package org.exist.xquery.functions.securitymanager;

import org.exist.dom.QName;
import org.exist.dom.memtree.DocumentImpl;
import org.exist.dom.memtree.MemTreeBuilder;
import org.exist.security.Permission;
import org.exist.security.Subject;
import org.exist.xquery.BasicFunction;
import org.exist.xquery.Cardinality;
import org.exist.xquery.FunctionSignature;
import org.exist.xquery.XPathException;
import org.exist.xquery.XQueryContext;
import org.exist.xquery.value.FunctionReturnSequenceType;
import org.exist.xquery.value.Sequence;
import org.exist.xquery.value.SequenceType;

/* loaded from: input_file:org/exist/xquery/functions/securitymanager/IdFunction.class */
public class IdFunction extends BasicFunction {
    public static final FunctionSignature FNS_ID = new FunctionSignature(new QName("id", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), "Returns the user and group names of the account executing the XQuery. If the real and effective accounts are different, then both the real and effective account details are returned, otherwise only the real account details are returned.", (SequenceType[]) null, new FunctionReturnSequenceType(6, Cardinality.EXACTLY_ONE, "Example output when an XQuery is running setUid <id xmlns=\"http://exist-db.org/xquery/securitymanager\"><real><username>guest</username><groups><group>guest</group></groups></real><effective><username>admin</username><groups><group>dba</group></groups></effective></id>."));

    public IdFunction(XQueryContext xQueryContext, FunctionSignature functionSignature) {
        super(xQueryContext, functionSignature);
    }

    @Override // org.exist.xquery.BasicFunction
    public Sequence eval(Sequence[] sequenceArr, Sequence sequence) throws XPathException {
        if (this.mySignature == FNS_ID) {
            return functionId();
        }
        throw new XPathException("Unknown function call: " + getSignature());
    }

    private DocumentImpl functionId() throws XPathException {
        this.context.pushDocumentContext();
        try {
            MemTreeBuilder documentBuilder = this.context.getDocumentBuilder();
            documentBuilder.startDocument();
            documentBuilder.startElement(new QName("id", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);
            documentBuilder.startElement(new QName("real", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);
            subjectToXml(documentBuilder, this.context.getRealUser());
            documentBuilder.endElement();
            if (this.context.getRealUser().getId() != this.context.getEffectiveUser().getId()) {
                documentBuilder.startElement(new QName("effective", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);
                subjectToXml(documentBuilder, this.context.getEffectiveUser());
                documentBuilder.endElement();
            }
            documentBuilder.endElement();
            documentBuilder.endDocument();
            return documentBuilder.getDocument();
        } finally {
            this.context.popDocumentContext();
        }
    }

    private void subjectToXml(MemTreeBuilder memTreeBuilder, Subject subject) {
        memTreeBuilder.startElement(new QName("username", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);
        memTreeBuilder.characters(subject.getName());
        memTreeBuilder.endElement();
        memTreeBuilder.startElement(new QName("groups", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);
        for (String str : subject.getGroups()) {
            memTreeBuilder.startElement(new QName(Permission.GROUP_STRING, SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);
            memTreeBuilder.characters(str);
            memTreeBuilder.endElement();
        }
        memTreeBuilder.endElement();
    }
}
