package com.zimbra.cs.account.ldap.upgrade;

import com.zimbra.common.account.Key;
import com.zimbra.common.service.ServiceException;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.accesscontrol.GranteeType;
import com.zimbra.cs.account.accesscontrol.InlineAttrRight;
import com.zimbra.cs.account.accesscontrol.RightModifier;
import com.zimbra.cs.account.accesscontrol.TargetType;
import com.zimbra.cs.account.accesscontrol.generated.RightConsts;
import com.zimbra.cs.account.ldap.LdapDIT;
import com.zimbra.cs.account.ldap.SpecialAttrs;
import com.zimbra.cs.ldap.IAttributes;
import com.zimbra.cs.ldap.LdapClient;
import com.zimbra.cs.ldap.LdapConstants;
import com.zimbra.cs.ldap.LdapServerType;
import com.zimbra.cs.ldap.LdapUsage;
import com.zimbra.cs.ldap.SearchLdapOptions;
import com.zimbra.cs.ldap.ZAttributes;
import com.zimbra.cs.ldap.ZLdapContext;
import com.zimbra.cs.ldap.ZSearchScope;
import com.zimbra.cs.mailclient.imap.ImapResponse;
import com.zimbra.soap.admin.type.GranteeSelector;
import com.zimbra.soap.type.TargetBy;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

/* loaded from: input_file:com/zimbra/cs/account/ldap/upgrade/BUG_18277.class */
public class BUG_18277 extends UpgradeOp {
    private static String[] sAdminUICompForAllDomainAdmins = {"accountListView", "aliasListView", "DLListView", "resourceListView", "saveSearch"};
    private static String[] sAdminUICompForAllGlobalAdmins = {"cartBlancheUI"};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/zimbra/cs/account/ldap/upgrade/BUG_18277$Bug18277Visitor.class */
    public static class Bug18277Visitor extends SearchLdapOptions.SearchLdapVisitor {
        private final UpgradeOp upgradeOp;
        private final String configBranchBaseDn;
        private final Set<String> domainAdminIds;
        private final Set<String> globalAdminIds;

        private Bug18277Visitor(UpgradeOp upgradeOp, String str, Set<String> set, Set<String> set2) {
            super(false);
            this.upgradeOp = upgradeOp;
            this.configBranchBaseDn = str;
            this.domainAdminIds = set;
            this.globalAdminIds = set2;
        }

        @Override // com.zimbra.cs.ldap.SearchLdapOptions.SearchLdapVisitor
        public void visit(String str, IAttributes iAttributes) {
            try {
                doVisit(str, (ZAttributes) iAttributes);
            } catch (ServiceException e) {
                this.upgradeOp.printer.println("entry skipped, encountered error while processing entry at:" + str);
                this.upgradeOp.printer.printStackTrace(e);
            }
        }

        private void doVisit(String str, ZAttributes zAttributes) throws ServiceException {
            if (str.endsWith(this.configBranchBaseDn)) {
                return;
            }
            String zimbraIdIfGlobalAdmin = getZimbraIdIfGlobalAdmin(zAttributes);
            if (zimbraIdIfGlobalAdmin != null) {
                this.globalAdminIds.add(zimbraIdIfGlobalAdmin);
                return;
            }
            String zimbraIdIfDomainOnlyAdmin = getZimbraIdIfDomainOnlyAdmin(zAttributes);
            if (zimbraIdIfDomainOnlyAdmin != null) {
                this.domainAdminIds.add(zimbraIdIfDomainOnlyAdmin);
            }
        }

        private String getZimbraIdIfDomainOnlyAdmin(ZAttributes zAttributes) throws ServiceException {
            String attrString = zAttributes.getAttrString("zimbraIsAdminAccount");
            String attrString2 = zAttributes.getAttrString("zimbraIsDomainAdminAccount");
            String attrString3 = zAttributes.getAttrString("zimbraIsDelegatedAdminAccount");
            if (!LdapConstants.LDAP_TRUE.equals(attrString2) || LdapConstants.LDAP_TRUE.equals(attrString) || LdapConstants.LDAP_TRUE.equals(attrString3)) {
                return null;
            }
            return zAttributes.getAttrString(SpecialAttrs.SA_zimbraId);
        }

        private String getZimbraIdIfGlobalAdmin(ZAttributes zAttributes) throws ServiceException {
            if (LdapConstants.LDAP_TRUE.equals(zAttributes.getAttrString("zimbraIsAdminAccount"))) {
                return zAttributes.getAttrString(SpecialAttrs.SA_zimbraId);
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.zimbra.cs.account.ldap.upgrade.UpgradeOp
    public void doUpgrade() throws ServiceException {
        Domain domain;
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        getAllDomainOrGlobalAdmins(hashSet, hashSet2);
        for (String str : hashSet) {
            try {
                Account account = this.prov.get(Key.AccountBy.id, str);
                if (account != null && (domain = this.prov.getDomain(account)) != null) {
                    this.printer.println("Upgrading domain admin: " + account.getName());
                    grantRights(domain, account);
                }
            } catch (ServiceException e) {
                this.printer.println("Skipped upgrading global admin " + str + " (Encountered error: " + e.getMessage() + ")");
            }
        }
        for (String str2 : hashSet2) {
            try {
                Account account2 = this.prov.get(Key.AccountBy.id, str2);
                if (account2 != null) {
                    this.printer.println("Upgrading global admin: " + account2.getName());
                    setGlobalAdminUIComp(account2);
                }
            } catch (ServiceException e2) {
                this.printer.println("Skipped upgrading global admin " + str2 + " (Encountered error: " + e2.getMessage() + ")");
            }
        }
    }

    private void getAllDomainOrGlobalAdmins(Set<String> set, Set<String> set2) throws ServiceException {
        LdapDIT dit = this.prov.getDIT();
        String[] strArr = {LdapConstants.ATTR_objectClass, SpecialAttrs.SA_zimbraId, "zimbraIsAdminAccount", "zimbraIsDomainAdminAccount", "zimbraIsDelegatedAdminAccount"};
        String configBranchBaseDN = dit.configBranchBaseDN();
        String mailBranchBaseDN = dit.mailBranchBaseDN();
        ZLdapContext zLdapContext = null;
        try {
            try {
                zLdapContext = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.UPGRADE);
                zLdapContext.searchPaged(new SearchLdapOptions(mailBranchBaseDN, getFilter("(&(objectclass=zimbraAccount)(|(zimbraIsDomainAdminAccount=TRUE)(zimbraIsAdminAccount=TRUE)))"), strArr, 0, (Set<String>) null, ZSearchScope.SEARCH_SCOPE_SUBTREE, new Bug18277Visitor(this, configBranchBaseDN, set, set2)));
                LdapClient.closeContext(zLdapContext);
            } catch (ServiceException e) {
                throw ServiceException.FAILURE("unable to list all objects", e);
            }
        } catch (Throwable th) {
            LdapClient.closeContext(zLdapContext);
            throw th;
        }
    }

    private void grantRights(Domain domain, Account account) throws ServiceException {
        HashMap hashMap = new HashMap();
        hashMap.put("zimbraIsDelegatedAdminAccount", LdapConstants.LDAP_TRUE);
        this.prov.modifyAttrs(account, hashMap);
        this.prov.grantRight(TargetType.domain.getCode(), TargetBy.id, domain.getId(), GranteeType.GT_USER.getCode(), GranteeSelector.GranteeBy.id, account.getId(), null, RightConsts.RT_domainAdminConsoleRights, RightModifier.RM_CAN_DELEGATE);
        grantCosRights(domain, account);
        this.prov.grantRight(TargetType.global.getCode(), null, null, GranteeType.GT_USER.getCode(), GranteeSelector.GranteeBy.id, account.getId(), null, RightConsts.RT_listZimlet, RightModifier.RM_CAN_DELEGATE);
        this.prov.grantRight(TargetType.global.getCode(), null, null, GranteeType.GT_USER.getCode(), GranteeSelector.GranteeBy.id, account.getId(), null, RightConsts.RT_getZimlet, RightModifier.RM_CAN_DELEGATE);
        setDomainAdminUIComp(account);
        if (account.getLongAttr("zimbraDomainAdminMaxMailQuota", -1L) == -1) {
            this.prov.grantRight(TargetType.domain.getCode(), TargetBy.id, domain.getId(), GranteeType.GT_USER.getCode(), GranteeSelector.GranteeBy.id, account.getId(), null, InlineAttrRight.composeSetRight(TargetType.account, "zimbraMailQuota"), RightModifier.RM_DENY);
        }
    }

    private void grantCosRights(Domain domain, Account account) throws ServiceException {
        Iterator<String> it = domain.getMultiAttrSet("zimbraDomainCOSMaxAccounts").iterator();
        while (it.hasNext()) {
            String[] split = it.next().split(":");
            if (split.length == 2) {
                String str = split[0];
                if (this.prov.get(Key.CosBy.id, str) == null) {
                    this.printer.println("    cannot find cos " + str + ", skipping granting cos right to " + account.getName());
                } else {
                    this.prov.grantRight(TargetType.cos.getCode(), TargetBy.id, str, GranteeType.GT_USER.getCode(), GranteeSelector.GranteeBy.id, account.getId(), null, RightConsts.RT_listCos, RightModifier.RM_CAN_DELEGATE);
                    this.prov.grantRight(TargetType.cos.getCode(), TargetBy.id, str, GranteeType.GT_USER.getCode(), GranteeSelector.GranteeBy.id, account.getId(), null, RightConsts.RT_getCos, RightModifier.RM_CAN_DELEGATE);
                    this.prov.grantRight(TargetType.cos.getCode(), TargetBy.id, str, GranteeType.GT_USER.getCode(), GranteeSelector.GranteeBy.id, account.getId(), null, RightConsts.RT_assignCos, RightModifier.RM_CAN_DELEGATE);
                }
            }
        }
    }

    private void setDomainAdminUIComp(Account account) throws ServiceException {
        setAdminUIComp(account, sAdminUICompForAllDomainAdmins);
    }

    private void setGlobalAdminUIComp(Account account) throws ServiceException {
        setAdminUIComp(account, sAdminUICompForAllGlobalAdmins);
    }

    private void setAdminUIComp(Account account, String[] strArr) throws ServiceException {
        HashMap hashMap = new HashMap();
        hashMap.put(ImapResponse.CONTINUATION + "zimbraAdminConsoleUIComponents", strArr);
        this.prov.modifyAttrs(account, hashMap);
    }
}
