package com.zimbra.cs.account.ldap.upgrade;

import com.zimbra.common.service.ServiceException;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.ZAttrProvisioning;
import com.zimbra.cs.account.accesscontrol.GranteeType;
import com.zimbra.cs.account.accesscontrol.InlineAttrRight;
import com.zimbra.cs.account.accesscontrol.RightModifier;
import com.zimbra.cs.account.accesscontrol.TargetType;
import com.zimbra.cs.account.accesscontrol.generated.RightConsts;
import com.zimbra.cs.account.ldap.LdapDIT;
import com.zimbra.cs.account.ldap.LdapUtil;
import com.zimbra.cs.account.ldap.ZimbraLdapContext;
import com.zimbra.cs.mailclient.imap.ImapResponse;
import com.zimbra.cs.rmgmt.RemoteMailQueue;
import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

/* loaded from: input_file:com/zimbra/cs/account/ldap/upgrade/AdminRights.class */
public class AdminRights extends LdapUpgrade {
    private static String[] sAdminUICompForAllDomainAdmins = {"accountListView", "aliasListView", "DLListView", "resourceListView", "saveSearch"};
    private static String[] sAdminUICompForAllGlobalAdmins = {"cartBlancheUI"};

    AdminRights() throws ServiceException {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.zimbra.cs.account.ldap.upgrade.LdapUpgrade
    public void doUpgrade() throws ServiceException {
        Domain domain;
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        getAllDomainOrGlobalAdmins(hashSet, hashSet2);
        for (String str : hashSet) {
            try {
                Account account = this.mProv.get(Provisioning.AccountBy.id, str);
                if (account != null && (domain = this.mProv.getDomain(account)) != null) {
                    System.out.println("Upgrading domain admin: " + account.getName());
                    grantRights(domain, account);
                }
            } catch (ServiceException e) {
                System.out.println("Skipped upgrading global admin " + str + " (Encountered error: " + e.getMessage() + ")");
            }
        }
        for (String str2 : hashSet2) {
            try {
                Account account2 = this.mProv.get(Provisioning.AccountBy.id, str2);
                if (account2 != null) {
                    System.out.println("Upgrading global admin: " + account2.getName());
                    setGlobalAdminUIComp(account2);
                }
            } catch (ServiceException e2) {
                System.out.println("Skipped upgrading global admin " + str2 + " (Encountered error: " + e2.getMessage() + ")");
            }
        }
    }

    private void getAllDomainOrGlobalAdmins(Set<String> set, Set<String> set2) throws ServiceException {
        LdapDIT dit = this.mProv.getDIT();
        String[] strArr = {ZAttrProvisioning.A_objectClass, "zimbraId", ZAttrProvisioning.A_zimbraIsAdminAccount, ZAttrProvisioning.A_zimbraIsDomainAdminAccount, ZAttrProvisioning.A_zimbraIsDelegatedAdminAccount};
        String configBranchBaseDN = dit.configBranchBaseDN();
        String mailBranchBaseDN = dit.mailBranchBaseDN();
        try {
            try {
                ZimbraLdapContext zimbraLdapContext = new ZimbraLdapContext(true, new ZimbraLdapContext.LdapConfig(Boolean.FALSE, null, ZimbraLdapContext.LdapConfig.NO_TIMEOUT));
                SearchControls searchControls = new SearchControls(2, 0, 0, strArr, false, false);
                int adjustPageSize = LdapUtil.adjustPageSize(0, RemoteMailQueue.MAIL_QUEUE_INDEX_FLUSH_THRESHOLD);
                byte[] bArr = null;
                NamingEnumeration<SearchResult> namingEnumeration = null;
                do {
                    try {
                        zimbraLdapContext.setPagedControl(adjustPageSize, bArr, true);
                        namingEnumeration = zimbraLdapContext.searchDir(mailBranchBaseDN, "(&(objectclass=zimbraAccount)(|(zimbraIsDomainAdminAccount=TRUE)(zimbraIsAdminAccount=TRUE)))", searchControls);
                        while (namingEnumeration != null && namingEnumeration.hasMore()) {
                            SearchResult searchResult = (SearchResult) namingEnumeration.nextElement();
                            String nameInNamespace = searchResult.getNameInNamespace();
                            Attributes attributes = searchResult.getAttributes();
                            if (!nameInNamespace.endsWith(configBranchBaseDN)) {
                                String zimbraIdIfGlobalAdmin = getZimbraIdIfGlobalAdmin(attributes);
                                if (zimbraIdIfGlobalAdmin != null) {
                                    set2.add(zimbraIdIfGlobalAdmin);
                                } else {
                                    String zimbraIdIfDomainOnlyAdmin = getZimbraIdIfDomainOnlyAdmin(attributes);
                                    if (zimbraIdIfDomainOnlyAdmin != null) {
                                        set.add(zimbraIdIfDomainOnlyAdmin);
                                    }
                                }
                            }
                        }
                        bArr = zimbraLdapContext.getCookie();
                    } catch (Throwable th) {
                        if (namingEnumeration != null) {
                            namingEnumeration.close();
                        }
                        throw th;
                    }
                } while (bArr != null);
                if (namingEnumeration != null) {
                    namingEnumeration.close();
                }
                ZimbraLdapContext.closeContext(zimbraLdapContext);
            } catch (IOException e) {
                throw ServiceException.FAILURE("unable to list all objects", e);
            } catch (NamingException e2) {
                throw ServiceException.FAILURE("unable to list all objects", e2);
            }
        } catch (Throwable th2) {
            ZimbraLdapContext.closeContext((ZimbraLdapContext) null);
            throw th2;
        }
    }

    String getZimbraIdIfDomainOnlyAdmin(Attributes attributes) throws NamingException {
        String attrString = LdapUtil.getAttrString(attributes, ZAttrProvisioning.A_zimbraIsAdminAccount);
        String attrString2 = LdapUtil.getAttrString(attributes, ZAttrProvisioning.A_zimbraIsDomainAdminAccount);
        String attrString3 = LdapUtil.getAttrString(attributes, ZAttrProvisioning.A_zimbraIsDelegatedAdminAccount);
        if (!"TRUE".equals(attrString2) || "TRUE".equals(attrString) || "TRUE".equals(attrString3)) {
            return null;
        }
        return LdapUtil.getAttrString(attributes, "zimbraId");
    }

    String getZimbraIdIfGlobalAdmin(Attributes attributes) throws NamingException {
        if ("TRUE".equals(LdapUtil.getAttrString(attributes, ZAttrProvisioning.A_zimbraIsAdminAccount))) {
            return LdapUtil.getAttrString(attributes, "zimbraId");
        }
        return null;
    }

    private void grantRights(Domain domain, Account account) throws ServiceException {
        HashMap hashMap = new HashMap();
        hashMap.put(ZAttrProvisioning.A_zimbraIsDelegatedAdminAccount, "TRUE");
        this.mProv.modifyAttrs(account, hashMap);
        this.mProv.grantRight(TargetType.domain.getCode(), Provisioning.TargetBy.id, domain.getId(), GranteeType.GT_USER.getCode(), Provisioning.GranteeBy.id, account.getId(), null, RightConsts.RT_domainAdminConsoleRights, RightModifier.RM_CAN_DELEGATE);
        grantCosRights(domain, account);
        this.mProv.grantRight(TargetType.global.getCode(), null, null, GranteeType.GT_USER.getCode(), Provisioning.GranteeBy.id, account.getId(), null, RightConsts.RT_listZimlet, RightModifier.RM_CAN_DELEGATE);
        this.mProv.grantRight(TargetType.global.getCode(), null, null, GranteeType.GT_USER.getCode(), Provisioning.GranteeBy.id, account.getId(), null, RightConsts.RT_getZimlet, RightModifier.RM_CAN_DELEGATE);
        setDomainAdminUIComp(account);
        if (account.getLongAttr(ZAttrProvisioning.A_zimbraDomainAdminMaxMailQuota, -1L) == -1) {
            this.mProv.grantRight(TargetType.domain.getCode(), Provisioning.TargetBy.id, domain.getId(), GranteeType.GT_USER.getCode(), Provisioning.GranteeBy.id, account.getId(), null, InlineAttrRight.composeSetRight(TargetType.account, ZAttrProvisioning.A_zimbraMailQuota), RightModifier.RM_DENY);
        }
    }

    private void grantCosRights(Domain domain, Account account) throws ServiceException {
        Iterator<String> it = domain.getMultiAttrSet(ZAttrProvisioning.A_zimbraDomainCOSMaxAccounts).iterator();
        while (it.hasNext()) {
            String[] split = it.next().split(":");
            if (split.length == 2) {
                String str = split[0];
                if (this.mProv.get(Provisioning.CosBy.id, str) == null) {
                    System.out.println("    cannot find cos " + str + ", skipping granting cos right to " + account.getName());
                } else {
                    this.mProv.grantRight(TargetType.cos.getCode(), Provisioning.TargetBy.id, str, GranteeType.GT_USER.getCode(), Provisioning.GranteeBy.id, account.getId(), null, RightConsts.RT_listCos, RightModifier.RM_CAN_DELEGATE);
                    this.mProv.grantRight(TargetType.cos.getCode(), Provisioning.TargetBy.id, str, GranteeType.GT_USER.getCode(), Provisioning.GranteeBy.id, account.getId(), null, RightConsts.RT_getCos, RightModifier.RM_CAN_DELEGATE);
                    this.mProv.grantRight(TargetType.cos.getCode(), Provisioning.TargetBy.id, str, GranteeType.GT_USER.getCode(), Provisioning.GranteeBy.id, account.getId(), null, RightConsts.RT_assignCos, RightModifier.RM_CAN_DELEGATE);
                }
            }
        }
    }

    private void setDomainAdminUIComp(Account account) throws ServiceException {
        setAdminUIComp(account, sAdminUICompForAllDomainAdmins);
    }

    private void setGlobalAdminUIComp(Account account) throws ServiceException {
        setAdminUIComp(account, sAdminUICompForAllGlobalAdmins);
    }

    private void setAdminUIComp(Account account, String[] strArr) throws ServiceException {
        HashMap hashMap = new HashMap();
        hashMap.put(ImapResponse.CONTINUATION + ZAttrProvisioning.A_zimbraAdminConsoleUIComponents, strArr);
        this.mProv.modifyAttrs(account, hashMap);
    }

    public static void main(String[] strArr) throws ServiceException {
        LdapUpgrade upgrader = UpgradeTask.fromString("18277").getUpgrader();
        upgrader.setVerbose(true);
        upgrader.doUpgrade();
    }
}
