package com.zimbra.cs.account.accesscontrol;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.DistributionList;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.GuestAccount;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.mailbox.OperationContextData;

/* loaded from: input_file:com/zimbra/cs/account/accesscontrol/ZimbraACE.class */
public class ZimbraACE {
    private static final char S_DELIMITER = ' ';
    private static final String S_SECRET_DELIMITER = ":";
    private String mGrantee;
    private GranteeType mGranteeType;
    private Right mRight;
    private RightModifier mRightModifier;
    private String mSecret;
    private TargetType mTargetType;
    private String mTargetName;

    private String[] getParts(String str) throws ServiceException {
        int lastIndexOf = str.lastIndexOf(32);
        if (lastIndexOf == -1) {
            throw ServiceException.PARSE_ERROR("bad ACE: " + str, (Throwable) null);
        }
        int lastIndexOf2 = str.lastIndexOf(32, lastIndexOf - 1);
        if (lastIndexOf2 == -1) {
            throw ServiceException.PARSE_ERROR("bad ACE: " + str, (Throwable) null);
        }
        return new String[]{str.substring(0, lastIndexOf2), str.substring(lastIndexOf2 + 1, lastIndexOf), str.substring(lastIndexOf + 1)};
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ZimbraACE(String str, RightManager rightManager, TargetType targetType, String str2) throws ServiceException {
        String[] parts = getParts(str);
        String str3 = parts[0];
        this.mGranteeType = GranteeType.fromCode(parts[1]);
        String str4 = parts[2];
        switch (this.mGranteeType) {
            case GT_USER:
            case GT_GROUP:
            case GT_DOMAIN:
            case GT_AUTHUSER:
            case GT_PUBLIC:
                if (!Provisioning.isUUID(str3)) {
                    throw ServiceException.PARSE_ERROR("grantee ID [" + str3 + "] is not a UUID", (Throwable) null);
                }
                this.mGrantee = str3;
                break;
            case GT_GUEST:
            case GT_KEY:
                String[] split = str3.split(S_SECRET_DELIMITER);
                if (split.length != 1 && split.length != 2) {
                    throw ServiceException.PARSE_ERROR("bad ACE(gurst/key grantee must have two sub parts): " + str, (Throwable) null);
                }
                this.mGrantee = decodeGrantee(split[0]);
                if (split.length != 2) {
                    this.mSecret = null;
                    break;
                } else {
                    this.mSecret = decodeSecret(split[1]);
                    break;
                }
                break;
            default:
                throw ServiceException.PARSE_ERROR("invalid grantee type " + this.mGranteeType, (Throwable) null);
        }
        this.mRightModifier = RightModifier.fromChar(str4.charAt(0));
        if (this.mRightModifier == null) {
            this.mRight = rightManager.getRight(str4);
        } else {
            this.mRight = rightManager.getRight(str4.substring(1));
        }
        this.mTargetType = targetType;
        this.mTargetName = str2;
    }

    public ZimbraACE(String str, GranteeType granteeType, Right right, RightModifier rightModifier, String str2) throws ServiceException {
        this.mGranteeType = granteeType;
        if (this.mGranteeType == GranteeType.GT_AUTHUSER) {
            this.mGrantee = "00000000-0000-0000-0000-000000000000";
        } else if (this.mGranteeType == GranteeType.GT_PUBLIC) {
            this.mGrantee = "99999999-9999-9999-9999-999999999999";
        } else {
            this.mGrantee = str;
        }
        this.mRightModifier = rightModifier;
        this.mRight = right;
        this.mSecret = str2;
    }

    private ZimbraACE(ZimbraACE zimbraACE) {
        this.mGrantee = new String(zimbraACE.mGrantee);
        this.mGranteeType = zimbraACE.mGranteeType;
        this.mRight = zimbraACE.mRight;
        this.mRightModifier = zimbraACE.mRightModifier;
        if (zimbraACE.mSecret != null) {
            this.mSecret = new String(zimbraACE.mSecret);
        }
        this.mTargetType = zimbraACE.mTargetType;
        this.mTargetName = zimbraACE.mTargetName;
    }

    /* renamed from: clone, reason: merged with bridge method [inline-methods] */
    public ZimbraACE m152clone() {
        return new ZimbraACE(this);
    }

    private String encodeGrantee(String str) {
        return str;
    }

    private String decodeGrantee(String str) throws ServiceException {
        return str;
    }

    private String encodeSecret(String str) {
        return str == null ? OperationContextData.GranteeNames.EMPTY_NAME : str;
    }

    private String decodeSecret(String str) throws ServiceException {
        return str;
    }

    public boolean isGrantee(String str) {
        return (str == null || str.equals("99999999-9999-9999-9999-999999999999")) ? this.mGranteeType == GranteeType.GT_PUBLIC : str.equals("00000000-0000-0000-0000-000000000000") ? this.mGranteeType == GranteeType.GT_AUTHUSER : str.equals(this.mGrantee);
    }

    public String getGrantee() {
        return this.mGrantee;
    }

    public GranteeType getGranteeType() {
        return this.mGranteeType;
    }

    public Right getRight() {
        return this.mRight;
    }

    public boolean deny() {
        return this.mRightModifier == RightModifier.RM_DENY;
    }

    public boolean canDelegate() {
        return this.mRightModifier == RightModifier.RM_CAN_DELEGATE;
    }

    public boolean subDomain() {
        return this.mRightModifier == RightModifier.RM_SUBDOMAIN;
    }

    public boolean disinheritSubGroups() {
        return this.mRightModifier == RightModifier.RM_DISINHERIT_SUB_GROUPS;
    }

    public boolean canExecuteOnly() {
        return (canDelegate() || deny()) ? false : true;
    }

    public String getSecret() {
        return this.mSecret;
    }

    public void setSecret(String str) {
        this.mSecret = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RightModifier getRightModifier() {
        return this.mRightModifier;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRightModifier(RightModifier rightModifier) {
        this.mRightModifier = rightModifier;
    }

    void setRight(Right right) {
        this.mRight = right;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TargetType getTargetType() {
        return this.mTargetType;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getTargetName() {
        return this.mTargetName;
    }

    private boolean matches(Account account) throws ServiceException {
        Provisioning provisioning = Provisioning.getInstance();
        if (account == null) {
            return this.mGranteeType == GranteeType.GT_PUBLIC;
        }
        switch (this.mGranteeType) {
            case GT_USER:
                return this.mGrantee.equals(account.getId());
            case GT_GROUP:
                return provisioning.inDistributionList(account, this.mGrantee);
            case GT_DOMAIN:
                return this.mGrantee.equals(account.getDomainId());
            case GT_AUTHUSER:
                return !(account instanceof GuestAccount);
            case GT_PUBLIC:
                return true;
            case GT_GUEST:
                return matchesGuestAccount(account);
            case GT_KEY:
                return matchesAccessKey(account);
            default:
                throw ServiceException.FAILURE("unknown ACL grantee type: " + this.mGranteeType, (Throwable) null);
        }
    }

    private boolean matchesGuestAccount(Account account) {
        if (account instanceof GuestAccount) {
            return ((GuestAccount) account).matches(this.mGrantee, this.mSecret);
        }
        return false;
    }

    private boolean matchesAccessKey(Account account) {
        if (account instanceof GuestAccount) {
            return ((GuestAccount) account).matchesAccessKey(this.mGrantee, this.mSecret);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean matchesGrantee(Account account) throws ServiceException {
        return matches(account);
    }

    public String getGranteeDisplayName() {
        try {
            switch (this.mGranteeType) {
                case GT_USER:
                    Account account = Provisioning.getInstance().get(Provisioning.AccountBy.id, this.mGrantee);
                    if (account != null) {
                        return account.getName();
                    }
                    return null;
                case GT_GROUP:
                    DistributionList group = Provisioning.getInstance().getGroup(Provisioning.DistributionListBy.id, this.mGrantee);
                    if (group != null) {
                        return group.getName();
                    }
                    return null;
                case GT_DOMAIN:
                    Domain domain = Provisioning.getInstance().get(Provisioning.DomainBy.id, this.mGrantee);
                    if (domain != null) {
                        return domain.getName();
                    }
                    return null;
                case GT_AUTHUSER:
                case GT_PUBLIC:
                default:
                    return null;
                case GT_GUEST:
                case GT_KEY:
                    return this.mGrantee;
            }
        } catch (ServiceException e) {
            ZimbraLog.acl.warn("cannot get grantee name for " + this.mGrantee, e);
            return null;
        }
    }

    public String serialize() {
        StringBuffer stringBuffer = new StringBuffer();
        if (this.mGranteeType == GranteeType.GT_GUEST || this.mGranteeType == GranteeType.GT_KEY) {
            stringBuffer.append(encodeGrantee(this.mGrantee) + S_SECRET_DELIMITER + encodeSecret(this.mSecret) + ' ');
        } else {
            stringBuffer.append(this.mGrantee + ' ');
        }
        stringBuffer.append(getGranteeType().getCode() + ' ');
        if (this.mRightModifier != null) {
            stringBuffer.append(this.mRightModifier.getModifier());
        }
        stringBuffer.append(getRight().getName());
        return stringBuffer.toString();
    }

    public String dump(boolean z) {
        return z ? "[grantee name=" + getGranteeDisplayName() + ", grantee id=" + getGrantee() + ", grantee type=" + getGranteeType().getCode() + ", right=" + getRight().getName() + "]" : "[(" + getGranteeDisplayName() + ") " + serialize() + "]";
    }

    public static void validate(ZimbraACE zimbraACE) throws ServiceException {
        if (zimbraACE.mGranteeType == GranteeType.GT_GUEST || zimbraACE.mGranteeType == GranteeType.GT_KEY) {
            if (zimbraACE.getGrantee().contains(S_SECRET_DELIMITER)) {
                throw ServiceException.INVALID_REQUEST("grantee cannot contain::", (Throwable) null);
            }
            if (zimbraACE.getSecret() != null && zimbraACE.getSecret().contains(S_SECRET_DELIMITER)) {
                throw ServiceException.INVALID_REQUEST("password/accesskey cannot contain::", (Throwable) null);
            }
        }
    }
}
