package org.exist.xquery.functions.securitymanager;

import org.exist.EXistException;
import org.exist.dom.QName;
import org.exist.security.AXSchemaType;
import org.exist.security.Account;
import org.exist.security.EXistSchemaType;
import org.exist.security.Group;
import org.exist.security.PermissionDeniedException;
import org.exist.security.Principal;
import org.exist.security.SchemaType;
import org.exist.security.SecurityManager;
import org.exist.security.Subject;
import org.exist.storage.DBBroker;
import org.exist.xquery.BasicFunction;
import org.exist.xquery.FunctionSignature;
import org.exist.xquery.XPathException;
import org.exist.xquery.XQueryContext;
import org.exist.xquery.value.FunctionParameterSequenceType;
import org.exist.xquery.value.Sequence;
import org.exist.xquery.value.SequenceType;

/* loaded from: input_file:org/exist/xquery/functions/securitymanager/SetPrincipalMetadataFunction.class */
public class SetPrincipalMetadataFunction extends BasicFunction {
    private static final QName qnSetAccountMetadata = new QName("set-account-metadata", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnSetGroupMetadata = new QName("set-group-metadata", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    public static final FunctionSignature FNS_SET_ACCOUNT_METADATA = new FunctionSignature(qnSetAccountMetadata, "Sets a metadata attribute value for an account", new SequenceType[]{new FunctionParameterSequenceType("username", 22, 2, "The username of the account to set metadata for."), new FunctionParameterSequenceType("attribute", 25, 2, "The metadata attribute key."), new FunctionParameterSequenceType("value", 22, 2, "The metadata value,")}, new SequenceType(10, 1));
    public static final FunctionSignature FNS_SET_GROUP_METADATA = new FunctionSignature(qnSetGroupMetadata, "Sets a metadata attribute value for a group", new SequenceType[]{new FunctionParameterSequenceType("group-name", 22, 2, "The name of the group to set metadata for."), new FunctionParameterSequenceType("attribute", 25, 2, "The metadata attribute key."), new FunctionParameterSequenceType("value", 22, 2, "The metadata value,")}, new SequenceType(10, 1));

    public SetPrincipalMetadataFunction(XQueryContext xQueryContext, FunctionSignature functionSignature) {
        super(xQueryContext, functionSignature);
    }

    @Override // org.exist.xquery.BasicFunction
    public Sequence eval(Sequence[] sequenceArr, Sequence sequence) throws XPathException {
        Account account;
        DBBroker broker = getContext().getBroker();
        Subject currentSubject = broker.getCurrentSubject();
        if (currentSubject.getName().equals("guest")) {
            throw new XPathException("You must be an authenticated user");
        }
        SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
        String stringValue = sequenceArr[0].getStringValue();
        String stringValue2 = sequenceArr[1].getStringValue();
        String stringValue3 = sequenceArr[2].getStringValue();
        if (isCalledAs(qnSetAccountMetadata.getLocalPart())) {
            if (!currentSubject.hasDbaRole() && !currentSubject.getUsername().equals(stringValue)) {
                throw new XPathException(this, new PermissionDeniedException("You must have suitable access rights to modify the users metadata."));
            }
            account = securityManager.getAccount(stringValue);
        } else {
            if (!isCalledAs(qnSetGroupMetadata.getLocalPart())) {
                throw new XPathException(this, "Unknown function");
            }
            boolean z = false;
            SchemaType[] schemaTypeArr = GetPrincipalMetadataFunction.GROUP_METADATA_KEYS;
            int length = schemaTypeArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (schemaTypeArr[i].getNamespace().equals(stringValue2)) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                throw new XPathException("The metadata attribute key '" + stringValue2 + "' is not valid on a group.");
            }
            Group group = securityManager.getGroup(stringValue);
            if (!currentSubject.hasDbaRole() && !group.isManager(currentSubject)) {
                throw new XPathException(this, new PermissionDeniedException("You must have suitable access rights to modify the groups metadata."));
            }
            account = group;
        }
        setAccountMetadata(securityManager, account, stringValue2, stringValue3);
        return Sequence.EMPTY_SEQUENCE;
    }

    private void setAccountMetadata(SecurityManager securityManager, Principal principal, String str, String str2) throws XPathException {
        SchemaType valueOfNamespace = AXSchemaType.valueOfNamespace(str);
        if (valueOfNamespace == null) {
            valueOfNamespace = EXistSchemaType.valueOfNamespace(str);
        }
        if (valueOfNamespace == null) {
            throw new XPathException("Unknown metadata attribute key: " + str);
        }
        principal.setMetadataValue(valueOfNamespace, str2);
        try {
            if (principal instanceof Account) {
                securityManager.updateAccount((Account) principal);
            } else if (principal instanceof Group) {
                securityManager.updateGroup((Group) principal);
            }
        } catch (EXistException | PermissionDeniedException e) {
            throw new XPathException(this, e);
        }
    }
}
