package com.zimbra.cs.account.accesscontrol;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.collect.Sets;
import com.zimbra.common.account.Key;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.Element;
import com.zimbra.common.util.L10nUtil;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.AccessManager;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.AttributeManager;
import com.zimbra.cs.account.Entry;
import com.zimbra.cs.account.MailTarget;
import com.zimbra.cs.account.NamedEntry;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.Server;
import com.zimbra.cs.account.accesscontrol.Right;
import com.zimbra.cs.account.accesscontrol.RightBearer;
import com.zimbra.cs.account.accesscontrol.SearchGrants;
import com.zimbra.cs.dav.DavElements;
import com.zimbra.cs.mailbox.Metadata;
import com.zimbra.soap.admin.message.GetAllEffectiveRightsResponse;
import com.zimbra.soap.admin.message.GetEffectiveRightsResponse;
import com.zimbra.soap.admin.type.EffectiveAttrInfo;
import com.zimbra.soap.admin.type.EffectiveAttrsInfo;
import com.zimbra.soap.admin.type.EffectiveRightsInfo;
import com.zimbra.soap.admin.type.EffectiveRightsTarget;
import com.zimbra.soap.admin.type.EffectiveRightsTargetInfo;
import com.zimbra.soap.admin.type.EffectiveRightsTargetSelector;
import com.zimbra.soap.admin.type.GranteeInfo;
import com.zimbra.soap.admin.type.GranteeSelector;
import com.zimbra.soap.admin.type.InDomainInfo;
import com.zimbra.soap.admin.type.RightWithName;
import com.zimbra.soap.admin.type.RightsEntriesInfo;
import com.zimbra.soap.type.NamedElement;
import com.zimbra.soap.type.TargetBy;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import java.util.TreeMap;
import java.util.concurrent.TimeUnit;

/* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand.class */
public class RightCommand {
    private static final Cache<String, AllEffectiveRights> ALL_EFFECTIVE_RIGHTS_CACHE;
    private static final long MAX_CACHE_EXPIRY = 1800000;

    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand$ACE.class */
    public static class ACE {
        private final String mTargetType;
        private final String mTargetId;
        private final String mTargetName;
        private final String mGranteeType;
        private final String mGranteeId;
        private final String mGranteeName;
        private final String mRight;
        private final RightModifier mRightModifier;

        private ACE(String str, String str2, String str3, String str4, String str5, String str6, String str7, RightModifier rightModifier) {
            this.mTargetType = str;
            this.mTargetId = str2;
            this.mTargetName = str3;
            this.mGranteeType = str4;
            this.mGranteeId = str5;
            this.mGranteeName = str6;
            this.mRight = str7;
            this.mRightModifier = rightModifier;
        }

        private ACE(TargetType targetType, Entry entry, ZimbraACE zimbraACE) {
            this.mTargetType = targetType.getCode();
            this.mTargetId = TargetType.getId(entry);
            this.mTargetName = entry.getLabel();
            this.mGranteeType = zimbraACE.getGranteeType().getCode();
            this.mGranteeId = zimbraACE.getGrantee();
            this.mGranteeName = zimbraACE.getGranteeDisplayName();
            this.mRight = zimbraACE.getRight().getName();
            this.mRightModifier = zimbraACE.getRightModifier();
        }

        public String targetType() {
            return this.mTargetType;
        }

        public String targetId() {
            return this.mTargetId != null ? this.mTargetId : "";
        }

        public String targetName() {
            return this.mTargetName;
        }

        public String granteeType() {
            return this.mGranteeType;
        }

        public String granteeId() {
            return this.mGranteeId;
        }

        public String granteeName() {
            return this.mGranteeName;
        }

        public String right() {
            return this.mRight;
        }

        public RightModifier rightModifier() {
            return this.mRightModifier;
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand$AllEffectiveRights.class */
    public static class AllEffectiveRights {
        String mGranteeType;
        String mGranteeId;
        String mGranteeName;
        Map<TargetType, RightsByTargetType> mRightsByTargetType = new HashMap();

        AllEffectiveRights(String str, String str2, String str3) {
            this.mGranteeType = str;
            this.mGranteeId = str2;
            this.mGranteeName = str3;
            for (TargetType targetType : TargetType.values()) {
                if (targetType.isDomained()) {
                    this.mRightsByTargetType.put(targetType, new DomainedRightsByTargetType());
                } else {
                    this.mRightsByTargetType.put(targetType, new RightsByTargetType());
                }
            }
        }

        public String granteeType() {
            return this.mGranteeType;
        }

        public String granteeId() {
            return this.mGranteeId;
        }

        public String granteeName() {
            return this.mGranteeName;
        }

        public Map<TargetType, RightsByTargetType> rightsByTargetType() {
            return this.mRightsByTargetType;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setAll(TargetType targetType, EffectiveRights effectiveRights) {
            if (effectiveRights.hasNoRight()) {
                return;
            }
            this.mRightsByTargetType.get(targetType).setAll(effectiveRights);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void addEntry(TargetType targetType, String str, EffectiveRights effectiveRights) {
            if (effectiveRights.hasNoRight()) {
                return;
            }
            this.mRightsByTargetType.get(targetType).addEntry(str, effectiveRights);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void addAggregation(TargetType targetType, Set<String> set, EffectiveRights effectiveRights) {
            if (effectiveRights.hasNoRight()) {
                return;
            }
            this.mRightsByTargetType.get(targetType).addAggregation(set, effectiveRights);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void addDomainEntry(TargetType targetType, String str, EffectiveRights effectiveRights) {
            if (effectiveRights.hasNoRight()) {
                return;
            }
            ((DomainedRightsByTargetType) this.mRightsByTargetType.get(targetType)).addDomainEntry(str, effectiveRights);
        }

        public static AllEffectiveRights fromJaxb(GetAllEffectiveRightsResponse getAllEffectiveRightsResponse) throws ServiceException {
            GranteeInfo grantee = getAllEffectiveRightsResponse.getGrantee();
            com.zimbra.soap.type.GranteeType type = grantee.getType();
            AllEffectiveRights allEffectiveRights = new AllEffectiveRights(type == null ? null : type.toString(), grantee.getId(), grantee.getName());
            for (EffectiveRightsTarget effectiveRightsTarget : getAllEffectiveRightsResponse.getTargets()) {
                RightsByTargetType rightsByTargetType = allEffectiveRights.mRightsByTargetType.get(TargetType.fromCode(effectiveRightsTarget.getType().toString()));
                EffectiveRightsInfo all = effectiveRightsTarget.getAll();
                if (all != null) {
                    rightsByTargetType.mAll = EffectiveRights.fromJaxb(all);
                }
                if (rightsByTargetType instanceof DomainedRightsByTargetType) {
                    DomainedRightsByTargetType domainedRightsByTargetType = (DomainedRightsByTargetType) rightsByTargetType;
                    for (InDomainInfo inDomainInfo : effectiveRightsTarget.getInDomainLists()) {
                        HashSet hashSet = new HashSet();
                        Iterator it = inDomainInfo.getDomains().iterator();
                        while (it.hasNext()) {
                            hashSet.add(((NamedElement) it.next()).getName());
                        }
                        domainedRightsByTargetType.mDomains.add(new RightAggregation(hashSet, EffectiveRights.fromJaxb(inDomainInfo.getRights())));
                    }
                }
                for (RightsEntriesInfo rightsEntriesInfo : effectiveRightsTarget.getEntriesLists()) {
                    HashSet hashSet2 = new HashSet();
                    Iterator it2 = rightsEntriesInfo.getEntries().iterator();
                    while (it2.hasNext()) {
                        hashSet2.add(((NamedElement) it2.next()).getName());
                    }
                    rightsByTargetType.mEntries.add(new RightAggregation(hashSet2, EffectiveRights.fromJaxb(rightsEntriesInfo.getRights())));
                }
            }
            return allEffectiveRights;
        }

        public void toXML(Element element) {
            Element addNonUniqueElement = element.addNonUniqueElement("grantee");
            addNonUniqueElement.addAttribute("type", this.mGranteeType);
            addNonUniqueElement.addAttribute("id", this.mGranteeId);
            addNonUniqueElement.addAttribute("name", this.mGranteeName);
            for (Map.Entry<TargetType, RightsByTargetType> entry : this.mRightsByTargetType.entrySet()) {
                TargetType key = entry.getKey();
                RightsByTargetType value = entry.getValue();
                Element addNonUniqueElement2 = element.addNonUniqueElement("target");
                addNonUniqueElement2.addAttribute("type", key.getCode());
                EffectiveRights all = value.all();
                if (all != null) {
                    all.toXML(addNonUniqueElement2.addNonUniqueElement("all"));
                }
                if (value instanceof DomainedRightsByTargetType) {
                    for (RightAggregation rightAggregation : ((DomainedRightsByTargetType) value).domains()) {
                        Element addNonUniqueElement3 = addNonUniqueElement2.addNonUniqueElement("inDomains");
                        Iterator<String> it = rightAggregation.entries().iterator();
                        while (it.hasNext()) {
                            addNonUniqueElement3.addNonUniqueElement("domain").addAttribute("name", it.next());
                        }
                        rightAggregation.getRights().toXML(addNonUniqueElement3.addNonUniqueElement("rights"));
                    }
                }
                for (RightAggregation rightAggregation2 : value.entries()) {
                    Element addNonUniqueElement4 = addNonUniqueElement2.addNonUniqueElement("entries");
                    Iterator<String> it2 = rightAggregation2.entries().iterator();
                    while (it2.hasNext()) {
                        addNonUniqueElement4.addNonUniqueElement("entry").addAttribute("name", it2.next());
                    }
                    rightAggregation2.getRights().toXML(addNonUniqueElement4.addNonUniqueElement("rights"));
                }
            }
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand$DomainedRightsByTargetType.class */
    public static class DomainedRightsByTargetType extends RightsByTargetType {
        Set<RightAggregation> mDomains = new HashSet();

        public Set<RightAggregation> domains() {
            return this.mDomains;
        }

        void addDomainEntry(String str, EffectiveRights effectiveRights) {
            add(this.mDomains, str, effectiveRights);
        }

        @Override // com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType
        public boolean hasNoRight() {
            return super.hasNoRight() && this.mDomains.isEmpty();
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand$EffectiveAttr.class */
    public static class EffectiveAttr {
        private static final Set<String> EMPTY_SET = new HashSet();
        String mAttrName;
        Set<String> mDefault;
        AttributeConstraint mConstraint;

        /* JADX INFO: Access modifiers changed from: package-private */
        public EffectiveAttr(String str, Set<String> set, AttributeConstraint attributeConstraint) {
            this.mAttrName = str;
            this.mDefault = set;
            this.mConstraint = attributeConstraint;
        }

        public String getAttrName() {
            return this.mAttrName;
        }

        public Set<String> getDefault() {
            return this.mDefault == null ? EMPTY_SET : this.mDefault;
        }

        AttributeConstraint getConstraint() {
            return this.mConstraint;
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand$EffectiveRights.class */
    public static class EffectiveRights {
        private static final SortedMap<String, EffectiveAttr> EMPTY_MAP = new TreeMap();
        String mTargetType;
        String mTargetId;
        String mTargetName;
        String mGranteeId;
        String mGranteeName;
        String mDigest;
        List<String> mPresetRights = new ArrayList();
        boolean mCanSetAllAttrs = false;
        SortedMap<String, EffectiveAttr> mCanSetAttrs = EMPTY_MAP;
        boolean mCanGetAllAttrs = false;
        SortedMap<String, EffectiveAttr> mCanGetAttrs = EMPTY_MAP;

        /* JADX INFO: Access modifiers changed from: package-private */
        public EffectiveRights(String str, String str2, String str3, String str4, String str5) {
            this.mTargetType = str;
            this.mTargetId = str2 == null ? "" : str2;
            this.mTargetName = str3;
            this.mGranteeId = str4;
            this.mGranteeName = str5;
        }

        private EffectiveRights() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean hasSameRights(EffectiveRights effectiveRights) {
            return getDigest().equals(effectiveRights.getDigest());
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean hasNoRight() {
            return this.mPresetRights.isEmpty() && !this.mCanSetAllAttrs && this.mCanSetAttrs.isEmpty() && !this.mCanGetAllAttrs && this.mCanGetAttrs.isEmpty();
        }

        private String getDigest() {
            if (this.mDigest != null) {
                return this.mDigest;
            }
            StringBuilder sb = new StringBuilder();
            sb.append("preset:" + this.mPresetRights.hashCode() + ";");
            sb.append("setAttrs:");
            if (this.mCanSetAllAttrs) {
                sb.append("all;");
            } else {
                sb.append(new ArrayList(this.mCanSetAttrs.keySet()).hashCode() + ";");
            }
            sb.append("getAttrs:");
            if (this.mCanGetAllAttrs) {
                sb.append("all;");
            } else {
                sb.append(new ArrayList(this.mCanGetAttrs.keySet()).hashCode() + ";");
            }
            this.mDigest = sb.toString();
            return this.mDigest;
        }

        public static EffectiveRights fromJaxb_EffectiveRights(GetEffectiveRightsResponse getEffectiveRightsResponse) throws ServiceException {
            EffectiveRights fromJaxb = fromJaxb(getEffectiveRightsResponse.getTarget());
            fromJaxb.mGranteeId = getEffectiveRightsResponse.getGrantee().getId();
            fromJaxb.mGranteeName = getEffectiveRightsResponse.getGrantee().getName();
            return fromJaxb;
        }

        public static EffectiveRights fromXML_CreateObjectAttrs(Element element) throws ServiceException {
            EffectiveRights effectiveRights = new EffectiveRights();
            Element element2 = element.getElement("setAttrs");
            if (element2.getAttributeBool("all", false)) {
                effectiveRights.mCanSetAllAttrs = true;
            }
            effectiveRights.mCanSetAttrs = fromXML_attrs(element2);
            return effectiveRights;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static EffectiveRights fromJaxb(EffectiveRightsInfo effectiveRightsInfo) throws ServiceException {
            EffectiveRights effectiveRights = new EffectiveRights();
            effectiveRights.mPresetRights = new ArrayList();
            Iterator it = effectiveRightsInfo.getRights().iterator();
            while (it.hasNext()) {
                effectiveRights.mPresetRights.add(((RightWithName) it.next()).getName());
            }
            EffectiveAttrsInfo setAttrs = effectiveRightsInfo.getSetAttrs();
            Boolean all = setAttrs.getAll();
            effectiveRights.mCanSetAllAttrs = all != null && all.booleanValue();
            effectiveRights.mCanSetAttrs = from_attrs(setAttrs);
            EffectiveAttrsInfo getAttrs = effectiveRightsInfo.getGetAttrs();
            Boolean all2 = getAttrs.getAll();
            effectiveRights.mCanGetAllAttrs = all2 != null && all2.booleanValue();
            effectiveRights.mCanGetAttrs = from_attrs(getAttrs);
            if (effectiveRightsInfo instanceof EffectiveRightsTargetInfo) {
                EffectiveRightsTargetInfo effectiveRightsTargetInfo = (EffectiveRightsTargetInfo) effectiveRightsInfo;
                effectiveRights.mTargetType = effectiveRightsTargetInfo.getType().toString();
                effectiveRights.mTargetId = effectiveRightsTargetInfo.getId();
                effectiveRights.mTargetName = effectiveRightsTargetInfo.getName();
            }
            return effectiveRights;
        }

        private static TreeMap<String, EffectiveAttr> from_attrs(EffectiveAttrsInfo effectiveAttrsInfo) throws ServiceException {
            TreeMap<String, EffectiveAttr> treeMap = new TreeMap<>();
            AttributeManager attributeManager = AttributeManager.getInstance();
            for (EffectiveAttrInfo effectiveAttrInfo : effectiveAttrsInfo.getAttrs()) {
                String name = effectiveAttrInfo.getName();
                AttributeConstraint.fromJaxb(attributeManager, name, effectiveAttrInfo.getConstraint());
                HashSet hashSet = null;
                List values = effectiveAttrInfo.getValues();
                if (values != null && values.size() > 0) {
                    hashSet = Sets.newHashSet();
                    hashSet.addAll(values);
                }
                treeMap.put(name, new EffectiveAttr(name, hashSet, null));
            }
            return treeMap;
        }

        private static TreeMap<String, EffectiveAttr> fromXML_attrs(Element element) throws ServiceException {
            TreeMap<String, EffectiveAttr> treeMap = new TreeMap<>();
            AttributeManager attributeManager = AttributeManager.getInstance();
            for (Element element2 : element.listElements("a")) {
                String attribute = element2.getAttribute("n");
                Element optionalElement = element2.getOptionalElement("constraint");
                if (optionalElement != null) {
                    AttributeConstraint.fromXML(attributeManager, attribute, optionalElement);
                }
                Element optionalElement2 = element2.getOptionalElement("default");
                HashSet hashSet = null;
                if (optionalElement2 != null) {
                    hashSet = new HashSet();
                    Iterator it = optionalElement2.listElements("v").iterator();
                    while (it.hasNext()) {
                        hashSet.add(((Element) it.next()).getText());
                    }
                }
                treeMap.put(attribute, new EffectiveAttr(attribute, hashSet, null));
            }
            return treeMap;
        }

        public void toXML_getEffectiveRights(Element element) {
            Element addNonUniqueElement = element.addNonUniqueElement("grantee");
            addNonUniqueElement.addAttribute("id", this.mGranteeId);
            addNonUniqueElement.addAttribute("name", this.mGranteeName);
            Element addNonUniqueElement2 = element.addNonUniqueElement("target");
            addNonUniqueElement2.addAttribute("type", this.mTargetType);
            addNonUniqueElement2.addAttribute("id", this.mTargetId);
            addNonUniqueElement2.addAttribute("name", this.mTargetName);
            toXML(addNonUniqueElement2);
        }

        public void toXML_getCreateObjectAttrs(Element element) {
            toXML(element, "setAttrs", this.mCanSetAllAttrs, this.mCanSetAttrs);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void toXML(Element element) {
            Iterator<String> it = this.mPresetRights.iterator();
            while (it.hasNext()) {
                element.addNonUniqueElement("right").addAttribute("n", it.next());
            }
            toXML(element, "setAttrs", this.mCanSetAllAttrs, this.mCanSetAttrs);
            toXML(element, "getAttrs", this.mCanGetAllAttrs, this.mCanGetAttrs);
        }

        private void toXML(Element element, String str, boolean z, SortedMap<String, EffectiveAttr> sortedMap) {
            Element addNonUniqueElement = element.addNonUniqueElement(str);
            if (z) {
                addNonUniqueElement.addAttribute("all", true);
            }
            for (EffectiveAttr effectiveAttr : sortedMap.values()) {
                Element addNonUniqueElement2 = addNonUniqueElement.addNonUniqueElement("a");
                String attrName = effectiveAttr.getAttrName();
                addNonUniqueElement2.addAttribute("n", attrName);
                AttributeConstraint constraint = effectiveAttr.getConstraint();
                if (constraint != null) {
                    constraint.toXML(addNonUniqueElement2);
                }
                if (!effectiveAttr.getDefault().isEmpty()) {
                    Element addNonUniqueElement3 = addNonUniqueElement2.addNonUniqueElement("default");
                    Iterator<String> it = effectiveAttr.getDefault().iterator();
                    while (it.hasNext()) {
                        addNonUniqueElement3.addNonUniqueElement("v").setText(Provisioning.sanitizedAttrValue(attrName, it.next()).toString());
                    }
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setPresetRights(List<String> list) {
            this.mPresetRights = list;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setCanSetAllAttrs() {
            this.mCanSetAllAttrs = true;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setCanSetAttrs(SortedMap<String, EffectiveAttr> sortedMap) {
            this.mCanSetAttrs = sortedMap;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setCanGetAllAttrs() {
            this.mCanGetAllAttrs = true;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setCanGetAttrs(SortedMap<String, EffectiveAttr> sortedMap) {
            this.mCanGetAttrs = sortedMap;
        }

        public String targetType() {
            return this.mTargetType;
        }

        public String targetId() {
            return this.mTargetId;
        }

        public String targetName() {
            return this.mTargetName;
        }

        public String granteeId() {
            return this.mGranteeId;
        }

        public String granteeName() {
            return this.mGranteeName;
        }

        public List<String> presetRights() {
            return this.mPresetRights;
        }

        public boolean canSetAllAttrs() {
            return this.mCanSetAllAttrs;
        }

        public SortedMap<String, EffectiveAttr> canSetAttrs() {
            return this.mCanSetAttrs;
        }

        public boolean canGetAllAttrs() {
            return this.mCanGetAllAttrs;
        }

        public SortedMap<String, EffectiveAttr> canGetAttrs() {
            return this.mCanGetAttrs;
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand$Grants.class */
    public static class Grants {
        Set<ACE> mACEs = new HashSet();

        Grants() {
        }

        void addACE(ACE ace) {
            this.mACEs.add(ace);
        }

        public Set<ACE> getACEs() {
            return this.mACEs;
        }

        public Grants(Element element) throws ServiceException {
            for (Element element2 : element.listElements("grant")) {
                Element element3 = element2.getElement("target");
                String attribute = element3.getAttribute("type", "");
                String attribute2 = element3.getAttribute("id", "");
                String attribute3 = element3.getAttribute("name", "");
                Element element4 = element2.getElement("grantee");
                String attribute4 = element4.getAttribute("type", "");
                String attribute5 = element4.getAttribute("id", "");
                String attribute6 = element4.getAttribute("name", "");
                Element element5 = element2.getElement("right");
                String text = element5.getText();
                boolean attributeBool = element5.getAttributeBool(DavElements.P_DENY, false);
                boolean attributeBool2 = element5.getAttributeBool("canDelegate", false);
                boolean attributeBool3 = element5.getAttributeBool("disinheritSubGroups", false);
                boolean attributeBool4 = element5.getAttributeBool("subDomain", false);
                RightModifier rightModifier = null;
                if (attributeBool) {
                    rightModifier = RightModifier.RM_DENY;
                } else if (attributeBool2) {
                    rightModifier = RightModifier.RM_CAN_DELEGATE;
                } else if (attributeBool3) {
                    rightModifier = RightModifier.RM_DISINHERIT_SUB_GROUPS;
                } else if (attributeBool4) {
                    rightModifier = RightModifier.RM_SUBDOMAIN;
                }
                addACE(new ACE(attribute, attribute2, attribute3, attribute4, attribute5, attribute6, text, rightModifier));
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addGrants(TargetType targetType, Entry entry, ZimbraACL zimbraACL, Set<String> set, Boolean bool) {
            if (zimbraACL == null) {
                return;
            }
            for (ZimbraACE zimbraACE : zimbraACL.getAllACEs()) {
                if (!(!zimbraACE.getRight().isUserRight()) || Boolean.FALSE != bool) {
                    if (set == null || set.contains(zimbraACE.getGrantee())) {
                        addACE(new ACE(targetType, entry, zimbraACE));
                    }
                }
            }
        }

        public void toXML(Element element) {
            for (ACE ace : this.mACEs) {
                Element addNonUniqueElement = element.addNonUniqueElement("grant");
                RightModifier rightModifier = ace.rightModifier();
                boolean z = rightModifier == RightModifier.RM_DENY;
                boolean z2 = rightModifier == RightModifier.RM_CAN_DELEGATE;
                boolean z3 = rightModifier == RightModifier.RM_DISINHERIT_SUB_GROUPS;
                boolean z4 = rightModifier == RightModifier.RM_SUBDOMAIN;
                Element addNonUniqueElement2 = addNonUniqueElement.addNonUniqueElement("target");
                addNonUniqueElement2.addAttribute("type", ace.targetType());
                addNonUniqueElement2.addAttribute("id", ace.targetId());
                addNonUniqueElement2.addAttribute("name", ace.targetName());
                Element addNonUniqueElement3 = addNonUniqueElement.addNonUniqueElement("grantee");
                addNonUniqueElement3.addAttribute("type", ace.granteeType());
                addNonUniqueElement3.addAttribute("id", ace.granteeId());
                addNonUniqueElement3.addAttribute("name", ace.granteeName());
                Element addNonUniqueElement4 = addNonUniqueElement.addNonUniqueElement("right");
                addNonUniqueElement4.addAttribute(DavElements.P_DENY, z);
                addNonUniqueElement4.addAttribute("canDelegate", z2);
                addNonUniqueElement4.addAttribute("disinheritSubGroups", z3);
                addNonUniqueElement4.addAttribute("subDomain", z4);
                addNonUniqueElement4.setText(ace.right());
            }
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand$RightAggregation.class */
    public static class RightAggregation {
        Set<String> mEntries;
        EffectiveRights mRights;

        public Set<String> entries() {
            return this.mEntries;
        }

        public EffectiveRights effectiveRights() {
            return this.mRights;
        }

        private RightAggregation(String str, EffectiveRights effectiveRights) {
            this.mEntries = new HashSet();
            this.mEntries.add(str);
            this.mRights = effectiveRights;
        }

        private RightAggregation(Set<String> set, EffectiveRights effectiveRights) {
            this.mEntries = new HashSet();
            this.mEntries.addAll(set);
            this.mRights = effectiveRights;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public EffectiveRights getRights() {
            return this.mRights;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addEntry(String str) {
            this.mEntries.add(str);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addEntries(Set<String> set) {
            this.mEntries.addAll(set);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean hasEntry(String str) {
            return this.mEntries.contains(str);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void removeEntry(String str) {
            this.mEntries.remove(str);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean hasSameRights(EffectiveRights effectiveRights) {
            return this.mRights.hasSameRights(effectiveRights);
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/accesscontrol/RightCommand$RightsByTargetType.class */
    public static class RightsByTargetType {
        EffectiveRights mAll = null;
        Set<RightAggregation> mEntries = new HashSet();

        public EffectiveRights all() {
            return this.mAll;
        }

        public Set<RightAggregation> entries() {
            return this.mEntries;
        }

        void setAll(EffectiveRights effectiveRights) {
            this.mAll = effectiveRights;
        }

        protected static void add(Set<RightAggregation> set, String str, EffectiveRights effectiveRights) {
            Iterator<RightAggregation> it = set.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                RightAggregation next = it.next();
                if (next.hasEntry(str)) {
                    next.removeEntry(str);
                    break;
                }
            }
            for (RightAggregation rightAggregation : set) {
                if (rightAggregation.hasSameRights(effectiveRights)) {
                    rightAggregation.addEntry(str);
                    return;
                }
            }
            set.add(new RightAggregation(str, effectiveRights));
        }

        protected static void addAggregation(Set<RightAggregation> set, Set<String> set2, EffectiveRights effectiveRights) {
            for (RightAggregation rightAggregation : set) {
                if (rightAggregation.hasSameRights(effectiveRights)) {
                    rightAggregation.addEntries(set2);
                    return;
                }
            }
            set.add(new RightAggregation(set2, effectiveRights));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addEntry(String str, EffectiveRights effectiveRights) {
            add(this.mEntries, str, effectiveRights);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addAggregation(Set<String> set, EffectiveRights effectiveRights) {
            addAggregation(this.mEntries, set, effectiveRights);
        }

        public boolean hasNoRight() {
            return this.mAll == null && this.mEntries.isEmpty();
        }
    }

    private static void verifyAccessManager() throws ServiceException {
        if (!(AccessManager.getInstance() instanceof ACLAccessManager)) {
            throw ServiceException.FAILURE("method is not supported by the current AccessManager: " + AccessManager.getInstance().getClass().getCanonicalName() + ", this method requires access manager " + ACLAccessManager.class.getCanonicalName(), (Throwable) null);
        }
    }

    private static AdminConsoleCapable verifyAdminConsoleCapable() throws ServiceException {
        Object accessManager = AccessManager.getInstance();
        if (accessManager instanceof AdminConsoleCapable) {
            return (AdminConsoleCapable) accessManager;
        }
        throw ServiceException.FAILURE("method is not supported by the current AccessManager: " + AccessManager.getInstance().getClass().getCanonicalName() + ", this method requires an admin console capable access manager", (Throwable) null);
    }

    public static Right getRight(String str) throws ServiceException {
        verifyAccessManager();
        return RightManager.getInstance().getRight(str);
    }

    public static List<Right> getAllRights(String str, String str2) throws ServiceException {
        verifyAccessManager();
        ArrayList arrayList = new ArrayList();
        TargetType fromCode = str == null ? null : TargetType.fromCode(str);
        switch (str2 == null ? RightClass.ADMIN : RightClass.fromString(str2)) {
            case USER:
                getAllRights(fromCode, RightManager.getInstance().getAllUserRights(), arrayList);
                break;
            case ALL:
                getAllRights(fromCode, RightManager.getInstance().getAllAdminRights(), arrayList);
                getAllRights(fromCode, RightManager.getInstance().getAllUserRights(), arrayList);
                break;
            case ADMIN:
            default:
                getAllRights(fromCode, RightManager.getInstance().getAllAdminRights(), arrayList);
                break;
        }
        return arrayList;
    }

    private static void getAllRights(TargetType targetType, Map<String, ? extends Right> map, List<Right> list) throws ServiceException {
        Iterator<Map.Entry<String, ? extends Right>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            Right value = it.next().getValue();
            if (targetType == null || value.grantableOnTargetType(targetType)) {
                list.add(value);
            }
        }
    }

    public static boolean checkRight(Provisioning provisioning, String str, TargetBy targetBy, String str2, MailTarget mailTarget, String str3, Map<String, Object> map, AccessManager.ViaGrant viaGrant) throws ServiceException {
        verifyAccessManager();
        Entry lookupTarget = TargetType.lookupTarget(provisioning, TargetType.fromCode(str), targetBy, str2);
        Right right = RightManager.getInstance().getRight(str3);
        if (right.getRightType() != Right.RightType.setAttrs && map != null && !map.isEmpty()) {
            throw ServiceException.INVALID_REQUEST("attr map is not allowed for checking a non-setAttrs right: " + right.getName(), (Throwable) null);
        }
        AccessManager accessManager = AccessManager.getInstance();
        return accessManager.canPerform(mailTarget, lookupTarget, right, false, map, mailTarget instanceof Account ? accessManager.isAdequateAdminAccount((Account) mailTarget) : false, viaGrant);
    }

    public static void clearAllEffectiveRightsCache() {
        if (null != ALL_EFFECTIVE_RIGHTS_CACHE) {
            ZimbraLog.acl.debug("Clearing short term all effective rights cache of %d items.", new Object[]{Long.valueOf(ALL_EFFECTIVE_RIGHTS_CACHE.size())});
            ALL_EFFECTIVE_RIGHTS_CACHE.invalidateAll();
        }
    }

    private static AllEffectiveRights getAllEffectiveRights(AdminConsoleCapable adminConsoleCapable, GranteeType granteeType, NamedEntry namedEntry, RightBearer rightBearer, boolean z, boolean z2) throws ServiceException {
        AllEffectiveRights allEffectiveRights = new AllEffectiveRights(granteeType.getCode(), namedEntry.getId(), namedEntry.getName());
        adminConsoleCapable.getAllEffectiveRights(rightBearer, z, z2, allEffectiveRights);
        return allEffectiveRights;
    }

    public static AllEffectiveRights getAllEffectiveRights(Provisioning provisioning, String str, GranteeSelector.GranteeBy granteeBy, String str2, boolean z, boolean z2) throws ServiceException {
        AllEffectiveRights allEffectiveRights;
        AdminConsoleCapable verifyAdminConsoleCapable = verifyAdminConsoleCapable();
        GranteeType fromCode = GranteeType.fromCode(str);
        NamedEntry lookupGrantee = GranteeType.lookupGrantee(provisioning, fromCode, granteeBy, str2);
        RightBearer newRightBearer = RightBearer.newRightBearer(lookupGrantee);
        if (ALL_EFFECTIVE_RIGHTS_CACHE != null) {
            String format = String.format("%s-%s-%s-%b-%b", newRightBearer.getId(), fromCode.getCode(), lookupGrantee.getId(), Boolean.valueOf(z), Boolean.valueOf(z2));
            allEffectiveRights = (AllEffectiveRights) ALL_EFFECTIVE_RIGHTS_CACHE.getIfPresent(format);
            if (allEffectiveRights == null) {
                allEffectiveRights = getAllEffectiveRights(verifyAdminConsoleCapable, fromCode, lookupGrantee, newRightBearer, z, z2);
                ALL_EFFECTIVE_RIGHTS_CACHE.put(format, allEffectiveRights);
            }
        } else {
            allEffectiveRights = getAllEffectiveRights(verifyAdminConsoleCapable, fromCode, lookupGrantee, newRightBearer, z, z2);
        }
        return allEffectiveRights;
    }

    public static EffectiveRights getEffectiveRights(Provisioning provisioning, String str, TargetBy targetBy, String str2, GranteeSelector.GranteeBy granteeBy, String str3, boolean z, boolean z2) throws ServiceException {
        AdminConsoleCapable verifyAdminConsoleCapable = verifyAdminConsoleCapable();
        Entry lookupTarget = TargetType.lookupTarget(provisioning, TargetType.fromCode(str), targetBy, str2);
        NamedEntry lookupGrantee = GranteeType.lookupGrantee(provisioning, GranteeType.GT_USER, granteeBy, str3);
        Account account = (Account) lookupGrantee;
        RightBearer newRightBearer = RightBearer.newRightBearer(lookupGrantee);
        EffectiveRights effectiveRights = new EffectiveRights(str, TargetType.getId(lookupTarget), lookupTarget.getLabel(), account.getId(), account.getName());
        verifyAdminConsoleCapable.getEffectiveRights(newRightBearer, lookupTarget, z, z2, effectiveRights);
        return effectiveRights;
    }

    public static EffectiveRights getCreateObjectAttrs(Provisioning provisioning, String str, Key.DomainBy domainBy, String str2, Key.CosBy cosBy, String str3, GranteeSelector.GranteeBy granteeBy, String str4) throws ServiceException {
        AdminConsoleCapable verifyAdminConsoleCapable = verifyAdminConsoleCapable();
        TargetType fromCode = TargetType.fromCode(str);
        String str5 = null;
        if (fromCode == TargetType.domain) {
            if (domainBy != Key.DomainBy.name) {
                throw ServiceException.INVALID_REQUEST("must be by name for domain target", (Throwable) null);
            }
            str5 = str2;
        }
        Entry createPseudoTarget = PseudoTarget.createPseudoTarget(provisioning, fromCode, domainBy, str2, false, cosBy, str3, str5);
        NamedEntry lookupGrantee = GranteeType.lookupGrantee(provisioning, GranteeType.GT_USER, granteeBy, str4);
        Account account = (Account) lookupGrantee;
        RightBearer newRightBearer = RightBearer.newRightBearer(lookupGrantee);
        EffectiveRights effectiveRights = new EffectiveRights(str, TargetType.getId(createPseudoTarget), createPseudoTarget.getLabel(), account.getId(), account.getName());
        verifyAdminConsoleCapable.getEffectiveRights(newRightBearer, createPseudoTarget, true, true, effectiveRights);
        return effectiveRights;
    }

    public static Grants getGrants(Provisioning provisioning, String str, TargetBy targetBy, String str2, String str3, GranteeSelector.GranteeBy granteeBy, String str4, boolean z) throws ServiceException {
        verifyAccessManager();
        if (str == null && str3 == null) {
            throw ServiceException.INVALID_REQUEST("at least one of target or grantee must be specified", (Throwable) null);
        }
        TargetType targetType = null;
        Entry entry = null;
        if (str != null) {
            targetType = TargetType.fromCode(str);
            entry = TargetType.lookupTarget(provisioning, targetType, targetBy, str2);
        }
        Set<String> set = null;
        Boolean bool = null;
        if (str3 != null) {
            GranteeType fromCode = GranteeType.fromCode(str3);
            NamedEntry lookupGrantee = GranteeType.lookupGrantee(provisioning, fromCode, granteeBy, str4);
            bool = Boolean.valueOf(RightBearer.isValidGranteeForAdminRights(fromCode, lookupGrantee));
            if (z) {
                set = RightBearer.Grantee.getGrantee(lookupGrantee, false).getIdAndGroupIds();
            } else {
                set = new HashSet();
                set.add(lookupGrantee.getId());
            }
        }
        Grants grants = new Grants();
        if (entry != null) {
            grants.addGrants(targetType, entry, ACLUtil.getACL(entry), set, bool);
        } else {
            for (SearchGrants.GrantsOnTarget grantsOnTarget : new SearchGrants(provisioning, new HashSet(Arrays.asList(TargetType.values())), set).doSearch().getResults()) {
                Entry targetEntry = grantsOnTarget.getTargetEntry();
                grants.addGrants(TargetType.getTargetType(targetEntry), targetEntry, grantsOnTarget.getAcl(), set, bool);
            }
        }
        return grants;
    }

    private static void validateGrant(Account account, TargetType targetType, Entry entry, GranteeType granteeType, NamedEntry namedEntry, String str, Right right, RightModifier rightModifier, boolean z) throws ServiceException {
        if (!right.isUserRight() || RightModifier.RM_CAN_DELEGATE == rightModifier) {
            if (!z && !CrossDomain.validateCrossDomainAdminGrant(right, granteeType) && !RightBearer.isValidGranteeForAdminRights(granteeType, namedEntry)) {
                throw ServiceException.INVALID_REQUEST("grantee for admin right or for user right with the canDelegate modifier must be a delegated admin account or admin group, it cannot be a global admin account or a regular user account.", (Throwable) null);
            }
            if (!granteeType.allowedForAdminRights()) {
                throw ServiceException.INVALID_REQUEST("grantee type " + granteeType.getCode() + " is not allowed for admin right", (Throwable) null);
            }
        }
        if (!right.grantableOnTargetType(targetType)) {
            throw ServiceException.INVALID_REQUEST("right " + right.getName() + " cannot be granted on a " + targetType.getCode() + " entry. It can only be granted on target types: " + right.reportGrantableTargetTypes(), (Throwable) null);
        }
        if (targetType.isGroup() && !CheckRight.allowGroupTarget(right)) {
            throw ServiceException.INVALID_REQUEST("group target is not supported for right: " + right.getName(), (Throwable) null);
        }
        if (RightModifier.RM_SUBDOMAIN == rightModifier) {
            if (targetType != TargetType.domain) {
                throw ServiceException.INVALID_REQUEST("right modifier " + RightModifier.RM_SUBDOMAIN.getModifier() + " can only be granted on domain targets", (Throwable) null);
            }
            if (!right.allowSubDomainModifier()) {
                throw ServiceException.INVALID_REQUEST("right modifier " + RightModifier.RM_SUBDOMAIN.getModifier() + " is not allowed for the right: " + right.getName(), (Throwable) null);
            }
        } else if (RightModifier.RM_DISINHERIT_SUB_GROUPS == rightModifier) {
            if (targetType != TargetType.dl) {
                throw ServiceException.INVALID_REQUEST("right modifier " + RightModifier.RM_DISINHERIT_SUB_GROUPS.getModifier() + " can only be granted on group targets", (Throwable) null);
            }
            if (!right.allowDisinheritSubGroupsModifier()) {
                throw ServiceException.INVALID_REQUEST("right modifier " + RightModifier.RM_DISINHERIT_SUB_GROUPS.getModifier() + " is not allowed for the right: " + right.getName(), (Throwable) null);
            }
        }
        if (account != null) {
            AccessManager accessManager = AccessManager.getInstance();
            if (granteeType == GranteeType.GT_EXT_GROUP) {
                if (!AccessControlUtil.isGlobalAdmin(account)) {
                    throw ServiceException.PERM_DENIED("only global admins can grant to external group");
                }
            } else {
                if (!accessManager.canPerform((MailTarget) account, entry, right, true, (Map<String, Object>) null, true, (AccessManager.ViaGrant) null)) {
                    Object[] objArr = new Object[2];
                    objArr[0] = z ? "revoke" : "grant";
                    objArr[1] = right.getName();
                    throw ServiceException.PERM_DENIED(String.format("insufficient right to %s '%s' right", objArr));
                }
                ParticallyDenied.checkPartiallyDenied(account, targetType, entry, right);
            }
        }
        if (str != null && !granteeType.allowSecret()) {
            throw ServiceException.PERM_DENIED("password is not allowed for grantee type " + granteeType.getCode());
        }
    }

    public static void verifyGrantRight(Provisioning provisioning, Account account, String str, TargetBy targetBy, String str2, String str3, GranteeSelector.GranteeBy granteeBy, String str4, String str5, String str6, RightModifier rightModifier) throws ServiceException {
        grantRightInternal(provisioning, account, TargetType.fromCode(str), targetBy, str2, GranteeType.fromCode(str3), granteeBy, str4, str5, str6, rightModifier, true);
    }

    public static void grantRight(Provisioning provisioning, Account account, String str, TargetBy targetBy, String str2, String str3, GranteeSelector.GranteeBy granteeBy, String str4, String str5, String str6, RightModifier rightModifier) throws ServiceException {
        grantRight(provisioning, account, TargetType.fromCode(str), targetBy, str2, str3, granteeBy, str4, str5, str6, rightModifier);
    }

    public static void grantRight(Provisioning provisioning, Account account, EffectiveRightsTargetSelector effectiveRightsTargetSelector, GranteeSelector granteeSelector, String str, RightModifier rightModifier) throws ServiceException {
        grantRightInternal(provisioning, account, TargetType.fromJaxb(effectiveRightsTargetSelector.getType()), effectiveRightsTargetSelector.getBy(), effectiveRightsTargetSelector.getValue(), GranteeType.fromJaxb(granteeSelector.getType()), granteeSelector.getBy(), granteeSelector.getKey(), granteeSelector.getSecret(), str, rightModifier, false);
    }

    public static void grantRight(Provisioning provisioning, Account account, TargetType targetType, TargetBy targetBy, String str, String str2, GranteeSelector.GranteeBy granteeBy, String str3, String str4, String str5, RightModifier rightModifier) throws ServiceException {
        grantRightInternal(provisioning, account, targetType, targetBy, str, GranteeType.fromCode(str2), granteeBy, str3, str4, str5, rightModifier, false);
    }

    private static void grantRightInternal(Provisioning provisioning, Account account, TargetType targetType, TargetBy targetBy, String str, GranteeType granteeType, GranteeSelector.GranteeBy granteeBy, String str2, String str3, String str4, RightModifier rightModifier, boolean z) throws ServiceException {
        String str5;
        verifyAccessManager();
        Entry lookupTarget = TargetType.lookupTarget(provisioning, targetType, targetBy, str);
        Right right = RightManager.getInstance().getRight(str4);
        NamedEntry namedEntry = null;
        if (granteeType.isZimbraEntry()) {
            namedEntry = GranteeType.lookupGrantee(provisioning, granteeType, granteeBy, str2);
            str5 = namedEntry.getId();
        } else if (granteeType == GranteeType.GT_EXT_GROUP) {
            ExternalGroup externalGroup = ExternalGroup.get(Key.DomainBy.name, str2, !right.isUserRight());
            if (externalGroup == null) {
                throw ServiceException.INVALID_REQUEST("unable to find external group " + str2, (Throwable) null);
            }
            str5 = externalGroup.getId();
        } else {
            str5 = str2;
        }
        validateGrant(account, targetType, lookupTarget, granteeType, namedEntry, str3, right, rightModifier, false);
        if (z) {
            return;
        }
        HashSet hashSet = new HashSet();
        hashSet.add(new ZimbraACE(str5, granteeType, right, rightModifier, str3));
        ACLUtil.grantRight(provisioning, lookupTarget, hashSet);
    }

    public static void revokeRight(Provisioning provisioning, Account account, EffectiveRightsTargetSelector effectiveRightsTargetSelector, GranteeSelector granteeSelector, String str, RightModifier rightModifier) throws ServiceException {
        revokeRight(provisioning, account, TargetType.fromJaxb(effectiveRightsTargetSelector.getType()), effectiveRightsTargetSelector.getBy(), effectiveRightsTargetSelector.getValue(), GranteeType.fromJaxb(granteeSelector.getType()), granteeSelector.getBy(), granteeSelector.getKey(), str, rightModifier);
    }

    public static void revokeRight(Provisioning provisioning, Account account, String str, TargetBy targetBy, String str2, String str3, GranteeSelector.GranteeBy granteeBy, String str4, String str5, RightModifier rightModifier) throws ServiceException {
        revokeRight(provisioning, account, TargetType.fromCode(str), targetBy, str2, GranteeType.fromCode(str3), granteeBy, str4, str5, rightModifier);
    }

    /* JADX WARN: Type inference failed for: r23v0, types: [java.lang.Throwable, com.zimbra.cs.account.AccountServiceException] */
    public static void revokeRight(Provisioning provisioning, Account account, TargetType targetType, TargetBy targetBy, String str, GranteeType granteeType, GranteeSelector.GranteeBy granteeBy, String str2, String str3, RightModifier rightModifier) throws ServiceException {
        String str4;
        verifyAccessManager();
        Entry lookupTarget = TargetType.lookupTarget(provisioning, targetType, targetBy, str);
        NamedEntry namedEntry = null;
        try {
            if (granteeType.isZimbraEntry()) {
                namedEntry = GranteeType.lookupGrantee(provisioning, granteeType, granteeBy, str2);
                str4 = namedEntry.getId();
            } else {
                str4 = str2;
            }
        } catch (AccountServiceException e) {
            String code = e.getCode();
            if (!AccountServiceException.NO_SUCH_ACCOUNT.equals(code) && !AccountServiceException.NO_SUCH_DISTRIBUTION_LIST.equals(code) && !"account.NO_SUCH_DOMAIN".equals(code)) {
                throw e;
            }
            ZimbraLog.acl.warn("revokeRight: no such grantee " + str2);
            if (granteeBy != GranteeSelector.GranteeBy.id) {
                throw ServiceException.INVALID_REQUEST("cannot find grantee by name: " + str2 + ", try revoke by grantee id if you want to remove the orphan grant", (Throwable) e);
            }
            str4 = str2;
        }
        Right right = RightManager.getInstance().getRight(str3);
        if (namedEntry != null) {
            validateGrant(account, targetType, lookupTarget, granteeType, namedEntry, null, right, rightModifier, true);
        }
        HashSet hashSet = new HashSet();
        ZimbraACE zimbraACE = new ZimbraACE(str4, granteeType, right, rightModifier, null);
        hashSet.add(zimbraACE);
        if (ACLUtil.revokeRight(provisioning, lookupTarget, hashSet).isEmpty()) {
            throw AccountServiceException.NO_SUCH_GRANT(zimbraACE.dump(true));
        }
    }

    public static void revokeAllRights(Provisioning provisioning, GranteeType granteeType, String str) throws ServiceException {
        Set<TargetType> targetTypesForGrantSearch = verifyAdminConsoleCapable().targetTypesForGrantSearch();
        HashSet hashSet = new HashSet();
        hashSet.add(str);
        for (SearchGrants.GrantsOnTarget grantsOnTarget : new SearchGrants(provisioning, targetTypesForGrantSearch, hashSet).doSearch().getResults()) {
            Entry targetEntry = grantsOnTarget.getTargetEntry();
            HashSet hashSet2 = new HashSet();
            for (ZimbraACE zimbraACE : grantsOnTarget.getAcl().getAllACEs()) {
                if (str.equals(zimbraACE.getGrantee())) {
                    hashSet2.add(zimbraACE);
                }
            }
            ACLUtil.revokeRight(provisioning, targetEntry, hashSet2);
        }
        RightBearer.Grantee.clearGranteeCache();
    }

    public static Element rightToXML(Element element, Right right, boolean z, Locale locale) throws ServiceException {
        Element addNonUniqueElement = element.addNonUniqueElement("right");
        addNonUniqueElement.addAttribute("name", right.getName());
        addNonUniqueElement.addAttribute("type", right.getRightType().name());
        addNonUniqueElement.addAttribute("targetType", right.getTargetTypeStr());
        addNonUniqueElement.addAttribute("rightClass", right.getRightClass().name());
        String message = L10nUtil.getMessage("ZsMsgRights", right.getName(), locale, new Object[0]);
        if (message == null) {
            message = right.getDesc();
        }
        addNonUniqueElement.addNonUniqueElement("desc").setText(message);
        if (!right.isPresetRight()) {
            if (right.isAttrRight()) {
                Element addNonUniqueElement2 = addNonUniqueElement.addNonUniqueElement("attrs");
                AttrRight attrRight = (AttrRight) right;
                if (attrRight.allAttrs()) {
                    addNonUniqueElement2.addAttribute("all", true);
                    if (z) {
                        for (String str : attrRight.getAllAttrs()) {
                            if (right.getRightType() != Right.RightType.setAttrs || !HardRules.isForbiddenAttr(str)) {
                                addNonUniqueElement2.addNonUniqueElement("a").addAttribute("n", str);
                            }
                        }
                    }
                } else {
                    Iterator<String> it = attrRight.getAttrs().iterator();
                    while (it.hasNext()) {
                        addNonUniqueElement2.addNonUniqueElement(it.next());
                    }
                }
            } else if (right.isComboRight()) {
                Element addNonUniqueElement3 = addNonUniqueElement.addNonUniqueElement("rights");
                for (Right right2 : ((ComboRight) right).getRights()) {
                    Element addNonUniqueElement4 = addNonUniqueElement3.addNonUniqueElement(Metadata.FN_RAW_SUBJ);
                    addNonUniqueElement4.addAttribute("n", right2.getName());
                    addNonUniqueElement4.addAttribute("type", right2.getRightType().name());
                    addNonUniqueElement4.addAttribute("targetType", right2.getTargetTypeStr());
                }
            }
        }
        return addNonUniqueElement;
    }

    public static Right XMLToRight(Element element) throws ServiceException {
        return RightNameToRight(element.getAttribute("name"));
    }

    public static Right RightNameToRight(String str) throws ServiceException {
        return RightManager.getInstance().getRight(str);
    }

    static {
        long j;
        long j2 = 0;
        try {
            Server localServer = Provisioning.getInstance().getLocalServer();
            j = localServer.getShortTermAllEffectiveRightsCacheSize();
            if (j > 0) {
                j2 = localServer.getShortTermAllEffectiveRightsCacheExpiration();
                if (j2 < 0) {
                    j2 = 0;
                    j = 0;
                } else if (j2 > MAX_CACHE_EXPIRY) {
                    j2 = 1800000;
                }
            }
        } catch (ServiceException e) {
            j = 0;
        }
        if (j > 0) {
            ALL_EFFECTIVE_RIGHTS_CACHE = CacheBuilder.newBuilder().maximumSize(j).expireAfterWrite(j2, TimeUnit.MILLISECONDS).build();
        } else {
            ALL_EFFECTIVE_RIGHTS_CACHE = null;
        }
    }
}
