package com.zimbra.cs.mailbox.acl;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.Element;
import com.zimbra.common.soap.MailConstants;
import com.zimbra.common.soap.SoapHttpTransport;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.AccessManager;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.AuthToken;
import com.zimbra.cs.account.GuestAccount;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.Server;
import com.zimbra.cs.account.ZAttrProvisioning;
import com.zimbra.cs.httpclient.URLUtil;
import com.zimbra.cs.mailbox.ACL;
import com.zimbra.cs.mailbox.Folder;
import com.zimbra.cs.mailbox.Mailbox;
import com.zimbra.cs.mailbox.MailboxManager;
import com.zimbra.cs.mailbox.OperationContext;
import com.zimbra.cs.service.AuthProvider;
import com.zimbra.cs.service.util.ItemId;
import com.zimbra.cs.zclient.ZShare;
import java.io.IOException;

/* loaded from: input_file:com/zimbra/cs/mailbox/acl/FolderACL.class */
public class FolderACL {
    OperationContext mOctxt;
    ShareTarget mShareTarget;
    Boolean mCanAccessOwnerAccount = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/zimbra/cs/mailbox/acl/FolderACL$ShareTarget.class */
    public static class ShareTarget {
        private Account mOwnerAcct;
        int mFolderId;

        private ShareTarget(String str, int i) throws ServiceException {
            this.mOwnerAcct = Provisioning.getInstance().get(Provisioning.AccountBy.id, str);
            if (this.mOwnerAcct == null) {
                throw AccountServiceException.NO_SUCH_ACCOUNT(str);
            }
            this.mFolderId = i;
        }

        private ShareTarget(Account account, int i) throws ServiceException {
            this.mOwnerAcct = account;
            this.mFolderId = i;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Account getAccount() {
            return this.mOwnerAcct;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getAccountId() {
            return this.mOwnerAcct.getId();
        }

        int getFolderId() {
            return this.mFolderId;
        }

        boolean onLocalServer() throws ServiceException {
            return Provisioning.onLocalServer(this.mOwnerAcct);
        }
    }

    public FolderACL(OperationContext operationContext, String str, int i) throws ServiceException {
        this.mOctxt = operationContext;
        this.mShareTarget = new ShareTarget(str, i);
    }

    public FolderACL(OperationContext operationContext, Account account, int i, Boolean bool) throws ServiceException {
        this.mOctxt = operationContext;
        this.mShareTarget = new ShareTarget(account, i);
    }

    public short getEffectivePermissions() throws ServiceException {
        return checkRights((short) -1);
    }

    public boolean canAccess(short s) throws ServiceException {
        return (checkRights(s) & s) == s;
    }

    private short checkRights(short s) throws ServiceException {
        return checkRights(s, getAuthenticatedAccount(), isUsingAdminPrivileges());
    }

    private Account getAuthenticatedAccount() throws ServiceException {
        Account account = null;
        if (this.mOctxt != null) {
            account = this.mOctxt.getAuthenticatedUser();
        }
        if (account != null && account.getId().equals(this.mShareTarget.getAccountId())) {
            account = null;
        }
        return account;
    }

    private boolean canAccessOwnerAccount(Account account, boolean z) throws ServiceException {
        if (this.mCanAccessOwnerAccount == null) {
            this.mCanAccessOwnerAccount = Boolean.valueOf(AccessManager.getInstance().canAccessAccount(account, this.mShareTarget.getAccount(), z));
        }
        return this.mCanAccessOwnerAccount.booleanValue();
    }

    private boolean isUsingAdminPrivileges() {
        return this.mOctxt != null && this.mOctxt.isUsingAdminPrivileges();
    }

    private short checkRights(short s, Account account, boolean z) throws ServiceException {
        if (s == 0) {
            return s;
        }
        if (account == null || account.getId().equals(this.mShareTarget.getAccountId())) {
            return s;
        }
        if (canAccessOwnerAccount(account, z)) {
            return s;
        }
        ACL effectiveACLFromCache = getEffectiveACLFromCache();
        Short grantedRights = effectiveACLFromCache != null ? effectiveACLFromCache.getGrantedRights(account) : getEffectivePermissionsFromServer();
        if (grantedRights != null) {
            return (short) (grantedRights.shortValue() & s);
        }
        return (short) 0;
    }

    private ACL getEffectiveACLFromCache() throws ServiceException {
        return EffectiveACLCache.get(this.mShareTarget.getAccountId(), this.mShareTarget.getFolderId());
    }

    private Short getEffectivePermissionsFromServer() throws ServiceException {
        return this.mShareTarget.onLocalServer() ? getEffectivePermissionsLocal() : getEffectivePermissionsRemote();
    }

    private Short getEffectivePermissionsLocal() throws ServiceException {
        Mailbox mailboxByAccountId = MailboxManager.getInstance().getMailboxByAccountId(this.mShareTarget.getAccountId());
        return getEffectivePermissionsLocal(this.mOctxt, mailboxByAccountId, mailboxByAccountId.getFolderById(null, this.mShareTarget.getFolderId()));
    }

    public static Short getEffectivePermissionsLocal(OperationContext operationContext, Mailbox mailbox, Folder folder) throws ServiceException {
        EffectiveACLCache.put(folder.getAccount().getId(), folder.getId(), folder.getEffectiveACL());
        return Short.valueOf(mailbox.getEffectivePermissions(operationContext.getAuthenticatedUser(), operationContext.isUsingAdminPrivileges(), folder.getId(), (byte) 1));
    }

    private Short getEffectivePermissionsRemote() throws ServiceException {
        Element.XMLElement xMLElement = new Element.XMLElement(MailConstants.GET_EFFECTIVE_FOLDER_PERMS_REQUEST);
        xMLElement.addElement("folder").addAttribute(ZAttrProvisioning.A_l, new ItemId(this.mShareTarget.getAccountId(), this.mShareTarget.getFolderId()).toString((Account) null));
        Server server = Provisioning.getInstance().getServer(this.mShareTarget.getAccount());
        SoapHttpTransport soapHttpTransport = new SoapHttpTransport(URLUtil.getSoapURL(server, false));
        AuthToken authToken = null;
        if (this.mOctxt != null) {
            authToken = this.mOctxt.getAuthToken();
        }
        if (authToken == null) {
            authToken = AuthProvider.getAuthToken(GuestAccount.ANONYMOUS_ACCT);
        }
        soapHttpTransport.setAuthToken(authToken.toZAuthToken());
        soapHttpTransport.setTargetAcctId(this.mShareTarget.getAccountId());
        Short sh = null;
        try {
            try {
                sh = Short.valueOf(ACL.stringToRights(soapHttpTransport.invoke(xMLElement).getElement("folder").getAttribute(ZShare.A_PERM)));
                soapHttpTransport.shutdown();
            } catch (IOException e) {
                ZimbraLog.misc.warn("cannot get effective perms from server " + server.getName(), e);
                soapHttpTransport.shutdown();
            } catch (ServiceException e2) {
                ZimbraLog.misc.warn("cannot get effective perms from server " + server.getName(), e2);
                soapHttpTransport.shutdown();
            }
            return sh;
        } catch (Throwable th) {
            soapHttpTransport.shutdown();
            throw th;
        }
    }
}
