package com.zimbra.cs.service.mail;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.Element;
import com.zimbra.common.soap.MailConstants;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.DistributionList;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.NamedEntry;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.accesscontrol.ACLUtil;
import com.zimbra.cs.account.accesscontrol.GranteeType;
import com.zimbra.cs.account.accesscontrol.RightManager;
import com.zimbra.cs.account.accesscontrol.RightModifier;
import com.zimbra.cs.account.accesscontrol.UserRight;
import com.zimbra.cs.account.accesscontrol.ZimbraACE;
import com.zimbra.cs.dav.DavElements;
import com.zimbra.soap.ZimbraSoapContext;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/zimbra/cs/service/mail/GrantPermission.class */
public class GrantPermission extends MailDocumentHandler {
    @Override // com.zimbra.soap.DocumentHandler
    public Element handle(Element element, Map<String, Object> map) throws ServiceException {
        ZimbraSoapContext zimbraSoapContext = getZimbraSoapContext(map);
        Account requestedAccount = getRequestedAccount(zimbraSoapContext);
        if (!canAccessAccount(zimbraSoapContext, requestedAccount)) {
            throw ServiceException.PERM_DENIED("can not access account");
        }
        HashSet hashSet = new HashSet();
        Iterator it = element.listElements(DavElements.P_ACE).iterator();
        while (it.hasNext()) {
            hashSet.add(handleACE((Element) it.next(), zimbraSoapContext, true));
        }
        List<ZimbraACE> grantRight = ACLUtil.grantRight(Provisioning.getInstance(), requestedAccount, hashSet);
        Element createElement = zimbraSoapContext.createElement(MailConstants.GRANT_PERMISSION_RESPONSE);
        if (hashSet != null) {
            Iterator<ZimbraACE> it2 = grantRight.iterator();
            while (it2.hasNext()) {
                ToXML.encodeACE(createElement, it2.next());
            }
        }
        return createElement;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ZimbraACE handleACE(Element element, ZimbraSoapContext zimbraSoapContext, boolean z) throws ServiceException {
        UserRight userRight = RightManager.getInstance().getUserRight(element.getAttribute("right"));
        GranteeType fromCode = GranteeType.fromCode(element.getAttribute("gt"));
        String attribute = element.getAttribute("zid", (String) null);
        boolean attributeBool = element.getAttributeBool(DavElements.P_DENY, false);
        String str = null;
        if (fromCode == GranteeType.GT_AUTHUSER) {
            attribute = "00000000-0000-0000-0000-000000000000";
        } else if (fromCode == GranteeType.GT_PUBLIC) {
            attribute = "99999999-9999-9999-9999-999999999999";
        } else if (fromCode == GranteeType.GT_GUEST) {
            attribute = element.getAttribute("d");
            if (attribute == null || attribute.indexOf(64) < 0) {
                throw ServiceException.INVALID_REQUEST("invalid guest id or password", (Throwable) null);
            }
            try {
                NamedEntry lookupGranteeByName = lookupGranteeByName(attribute, GranteeType.GT_USER, zimbraSoapContext);
                attribute = lookupGranteeByName.getId();
                fromCode = lookupGranteeByName instanceof DistributionList ? GranteeType.GT_GROUP : GranteeType.GT_USER;
            } catch (ServiceException e) {
                str = element.getAttribute("pw");
            }
        } else if (fromCode == GranteeType.GT_KEY) {
            attribute = element.getAttribute("d");
            str = element.getAttribute("key", (String) null);
        } else if (attribute != null) {
            lookupGranteeByZimbraId(attribute, fromCode, z);
        } else {
            NamedEntry lookupGranteeByName2 = lookupGranteeByName(element.getAttribute("d"), fromCode, zimbraSoapContext);
            attribute = lookupGranteeByName2.getId();
            if (fromCode == GranteeType.GT_USER && (lookupGranteeByName2 instanceof DistributionList)) {
                fromCode = GranteeType.GT_GROUP;
            }
        }
        RightModifier rightModifier = null;
        if (attributeBool) {
            rightModifier = RightModifier.RM_DENY;
        }
        return new ZimbraACE(attribute, fromCode, userRight, rightModifier, str);
    }

    private static NamedEntry lookupEmailAddress(String str) throws ServiceException {
        Provisioning provisioning = Provisioning.getInstance();
        Account account = provisioning.get(Provisioning.AccountBy.name, str);
        if (account == null) {
            account = provisioning.get(Provisioning.DistributionListBy.name, str);
        }
        return account;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v50, types: [com.zimbra.cs.account.NamedEntry] */
    private static NamedEntry lookupGranteeByName(String str, GranteeType granteeType, ZimbraSoapContext zimbraSoapContext) throws ServiceException {
        if (granteeType == GranteeType.GT_AUTHUSER || granteeType == GranteeType.GT_PUBLIC || granteeType == GranteeType.GT_GUEST || granteeType == GranteeType.GT_KEY) {
            return null;
        }
        Provisioning provisioning = Provisioning.getInstance();
        if ((granteeType == GranteeType.GT_USER || granteeType == GranteeType.GT_GROUP) && str.indexOf(64) == -1) {
            Account account = provisioning.get(Provisioning.AccountBy.id, zimbraSoapContext.getAuthtokenAccountId(), zimbraSoapContext.getAuthToken());
            String name = account == null ? null : account.getName();
            if (account != null) {
                str = str + name.substring(name.indexOf(64));
            }
        }
        DistributionList distributionList = null;
        if (str != null) {
            switch (granteeType) {
                case GT_USER:
                    distributionList = lookupEmailAddress(str);
                    break;
                case GT_GROUP:
                    distributionList = provisioning.get(Provisioning.DistributionListBy.name, str);
                    break;
                case GT_DOMAIN:
                    distributionList = provisioning.get(Provisioning.DomainBy.name, str);
                    break;
            }
        }
        if (distributionList != null) {
            return distributionList;
        }
        switch (granteeType) {
            case GT_USER:
                throw AccountServiceException.NO_SUCH_ACCOUNT(str);
            case GT_GROUP:
                throw AccountServiceException.NO_SUCH_DISTRIBUTION_LIST(str);
            case GT_DOMAIN:
                throw AccountServiceException.NO_SUCH_DOMAIN(str);
            default:
                throw ServiceException.FAILURE("LDAP entry not found for " + str + " : " + granteeType, (Throwable) null);
        }
    }

    private static NamedEntry lookupGranteeByZimbraId(String str, GranteeType granteeType, boolean z) throws ServiceException {
        Provisioning provisioning = Provisioning.getInstance();
        try {
            switch (granteeType) {
                case GT_USER:
                    Account account = provisioning.get(Provisioning.AccountBy.id, str);
                    if (account == null && z) {
                        throw AccountServiceException.NO_SUCH_ACCOUNT(str);
                    }
                    return account;
                case GT_GROUP:
                    DistributionList distributionList = provisioning.get(Provisioning.DistributionListBy.id, str);
                    if (distributionList == null && z) {
                        throw AccountServiceException.NO_SUCH_DISTRIBUTION_LIST(str);
                    }
                    return distributionList;
                case GT_DOMAIN:
                    Domain domain = provisioning.get(Provisioning.DomainBy.id, str);
                    if (domain == null && z) {
                        throw AccountServiceException.NO_SUCH_DOMAIN(str);
                    }
                    return domain;
                case GT_GUEST:
                case GT_KEY:
                case GT_AUTHUSER:
                case GT_PUBLIC:
                default:
                    return null;
            }
        } catch (ServiceException e) {
            if (z) {
                throw e;
            }
            return null;
        }
    }
}
