package com.zimbra.cs.account.accesscontrol;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.Element;
import com.zimbra.common.util.L10nUtil;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.AccessManager;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.AttributeManager;
import com.zimbra.cs.account.Entry;
import com.zimbra.cs.account.GuestAccount;
import com.zimbra.cs.account.NamedEntry;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.accesscontrol.Right;
import com.zimbra.cs.account.accesscontrol.RightBearer;
import com.zimbra.cs.account.accesscontrol.SearchGrants;
import com.zimbra.cs.dav.DavElements;
import com.zimbra.cs.index.LuceneViewer;
import com.zimbra.cs.mailbox.OperationContextData;
import com.zimbra.cs.zclient.ToZJSONObject;
import com.zimbra.cs.zclient.ZEmailAddress;
import com.zimbra.cs.zclient.ZShare;
import com.zimbra.cs.zimlet.ZimletMeta;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import java.util.TreeMap;

/* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand.class */
public class RightCommand {

    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand$ACE.class */
    public static class ACE {
        private String mTargetType;
        private String mTargetId;
        private String mTargetName;
        private String mGranteeType;
        private String mGranteeId;
        private String mGranteeName;
        private String mRight;
        private RightModifier mRightModifier;

        private ACE(String str, String str2, String str3, String str4, String str5, String str6, String str7, RightModifier rightModifier) {
            this.mTargetType = str;
            this.mTargetId = str2;
            this.mTargetName = str3;
            this.mGranteeType = str4;
            this.mGranteeId = str5;
            this.mGranteeName = str6;
            this.mRight = str7;
            this.mRightModifier = rightModifier;
        }

        private ACE(TargetType targetType, Entry entry, ZimbraACE zimbraACE) {
            this.mTargetType = targetType.getCode();
            this.mTargetId = TargetType.getId(entry);
            this.mTargetName = entry.getLabel();
            this.mGranteeType = zimbraACE.getGranteeType().getCode();
            this.mGranteeId = zimbraACE.getGrantee();
            this.mGranteeName = zimbraACE.getGranteeDisplayName();
            this.mRight = zimbraACE.getRight().getName();
            this.mRightModifier = zimbraACE.getRightModifier();
        }

        public String targetType() {
            return this.mTargetType;
        }

        public String targetId() {
            return this.mTargetId != null ? this.mTargetId : OperationContextData.GranteeNames.EMPTY_NAME;
        }

        public String targetName() {
            return this.mTargetName;
        }

        public String granteeType() {
            return this.mGranteeType;
        }

        public String granteeId() {
            return this.mGranteeId;
        }

        public String granteeName() {
            return this.mGranteeName;
        }

        public String right() {
            return this.mRight;
        }

        public RightModifier rightModifier() {
            return this.mRightModifier;
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand$AllEffectiveRights.class */
    public static class AllEffectiveRights {
        String mGranteeType;
        String mGranteeId;
        String mGranteeName;
        Map<TargetType, RightsByTargetType> mRightsByTargetType = new HashMap();

        AllEffectiveRights(String str, String str2, String str3) {
            this.mGranteeType = str;
            this.mGranteeId = str2;
            this.mGranteeName = str3;
            for (TargetType targetType : TargetType.values()) {
                if (targetType.isDomained()) {
                    this.mRightsByTargetType.put(targetType, new DomainedRightsByTargetType());
                } else {
                    this.mRightsByTargetType.put(targetType, new RightsByTargetType());
                }
            }
        }

        public String granteeType() {
            return this.mGranteeType;
        }

        public String granteeId() {
            return this.mGranteeId;
        }

        public String granteeName() {
            return this.mGranteeName;
        }

        public Map<TargetType, RightsByTargetType> rightsByTargetType() {
            return this.mRightsByTargetType;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setAll(TargetType targetType, EffectiveRights effectiveRights) {
            if (effectiveRights.hasNoRight()) {
                return;
            }
            this.mRightsByTargetType.get(targetType).setAll(effectiveRights);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void addEntry(TargetType targetType, String str, EffectiveRights effectiveRights) {
            if (effectiveRights.hasNoRight()) {
                return;
            }
            this.mRightsByTargetType.get(targetType).addEntry(str, effectiveRights);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void addAggregation(TargetType targetType, Set<String> set, EffectiveRights effectiveRights) {
            if (effectiveRights.hasNoRight()) {
                return;
            }
            this.mRightsByTargetType.get(targetType).addAggregation(set, effectiveRights);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void addDomainEntry(TargetType targetType, String str, EffectiveRights effectiveRights) {
            if (effectiveRights.hasNoRight()) {
                return;
            }
            ((DomainedRightsByTargetType) this.mRightsByTargetType.get(targetType)).addDomainEntry(str, effectiveRights);
        }

        public static AllEffectiveRights fromXML(Element element) throws ServiceException {
            Element element2 = element.getElement(ZShare.E_GRANTEE);
            AllEffectiveRights allEffectiveRights = new AllEffectiveRights(element2.getAttribute("type"), element2.getAttribute("id"), element2.getAttribute("name"));
            for (Element element3 : element.listElements(ZimletMeta.ZIMLET_TAG_TARGET)) {
                RightsByTargetType rightsByTargetType = allEffectiveRights.mRightsByTargetType.get(TargetType.fromCode(element3.getAttribute("type")));
                Element optionalElement = element3.getOptionalElement("all");
                if (optionalElement != null) {
                    rightsByTargetType.mAll = EffectiveRights.fromXML(null, optionalElement);
                }
                if (rightsByTargetType instanceof DomainedRightsByTargetType) {
                    DomainedRightsByTargetType domainedRightsByTargetType = (DomainedRightsByTargetType) rightsByTargetType;
                    for (Element element4 : element3.listElements("inDomains")) {
                        HashSet hashSet = new HashSet();
                        Iterator it = element4.listElements("domain").iterator();
                        while (it.hasNext()) {
                            hashSet.add(((Element) it.next()).getAttribute("name"));
                        }
                        domainedRightsByTargetType.mDomains.add(new RightAggregation(hashSet, EffectiveRights.fromXML(null, element4.getElement("rights"))));
                    }
                }
                for (Element element5 : element3.listElements("entries")) {
                    HashSet hashSet2 = new HashSet();
                    Iterator it2 = element5.listElements("entry").iterator();
                    while (it2.hasNext()) {
                        hashSet2.add(((Element) it2.next()).getAttribute("name"));
                    }
                    rightsByTargetType.mEntries.add(new RightAggregation(hashSet2, EffectiveRights.fromXML(null, element5.getElement("rights"))));
                }
            }
            return allEffectiveRights;
        }

        public void toXML(Element element) {
            Element addElement = element.addElement(ZShare.E_GRANTEE);
            addElement.addAttribute("type", this.mGranteeType);
            addElement.addAttribute("id", this.mGranteeId);
            addElement.addAttribute("name", this.mGranteeName);
            for (Map.Entry<TargetType, RightsByTargetType> entry : this.mRightsByTargetType.entrySet()) {
                TargetType key = entry.getKey();
                RightsByTargetType value = entry.getValue();
                Element addElement2 = element.addElement(ZimletMeta.ZIMLET_TAG_TARGET);
                addElement2.addAttribute("type", key.getCode());
                EffectiveRights all = value.all();
                if (all != null) {
                    all.toXML(addElement2.addElement("all"));
                }
                if (value instanceof DomainedRightsByTargetType) {
                    for (RightAggregation rightAggregation : ((DomainedRightsByTargetType) value).domains()) {
                        Element addElement3 = addElement2.addElement("inDomains");
                        Iterator<String> it = rightAggregation.entries().iterator();
                        while (it.hasNext()) {
                            addElement3.addElement("domain").addAttribute("name", it.next());
                        }
                        rightAggregation.getRights().toXML(addElement3.addElement("rights"));
                    }
                }
                for (RightAggregation rightAggregation2 : value.entries()) {
                    Element addElement4 = addElement2.addElement("entries");
                    Iterator<String> it2 = rightAggregation2.entries().iterator();
                    while (it2.hasNext()) {
                        addElement4.addElement("entry").addAttribute("name", it2.next());
                    }
                    rightAggregation2.getRights().toXML(addElement4.addElement("rights"));
                }
            }
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand$DomainedRightsByTargetType.class */
    public static class DomainedRightsByTargetType extends RightsByTargetType {
        Set<RightAggregation> mDomains = new HashSet();

        public Set<RightAggregation> domains() {
            return this.mDomains;
        }

        void addDomainEntry(String str, EffectiveRights effectiveRights) {
            add(this.mDomains, str, effectiveRights);
        }

        @Override // com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType
        public boolean hasNoRight() {
            return super.hasNoRight() && this.mDomains.isEmpty();
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand$EffectiveAttr.class */
    public static class EffectiveAttr {
        private static final Set<String> EMPTY_SET = new HashSet();
        String mAttrName;
        Set<String> mDefault;
        AttributeConstraint mConstraint;

        /* JADX INFO: Access modifiers changed from: package-private */
        public EffectiveAttr(String str, Set<String> set, AttributeConstraint attributeConstraint) {
            this.mAttrName = str;
            this.mDefault = set;
            this.mConstraint = attributeConstraint;
        }

        public String getAttrName() {
            return this.mAttrName;
        }

        public Set<String> getDefault() {
            return this.mDefault == null ? EMPTY_SET : this.mDefault;
        }

        AttributeConstraint getConstraint() {
            return this.mConstraint;
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand$EffectiveRights.class */
    public static class EffectiveRights {
        private static final SortedMap<String, EffectiveAttr> EMPTY_MAP = new TreeMap();
        String mTargetType;
        String mTargetId;
        String mTargetName;
        String mGranteeId;
        String mGranteeName;
        String mDigest;
        List<String> mPresetRights = new ArrayList();
        boolean mCanSetAllAttrs = false;
        SortedMap<String, EffectiveAttr> mCanSetAttrs = EMPTY_MAP;
        boolean mCanGetAllAttrs = false;
        SortedMap<String, EffectiveAttr> mCanGetAttrs = EMPTY_MAP;

        /* JADX INFO: Access modifiers changed from: package-private */
        public EffectiveRights(String str, String str2, String str3, String str4, String str5) {
            this.mTargetType = str;
            this.mTargetId = str2 == null ? OperationContextData.GranteeNames.EMPTY_NAME : str2;
            this.mTargetName = str3;
            this.mGranteeId = str4;
            this.mGranteeName = str5;
        }

        private EffectiveRights() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean hasSameRights(EffectiveRights effectiveRights) {
            return getDigest().equals(effectiveRights.getDigest());
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean hasNoRight() {
            return this.mPresetRights.isEmpty() && !this.mCanSetAllAttrs && this.mCanSetAttrs.isEmpty() && !this.mCanGetAllAttrs && this.mCanGetAttrs.isEmpty();
        }

        private String getDigest() {
            if (this.mDigest != null) {
                return this.mDigest;
            }
            StringBuilder sb = new StringBuilder();
            sb.append("preset:" + this.mPresetRights.hashCode() + ";");
            sb.append("setAttrs:");
            if (this.mCanSetAllAttrs) {
                sb.append("all;");
            } else {
                sb.append(new ArrayList(this.mCanSetAttrs.keySet()).hashCode() + ";");
            }
            sb.append("getAttrs:");
            if (this.mCanGetAllAttrs) {
                sb.append("all;");
            } else {
                sb.append(new ArrayList(this.mCanGetAttrs.keySet()).hashCode() + ";");
            }
            this.mDigest = sb.toString();
            return this.mDigest;
        }

        public static EffectiveRights fromXML_EffectiveRights(Element element) throws ServiceException {
            EffectiveRights effectiveRights = new EffectiveRights();
            Element element2 = element.getElement(ZShare.E_GRANTEE);
            effectiveRights.mGranteeId = element2.getAttribute("id");
            effectiveRights.mGranteeName = element2.getAttribute("name");
            Element element3 = element.getElement(ZimletMeta.ZIMLET_TAG_TARGET);
            effectiveRights.mTargetType = element3.getAttribute("type");
            effectiveRights.mTargetId = element3.getAttribute("id");
            effectiveRights.mTargetName = element3.getAttribute("name");
            fromXML(effectiveRights, element3);
            return effectiveRights;
        }

        public static EffectiveRights fromXML_CreateObjectAttrs(Element element) throws ServiceException {
            EffectiveRights effectiveRights = new EffectiveRights();
            Element element2 = element.getElement("setAttrs");
            if (element2.getAttributeBool("all", false)) {
                effectiveRights.mCanSetAllAttrs = true;
            }
            effectiveRights.mCanSetAttrs = fromXML_attrs(element2);
            return effectiveRights;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static EffectiveRights fromXML(EffectiveRights effectiveRights, Element element) throws ServiceException {
            if (effectiveRights == null) {
                effectiveRights = new EffectiveRights();
            }
            effectiveRights.mPresetRights = new ArrayList();
            Iterator it = element.listElements("right").iterator();
            while (it.hasNext()) {
                effectiveRights.mPresetRights.add(((Element) it.next()).getAttribute("n"));
            }
            Element element2 = element.getElement("setAttrs");
            if (element2.getAttributeBool("all", false)) {
                effectiveRights.mCanSetAllAttrs = true;
            }
            effectiveRights.mCanSetAttrs = fromXML_attrs(element2);
            Element element3 = element.getElement("getAttrs");
            if (element3.getAttributeBool("all", false)) {
                effectiveRights.mCanGetAllAttrs = true;
            }
            effectiveRights.mCanGetAttrs = fromXML_attrs(element3);
            return effectiveRights;
        }

        private static TreeMap<String, EffectiveAttr> fromXML_attrs(Element element) throws ServiceException {
            TreeMap<String, EffectiveAttr> treeMap = new TreeMap<>();
            AttributeManager attributeManager = AttributeManager.getInstance();
            for (Element element2 : element.listElements(LuceneViewer.CLI.O_ACTION)) {
                String attribute = element2.getAttribute("n");
                Element optionalElement = element2.getOptionalElement("constraint");
                if (optionalElement != null) {
                    AttributeConstraint.fromXML(attributeManager, attribute, optionalElement);
                }
                Element optionalElement2 = element2.getOptionalElement("default");
                HashSet hashSet = null;
                if (optionalElement2 != null) {
                    hashSet = new HashSet();
                    Iterator it = optionalElement2.listElements(LuceneViewer.CLI.O_VERBOSE).iterator();
                    while (it.hasNext()) {
                        hashSet.add(((Element) it.next()).getText());
                    }
                }
                treeMap.put(attribute, new EffectiveAttr(attribute, hashSet, null));
            }
            return treeMap;
        }

        public void toXML_getEffectiveRights(Element element) {
            Element addElement = element.addElement(ZShare.E_GRANTEE);
            addElement.addAttribute("id", this.mGranteeId);
            addElement.addAttribute("name", this.mGranteeName);
            Element addElement2 = element.addElement(ZimletMeta.ZIMLET_TAG_TARGET);
            addElement2.addAttribute("type", this.mTargetType);
            addElement2.addAttribute("id", this.mTargetId);
            addElement2.addAttribute("name", this.mTargetName);
            toXML(addElement2);
        }

        public void toXML_getCreateObjectAttrs(Element element) {
            toXML(element, "setAttrs", this.mCanSetAllAttrs, this.mCanSetAttrs);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void toXML(Element element) {
            Iterator<String> it = this.mPresetRights.iterator();
            while (it.hasNext()) {
                element.addElement("right").addAttribute("n", it.next());
            }
            toXML(element, "setAttrs", this.mCanSetAllAttrs, this.mCanSetAttrs);
            toXML(element, "getAttrs", this.mCanGetAllAttrs, this.mCanGetAttrs);
        }

        private void toXML(Element element, String str, boolean z, SortedMap<String, EffectiveAttr> sortedMap) {
            Element addElement = element.addElement(str);
            if (z) {
                addElement.addAttribute("all", true);
            }
            for (EffectiveAttr effectiveAttr : sortedMap.values()) {
                Element addElement2 = addElement.addElement(LuceneViewer.CLI.O_ACTION);
                addElement2.addAttribute("n", effectiveAttr.getAttrName());
                AttributeConstraint constraint = effectiveAttr.getConstraint();
                if (constraint != null) {
                    constraint.toXML(addElement2);
                }
                if (!effectiveAttr.getDefault().isEmpty()) {
                    Element addElement3 = addElement2.addElement("default");
                    Iterator<String> it = effectiveAttr.getDefault().iterator();
                    while (it.hasNext()) {
                        addElement3.addElement(LuceneViewer.CLI.O_VERBOSE).setText(it.next());
                    }
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setPresetRights(List<String> list) {
            this.mPresetRights = list;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setCanSetAllAttrs() {
            this.mCanSetAllAttrs = true;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setCanSetAttrs(SortedMap<String, EffectiveAttr> sortedMap) {
            this.mCanSetAttrs = sortedMap;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setCanGetAllAttrs() {
            this.mCanGetAllAttrs = true;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setCanGetAttrs(SortedMap<String, EffectiveAttr> sortedMap) {
            this.mCanGetAttrs = sortedMap;
        }

        public String targetType() {
            return this.mTargetType;
        }

        public String targetId() {
            return this.mTargetId;
        }

        public String targetName() {
            return this.mTargetName;
        }

        public String granteeId() {
            return this.mGranteeId;
        }

        public String granteeName() {
            return this.mGranteeName;
        }

        public List<String> presetRights() {
            return this.mPresetRights;
        }

        public boolean canSetAllAttrs() {
            return this.mCanSetAllAttrs;
        }

        public SortedMap<String, EffectiveAttr> canSetAttrs() {
            return this.mCanSetAttrs;
        }

        public boolean canGetAllAttrs() {
            return this.mCanGetAllAttrs;
        }

        public SortedMap<String, EffectiveAttr> canGetAttrs() {
            return this.mCanGetAttrs;
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand$Grants.class */
    public static class Grants {
        Set<ACE> mACEs = new HashSet();

        Grants() {
        }

        void addACE(ACE ace) {
            this.mACEs.add(ace);
        }

        public Set<ACE> getACEs() {
            return this.mACEs;
        }

        public Grants(Element element) throws ServiceException {
            for (Element element2 : element.listElements("grant")) {
                Element element3 = element2.getElement(ZimletMeta.ZIMLET_TAG_TARGET);
                String attribute = element3.getAttribute("type", OperationContextData.GranteeNames.EMPTY_NAME);
                String attribute2 = element3.getAttribute("id", OperationContextData.GranteeNames.EMPTY_NAME);
                String attribute3 = element3.getAttribute("name", OperationContextData.GranteeNames.EMPTY_NAME);
                Element element4 = element2.getElement(ZShare.E_GRANTEE);
                String attribute4 = element4.getAttribute("type", OperationContextData.GranteeNames.EMPTY_NAME);
                String attribute5 = element4.getAttribute("id", OperationContextData.GranteeNames.EMPTY_NAME);
                String attribute6 = element4.getAttribute("name", OperationContextData.GranteeNames.EMPTY_NAME);
                Element element5 = element2.getElement("right");
                String text = element5.getText();
                boolean attributeBool = element5.getAttributeBool(DavElements.P_DENY, false);
                boolean attributeBool2 = element5.getAttributeBool("canDelegate", false);
                boolean attributeBool3 = element5.getAttributeBool("disinheritSubGroups", false);
                boolean attributeBool4 = element5.getAttributeBool("subDomain", false);
                RightModifier rightModifier = null;
                if (attributeBool) {
                    rightModifier = RightModifier.RM_DENY;
                } else if (attributeBool2) {
                    rightModifier = RightModifier.RM_CAN_DELEGATE;
                } else if (attributeBool3) {
                    rightModifier = RightModifier.RM_DISINHERIT_SUB_GROUPS;
                } else if (attributeBool4) {
                    rightModifier = RightModifier.RM_SUBDOMAIN;
                }
                addACE(new ACE(attribute, attribute2, attribute3, attribute4, attribute5, attribute6, text, rightModifier));
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addGrants(TargetType targetType, Entry entry, ZimbraACL zimbraACL, Set<String> set) {
            if (zimbraACL == null) {
                return;
            }
            for (ZimbraACE zimbraACE : zimbraACL.getAllACEs()) {
                if (set == null || set.contains(zimbraACE.getGrantee())) {
                    addACE(new ACE(targetType, entry, zimbraACE));
                }
            }
        }

        public void toXML(Element element) {
            for (ACE ace : this.mACEs) {
                Element addElement = element.addElement("grant");
                RightModifier rightModifier = ace.rightModifier();
                boolean z = rightModifier == RightModifier.RM_DENY;
                boolean z2 = rightModifier == RightModifier.RM_CAN_DELEGATE;
                boolean z3 = rightModifier == RightModifier.RM_DISINHERIT_SUB_GROUPS;
                boolean z4 = rightModifier == RightModifier.RM_SUBDOMAIN;
                Element addElement2 = addElement.addElement(ZimletMeta.ZIMLET_TAG_TARGET);
                addElement2.addAttribute("type", ace.targetType());
                addElement2.addAttribute("id", ace.targetId());
                addElement2.addAttribute("name", ace.targetName());
                Element addElement3 = addElement.addElement(ZShare.E_GRANTEE);
                addElement3.addAttribute("type", ace.granteeType());
                addElement3.addAttribute("id", ace.granteeId());
                addElement3.addAttribute("name", ace.granteeName());
                Element addElement4 = addElement.addElement("right");
                addElement4.addAttribute(DavElements.P_DENY, z);
                addElement4.addAttribute("canDelegate", z2);
                addElement4.addAttribute("disinheritSubGroups", z3);
                addElement4.addAttribute("subDomain", z4);
                addElement4.setText(ace.right());
            }
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand$RightAggregation.class */
    public static class RightAggregation {
        Set<String> mEntries;
        EffectiveRights mRights;

        public Set<String> entries() {
            return this.mEntries;
        }

        public EffectiveRights effectiveRights() {
            return this.mRights;
        }

        private RightAggregation(String str, EffectiveRights effectiveRights) {
            this.mEntries = new HashSet();
            this.mEntries.add(str);
            this.mRights = effectiveRights;
        }

        private RightAggregation(Set<String> set, EffectiveRights effectiveRights) {
            this.mEntries = new HashSet();
            this.mEntries.addAll(set);
            this.mRights = effectiveRights;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public EffectiveRights getRights() {
            return this.mRights;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addEntry(String str) {
            this.mEntries.add(str);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addEntries(Set<String> set) {
            this.mEntries.addAll(set);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean hasEntry(String str) {
            return this.mEntries.contains(str);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void removeEntry(String str) {
            this.mEntries.remove(str);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean hasSameRights(EffectiveRights effectiveRights) {
            return this.mRights.hasSameRights(effectiveRights);
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand$RightsByTargetType.class */
    public static class RightsByTargetType {
        EffectiveRights mAll = null;
        Set<RightAggregation> mEntries = new HashSet();

        public EffectiveRights all() {
            return this.mAll;
        }

        public Set<RightAggregation> entries() {
            return this.mEntries;
        }

        void setAll(EffectiveRights effectiveRights) {
            this.mAll = effectiveRights;
        }

        protected static void add(Set<RightAggregation> set, String str, EffectiveRights effectiveRights) {
            Iterator<RightAggregation> it = set.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                RightAggregation next = it.next();
                if (next.hasEntry(str)) {
                    next.removeEntry(str);
                    break;
                }
            }
            for (RightAggregation rightAggregation : set) {
                if (rightAggregation.hasSameRights(effectiveRights)) {
                    rightAggregation.addEntry(str);
                    return;
                }
            }
            set.add(new RightAggregation(str, effectiveRights));
        }

        protected static void addAggregation(Set<RightAggregation> set, Set<String> set2, EffectiveRights effectiveRights) {
            for (RightAggregation rightAggregation : set) {
                if (rightAggregation.hasSameRights(effectiveRights)) {
                    rightAggregation.addEntries(set2);
                    return;
                }
            }
            set.add(new RightAggregation(set2, effectiveRights));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addEntry(String str, EffectiveRights effectiveRights) {
            add(this.mEntries, str, effectiveRights);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addAggregation(Set<String> set, EffectiveRights effectiveRights) {
            addAggregation(this.mEntries, set, effectiveRights);
        }

        public boolean hasNoRight() {
            return this.mAll == null && this.mEntries.isEmpty();
        }
    }

    private static void verifyAccessManager() throws ServiceException {
        if (!(AccessManager.getInstance() instanceof ACLAccessManager)) {
            throw ServiceException.FAILURE("method is not supported by the current AccessManager: " + AccessManager.getInstance().getClass().getCanonicalName() + ", this method requires access manager " + ACLAccessManager.class.getCanonicalName(), (Throwable) null);
        }
    }

    private static AdminConsoleCapable verifyAdminConsoleCapable() throws ServiceException {
        Object accessManager = AccessManager.getInstance();
        if (accessManager instanceof AdminConsoleCapable) {
            return (AdminConsoleCapable) accessManager;
        }
        throw ServiceException.FAILURE("method is not supported by the current AccessManager: " + AccessManager.getInstance().getClass().getCanonicalName() + ", this method requires an admin console capable access manager", (Throwable) null);
    }

    public static Right getRight(String str) throws ServiceException {
        verifyAccessManager();
        return RightManager.getInstance().getRight(str);
    }

    public static List<Right> getAllRights(String str, String str2) throws ServiceException {
        verifyAccessManager();
        ArrayList arrayList = new ArrayList();
        TargetType fromCode = str == null ? null : TargetType.fromCode(str);
        switch (str2 == null ? RightClass.ADMIN : RightClass.fromString(str2)) {
            case USER:
                getAllRights(fromCode, RightManager.getInstance().getAllUserRights(), arrayList);
                break;
            case ALL:
                getAllRights(fromCode, RightManager.getInstance().getAllAdminRights(), arrayList);
                getAllRights(fromCode, RightManager.getInstance().getAllUserRights(), arrayList);
                break;
            case ADMIN:
            default:
                getAllRights(fromCode, RightManager.getInstance().getAllAdminRights(), arrayList);
                break;
        }
        return arrayList;
    }

    private static void getAllRights(TargetType targetType, Map<String, ? extends Right> map, List<Right> list) throws ServiceException {
        Iterator<Map.Entry<String, ? extends Right>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            Right value = it.next().getValue();
            if (targetType == null || value.grantableOnTargetType(targetType)) {
                list.add(value);
            }
        }
    }

    public static boolean checkRight(Provisioning provisioning, String str, Provisioning.TargetBy targetBy, String str2, Provisioning.GranteeBy granteeBy, String str3, GuestAccount guestAccount, String str4, Map<String, Object> map, AccessManager.ViaGrant viaGrant) throws ServiceException {
        verifyAccessManager();
        Entry lookupTarget = TargetType.lookupTarget(provisioning, TargetType.fromCode(str), targetBy, str2);
        ToZJSONObject lookupGrantee = guestAccount != null ? guestAccount : GranteeType.lookupGrantee(provisioning, GranteeType.GT_USER, granteeBy, str3);
        Right right = RightManager.getInstance().getRight(str4);
        if (right.getRightType() != Right.RightType.setAttrs && map != null && !map.isEmpty()) {
            throw ServiceException.INVALID_REQUEST("attr map is not allowed for checking a non-setAttrs right: " + right.getName(), (Throwable) null);
        }
        AccessManager accessManager = AccessManager.getInstance();
        return accessManager.canPerform((Account) lookupGrantee, lookupTarget, right, false, map, accessManager.isAdequateAdminAccount((Account) lookupGrantee), viaGrant);
    }

    public static AllEffectiveRights getAllEffectiveRights(Provisioning provisioning, String str, Provisioning.GranteeBy granteeBy, String str2, boolean z, boolean z2) throws ServiceException {
        AdminConsoleCapable verifyAdminConsoleCapable = verifyAdminConsoleCapable();
        GranteeType fromCode = GranteeType.fromCode(str);
        NamedEntry lookupGrantee = GranteeType.lookupGrantee(provisioning, fromCode, granteeBy, str2);
        RightBearer newRightBearer = RightBearer.newRightBearer(lookupGrantee);
        AllEffectiveRights allEffectiveRights = new AllEffectiveRights(fromCode.getCode(), lookupGrantee.getId(), lookupGrantee.getName());
        verifyAdminConsoleCapable.getAllEffectiveRights(newRightBearer, z, z2, allEffectiveRights);
        return allEffectiveRights;
    }

    public static EffectiveRights getEffectiveRights(Provisioning provisioning, String str, Provisioning.TargetBy targetBy, String str2, Provisioning.GranteeBy granteeBy, String str3, boolean z, boolean z2) throws ServiceException {
        AdminConsoleCapable verifyAdminConsoleCapable = verifyAdminConsoleCapable();
        Entry lookupTarget = TargetType.lookupTarget(provisioning, TargetType.fromCode(str), targetBy, str2);
        NamedEntry lookupGrantee = GranteeType.lookupGrantee(provisioning, GranteeType.GT_USER, granteeBy, str3);
        Account account = (Account) lookupGrantee;
        RightBearer newRightBearer = RightBearer.newRightBearer(lookupGrantee);
        EffectiveRights effectiveRights = new EffectiveRights(str, TargetType.getId(lookupTarget), lookupTarget.getLabel(), account.getId(), account.getName());
        verifyAdminConsoleCapable.getEffectiveRights(newRightBearer, lookupTarget, z, z2, effectiveRights);
        return effectiveRights;
    }

    public static EffectiveRights getCreateObjectAttrs(Provisioning provisioning, String str, Provisioning.DomainBy domainBy, String str2, Provisioning.CosBy cosBy, String str3, Provisioning.GranteeBy granteeBy, String str4) throws ServiceException {
        AdminConsoleCapable verifyAdminConsoleCapable = verifyAdminConsoleCapable();
        TargetType fromCode = TargetType.fromCode(str);
        String str5 = null;
        if (fromCode == TargetType.domain) {
            if (domainBy != Provisioning.DomainBy.name) {
                throw ServiceException.INVALID_REQUEST("must be by name for domain target", (Throwable) null);
            }
            str5 = str2;
        }
        Entry createPseudoTarget = PseudoTarget.createPseudoTarget(provisioning, fromCode, domainBy, str2, false, cosBy, str3, str5);
        NamedEntry lookupGrantee = GranteeType.lookupGrantee(provisioning, GranteeType.GT_USER, granteeBy, str4);
        Account account = (Account) lookupGrantee;
        RightBearer newRightBearer = RightBearer.newRightBearer(lookupGrantee);
        EffectiveRights effectiveRights = new EffectiveRights(str, TargetType.getId(createPseudoTarget), createPseudoTarget.getLabel(), account.getId(), account.getName());
        verifyAdminConsoleCapable.getEffectiveRights(newRightBearer, createPseudoTarget, true, true, effectiveRights);
        return effectiveRights;
    }

    public static Grants getGrants(Provisioning provisioning, String str, Provisioning.TargetBy targetBy, String str2, String str3, Provisioning.GranteeBy granteeBy, String str4, boolean z) throws ServiceException {
        verifyAccessManager();
        if (str == null && str3 == null) {
            throw ServiceException.INVALID_REQUEST("at least one of target or grantee must be specified", (Throwable) null);
        }
        TargetType targetType = null;
        Entry entry = null;
        if (str != null) {
            targetType = TargetType.fromCode(str);
            entry = TargetType.lookupTarget(provisioning, targetType, targetBy, str2);
        }
        Set<String> set = null;
        if (str3 != null) {
            NamedEntry lookupGrantee = GranteeType.lookupGrantee(provisioning, GranteeType.fromCode(str3), granteeBy, str4);
            RightBearer.Grantee grantee = new RightBearer.Grantee(lookupGrantee);
            if (z) {
                set = grantee.getIdAndGroupIds();
            } else {
                set = new HashSet();
                set.add(lookupGrantee.getId());
            }
        }
        Grants grants = new Grants();
        if (entry != null) {
            grants.addGrants(targetType, entry, ACLUtil.getACL(entry), set);
        } else {
            for (SearchGrants.GrantsOnTarget grantsOnTarget : new SearchGrants(provisioning, new HashSet(Arrays.asList(TargetType.values())), set).doSearch().getResults()) {
                Entry targetEntry = grantsOnTarget.getTargetEntry();
                grants.addGrants(TargetType.getTargetType(targetEntry), targetEntry, grantsOnTarget.getAcl(), set);
            }
        }
        return grants;
    }

    private static void validateGrant(Account account, TargetType targetType, Entry entry, GranteeType granteeType, NamedEntry namedEntry, String str, Right right, RightModifier rightModifier, boolean z) throws ServiceException {
        if (!right.isUserRight() || RightModifier.RM_CAN_DELEGATE == rightModifier) {
            if (!z && !CrossDomain.validateCrossDomainAdminGrant(right, granteeType) && !RightBearer.isValidGranteeForAdminRights(granteeType, namedEntry)) {
                throw ServiceException.INVALID_REQUEST("grantee for admin right or for user right with the can delegate modifier must be a delegated admin account or admin group, it cannot be a global admin account or a regular user account.", (Throwable) null);
            }
            if (!granteeType.allowedForAdminRights()) {
                throw ServiceException.INVALID_REQUEST("grantee type " + granteeType.getCode() + " is not allowed for admin right", (Throwable) null);
            }
        }
        if (!right.grantableOnTargetType(targetType)) {
            throw ServiceException.INVALID_REQUEST("right " + right.getName() + " cannot be granted on a " + targetType.getCode() + " entry. It can only be granted on target types: " + right.reportGrantableTargetTypes(), (Throwable) null);
        }
        if (targetType == TargetType.dl && !CheckRight.allowGroupTarget(right)) {
            throw ServiceException.INVALID_REQUEST("group target is not supported for right: " + right.getName(), (Throwable) null);
        }
        if (RightModifier.RM_SUBDOMAIN == rightModifier) {
            if (targetType != TargetType.domain) {
                throw ServiceException.INVALID_REQUEST("right modifier " + RightModifier.RM_SUBDOMAIN.getModifier() + " can only be granted on domain targets", (Throwable) null);
            }
            if (!right.allowSubDomainModifier()) {
                throw ServiceException.INVALID_REQUEST("right modifier " + RightModifier.RM_SUBDOMAIN.getModifier() + " is not allowed for the right: " + right.getName(), (Throwable) null);
            }
        } else if (RightModifier.RM_DISINHERIT_SUB_GROUPS == rightModifier) {
            if (targetType != TargetType.dl) {
                throw ServiceException.INVALID_REQUEST("right modifier " + RightModifier.RM_DISINHERIT_SUB_GROUPS.getModifier() + " can only be granted on group targets", (Throwable) null);
            }
            if (!right.allowDisinheritSubGroupsModifier()) {
                throw ServiceException.INVALID_REQUEST("right modifier " + RightModifier.RM_DISINHERIT_SUB_GROUPS.getModifier() + " is not allowed for the right: " + right.getName(), (Throwable) null);
            }
        }
        if (account != null) {
            if (!AccessManager.getInstance().canPerform(account, entry, right, true, (Map<String, Object>) null, true, (AccessManager.ViaGrant) null)) {
                throw ServiceException.PERM_DENIED("insuffcient right to " + (z ? "revoke" : "grant"));
            }
            ParticallyDenied.checkPartiallyDenied(account, targetType, entry, right);
        }
        if (str != null && !granteeType.allowSecret()) {
            throw ServiceException.PERM_DENIED("password is not allowed for grantee type " + granteeType.getCode());
        }
    }

    public static void grantRight(Provisioning provisioning, Account account, String str, Provisioning.TargetBy targetBy, String str2, String str3, Provisioning.GranteeBy granteeBy, String str4, String str5, String str6, RightModifier rightModifier) throws ServiceException {
        String str7;
        verifyAccessManager();
        TargetType fromCode = TargetType.fromCode(str);
        Entry lookupTarget = TargetType.lookupTarget(provisioning, fromCode, targetBy, str2);
        GranteeType fromCode2 = GranteeType.fromCode(str3);
        NamedEntry namedEntry = null;
        if (fromCode2.isZimbraEntry()) {
            namedEntry = GranteeType.lookupGrantee(provisioning, fromCode2, granteeBy, str4);
            str7 = namedEntry.getId();
        } else {
            str7 = str4;
        }
        Right right = RightManager.getInstance().getRight(str6);
        validateGrant(account, fromCode, lookupTarget, fromCode2, namedEntry, str5, right, rightModifier, false);
        HashSet hashSet = new HashSet();
        hashSet.add(new ZimbraACE(str7, fromCode2, right, rightModifier, str5));
        ACLUtil.grantRight(provisioning, lookupTarget, hashSet);
    }

    /* JADX WARN: Type inference failed for: r25v0, types: [java.lang.Throwable, com.zimbra.cs.account.AccountServiceException] */
    public static void revokeRight(Provisioning provisioning, Account account, String str, Provisioning.TargetBy targetBy, String str2, String str3, Provisioning.GranteeBy granteeBy, String str4, String str5, RightModifier rightModifier) throws ServiceException {
        String str6;
        verifyAccessManager();
        TargetType fromCode = TargetType.fromCode(str);
        Entry lookupTarget = TargetType.lookupTarget(provisioning, fromCode, targetBy, str2);
        GranteeType fromCode2 = GranteeType.fromCode(str3);
        NamedEntry namedEntry = null;
        try {
            if (fromCode2.isZimbraEntry()) {
                namedEntry = GranteeType.lookupGrantee(provisioning, fromCode2, granteeBy, str4);
                str6 = namedEntry.getId();
            } else {
                str6 = str4;
            }
        } catch (AccountServiceException e) {
            String code = e.getCode();
            if (!AccountServiceException.NO_SUCH_ACCOUNT.equals(code) && !AccountServiceException.NO_SUCH_DISTRIBUTION_LIST.equals(code) && !AccountServiceException.NO_SUCH_DOMAIN.equals(code)) {
                throw e;
            }
            ZimbraLog.acl.warn("revokeRight: no such grantee " + str4);
            if (granteeBy != Provisioning.GranteeBy.id) {
                throw ServiceException.INVALID_REQUEST("cannot find grantee by name: " + str4 + ", try revoke by grantee id if you want to remove the orphan grant", (Throwable) e);
            }
            str6 = str4;
        }
        Right right = RightManager.getInstance().getRight(str5);
        if (namedEntry != null) {
            validateGrant(account, fromCode, lookupTarget, fromCode2, namedEntry, null, right, rightModifier, true);
        }
        HashSet hashSet = new HashSet();
        ZimbraACE zimbraACE = new ZimbraACE(str6, fromCode2, right, rightModifier, null);
        hashSet.add(zimbraACE);
        if (ACLUtil.revokeRight(provisioning, lookupTarget, hashSet).isEmpty()) {
            throw AccountServiceException.NO_SUCH_GRANT(zimbraACE.dump(true));
        }
    }

    public static void revokeAllRights(Provisioning provisioning, GranteeType granteeType, String str) throws ServiceException {
        Set<TargetType> targetTypesForGrantSearch = verifyAdminConsoleCapable().targetTypesForGrantSearch();
        HashSet hashSet = new HashSet();
        hashSet.add(str);
        for (SearchGrants.GrantsOnTarget grantsOnTarget : new SearchGrants(provisioning, targetTypesForGrantSearch, hashSet).doSearch().getResults()) {
            Entry targetEntry = grantsOnTarget.getTargetEntry();
            HashSet hashSet2 = new HashSet();
            for (ZimbraACE zimbraACE : grantsOnTarget.getAcl().getAllACEs()) {
                if (str.equals(zimbraACE.getGrantee())) {
                    hashSet2.add(zimbraACE);
                }
            }
            ACLUtil.revokeRight(provisioning, targetEntry, hashSet2);
        }
    }

    public static Element rightToXML(Element element, Right right, boolean z, Locale locale) throws ServiceException {
        Element addElement = element.addElement("right");
        addElement.addAttribute("name", right.getName());
        addElement.addAttribute("type", right.getRightType().name());
        addElement.addAttribute("targetType", right.getTargetTypeStr());
        addElement.addAttribute("rightClass", right.getRightClass().name());
        String message = L10nUtil.getMessage("ZsMsgRights", right.getName(), locale, new Object[0]);
        if (message == null) {
            message = right.getDesc();
        }
        addElement.addElement("desc").setText(message);
        if (!right.isPresetRight()) {
            if (right.isAttrRight()) {
                Element addElement2 = addElement.addElement("attrs");
                AttrRight attrRight = (AttrRight) right;
                if (attrRight.allAttrs()) {
                    addElement2.addAttribute("all", true);
                    if (z) {
                        for (String str : attrRight.getAllAttrs()) {
                            if (right.getRightType() != Right.RightType.setAttrs || !HardRules.isForbiddenAttr(str)) {
                                addElement2.addElement(LuceneViewer.CLI.O_ACTION).addAttribute("n", str);
                            }
                        }
                    }
                } else {
                    Iterator<String> it = attrRight.getAttrs().iterator();
                    while (it.hasNext()) {
                        addElement2.addElement(it.next());
                    }
                }
            } else if (right.isComboRight()) {
                Element addElement3 = addElement.addElement("rights");
                for (Right right2 : ((ComboRight) right).getRights()) {
                    Element addElement4 = addElement3.addElement(ZEmailAddress.EMAIL_TYPE_REPLY_TO);
                    addElement4.addAttribute("n", right2.getName());
                    addElement4.addAttribute("type", right2.getRightType().name());
                    addElement4.addAttribute("targetType", right2.getTargetTypeStr());
                }
            }
        }
        return addElement;
    }

    public static Right XMLToRight(Element element) throws ServiceException {
        return RightManager.getInstance().getRight(element.getAttribute("name"));
    }
}
