package com.zimbra.qa.unittest;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.CliUtil;
import com.zimbra.cs.account.AccessManager;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.CalendarResource;
import com.zimbra.cs.account.Config;
import com.zimbra.cs.account.Cos;
import com.zimbra.cs.account.DistributionList;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.GlobalGrant;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.Server;
import com.zimbra.cs.account.ZAttrProvisioning;
import com.zimbra.cs.account.Zimlet;
import com.zimbra.cs.account.accesscontrol.CheckRight;
import com.zimbra.cs.account.accesscontrol.GranteeType;
import com.zimbra.cs.account.accesscontrol.Right;
import com.zimbra.cs.account.accesscontrol.RightCommand;
import com.zimbra.cs.account.accesscontrol.RightManager;
import com.zimbra.cs.account.accesscontrol.Rights;
import com.zimbra.cs.account.accesscontrol.TargetType;
import com.zimbra.cs.zclient.ZMailbox;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:com/zimbra/qa/unittest/TestAC.class */
public class TestAC extends TestProv {
    protected static final AccessManager sAM = AccessManager.getInstance();
    protected static Right USER_RIGHT;
    protected static Right USER_RIGHT_DISTRIBUTION_LIST;
    protected static Right ADMIN_RIGHT_ACCOUNT;
    protected static Right ADMIN_RIGHT_CALENDAR_RESOURCE;
    protected static Right ADMIN_RIGHT_CONFIG;
    protected static Right ADMIN_RIGHT_COS;
    protected static Right ADMIN_RIGHT_DISTRIBUTION_LIST;
    protected static Right ADMIN_RIGHT_DOMAIN;
    protected static Right ADMIN_RIGHT_GLOBALGRANT;
    protected static Right ADMIN_RIGHT_SERVER;
    protected static Right ADMIN_RIGHT_XMPP_COMPONENT;
    protected static Right ADMIN_RIGHT_ZIMLET;
    private static List<Right> sRights;
    private Account mGlobalAdminAcct;

    static Right getRight(String str) throws ServiceException {
        return RightManager.getInstance().getRight(str);
    }

    private Config getConfig() throws Exception {
        return this.mProv.getConfig();
    }

    private GlobalGrant getGlobalGrant() throws Exception {
        return this.mProv.getGlobalGrant();
    }

    private void revokeAllGrantsOnGlobalGrant() throws Exception {
        for (RightCommand.ACE ace : RightCommand.getGrants(this.mProv, TargetType.global.getCode(), null, null, null, null, null, false).getACEs()) {
            RightCommand.revokeRight(this.mProv, getGlobalAdminAcct(), ace.targetType(), Provisioning.TargetBy.id, ace.targetId(), ace.granteeType(), Provisioning.GranteeBy.id, ace.granteeId(), ace.right(), ace.rightModifier());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.zimbra.qa.unittest.TestProv
    public Account getGlobalAdminAcct() throws ServiceException {
        if (this.mGlobalAdminAcct == null) {
            this.mGlobalAdminAcct = super.getGlobalAdminAcct();
        }
        return this.mGlobalAdminAcct;
    }

    private boolean asAdmin(Account account) {
        return account.getBooleanAttr(ZAttrProvisioning.A_zimbraIsAdminAccount, false) || account.getBooleanAttr(ZAttrProvisioning.A_zimbraIsDelegatedAdminAccount, false);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0024. Please report as an issue. */
    private boolean isRightGrantableOnTargetType(Right right, TargetType targetType) throws Exception {
        if (targetType == TargetType.dl && !CheckRight.allowGroupTarget(right)) {
            return false;
        }
        TargetType targetType2 = right.getTargetType();
        if (!right.isUserRight()) {
            switch (targetType2) {
                case account:
                    return targetType == TargetType.account || targetType == TargetType.dl || targetType == TargetType.domain || targetType == TargetType.global;
                case calresource:
                    return targetType == TargetType.calresource || targetType == TargetType.dl || targetType == TargetType.domain || targetType == TargetType.global;
                case cos:
                    return targetType == TargetType.cos || targetType == TargetType.global;
                case dl:
                    return targetType == TargetType.dl || targetType == TargetType.domain || targetType == TargetType.global;
                case domain:
                    return targetType == TargetType.domain || targetType == TargetType.global;
                case server:
                    return targetType == TargetType.server || targetType == TargetType.global;
                case xmppcomponent:
                    return targetType == TargetType.xmppcomponent || targetType == TargetType.global;
                case zimlet:
                    return targetType == TargetType.zimlet || targetType == TargetType.global;
                case config:
                    return targetType == TargetType.config || targetType == TargetType.global;
                case global:
                    return targetType == TargetType.global;
                default:
                    fail();
                    return false;
            }
        }
        switch (targetType2) {
            case account:
                return targetType == TargetType.account || targetType == TargetType.calresource || targetType == TargetType.dl || targetType == TargetType.domain || targetType == TargetType.global;
            case calresource:
                fail();
            case cos:
                fail();
            case dl:
                return targetType == TargetType.dl || targetType == TargetType.domain || targetType == TargetType.global;
            case domain:
            case server:
            case xmppcomponent:
            case zimlet:
            case config:
            case global:
            default:
                fail();
                return false;
        }
    }

    private void doTest(String str, TargetType targetType, GranteeType granteeType, Right right) throws Exception {
        DistributionList createAdminGroup;
        boolean z;
        Account createDelegatedAdminAccount;
        System.out.println("testing (" + str + "): grant target=" + targetType.getCode() + ", grantee type=" + granteeType.getCode() + ", right=" + right.getName());
        Domain createDomain = createDomain();
        boolean isUserRight = right.isUserRight();
        ArrayList<Account> arrayList = new ArrayList();
        ArrayList<Account> arrayList2 = new ArrayList();
        String str2 = null;
        String str3 = null;
        switch (granteeType) {
            case GT_USER:
                if (isUserRight) {
                    createDelegatedAdminAccount = createUserAccount("grantee-user-acct", createDomain);
                    arrayList.add(createDelegatedAdminAccount);
                    arrayList2.add(createUserAccount("denied-user-acct", createDomain));
                } else {
                    createDelegatedAdminAccount = createDelegatedAdminAccount("grantee-da-acct", createDomain);
                    arrayList.add(createDelegatedAdminAccount);
                    arrayList2.add(createDelegatedAdminAccount("denied-da-acct", createDomain));
                }
                str2 = createDelegatedAdminAccount.getName();
                break;
            case GT_GROUP:
                if (isUserRight) {
                    createAdminGroup = createUserGroup("grantee-user-group", createDomain);
                    Account createUserAccount = createUserAccount("allowed-user-acct", createDomain);
                    arrayList.add(createUserAccount);
                    this.mProv.addMembers(createAdminGroup, new String[]{createUserAccount.getName()});
                    arrayList2.add(createUserAccount("denied-user-acct", createDomain));
                } else {
                    createAdminGroup = createAdminGroup("grantee-admin-group", createDomain);
                    Account createDelegatedAdminAccount2 = createDelegatedAdminAccount("allowed-da-acct", createDomain);
                    arrayList.add(createDelegatedAdminAccount2);
                    this.mProv.addMembers(createAdminGroup, new String[]{createDelegatedAdminAccount2.getName()});
                    arrayList2.add(createDelegatedAdminAccount("denied-da-acct", createDomain));
                }
                str2 = createAdminGroup.getName();
                break;
            case GT_AUTHUSER:
                if (isUserRight) {
                    arrayList.add(createUserAccount("allowed-user-acct", createDomain));
                    arrayList2.add(createGuestAccount("not-my-guest@external.com", TestUtil.DEFAULT_PASSWORD));
                    break;
                } else {
                    arrayList2.add(createDelegatedAdminAccount("denied-da-acct", createDomain));
                    break;
                }
            case GT_DOMAIN:
                Domain createDomain2 = createDomain();
                if (isUserRight) {
                    arrayList.add(createUserAccount("allowed-user-acct", createDomain2));
                    arrayList2.add(createUserAccount("denied-user-acct", createDomain()));
                } else {
                    arrayList2.add(createDelegatedAdminAccount("denied-da-acct", createDomain2));
                }
                str2 = createDomain2.getName();
                break;
            case GT_GUEST:
                str2 = "be-my-guest@guest.com";
                str3 = TestUtil.DEFAULT_PASSWORD;
                if (isUserRight) {
                    arrayList.add(createGuestAccount(str2, str3));
                    arrayList2.add(createGuestAccount("not-my-guest@external.com", "bad"));
                    break;
                } else {
                    arrayList2.add(createDelegatedAdminAccount("denied-da-acct", createDomain));
                    arrayList2.add(createGuestAccount(str2, str3));
                    break;
                }
            case GT_KEY:
                str2 = "be-my-guest";
                str3 = TestUtil.DEFAULT_PASSWORD;
                if (isUserRight) {
                    arrayList.add(createKeyAccount(str2, str3));
                    arrayList2.add(createKeyAccount("not-my-guest", "bad"));
                    break;
                } else {
                    arrayList2.add(createDelegatedAdminAccount("denied-da-acct", createDomain));
                    arrayList2.add(createKeyAccount(str2, str3));
                    break;
                }
            case GT_PUBLIC:
                if (isUserRight) {
                    arrayList.add(anonAccount());
                    break;
                } else {
                    arrayList2.add(anonAccount());
                    break;
                }
            default:
                fail();
                break;
        }
        if (isUserRight) {
            z = !isRightGrantableOnTargetType(right, targetType);
        } else {
            z = granteeType.allowedForAdminRights() ? false : true;
            if (!z && granteeType == GranteeType.GT_DOMAIN && right != Rights.Admin.R_crossDomainAdmin) {
                z = true;
            }
            if (!z) {
                z = !isRightGrantableOnTargetType(right, targetType);
            }
        }
        Domain domain = null;
        String str4 = null;
        boolean z2 = false;
        switch (targetType) {
            case account:
                Account createUserAccount2 = createUserAccount("target-acct", createDomain);
                str4 = createUserAccount2.getName();
                domain = createUserAccount2;
                break;
            case calresource:
                CalendarResource createCalendarResource = createCalendarResource("target-cr", createDomain);
                str4 = createCalendarResource.getName();
                domain = createCalendarResource;
                break;
            case cos:
                Cos createCos = createCos();
                str4 = createCos.getName();
                domain = createCos;
                break;
            case dl:
                DistributionList createUserGroup = createUserGroup("target-group", createDomain);
                str4 = createUserGroup.getName();
                domain = createUserGroup;
                break;
            case domain:
                domain = createDomain;
                str4 = createDomain.getName();
                break;
            case server:
                Server createServer = createServer();
                str4 = createServer.getName();
                domain = createServer;
                break;
            case xmppcomponent:
                cleanup();
                return;
            case zimlet:
                Zimlet createZimlet = createZimlet();
                str4 = createZimlet.getName();
                domain = createZimlet;
                break;
            case config:
                domain = getConfig();
                break;
            case global:
                domain = getGlobalGrant();
                break;
            default:
                fail();
                break;
        }
        try {
            RightCommand.grantRight(this.mProv, getGlobalAdminAcct(), targetType.getCode(), Provisioning.TargetBy.name, str4, granteeType.getCode(), Provisioning.GranteeBy.name, str2, str3, right.getName(), null);
        } catch (ServiceException e) {
            z2 = "service.INVALID_REQUEST".equals(e.getCode());
        }
        assertEquals(z, z2);
        Account account = null;
        Account account2 = null;
        switch (right.getTargetType()) {
            case account:
                if (targetType == TargetType.account) {
                    account = domain;
                    account2 = createUserAccount("bad-target-acct", createDomain);
                    break;
                } else if (targetType == TargetType.calresource) {
                    if (isUserRight) {
                        account = domain;
                        account2 = createCalendarResource("bad-target-cr", createDomain);
                        break;
                    } else {
                        account2 = domain;
                        break;
                    }
                } else if (targetType == TargetType.dl) {
                    if (CheckRight.allowGroupTarget(right)) {
                        account = createUserAccount("target-acct", createDomain);
                        DistributionList createUserGroup2 = createUserGroup("target-subgroup", createDomain);
                        this.mProv.addMembers((DistributionList) domain, new String[]{createUserGroup2.getName()});
                        this.mProv.addMembers(createUserGroup2, new String[]{account.getName()});
                        break;
                    } else {
                        account2 = createUserAccount("target-acct", createDomain);
                        this.mProv.addMembers((DistributionList) domain, new String[]{account2.getName()});
                        break;
                    }
                } else if (targetType == TargetType.domain) {
                    account = createUserAccount("target-acct", createDomain);
                    account2 = createUserAccount("target-acct", createDomain());
                    break;
                } else if (targetType == TargetType.global) {
                    account = createUserAccount("target-acct", createDomain());
                    break;
                } else {
                    account2 = domain;
                    break;
                }
            case calresource:
                if (targetType == TargetType.calresource) {
                    account = domain;
                    account2 = createCalendarResource("bad-target-cr", createDomain);
                    break;
                } else if (targetType == TargetType.dl) {
                    if (CheckRight.allowGroupTarget(right)) {
                        account = createCalendarResource("target-cr", createDomain);
                        this.mProv.addMembers((DistributionList) domain, new String[]{account.getName()});
                        break;
                    } else {
                        account2 = createCalendarResource("target-cr", createDomain);
                        this.mProv.addMembers((DistributionList) domain, new String[]{account2.getName()});
                        break;
                    }
                } else if (targetType == TargetType.domain) {
                    account = createCalendarResource("target-cr", createDomain);
                    account2 = createUserAccount("target-acct", createDomain());
                    break;
                } else if (targetType == TargetType.global) {
                    account = createCalendarResource("target-cr", createDomain());
                    break;
                } else {
                    account2 = domain;
                    break;
                }
            case cos:
                if (targetType == TargetType.cos) {
                    account = domain;
                } else if (targetType == TargetType.global) {
                    account = createCos();
                }
                if (account == null) {
                    account2 = domain;
                    break;
                }
                break;
            case dl:
                if (targetType == TargetType.dl) {
                    DistributionList createUserGroup3 = createUserGroup("target-subgroup", createDomain);
                    this.mProv.addMembers((DistributionList) domain, new String[]{createUserGroup3.getName()});
                    account = createUserGroup3;
                    account2 = createUserGroup("bad-target-dl", createDomain);
                    break;
                } else if (targetType == TargetType.domain) {
                    account = createUserGroup("target-dl", createDomain);
                    account2 = createUserGroup("bad-target-dl", createDomain());
                    break;
                } else if (targetType == TargetType.global) {
                    account = createUserGroup("target-dl", createDomain());
                    break;
                } else {
                    account2 = domain;
                    break;
                }
            case domain:
                if (targetType == TargetType.domain) {
                    account = domain;
                    account2 = createDomain();
                    break;
                } else if (targetType == TargetType.global) {
                    account = createDomain();
                    break;
                } else {
                    account2 = domain;
                    break;
                }
            case server:
                if (targetType == TargetType.server) {
                    account = domain;
                    account2 = createServer();
                    break;
                } else if (targetType == TargetType.global) {
                    account = createServer();
                    break;
                } else {
                    account2 = domain;
                    break;
                }
            case xmppcomponent:
                cleanup();
                return;
            case zimlet:
                this.mProv.reload(domain);
                if (targetType == TargetType.zimlet) {
                    account = domain;
                    account2 = createZimlet();
                    break;
                } else if (targetType == TargetType.global) {
                    account = createZimlet();
                    break;
                } else {
                    account2 = domain;
                    break;
                }
            case config:
                if (targetType == TargetType.config) {
                    account = domain;
                    break;
                } else if (targetType == TargetType.global) {
                    account = getConfig();
                    break;
                } else {
                    account2 = domain;
                    break;
                }
            case global:
                if (targetType == TargetType.global) {
                    account = getGlobalGrant();
                    break;
                } else {
                    account2 = domain;
                    break;
                }
            default:
                fail();
                break;
        }
        if (account != null) {
            for (Account account3 : arrayList) {
                assertTrue(sAM.canDo(account3, account, right, asAdmin(account3), (AccessManager.ViaGrant) null));
            }
            for (Account account4 : arrayList2) {
                boolean z3 = false;
                try {
                    z3 = sAM.canDo(account4, account, right, asAdmin(account4), (AccessManager.ViaGrant) null);
                } catch (ServiceException e2) {
                    if (!"service.PERM_DENIED".equals(e2.getCode())) {
                        fail();
                    }
                }
                assertFalse(z3);
            }
        }
        if (account2 != null) {
            for (Account account5 : arrayList) {
                assertFalse(sAM.canDo(account5, account2, right, asAdmin(account5), (AccessManager.ViaGrant) null));
            }
            for (Account account6 : arrayList2) {
                boolean z4 = false;
                try {
                    z4 = sAM.canDo(account6, account2, right, asAdmin(account6), (AccessManager.ViaGrant) null);
                } catch (ServiceException e3) {
                    if (!"service.PERM_DENIED".equals(e3.getCode())) {
                        fail();
                    }
                }
                assertFalse(z4);
            }
        }
        cleanup();
    }

    private void cleanup() throws Exception {
        revokeAllGrantsOnGlobalGrant();
        deleteAllEntries();
    }

    public void testBasic() throws Exception {
        int length = TargetType.values().length * GranteeType.values().length * sRights.size();
        int i = 1;
        for (TargetType targetType : TargetType.values()) {
            for (GranteeType granteeType : GranteeType.values()) {
                Iterator<Right> it = sRights.iterator();
                while (it.hasNext()) {
                    int i2 = i;
                    i++;
                    doTest(i2 + ZMailbox.PATH_SEPARATOR + length, targetType, granteeType, it.next());
                }
            }
        }
    }

    public static void main(String[] strArr) throws Exception {
        CliUtil.toolSetup("INFO");
        TestUtil.runTest(TestAC.class);
    }

    static {
        try {
            USER_RIGHT = getRight("test-user");
            USER_RIGHT_DISTRIBUTION_LIST = getRight("test-user-distributionlist");
            ADMIN_RIGHT_ACCOUNT = getRight("test-preset-account");
            ADMIN_RIGHT_CALENDAR_RESOURCE = getRight("test-preset-calendarresource");
            ADMIN_RIGHT_CONFIG = getRight("test-preset-globalconfig");
            ADMIN_RIGHT_COS = getRight("test-preset-cos");
            ADMIN_RIGHT_DISTRIBUTION_LIST = getRight("test-preset-distributionlist");
            ADMIN_RIGHT_DOMAIN = getRight("test-preset-domain");
            ADMIN_RIGHT_GLOBALGRANT = getRight("test-preset-globalgrant");
            ADMIN_RIGHT_SERVER = getRight("test-preset-server");
            ADMIN_RIGHT_XMPP_COMPONENT = getRight("test-preset-xmppcomponent");
            ADMIN_RIGHT_ZIMLET = getRight("test-preset-zimlet");
            sRights = new ArrayList();
            sRights.add(USER_RIGHT);
            sRights.add(USER_RIGHT_DISTRIBUTION_LIST);
            sRights.add(Rights.User.R_loginAs);
            sRights.add(ADMIN_RIGHT_ACCOUNT);
            sRights.add(Rights.Admin.R_adminLoginAs);
            sRights.add(ADMIN_RIGHT_CALENDAR_RESOURCE);
            sRights.add(ADMIN_RIGHT_CONFIG);
            sRights.add(ADMIN_RIGHT_COS);
            sRights.add(ADMIN_RIGHT_DISTRIBUTION_LIST);
            sRights.add(ADMIN_RIGHT_DOMAIN);
            sRights.add(ADMIN_RIGHT_GLOBALGRANT);
            sRights.add(ADMIN_RIGHT_SERVER);
            sRights.add(ADMIN_RIGHT_XMPP_COMPONENT);
            sRights.add(ADMIN_RIGHT_ZIMLET);
        } catch (ServiceException e) {
            e.printStackTrace();
            fail();
        }
    }
}
