package org.exist.xquery.functions.securitymanager;

import org.exist.EXistException;
import org.exist.dom.QName;
import org.exist.security.Account;
import org.exist.security.PermissionDeniedException;
import org.exist.security.SecurityManager;
import org.exist.security.Subject;
import org.exist.storage.DBBroker;
import org.exist.xquery.BasicFunction;
import org.exist.xquery.FunctionSignature;
import org.exist.xquery.XPathException;
import org.exist.xquery.XQueryContext;
import org.exist.xquery.value.FunctionParameterSequenceType;
import org.exist.xquery.value.FunctionReturnSequenceType;
import org.exist.xquery.value.IntegerValue;
import org.exist.xquery.value.Sequence;
import org.exist.xquery.value.SequenceType;

/* loaded from: input_file:org/exist/xquery/functions/securitymanager/UMaskFunction.class */
public class UMaskFunction extends BasicFunction {
    private static final QName qnGetUMask = new QName("get-umask", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnSetUMask = new QName("set-umask", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    public static final FunctionSignature FNS_GET_UMASK = new FunctionSignature(qnGetUMask, "Gets the umask of a Users Account.", new SequenceType[]{new FunctionParameterSequenceType("username", 22, 2, "The username of the account to retrieve the umask for.")}, new FunctionReturnSequenceType(38, 7, "The umask of the users account expressed as an integer"));
    public static final FunctionSignature FNS_SET_UMASK = new FunctionSignature(qnSetUMask, "Sets the umask of a Users Account.", new SequenceType[]{new FunctionParameterSequenceType("username", 22, 2, "The username of the account to set the umask for."), new FunctionParameterSequenceType("umask", 38, 2, "The umask to set as an integer.")}, new SequenceType(10, 1));

    public UMaskFunction(XQueryContext xQueryContext, FunctionSignature functionSignature) {
        super(xQueryContext, functionSignature);
    }

    @Override // org.exist.xquery.BasicFunction
    public Sequence eval(Sequence[] sequenceArr, Sequence sequence) throws XPathException {
        DBBroker broker = getContext().getBroker();
        Subject currentSubject = broker.getCurrentSubject();
        if (currentSubject.getName().equals("guest")) {
            throw new XPathException("You must be an authenticated user");
        }
        String stringValue = sequenceArr[0].getStringValue();
        if (isCalledAs(qnGetUMask.getLocalPart())) {
            return getUMask(broker, stringValue);
        }
        if (!isCalledAs(qnSetUMask.getLocalPart())) {
            throw new XPathException("Unknown function");
        }
        setUMask(broker, currentSubject, stringValue, ((IntegerValue) sequenceArr[1].itemAt(0)).getInt());
        return Sequence.EMPTY_SEQUENCE;
    }

    private IntegerValue getUMask(DBBroker dBBroker, String str) {
        return new IntegerValue(dBBroker.getBrokerPool().getSecurityManager().getAccount(str).getUserMask());
    }

    private void setUMask(DBBroker dBBroker, Subject subject, String str, int i) throws XPathException {
        if (!subject.hasDbaRole() && !subject.getUsername().equals(str)) {
            throw new XPathException(this, new PermissionDeniedException("You must have suitable access rights to set the users umask."));
        }
        SecurityManager securityManager = dBBroker.getBrokerPool().getSecurityManager();
        Account account = securityManager.getAccount(str);
        account.setUserMask(i);
        try {
            securityManager.updateAccount(account);
        } catch (EXistException e) {
            throw new XPathException(this, e);
        } catch (PermissionDeniedException e2) {
            throw new XPathException(this, e2);
        }
    }
}
