package com.zimbra.cs.account.accesscontrol;

import com.google.common.base.Objects;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AttributeClass;
import com.zimbra.cs.account.Entry;
import com.zimbra.cs.account.GuestAccount;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.accesscontrol.RightBearer;
import com.zimbra.cs.account.ldap.LdapProv;
import com.zimbra.cs.account.ldap.SpecialAttrs;
import com.zimbra.cs.ldap.IAttributes;
import com.zimbra.cs.ldap.LdapConstants;
import com.zimbra.cs.ldap.SearchLdapOptions;
import com.zimbra.soap.type.TargetBy;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/zimbra/cs/account/accesscontrol/SearchGrants.class */
public final class SearchGrants {
    private final Provisioning prov;
    private final Set<TargetType> targetTypes;
    private final Set<String> granteeIds;
    private final Account acct;
    private final Set<Right> rights;
    private final boolean onMaster;
    private final Set<String> fetchAttrs;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/SearchGrants$GrantsOnTarget.class */
    public static final class GrantsOnTarget {
        private final Entry targetEntry;
        private final ZimbraACL acl;

        private GrantsOnTarget(Entry entry, ZimbraACL zimbraACL) {
            this.targetEntry = entry;
            this.acl = zimbraACL;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Entry getTargetEntry() {
            return this.targetEntry;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ZimbraACL getAcl() {
            return this.acl;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/SearchGrants$GrantsOnTargetRaw.class */
    public static class GrantsOnTargetRaw {
        private final String cn;
        private final String zimbraId;
        private final Set<String> objectClass;
        private final String[] zimbraACE;

        private GrantsOnTargetRaw(Map<String, Object> map) {
            this.cn = (String) map.get("cn");
            this.zimbraId = (String) map.get(SpecialAttrs.SA_zimbraId);
            this.objectClass = ImmutableSet.copyOf(getMultiAttrString(map, LdapConstants.ATTR_objectClass));
            this.zimbraACE = getMultiAttrString(map, "zimbraACE");
        }

        public String toString() {
            return Objects.toStringHelper(this).add("cn", this.cn).add(SpecialAttrs.SA_zimbraId, this.zimbraId).add(LdapConstants.ATTR_objectClass, this.objectClass).add("zimbraACE", ImmutableList.copyOf(this.zimbraACE)).toString();
        }

        private String[] getMultiAttrString(Map<String, Object> map, String str) {
            Object obj = map.get(str);
            return obj instanceof String ? new String[]{(String) obj} : (String[]) obj;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getTargetId() {
            return this.zimbraId != null ? this.zimbraId : this.cn;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/SearchGrants$SearchGrantVisitor.class */
    public static class SearchGrantVisitor extends SearchLdapOptions.SearchLdapVisitor {
        private final SearchGrantsResults results;

        SearchGrantVisitor(SearchGrantsResults searchGrantsResults) {
            this.results = searchGrantsResults;
        }

        @Override // com.zimbra.cs.ldap.SearchLdapOptions.SearchLdapVisitor
        public void visit(String str, Map<String, Object> map, IAttributes iAttributes) {
            this.results.addResult(new GrantsOnTargetRaw(map));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/SearchGrants$SearchGrantsResults.class */
    public static final class SearchGrantsResults {
        private final Provisioning prov;
        private final Map<String, GrantsOnTargetRaw> rawResults = new HashMap();
        private Set<GrantsOnTarget> results;

        SearchGrantsResults(Provisioning provisioning) {
            this.prov = provisioning;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addResult(GrantsOnTargetRaw grantsOnTargetRaw) {
            this.rawResults.put(grantsOnTargetRaw.getTargetId(), grantsOnTargetRaw);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Set<GrantsOnTarget> getResults() throws ServiceException {
            return getResults(false);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Set<GrantsOnTarget> getResults(boolean z) throws ServiceException {
            if (this.results == null) {
                this.results = new HashSet();
                Iterator<GrantsOnTargetRaw> it = this.rawResults.values().iterator();
                while (it.hasNext()) {
                    this.results.add(getGrants(this.prov, it.next(), z));
                }
            }
            return this.results;
        }

        private GrantsOnTarget getGrants(Provisioning provisioning, GrantsOnTargetRaw grantsOnTargetRaw, boolean z) throws ServiceException {
            TargetType targetType;
            if (grantsOnTargetRaw.objectClass.contains(AttributeClass.OC_zimbraCalendarResource)) {
                targetType = TargetType.calresource;
            } else if (grantsOnTargetRaw.objectClass.contains(AttributeClass.OC_zimbraAccount)) {
                targetType = TargetType.account;
            } else if (grantsOnTargetRaw.objectClass.contains(AttributeClass.OC_zimbraCOS)) {
                targetType = TargetType.cos;
            } else if (grantsOnTargetRaw.objectClass.contains(AttributeClass.OC_zimbraDistributionList)) {
                targetType = TargetType.dl;
            } else if (grantsOnTargetRaw.objectClass.contains(AttributeClass.OC_zimbraGroup)) {
                targetType = TargetType.group;
            } else if (grantsOnTargetRaw.objectClass.contains(AttributeClass.OC_zimbraDomain)) {
                targetType = TargetType.domain;
            } else if (grantsOnTargetRaw.objectClass.contains(AttributeClass.OC_zimbraServer)) {
                targetType = TargetType.server;
            } else if (grantsOnTargetRaw.objectClass.contains(AttributeClass.OC_zimbraAlwaysOnCluster)) {
                targetType = TargetType.alwaysoncluster;
            } else if (grantsOnTargetRaw.objectClass.contains(AttributeClass.OC_zimbraUCService)) {
                targetType = TargetType.ucservice;
            } else if (grantsOnTargetRaw.objectClass.contains(AttributeClass.OC_zimbraXMPPComponent)) {
                targetType = TargetType.xmppcomponent;
            } else if (grantsOnTargetRaw.objectClass.contains(AttributeClass.OC_zimbraZimletEntry)) {
                targetType = TargetType.zimlet;
            } else if (grantsOnTargetRaw.objectClass.contains(AttributeClass.OC_zimbraGlobalConfig)) {
                targetType = TargetType.config;
            } else {
                if (!grantsOnTargetRaw.objectClass.contains(AttributeClass.OC_zimbraAclTarget)) {
                    throw ServiceException.FAILURE("cannot determine target type from SearchGrantResult. " + grantsOnTargetRaw, (Throwable) null);
                }
                targetType = TargetType.global;
            }
            try {
                Entry lookupTarget = targetType == TargetType.zimlet ? TargetType.lookupTarget(provisioning, targetType, TargetBy.name, grantsOnTargetRaw.cn) : TargetType.lookupTarget(provisioning, targetType, TargetBy.id, grantsOnTargetRaw.zimbraId, z, true);
                if (lookupTarget != null) {
                    return new GrantsOnTarget(lookupTarget, new ZimbraACL(grantsOnTargetRaw.zimbraACE, targetType, lookupTarget.getLabel()));
                }
                ZimbraLog.acl.warn("canot find target by id %s", new Object[]{grantsOnTargetRaw.zimbraId});
                throw ServiceException.FAILURE("canot find target by id " + grantsOnTargetRaw.zimbraId + ". " + grantsOnTargetRaw, (Throwable) null);
            } catch (ServiceException e) {
                throw ServiceException.FAILURE("canot find target by id " + grantsOnTargetRaw.zimbraId + ". " + grantsOnTargetRaw, (Throwable) null);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SearchGrants(Provisioning provisioning, Set<TargetType> set, Set<String> set2) {
        this.fetchAttrs = Sets.newHashSet(new String[]{"cn", SpecialAttrs.SA_zimbraId, LdapConstants.ATTR_objectClass, "zimbraACE"});
        this.prov = provisioning;
        this.targetTypes = set;
        this.granteeIds = set2;
        this.acct = null;
        this.rights = null;
        this.onMaster = true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SearchGrants(Provisioning provisioning, Set<TargetType> set, Account account, Set<Right> set2, boolean z) {
        this.fetchAttrs = Sets.newHashSet(new String[]{"cn", SpecialAttrs.SA_zimbraId, LdapConstants.ATTR_objectClass, "zimbraACE"});
        this.prov = provisioning;
        this.targetTypes = set;
        this.granteeIds = null;
        this.acct = account;
        this.rights = set2;
        this.onMaster = z;
    }

    void addFetchAttribute(String str) {
        this.fetchAttrs.add(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addFetchAttribute(Set<String> set) {
        this.fetchAttrs.addAll(set);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SearchGrantsResults doSearch() throws ServiceException {
        Map<String, Set<String>> searchBasesAndOCs = TargetType.getSearchBasesAndOCs(this.prov, this.targetTypes);
        SearchGrantsResults searchGrantsResults = new SearchGrantsResults(this.prov);
        SearchGrantVisitor searchGrantVisitor = new SearchGrantVisitor(searchGrantsResults);
        long currentTimeMillis = ZimbraLog.acl.isTraceEnabled() ? System.currentTimeMillis() : 0L;
        for (Map.Entry<String, Set<String>> entry : searchBasesAndOCs.entrySet()) {
            search(entry.getKey(), entry.getValue(), searchGrantVisitor);
        }
        if (ZimbraLog.acl.isTraceEnabled()) {
            ZimbraLog.acl.trace("SearchGrants.doSearch() %s", new Object[]{ZimbraLog.elapsedTime(currentTimeMillis, System.currentTimeMillis())});
        }
        return searchGrantsResults;
    }

    private Set<String> getGranteeIds() throws ServiceException {
        if (this.granteeIds != null) {
            return this.granteeIds;
        }
        HashSet newHashSet = Sets.newHashSet(RightBearer.Grantee.getGrantee(this.acct, this.rights, false).getIdAndGroupIds());
        newHashSet.add(GuestAccount.GUID_AUTHUSER);
        newHashSet.add(GuestAccount.GUID_PUBLIC);
        String domainId = this.acct.getDomainId();
        if (domainId != null) {
            newHashSet.add(domainId);
        }
        return newHashSet;
    }

    private void search(String str, Set<String> set, SearchGrantVisitor searchGrantVisitor) throws ServiceException {
        StringBuilder sb = new StringBuilder("(&(|");
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            sb.append('(').append(LdapConstants.ATTR_objectClass).append('=').append(it.next()).append(")");
        }
        sb.append(")(|");
        if (this.rights == null) {
            Iterator<String> it2 = getGranteeIds().iterator();
            while (it2.hasNext()) {
                sb.append('(').append("zimbraACE").append('=').append(it2.next()).append("*)");
            }
        } else {
            for (String str2 : getGranteeIds()) {
                Iterator<Right> it3 = this.rights.iterator();
                while (it3.hasNext()) {
                    sb.append('(').append("zimbraACE").append('=').append(str2).append("*").append(it3.next().getName()).append(")");
                }
            }
        }
        sb.append("))");
        if (this.onMaster) {
            LdapProv.getInst().searchLdapOnMaster(str, sb.toString(), (String[]) this.fetchAttrs.toArray(new String[this.fetchAttrs.size()]), searchGrantVisitor);
        } else {
            LdapProv.getInst().searchLdapOnReplica(str, sb.toString(), (String[]) this.fetchAttrs.toArray(new String[this.fetchAttrs.size()]), searchGrantVisitor);
        }
    }
}
