                this._readLock.unlock();
            }
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASS_NAME, "isRoleExists", Boolean.valueOf(z));
        }
        return z;
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public void reloadRepository() {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "reloadRepository");
        }
        _loadRepository();
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASS_NAME, "reloadRepository");
        }
    }

    private boolean _addRole(String str) throws RoleAlreadyExistsException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "addRole", str);
        }
        if (this._role2UserMap.containsKey(str)) {
            throw new RoleAlreadyExistsException("Role: " + str + " already exists");
        }
        this._role2UserMap.put(str, new HashSet());
        if (this._role2GroupMap.containsKey(str)) {
            throw new RoleAlreadyExistsException("Role: " + str + " already exists");
        }
        this._role2GroupMap.put(str, new HashSet());
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASS_NAME, "addRole");
        }
        return true;
    }

    private void _loadRepository() {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "_loadRepository");
        }
        String str = this.baseURI + File.separator + DatastoreConstants.ROLE_TO_USER_FILE;
        String str2 = this.baseURI + File.separator + DatastoreConstants.ROLE_TO_GROUP_FILE;
        try {
            try {
                this._writeLock.lock();
                HashMap hashMap = new HashMap();
                HashMap hashMap2 = new HashMap();
                HashMap hashMap3 = new HashMap();
                HashMap hashMap4 = new HashMap();
                this._rolePersistenceMgr.readAndPopulateUserRoleMap(hashMap, hashMap3, str);
                this._rolePersistenceMgr.readAndPopulateUserRoleMap(hashMap2, hashMap4, str2);
                this._role2UserMap.clear();
                this._role2UserMap = hashMap;
                this._role2GroupMap.clear();
                this._role2GroupMap = hashMap2;
                this._user2RoleMap.clear();
                this._user2RoleMap = hashMap3;
                this._group2RoleMap.clear();
                this._group2RoleMap = hashMap4;
                this._writeLock.unlock();
            } catch (Exception e) {
                e.printStackTrace();
                logger.severe("Could not read from repository " + e.getLocalizedMessage());
                this._writeLock.unlock();
            }
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(CLASS_NAME, "_loadRepository");
            }
        } catch (Throwable th) {
            this._writeLock.unlock();
            throw th;
        }
    }

    private void _saveRepository() throws Exception {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "_saveRepository");
        }
        String str = this.baseURI + File.separator + DatastoreConstants.ROLE_TO_USER_FILE;
        String str2 = this.baseURI + File.separator + DatastoreConstants.ROLE_TO_GROUP_FILE;
        try {
            this._writeLock.lock();
            logger.logp(Level.WARNING, CLASS_NAME, "_saveRepository", "role2userrepofile " + str);
            this._rolePersistenceMgr.persistUserRoleMap(this._role2UserMap, str);
            this._rolePersistenceMgr.persistUserRoleMap(this._role2GroupMap, str2);
            this._writeLock.unlock();
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(CLASS_NAME, "_saveRepository");
            }
        } catch (Throwable th) {
            this._writeLock.unlock();
            throw th;
        }
    }

    public static void main(String[] strArr) {
        _escapeUserName("comma,user");
        try {
            URLDecoder.decode("uid%3Dcomma%5C%2Cuser%2Co%3DdefaultWIMFileBasedRealm", "UTF-8");
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public void setBaseURI(String str) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "setBaseURI", str);
        }
        logger.logp(Level.WARNING, "GenericRoleServiceImpl", "setBaseURI", "baseURI" + str);
        this.baseURI = str;
        reloadRepository();
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASS_NAME, "setBaseURI");
        }
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public void useGlobalTransactions(boolean z) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "useGlobalTransactions", Boolean.valueOf(z));
        }
        this._rolePersistenceMgr.useGlobalTransactions(z);
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASS_NAME, "useGlobalTransactions");
        }
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public Set<String> getRolesForUser(String str) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "getRolesForUser", str);
        }
        try {
            this._readLock.lock();
            HashSet hashSet = this._user2RoleMap.containsKey(str.toUpperCase()) ? new HashSet(this._user2RoleMap.get(str.toUpperCase())) : new HashSet();
            hashSet.add(SecurityUtil.ISCUSERS_ROLE);
            hashSet.add(Constants.ALL_USERS);
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(CLASS_NAME, "getRolesForUser", hashSet);
            }
            return hashSet;
        } finally {
            this._readLock.unlock();
        }
    }

    @Override // com.ibm.isclite.service.security.roles.IRoleService
    public Set<String> getRolesForGroup(String str) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASS_NAME, "getRolesForGroup", str);
        }
        try {
            this._readLock.lock();
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "_group2RoleMap", this._group2RoleMap);
            }
            HashSet hashSet = this._group2RoleMap.containsKey(str.toUpperCase()) ? new HashSet(this._group2RoleMap.get(str.toUpperCase())) : new HashSet();
            hashSet.add(SecurityUtil.ISCUSERS_ROLE);
            hashSet.add(Constants.ALL_USERS);
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(CLASS_NAME, "getRolesForGroup", hashSet);
            }
            return hashSet;
        } finally {
            this._readLock.unlock();
        }
    }
}
