package com.zimbra.cs.dav.property;

import com.zimbra.common.account.Key;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.dav.DavContext;
import com.zimbra.cs.dav.DavElements;
import com.zimbra.cs.dav.DavException;
import com.zimbra.cs.dav.resource.DavResource;
import com.zimbra.cs.dav.resource.UrlNamespace;
import com.zimbra.cs.mailbox.ACL;
import com.zimbra.cs.mailbox.Folder;
import com.zimbra.cs.mailbox.MailItem;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.dom4j.Element;
import org.dom4j.QName;

/* loaded from: input_file:com/zimbra/cs/dav/property/Acl.class */
public class Acl extends ResourceProperty {
    protected ACL mAcl;
    protected String mOwner;
    protected static HashMap<String, Short> sRightsMap = new HashMap<>();
    private static final short RIGHT_UNSUPPORTED = 0;

    /* loaded from: input_file:com/zimbra/cs/dav/property/Acl$Ace.class */
    public static class Ace {
        private String mPrincipalUrl;
        private String mId;
        private short mRights;
        private byte mGranteeType;

        public Ace(Element element) throws DavException {
            Element element2 = element.element(DavElements.E_PRINCIPAL);
            if (element2 == null) {
                throw new DavException("missing principal element", 400);
            }
            List elements = element2.elements();
            if (elements.size() != 1) {
                throw new DavException("invalid principal element", 400);
            }
            Iterator it = elements.iterator();
            while (it.hasNext()) {
                QName qName = ((Element) it.next()).getQName();
                if (qName.equals(DavElements.E_HREF)) {
                    this.mPrincipalUrl = element2.getText();
                    this.mGranteeType = (byte) 1;
                    try {
                        Account principal = UrlNamespace.getPrincipal(this.mPrincipalUrl);
                        if (principal == null) {
                            throw new DavException("invalid principal: " + this.mPrincipalUrl, 400);
                        }
                        this.mId = principal.getId();
                    } catch (ServiceException e) {
                        throw new DavException("can't find principal: " + this.mPrincipalUrl, 500, e);
                    }
                } else if (qName.equals(DavElements.E_ALL)) {
                    this.mGranteeType = (byte) 6;
                } else if (qName.equals(DavElements.E_UNAUTHENTICATED)) {
                    this.mGranteeType = (byte) 6;
                } else {
                    if (!qName.equals(DavElements.E_AUTHENTICATED)) {
                        throw new DavException("unsupported principal: " + qName.getName(), 501);
                    }
                    this.mGranteeType = (byte) 3;
                }
            }
            if (element2 != null) {
                element2.element(DavElements.E_HREF);
            }
            this.mRights = (short) 0;
            Element element3 = element.element(DavElements.E_GRANT);
            if (element3 == null) {
                throw new DavException("missing grant element", 400);
            }
            Iterator it2 = element3.elements(DavElements.E_PRIVILEGE).iterator();
            while (it2.hasNext()) {
                List elements2 = ((Element) it2.next()).elements();
                if (elements2.size() != 1) {
                    throw new DavException("number of right elements contained in privilege element is not one", 400);
                }
                this.mRights = (short) (this.mRights | Acl.sRightsMap.get(((Element) elements2.get(0)).getName()).shortValue());
            }
        }

        public Ace(String str, short s, byte b) {
            this.mId = str;
            this.mRights = s;
            this.mGranteeType = b;
        }

        public String getPrincipalUrl() {
            if (this.mPrincipalUrl != null) {
                return this.mPrincipalUrl;
            }
            switch (this.mGranteeType) {
                case 1:
                    try {
                        this.mPrincipalUrl = UrlNamespace.getPrincipalCollectionUrl(Provisioning.getInstance().get(Key.AccountBy.id, this.mId));
                        break;
                    } catch (ServiceException e) {
                        ZimbraLog.dav.warn("can't lookup account " + this.mId, e);
                        break;
                    }
            }
            return this.mPrincipalUrl;
        }

        public String getZimbraId() {
            return this.mId;
        }

        public byte getGranteeType() {
            return this.mGranteeType;
        }

        public short getRights() {
            return this.mRights;
        }

        public boolean hasHref() {
            return this.mGranteeType == 1;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/zimbra/cs/dav/property/Acl$AclRestrictions.class */
    public static class AclRestrictions extends Acl {
        public AclRestrictions() {
            super(DavElements.E_ACL_RESTRICTIONS, null, null);
        }

        @Override // com.zimbra.cs.dav.property.Acl, com.zimbra.cs.dav.property.ResourceProperty
        public Element toElement(DavContext davContext, Element element, boolean z) {
            Element addElement = element.addElement(getName());
            addElement.addElement(DavElements.E_GRANT_ONLY);
            addElement.addElement(DavElements.E_NO_INVERT);
            return addElement;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/zimbra/cs/dav/property/Acl$CurrentUserPrincipal.class */
    public static class CurrentUserPrincipal extends Acl {
        public CurrentUserPrincipal() {
            super(DavElements.E_CURRENT_USER_PRINCIPAL, null, null);
        }

        @Override // com.zimbra.cs.dav.property.Acl, com.zimbra.cs.dav.property.ResourceProperty
        public Element toElement(DavContext davContext, Element element, boolean z) {
            Element addElement = element.addElement(getName());
            addElement.addElement(DavElements.E_HREF).setText(UrlNamespace.getPrincipalUrl(davContext.getAuthAccount()));
            return addElement;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/zimbra/cs/dav/property/Acl$CurrentUserPrivilegeSet.class */
    public static class CurrentUserPrivilegeSet extends Acl {
        private String mOwnerId;
        private short mRights;

        public CurrentUserPrivilegeSet(ACL acl, Account account) {
            super(DavElements.E_CURRENT_USER_PRIVILEGE_SET, acl, account.getName());
            this.mOwnerId = account.getId();
            this.mRights = (short) -1;
        }

        public CurrentUserPrivilegeSet(short s) {
            super(DavElements.E_CURRENT_USER_PRIVILEGE_SET, null, null);
            this.mRights = s;
        }

        @Override // com.zimbra.cs.dav.property.Acl, com.zimbra.cs.dav.property.ResourceProperty
        public Element toElement(DavContext davContext, Element element, boolean z) {
            short grantedRights;
            Element addElement = element.addElement(getName());
            if (z) {
                return addElement;
            }
            if (this.mRights > 0) {
                addPrivileges(addElement, this.mRights);
                if ((this.mRights & 2) == 0) {
                    addElement.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_WRITE_PROPERTIES);
                }
                return addElement;
            }
            if (davContext.getAuthAccount().getId().equals(this.mOwnerId)) {
                addPrivileges(addElement, (short) 15);
                return addElement;
            }
            if (this.mAcl == null) {
                return addElement;
            }
            for (ACL.Grant grant : this.mAcl.getGrants()) {
                try {
                    grantedRights = grant.getGrantedRights(davContext.getAuthAccount(), this.mAcl);
                } catch (ServiceException e) {
                    ZimbraLog.dav.error("can't add principal: grantee=" + grant.getGranteeId(), e);
                }
                if (grantedRights > 0) {
                    addPrivileges(addElement, grantedRights);
                    break;
                }
                continue;
            }
            return addElement;
        }
    }

    /* loaded from: input_file:com/zimbra/cs/dav/property/Acl$MountpointTargetPrivilegeSet.class */
    private static class MountpointTargetPrivilegeSet extends Acl {
        private short mRights;

        public MountpointTargetPrivilegeSet(short s) {
            super(DavElements.E_MOUNTPOINT_TARGET_PRIVILEGE_SET, null, null);
            this.mRights = s;
        }

        @Override // com.zimbra.cs.dav.property.Acl, com.zimbra.cs.dav.property.ResourceProperty
        public Element toElement(DavContext davContext, Element element, boolean z) {
            Element addElement = element.addElement(getName());
            if (z) {
                return addElement;
            }
            addPrivileges(addElement, this.mRights);
            return addElement;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/zimbra/cs/dav/property/Acl$PrincipalCollectionSet.class */
    public static class PrincipalCollectionSet extends ResourceProperty {
        public PrincipalCollectionSet() {
            super(DavElements.E_PRINCIPAL_COLLECTION_SET);
            setProtected(true);
        }

        @Override // com.zimbra.cs.dav.property.ResourceProperty
        public Element toElement(DavContext davContext, Element element, boolean z) {
            Element addElement = element.addElement(getName());
            try {
                addElement.addElement(DavElements.E_HREF).setText(UrlNamespace.getPrincipalCollectionUrl(davContext.getAuthAccount()));
            } catch (ServiceException e) {
                ZimbraLog.dav.warn("can't generate principal-collection-url", e);
            }
            return addElement;
        }
    }

    /* loaded from: input_file:com/zimbra/cs/dav/property/Acl$PrincipalUrl.class */
    private static class PrincipalUrl extends Acl {
        private Account mAccount;

        public PrincipalUrl(DavResource davResource) {
            super(DavElements.E_PRINCIPAL_URL, null, null);
            try {
                this.mAccount = Provisioning.getInstance().get(Key.AccountBy.name, davResource.getOwner());
            } catch (ServiceException e) {
                ZimbraLog.dav.warn("can't get account " + davResource.getOwner(), e);
            }
        }

        @Override // com.zimbra.cs.dav.property.Acl, com.zimbra.cs.dav.property.ResourceProperty
        public Element toElement(DavContext davContext, Element element, boolean z) {
            Element addElement = element.addElement(getName());
            if (this.mAccount != null) {
                addElement.addElement(DavElements.E_HREF).setText(UrlNamespace.getPrincipalUrl(this.mAccount));
            }
            return addElement;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/zimbra/cs/dav/property/Acl$SupportedPrivilegeSet.class */
    public static class SupportedPrivilegeSet extends Acl {
        public SupportedPrivilegeSet() {
            super(DavElements.E_SUPPORTED_PRIVILEGE_SET, null, null);
        }

        public Element addPrivilege(Element element, QName qName, String str) {
            Element addElement = element.addElement(DavElements.E_SUPPORTED_PRIVILEGE);
            addElement.addElement(DavElements.E_PRIVILEGE).addElement(qName);
            Element addElement2 = addElement.addElement(DavElements.E_DESCRIPTION);
            addElement2.addAttribute(DavElements.E_LANG, DavElements.LANG_EN_US);
            addElement2.setText(str);
            return addElement;
        }

        @Override // com.zimbra.cs.dav.property.Acl, com.zimbra.cs.dav.property.ResourceProperty
        public Element toElement(DavContext davContext, Element element, boolean z) {
            Element addElement = element.addElement(getName());
            if (!z && this.mAcl != null) {
                Element addPrivilege = addPrivilege(addElement, DavElements.E_ALL, "any operation");
                addPrivilege(addPrivilege, DavElements.E_READ, "read calendar, attachment, notebook");
                addPrivilege(addPrivilege, DavElements.E_WRITE, "add calendar appointment, upload attachment");
                addPrivilege(addPrivilege, DavElements.E_UNLOCK, "unlock your own resources locked by someone else");
                return addElement;
            }
            return addElement;
        }
    }

    public static Set<ResourceProperty> getAclProperties(DavResource davResource, Folder folder) throws ServiceException, DavException {
        HashSet hashSet = new HashSet();
        if (folder == null) {
            return hashSet;
        }
        String owner = davResource.getOwner();
        ACL effectiveACL = folder.getEffectiveACL();
        hashSet.add(getSupportedPrivilegeSet());
        if (folder != null) {
            if (folder.getDefaultView() != MailItem.Type.APPOINTMENT || folder.getUrl() == null || folder.getUrl().equals("")) {
                hashSet.add(getCurrentUserPrivilegeSet(effectiveACL, folder.getAccount()));
            } else {
                hashSet.add(getCurrentUserPrivilegeSet((short) 1));
            }
            hashSet.add(getPrincipalCollectionSet());
        }
        hashSet.add(getAcl(effectiveACL, owner));
        hashSet.add(getAclRestrictions());
        ResourceProperty resourceProperty = new ResourceProperty(DavElements.E_OWNER);
        resourceProperty.setProtected(true);
        resourceProperty.addChild(DavElements.E_HREF).setText(UrlNamespace.getPrincipalUrl(owner));
        hashSet.add(resourceProperty);
        ResourceProperty resourceProperty2 = new ResourceProperty(DavElements.E_GROUP);
        resourceProperty2.setProtected(true);
        hashSet.add(resourceProperty2);
        ResourceProperty resourceProperty3 = new ResourceProperty(DavElements.E_INHERITED_ACL_SET);
        resourceProperty3.setProtected(true);
        hashSet.add(resourceProperty3);
        return hashSet;
    }

    public static ResourceProperty getPrincipalUrl(DavResource davResource) {
        return new PrincipalUrl(davResource);
    }

    public static ResourceProperty getAcl(ACL acl, String str) {
        return new Acl(acl, str);
    }

    public static ResourceProperty getSupportedPrivilegeSet() {
        return new SupportedPrivilegeSet();
    }

    public static ResourceProperty getCurrentUserPrivilegeSet(ACL acl, Account account) {
        return new CurrentUserPrivilegeSet(acl, account);
    }

    public static ResourceProperty getCurrentUserPrivilegeSet(short s) {
        return new CurrentUserPrivilegeSet(s);
    }

    public static ResourceProperty getMountpointTargetPrivilegeSet(short s) {
        return new MountpointTargetPrivilegeSet(s);
    }

    public static ResourceProperty getAclRestrictions() {
        return new AclRestrictions();
    }

    public static ResourceProperty getPrincipalCollectionSet() {
        return new PrincipalCollectionSet();
    }

    public static ResourceProperty getCurrentUserPrincipal() {
        return new CurrentUserPrincipal();
    }

    private Acl(ACL acl, String str) {
        this(DavElements.E_ACL, acl, str);
    }

    private Acl(QName qName, ACL acl, String str) {
        super(qName);
        setProtected(true);
        this.mAcl = acl;
        this.mOwner = str;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:37:0x0178, code lost:
    
        addGrantDeny(r0, r0, true);
     */
    @Override // com.zimbra.cs.dav.property.ResourceProperty
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.dom4j.Element toElement(com.zimbra.cs.dav.DavContext r6, org.dom4j.Element r7, boolean r8) {
        /*
            Method dump skipped, instructions count: 464
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.zimbra.cs.dav.property.Acl.toElement(com.zimbra.cs.dav.DavContext, org.dom4j.Element, boolean):org.dom4j.Element");
    }

    protected Element addGrantDeny(Element element, ACL.Grant grant, boolean z) {
        Element addElement = z ? element.addElement(DavElements.E_GRANT) : element.addElement(DavElements.E_DENY);
        addPrivileges(addElement, grant.getGrantedRights());
        return addElement;
    }

    protected Element addPrivileges(Element element, short s) {
        element.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_READ_CURRENT_USER_PRIVILEGE_SET);
        if ((s & 1) > 0) {
            element.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_READ);
        }
        if ((s & 2) > 0) {
            element.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_WRITE);
            element.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_WRITE_CONTENT);
            element.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_WRITE_PROPERTIES);
        }
        if ((s & 4) > 0) {
            element.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_BIND);
        }
        if ((s & 8) > 0) {
            element.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_UNBIND);
        }
        if ((s & 256) > 0) {
            element.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_UNLOCK);
            element.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_WRITE_ACL);
        }
        return element;
    }

    static {
        sRightsMap.put("read", (short) 1);
        sRightsMap.put(DavElements.P_READ_CURRENT_USER_PRIVILEGE_SET, (short) 1);
        sRightsMap.put(DavElements.P_READ_FREE_BUSY, (short) 0);
        sRightsMap.put(DavElements.P_BIND, (short) 2);
        sRightsMap.put(DavElements.P_UNBIND, (short) 2);
        sRightsMap.put(DavElements.P_WRITE, (short) 2);
        sRightsMap.put(DavElements.P_WRITE_ACL, (short) 256);
        sRightsMap.put(DavElements.P_WRITE_CONTENT, (short) 2);
        sRightsMap.put(DavElements.P_WRITE_PROPERTIES, (short) 2);
        sRightsMap.put("unlock", (short) 256);
    }
}
