package com.zimbra.cs.service.admin;

import com.zimbra.common.localconfig.LC;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.AdminConstants;
import com.zimbra.common.soap.Element;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.Alias;
import com.zimbra.cs.account.CalendarResource;
import com.zimbra.cs.account.Cos;
import com.zimbra.cs.account.DistributionList;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.NamedEntry;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.ZAttrProvisioning;
import com.zimbra.cs.account.accesscontrol.AdminRight;
import com.zimbra.cs.account.accesscontrol.HardRules;
import com.zimbra.cs.account.accesscontrol.Rights;
import com.zimbra.cs.account.accesscontrol.TargetType;
import com.zimbra.cs.account.ldap.LdapProvisioning;
import com.zimbra.cs.mailbox.Mailbox;
import com.zimbra.cs.service.FileUploadServlet;
import com.zimbra.cs.service.UserServlet;
import com.zimbra.cs.service.admin.AdminAccessControl;
import com.zimbra.cs.service.admin.AdminRightCheckPoint;
import com.zimbra.cs.session.AdminSession;
import com.zimbra.cs.session.Session;
import com.zimbra.soap.ZimbraSoapContext;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/zimbra/cs/service/admin/SearchDirectory.class */
public class SearchDirectory extends AdminDocumentHandler {
    public static final String BY_NAME = "name";
    public static final String BY_ID = "id";
    private static final String SEARCH_DIRECTORY_ACCOUNT_DATA = "SearchDirectoryAccount";
    public static final int MAX_SEARCH_RESULTS = LC.zimbra_directory_max_search_result.intValue();

    @Override // com.zimbra.soap.DocumentHandler
    public boolean domainAuthSufficient(Map map) {
        return true;
    }

    @Override // com.zimbra.soap.DocumentHandler
    public Element handle(Element element, Map<String, Object> map) throws ServiceException {
        List allowed;
        ZimbraSoapContext zimbraSoapContext = getZimbraSoapContext(map);
        Provisioning provisioning = Provisioning.getInstance();
        String attribute = element.getAttribute(UserServlet.QP_QUERY);
        int attributeLong = (int) element.getAttributeLong("maxResults", MAX_SEARCH_RESULTS);
        int attributeLong2 = (int) element.getAttributeLong("limit", 2147483647L);
        if (attributeLong2 == 0) {
            attributeLong2 = Integer.MAX_VALUE;
        }
        int attributeLong3 = (int) element.getAttributeLong(UserServlet.QP_OFFSET, 0L);
        String attribute2 = element.getAttribute("domain", (String) null);
        boolean attributeBool = element.getAttributeBool("applyCos", true);
        boolean attributeBool2 = element.getAttributeBool("applyConfig", true);
        String attribute3 = element.getAttribute("attrs", (String) null);
        String attribute4 = element.getAttribute("sortBy", (String) null);
        String attribute5 = element.getAttribute(UserServlet.QP_TYPES, "accounts");
        boolean attributeBool3 = element.getAttributeBool("sortAscending", true);
        int i = 0;
        if (attribute5.indexOf("accounts") != -1) {
            i = 0 | 1;
        }
        if (attribute5.indexOf("aliases") != -1) {
            i |= 2;
        }
        if (attribute5.indexOf("distributionlists") != -1) {
            i |= 4;
        }
        if (attribute5.indexOf("resources") != -1) {
            i |= 8;
        }
        if (attribute5.indexOf(Mailbox.BROWSE_BY_DOMAINS) != -1) {
            i |= 16;
        }
        if (attribute5.indexOf("coses") != -1) {
            i |= 32;
        }
        if ((i & 32) == 32 && attribute2 != null) {
            throw ServiceException.INVALID_REQUEST("cannot specify domain with coses flag", (Throwable) null);
        }
        String str = attribute3;
        if ((i & 1) == 1 && str != null && !str.contains(ZAttrProvisioning.A_zimbraMailTransport)) {
            str = str + FileUploadServlet.UPLOAD_DELIMITER + ZAttrProvisioning.A_zimbraMailTransport;
        }
        String[] split = str == null ? null : str.split(FileUploadServlet.UPLOAD_DELIMITER);
        HashSet hashSet = split == null ? null : new HashSet(Arrays.asList(split));
        Element createElement = zimbraSoapContext.createElement(AdminConstants.SEARCH_DIRECTORY_RESPONSE);
        if (isDomainAdminOnly(zimbraSoapContext)) {
            if ((i & 16) == 16) {
                if (attribute != null && attribute.length() > 0) {
                    throw ServiceException.PERM_DENIED("cannot search for domains");
                }
                String name = getAuthTokenAccountDomain(zimbraSoapContext).getName();
                Domain domain = null;
                if (name != null) {
                    domain = provisioning.get(Provisioning.DomainBy.name, name);
                    if (domain == null) {
                        throw AccountServiceException.NO_SUCH_DOMAIN(name);
                    }
                }
                GetDomain.encodeDomain(createElement, domain, attributeBool2, hashSet, null);
                createElement.addAttribute("more", false);
                createElement.addAttribute("searchTotal", 1L);
                return createElement;
            }
            if ((i & 32) == 32) {
                throw ServiceException.PERM_DENIED("cannot search for coses");
            }
            if (attribute2 == null) {
                attribute2 = getAuthTokenAccountDomain(zimbraSoapContext).getName();
            } else {
                checkDomainRight(zimbraSoapContext, attribute2, AdminRight.PR_ALWAYS_ALLOW);
            }
        }
        Domain domain2 = null;
        if (attribute2 != null) {
            domain2 = provisioning.get(Provisioning.DomainBy.name, attribute2);
            if (domain2 == null) {
                throw AccountServiceException.NO_SUCH_DOMAIN(attribute2);
            }
        }
        AdminAccessControl adminAccessControl = AdminAccessControl.getAdminAccessControl(zimbraSoapContext);
        AdminAccessControl.SearchDirectoryRightChecker searchDirectoryRightChecker = new AdminAccessControl.SearchDirectoryRightChecker(adminAccessControl, provisioning, hashSet);
        AdminSession adminSession = (AdminSession) getSession(zimbraSoapContext, Session.Type.ADMIN);
        int i2 = i | 256;
        if (adminSession != null) {
            allowed = adminSession.searchAccounts(domain2, attribute, split, attribute4, attributeBool3, i2, attributeLong3, attributeLong, searchDirectoryRightChecker);
        } else {
            Provisioning.SearchOptions searchOptions = new Provisioning.SearchOptions();
            searchOptions.setDomain(domain2);
            searchOptions.setFlags(i2);
            searchOptions.setMaxResults(attributeLong);
            searchOptions.setQuery(attribute);
            searchOptions.setReturnAttrs(split);
            searchOptions.setSortAscending(attributeBool3);
            searchOptions.setSortAttr(attribute4);
            searchOptions.setConvertIDNToAscii(true);
            allowed = searchDirectoryRightChecker.getAllowed(provisioning.searchDirectory(searchOptions));
        }
        LdapProvisioning ldapProvisioning = null;
        if (provisioning instanceof LdapProvisioning) {
            ldapProvisioning = (LdapProvisioning) provisioning;
        }
        String[] split2 = attribute3 == null ? null : attribute3.split(FileUploadServlet.UPLOAD_DELIMITER);
        HashSet hashSet2 = split2 == null ? null : new HashSet(Arrays.asList(split2));
        int i3 = attributeLong3 + attributeLong2;
        int i4 = attributeLong3;
        while (i4 < i3 && i4 < allowed.size()) {
            NamedEntry namedEntry = (NamedEntry) allowed.get(i4);
            boolean z = true;
            if (namedEntry instanceof Account) {
                z = attributeBool;
                setAccountDefaults(ldapProvisioning, (Account) namedEntry);
            } else if (namedEntry instanceof Domain) {
                z = attributeBool2;
            }
            encodeEntry(provisioning, createElement, namedEntry, z, hashSet2, adminAccessControl);
            i4++;
        }
        createElement.addAttribute("more", i4 < allowed.size());
        createElement.addAttribute("searchTotal", allowed.size());
        return createElement;
    }

    private void setAccountDefaults(LdapProvisioning ldapProvisioning, Account account) throws ServiceException {
        if (ldapProvisioning == null) {
            return;
        }
        Boolean bool = (Boolean) account.getCachedData(SEARCH_DIRECTORY_ACCOUNT_DATA);
        if (bool == null || bool == Boolean.FALSE) {
            ldapProvisioning.setAccountDefaults(account, 0);
            account.setCachedData(SEARCH_DIRECTORY_ACCOUNT_DATA, Boolean.TRUE);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void encodeEntry(Provisioning provisioning, Element element, NamedEntry namedEntry, boolean z, Set<String> set, AdminAccessControl adminAccessControl) throws ServiceException {
        if (namedEntry instanceof CalendarResource) {
            ToXML.encodeCalendarResource(element, (CalendarResource) namedEntry, z, set, adminAccessControl.getAttrRightChecker((CalendarResource) namedEntry, EnumSet.of(HardRules.HardRule.DELEGATED_ADMIN_CANNOT_ACCESS_GLOBAL_ADMIN)));
            return;
        }
        if (namedEntry instanceof Account) {
            ToXML.encodeAccount(element, (Account) namedEntry, z, true, set, adminAccessControl.getAttrRightChecker((Account) namedEntry, EnumSet.of(HardRules.HardRule.DELEGATED_ADMIN_CANNOT_ACCESS_GLOBAL_ADMIN)));
            return;
        }
        if (namedEntry instanceof DistributionList) {
            GetDistributionList.encodeDistributionList(element, (DistributionList) namedEntry, false, set, adminAccessControl.getAttrRightChecker((DistributionList) namedEntry));
            return;
        }
        if (namedEntry instanceof Alias) {
            encodeAlias(element, provisioning, (Alias) namedEntry, set);
        } else if (namedEntry instanceof Domain) {
            GetDomain.encodeDomain(element, (Domain) namedEntry, z, set, adminAccessControl.getAttrRightChecker((Domain) namedEntry));
        } else if (namedEntry instanceof Cos) {
            GetCos.encodeCos(element, (Cos) namedEntry, set, adminAccessControl.getAttrRightChecker((Cos) namedEntry));
        }
    }

    private static void encodeAlias(Element element, Provisioning provisioning, Alias alias, Set<String> set) throws ServiceException {
        Element addElement = element.addElement(Provisioning.DOMAIN_TYPE_ALIAS);
        addElement.addAttribute("name", alias.getUnicodeName());
        addElement.addAttribute("id", alias.getId());
        addElement.addAttribute(Provisioning.SearchOptions.SORT_BY_TARGET_NAME, alias.getTargetUnicodeName(provisioning));
        TargetType targetType = alias.getTargetType(provisioning);
        if (targetType != null) {
            addElement.addAttribute("type", targetType.getCode());
        }
        ToXML.encodeAttrs(addElement, alias.getUnicodeAttrs(), set, null);
    }

    @Override // com.zimbra.cs.service.admin.AdminDocumentHandler, com.zimbra.cs.service.admin.AdminRightCheckPoint
    public void docRights(List<AdminRight> list, List<String> list2) {
        list.add(Rights.Admin.R_getAccount);
        list.add(Rights.Admin.R_getCalendarResource);
        list.add(Rights.Admin.R_getDistributionList);
        list.add(Rights.Admin.R_getDomain);
        list.add(Rights.Admin.R_getCos);
        list.add(Rights.Admin.R_listAccount);
        list.add(Rights.Admin.R_listCalendarResource);
        list.add(Rights.Admin.R_listDistributionList);
        list.add(Rights.Admin.R_listDomain);
        list.add(Rights.Admin.R_listCos);
        list2.add(AdminRightCheckPoint.Notes.LIST_ENTRY);
    }
}
