package org.exist.xmldb;

import com.evolvedbinary.j8fu.function.FunctionE;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import javax.annotation.Nullable;
import org.exist.dom.persistent.DocumentImpl;
import org.exist.security.ACLPermission;
import org.exist.security.Account;
import org.exist.security.Group;
import org.exist.security.Permission;
import org.exist.security.PermissionDeniedException;
import org.exist.security.PermissionFactory;
import org.exist.security.SecurityManager;
import org.exist.security.Subject;
import org.exist.security.User;
import org.exist.security.internal.aider.ACEAider;
import org.exist.security.internal.aider.UserAider;
import org.exist.storage.BrokerPool;
import org.exist.storage.DBBroker;
import org.exist.storage.lock.ManagedDocumentLock;
import org.exist.storage.txn.Txn;
import org.exist.xmldb.function.LocalXmldbCollectionFunction;
import org.exist.xmldb.function.LocalXmldbDocumentFunction;
import org.exist.xmldb.function.LocalXmldbFunction;
import org.xmldb.api.base.Collection;
import org.xmldb.api.base.Resource;
import org.xmldb.api.base.XMLDBException;

/* loaded from: input_file:org/exist/xmldb/LocalUserManagementService.class */
public class LocalUserManagementService extends AbstractLocalService implements EXistUserManagementService {
    public LocalUserManagementService(Subject subject, BrokerPool brokerPool, LocalCollection localCollection) {
        super(subject, brokerPool, localCollection);
    }

    @Override // org.exist.xmldb.UserManagementService
    public String getName() {
        return "UserManagementService";
    }

    @Override // org.exist.xmldb.UserManagementService
    public String getVersion() {
        return "1.0";
    }

    @Override // org.exist.xmldb.UserManagementService
    public void addAccount(Account account) throws XMLDBException {
        onlyAsAdmin(this.user).apply(securityManager -> {
            if (securityManager.hasAccount(account.getName())) {
                throw new XMLDBException(1, "user " + account.getName() + " already exists");
            }
            return (dBBroker, txn) -> {
                return securityManager.addAccount(account);
            };
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void addGroup(Group group) throws XMLDBException {
        onlyAsAdmin(this.user).apply(securityManager -> {
            if (securityManager.hasGroup(group.getName())) {
                throw new XMLDBException(1, "group '" + group.getName() + "' already exists");
            }
            return (dBBroker, txn) -> {
                return securityManager.addGroup(dBBroker, group);
            };
        });
    }

    @Override // org.exist.xmldb.EXistUserManagementService
    public void setUserPrimaryGroup(String str, String str2) throws XMLDBException {
        onlyAsAdmin(this.user).apply(securityManager -> {
            if (securityManager.hasGroup(str2)) {
                return (dBBroker, txn) -> {
                    Account account = securityManager.getAccount(str);
                    account.setPrimaryGroup(securityManager.getGroup(str2));
                    return Boolean.valueOf(securityManager.updateAccount(account));
                };
            }
            throw new XMLDBException(4, "Group '" + str2 + "' does not exist!");
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void setPermissions(Resource resource, Permission permission) throws XMLDBException {
        modify(resource).apply((documentImpl, dBBroker, txn) -> {
            PermissionFactory.chown(dBBroker, documentImpl, (Optional<String>) Optional.of(permission.getOwner().getName()), (Optional<String>) Optional.of(permission.getGroup().getName()));
            PermissionFactory.chmod(dBBroker, documentImpl, (Optional<Integer>) Optional.of(Integer.valueOf(permission.getMode())), getAces(permission));
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void setPermissions(Collection collection, Permission permission) throws XMLDBException {
        withDb((dBBroker, txn) -> {
            updateCollection(dBBroker, txn, getCollectionUri(dBBroker, txn, collection)).apply((collection2, dBBroker, txn) -> {
                PermissionFactory.chown(dBBroker, collection2, (Optional<String>) Optional.of(permission.getOwner().getName()), (Optional<String>) Optional.of(permission.getGroup().getName()));
                PermissionFactory.chmod(dBBroker, collection2, (Optional<Integer>) Optional.of(Integer.valueOf(permission.getMode())), getAces(permission));
                return null;
            });
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void setPermissions(Collection collection, String str, String str2, int i, List<ACEAider> list) throws XMLDBException {
        withDb((dBBroker, txn) -> {
            updateCollection(dBBroker, txn, getCollectionUri(dBBroker, txn, collection)).apply((collection2, dBBroker, txn) -> {
                collection2.getPermissionsNoLock();
                PermissionFactory.chown(dBBroker, collection2, (Optional<String>) Optional.ofNullable(str), (Optional<String>) Optional.ofNullable(str2));
                PermissionFactory.chmod(dBBroker, collection2, (Optional<Integer>) Optional.of(Integer.valueOf(i)), (Optional<List<ACEAider>>) Optional.ofNullable(list));
                return null;
            });
            return null;
        });
    }

    private Optional<List<ACEAider>> getAces(@Nullable Permission permission) {
        Optional<List<ACEAider>> empty;
        if (permission == null || !(permission instanceof ACLPermission)) {
            empty = Optional.empty();
        } else {
            ACLPermission aCLPermission = (ACLPermission) permission;
            ArrayList arrayList = new ArrayList(aCLPermission.getACECount());
            for (int i = 0; i < aCLPermission.getACECount(); i++) {
                arrayList.add(new ACEAider(aCLPermission.getACEAccessType(i), aCLPermission.getACETarget(i), aCLPermission.getACEWho(i), aCLPermission.getACEMode(i)));
            }
            empty = Optional.of(arrayList);
        }
        return empty;
    }

    @Override // org.exist.xmldb.UserManagementService
    public void setPermissions(Resource resource, String str, String str2, int i, List<ACEAider> list) throws XMLDBException {
        modify(resource).apply((documentImpl, dBBroker, txn) -> {
            PermissionFactory.chown(dBBroker, documentImpl, (Optional<String>) Optional.ofNullable(str), (Optional<String>) Optional.ofNullable(str2));
            PermissionFactory.chmod(dBBroker, documentImpl, (Optional<Integer>) Optional.of(Integer.valueOf(i)), (Optional<List<ACEAider>>) Optional.ofNullable(list));
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void chmod(String str) throws XMLDBException {
        updateCollection(this.collection.getPathURI()).apply((collection, dBBroker, txn) -> {
            PermissionFactory.chmod_str(dBBroker, collection, (Optional<String>) Optional.ofNullable(str), (Optional<List<ACEAider>>) Optional.empty());
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void chmod(Resource resource, int i) throws XMLDBException {
        modify(resource).apply((documentImpl, dBBroker, txn) -> {
            PermissionFactory.chmod(dBBroker, documentImpl, (Optional<Integer>) Optional.of(Integer.valueOf(i)), (Optional<List<ACEAider>>) Optional.empty());
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void chmod(int i) throws XMLDBException {
        updateCollection(this.collection.getPathURI()).apply((collection, dBBroker, txn) -> {
            PermissionFactory.chmod(dBBroker, collection, (Optional<Integer>) Optional.of(Integer.valueOf(i)), (Optional<List<ACEAider>>) Optional.empty());
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void chmod(Resource resource, String str) throws XMLDBException {
        modify(resource).apply((documentImpl, dBBroker, txn) -> {
            PermissionFactory.chmod_str(dBBroker, documentImpl, (Optional<String>) Optional.ofNullable(str), (Optional<List<ACEAider>>) Optional.empty());
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void chgrp(String str) throws XMLDBException {
        updateCollection(this.collection.getPathURI()).apply((collection, dBBroker, txn) -> {
            PermissionFactory.chown(dBBroker, collection, (Optional<String>) Optional.empty(), (Optional<String>) Optional.ofNullable(str));
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void chown(Account account) throws XMLDBException {
        updateCollection(this.collection.getPathURI()).apply((collection, dBBroker, txn) -> {
            PermissionFactory.chown(dBBroker, collection, (Optional<String>) Optional.ofNullable(account).map((v0) -> {
                return v0.getName();
            }), (Optional<String>) Optional.empty());
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void chown(Account account, String str) throws XMLDBException {
        updateCollection(this.collection.getPathURI()).apply((collection, dBBroker, txn) -> {
            PermissionFactory.chown(dBBroker, collection, (Optional<String>) Optional.ofNullable(account).map((v0) -> {
                return v0.getName();
            }), (Optional<String>) Optional.ofNullable(str));
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void chgrp(Resource resource, String str) throws XMLDBException {
        modify(resource).apply((documentImpl, dBBroker, txn) -> {
            PermissionFactory.chown(dBBroker, documentImpl, (Optional<String>) Optional.empty(), (Optional<String>) Optional.ofNullable(str));
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void chown(Resource resource, Account account) throws XMLDBException {
        modify(resource).apply((documentImpl, dBBroker, txn) -> {
            PermissionFactory.chown(dBBroker, documentImpl, (Optional<String>) Optional.ofNullable(account).map((v0) -> {
                return v0.getName();
            }), (Optional<String>) Optional.empty());
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void chown(Resource resource, Account account, String str) throws XMLDBException {
        modify(resource).apply((documentImpl, dBBroker, txn) -> {
            PermissionFactory.chown(dBBroker, documentImpl, (Optional<String>) Optional.ofNullable(account).map((v0) -> {
                return v0.getName();
            }), (Optional<String>) Optional.ofNullable(str));
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public String hasUserLock(Resource resource) throws XMLDBException {
        return (String) withDb((dBBroker, txn) -> {
            return (String) ((AbstractEXistResource) resource).read(dBBroker, txn).apply((documentImpl, dBBroker, txn) -> {
                Account userLock = documentImpl.getUserLock();
                if (userLock == null) {
                    return null;
                }
                return userLock.getName();
            });
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void lockResource(Resource resource, Account account) throws XMLDBException {
        modify(resource).apply((documentImpl, dBBroker, txn) -> {
            String id = resource.getId();
            if (!documentImpl.getPermissions().validate(this.user, 2)) {
                throw new PermissionDeniedException("User is not allowed to lock resource " + id);
            }
            SecurityManager securityManager = dBBroker.getBrokerPool().getSecurityManager();
            if (!this.user.equals(account) && !securityManager.hasAdminPrivileges(this.user)) {
                throw new PermissionDeniedException("User " + this.user.getName() + " is not allowed to lock resource '" + id + "' for user " + account.getName());
            }
            Account userLock = documentImpl.getUserLock();
            if (userLock != null) {
                if (userLock.equals(account)) {
                    return null;
                }
                if (!securityManager.hasAdminPrivileges(this.user)) {
                    throw new PermissionDeniedException("Resource '" + id + "' is already locked by user " + userLock.getName());
                }
            }
            documentImpl.setUserLock(account);
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void unlockResource(Resource resource) throws XMLDBException {
        modify(resource).apply((documentImpl, dBBroker, txn) -> {
            String id = resource.getId();
            if (!documentImpl.getPermissions().validate(this.user, 2)) {
                throw new PermissionDeniedException("User is not allowed to lock resource '" + id + "'");
            }
            Account userLock = documentImpl.getUserLock();
            SecurityManager securityManager = dBBroker.getBrokerPool().getSecurityManager();
            if (userLock != null && !userLock.equals(this.user) && !securityManager.hasAdminPrivileges(this.user)) {
                throw new PermissionDeniedException("Resource '" + id + "' is already locked by user " + userLock.getName());
            }
            documentImpl.setUserLock((Account) null);
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public Permission getPermissions(Collection collection) throws XMLDBException {
        if (collection instanceof LocalCollection) {
            return (Permission) read(((LocalCollection) collection).getPathURI()).apply((collection2, dBBroker, txn) -> {
                return collection2.getPermissionsNoLock();
            });
        }
        return null;
    }

    @Override // org.exist.xmldb.UserManagementService
    public Permission getSubCollectionPermissions(Collection collection, String str) throws XMLDBException {
        if (collection instanceof LocalCollection) {
            return (Permission) read(((LocalCollection) collection).getPathURI()).apply((collection2, dBBroker, txn) -> {
                return collection2.getChildCollectionEntry(dBBroker, str).getPermissions();
            });
        }
        return null;
    }

    @Override // org.exist.xmldb.UserManagementService
    public Permission getSubResourcePermissions(Collection collection, String str) throws XMLDBException {
        if (collection instanceof LocalCollection) {
            return (Permission) read(((LocalCollection) collection).getPathURI()).apply((collection2, dBBroker, txn) -> {
                return collection2.getResourceEntry(dBBroker, str).getPermissions();
            });
        }
        return null;
    }

    @Override // org.exist.xmldb.UserManagementService
    public Date getSubCollectionCreationTime(Collection collection, String str) throws XMLDBException {
        if (collection instanceof LocalCollection) {
            return (Date) read(((LocalCollection) collection).getPathURI()).apply((collection2, dBBroker, txn) -> {
                return new Date(collection2.getChildCollectionEntry(dBBroker, str).getCreated());
            });
        }
        return null;
    }

    @Override // org.exist.xmldb.UserManagementService
    public Permission getPermissions(Resource resource) throws XMLDBException {
        return (Permission) withDb((dBBroker, txn) -> {
            return (Permission) ((AbstractEXistResource) resource).read(dBBroker, txn).apply((documentImpl, dBBroker, txn) -> {
                return documentImpl.getPermissions();
            });
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public Permission[] listResourcePermissions() throws XMLDBException {
        return (Permission[]) read(this.collection.getPathURI()).apply((collection, dBBroker, txn) -> {
            if (!collection.getPermissionsNoLock().validate(this.user, 4)) {
                return new Permission[0];
            }
            Permission[] permissionArr = new Permission[collection.getDocumentCount(dBBroker)];
            Iterator<DocumentImpl> it = collection.iterator(dBBroker);
            int i = 0;
            while (it.hasNext()) {
                DocumentImpl next = it.next();
                Throwable th = null;
                try {
                    ManagedDocumentLock acquireDocumentReadLock = dBBroker.getBrokerPool().getLockManager().acquireDocumentReadLock(next.getURI());
                    try {
                        int i2 = i;
                        i++;
                        permissionArr[i2] = next.getPermissions();
                        if (acquireDocumentReadLock != null) {
                            acquireDocumentReadLock.close();
                        }
                    } finally {
                        th = th;
                    }
                } catch (Throwable th2) {
                    if (th == null) {
                        th = th2;
                    } else if (th != th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            }
            return permissionArr;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public Permission[] listCollectionPermissions() throws XMLDBException {
        XmldbURI pathURI = this.collection.getPathURI();
        return (Permission[]) read(pathURI).apply((collection, dBBroker, txn) -> {
            if (!collection.getPermissionsNoLock().validate(this.user, 4)) {
                return new Permission[0];
            }
            Permission[] permissionArr = new Permission[collection.getChildCollectionCount(dBBroker)];
            Iterator<XmldbURI> collectionIterator = collection.collectionIterator(dBBroker);
            int i = 0;
            while (collectionIterator.hasNext()) {
                int i2 = i;
                i++;
                permissionArr[i2] = (Permission) read(dBBroker, txn, pathURI.append(collectionIterator.next())).apply((collection, dBBroker, txn) -> {
                    return collection.getPermissionsNoLock();
                });
            }
            return permissionArr;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public Account getAccount(String str) throws XMLDBException {
        return (Account) withDb((dBBroker, txn) -> {
            return dBBroker.getBrokerPool().getSecurityManager().getAccount(str);
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public Account[] getAccounts() throws XMLDBException {
        return (Account[]) withDb((dBBroker, txn) -> {
            return (Account[]) dBBroker.getBrokerPool().getSecurityManager().getUsers().toArray(new Account[0]);
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public Group getGroup(String str) throws XMLDBException {
        return (Group) withDb((dBBroker, txn) -> {
            return dBBroker.getBrokerPool().getSecurityManager().getGroup(str);
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public String[] getGroups() throws XMLDBException {
        return (String[]) withDb((dBBroker, txn) -> {
            java.util.Collection<Group> groups = dBBroker.getBrokerPool().getSecurityManager().getGroups();
            String[] strArr = new String[groups.size()];
            int i = 0;
            Iterator<Group> it = groups.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                strArr[i2] = it.next().getName();
            }
            return strArr;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void removeAccount(Account account) throws XMLDBException {
        onlyAsAdmin(this.user).apply(securityManager -> {
            return (dBBroker, txn) -> {
                securityManager.deleteAccount(account);
                return null;
            };
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void removeGroup(Group group) throws XMLDBException {
        withDb((dBBroker, txn) -> {
            dBBroker.getBrokerPool().getSecurityManager().deleteGroup(group.getName());
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void updateAccount(Account account) throws XMLDBException {
        withDb((dBBroker, txn) -> {
            dBBroker.getBrokerPool().getSecurityManager().updateAccount(account);
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void updateGroup(Group group) throws XMLDBException {
        withDb((dBBroker, txn) -> {
            dBBroker.getBrokerPool().getSecurityManager().updateGroup(group);
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public String[] getGroupMembers(String str) throws XMLDBException {
        return (String[]) ((List) withDb((dBBroker, txn) -> {
            return dBBroker.getBrokerPool().getSecurityManager().findAllGroupMembers(str);
        })).toArray(new String[0]);
    }

    @Override // org.exist.xmldb.UserManagementService
    public void addAccountToGroup(String str, String str2) throws XMLDBException {
        withDb((dBBroker, txn) -> {
            SecurityManager securityManager = dBBroker.getBrokerPool().getSecurityManager();
            Account account = securityManager.getAccount(str);
            account.addGroup(str2);
            securityManager.updateAccount(account);
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void addGroupManager(String str, String str2) throws XMLDBException {
        withDb((dBBroker, txn) -> {
            SecurityManager securityManager = dBBroker.getBrokerPool().getSecurityManager();
            Account account = securityManager.getAccount(str);
            Group group = securityManager.getGroup(str2);
            group.addManager(account);
            securityManager.updateGroup(group);
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void removeGroupManager(String str, String str2) throws XMLDBException {
        withDb((dBBroker, txn) -> {
            SecurityManager securityManager = dBBroker.getBrokerPool().getSecurityManager();
            Group group = securityManager.getGroup(str);
            group.removeManager(securityManager.getAccount(str2));
            securityManager.updateGroup(group);
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void addUserGroup(Account account) throws XMLDBException {
        throw new UnsupportedOperationException();
    }

    @Override // org.exist.xmldb.UserManagementService
    public void removeGroupMember(String str, String str2) throws XMLDBException {
        withDb((dBBroker, txn) -> {
            SecurityManager securityManager = dBBroker.getBrokerPool().getSecurityManager();
            Account account = securityManager.getAccount(str2);
            account.remGroup(str);
            securityManager.updateAccount(account);
            return null;
        });
    }

    @Override // org.exist.xmldb.UserManagementService
    public void addUser(User user) throws XMLDBException {
        addAccount(new UserAider(user.getName()));
    }

    @Override // org.exist.xmldb.UserManagementService
    public void updateUser(User user) throws XMLDBException {
        UserAider userAider = new UserAider(user.getName());
        userAider.setPassword(user.getPassword());
        updateAccount(userAider);
    }

    @Override // org.exist.xmldb.UserManagementService
    public User getUser(String str) throws XMLDBException {
        return getAccount(str);
    }

    @Override // org.exist.xmldb.UserManagementService
    public User[] getUsers() throws XMLDBException {
        return null;
    }

    @Override // org.exist.xmldb.UserManagementService
    public void removeUser(User user) throws XMLDBException {
    }

    @Override // org.exist.xmldb.UserManagementService
    public void lockResource(Resource resource, User user) throws XMLDBException {
        lockResource(resource, (Account) new UserAider(user.getName()));
    }

    @Override // org.exist.xmldb.UserManagementService
    public String getProperty(String str) throws XMLDBException {
        return null;
    }

    @Override // org.exist.xmldb.UserManagementService
    public void setProperty(String str, String str2) throws XMLDBException {
    }

    private <R> FunctionE<FunctionE<SecurityManager, LocalXmldbFunction<R>, XMLDBException>, R, XMLDBException> onlyAsAdmin(Subject subject) throws XMLDBException {
        SecurityManager securityManager = this.brokerPool.getSecurityManager();
        if (securityManager.hasAdminPrivileges(subject)) {
            return functionE -> {
                return functionE.andThen(this::withDb).apply(securityManager);
            };
        }
        throw new XMLDBException(4, " This operation is restricted to Admin users");
    }

    private <R> FunctionE<LocalXmldbDocumentFunction<R>, R, XMLDBException> modify(Resource resource) throws XMLDBException {
        return localXmldbDocumentFunction -> {
            return withDb((dBBroker, txn) -> {
                return ((AbstractEXistResource) resource).modify(dBBroker, txn).apply(localXmldbDocumentFunction);
            });
        };
    }

    private <R> FunctionE<LocalXmldbCollectionFunction<R>, R, XMLDBException> updateCollection(XmldbURI xmldbURI) throws XMLDBException {
        return localXmldbCollectionFunction -> {
            return modify(xmldbURI).apply((collection, dBBroker, txn) -> {
                Object apply = localXmldbCollectionFunction.apply(collection, dBBroker, txn);
                dBBroker.saveCollection(txn, collection);
                return apply;
            });
        };
    }

    private <R> FunctionE<LocalXmldbCollectionFunction<R>, R, XMLDBException> updateCollection(DBBroker dBBroker, Txn txn, XmldbURI xmldbURI) throws XMLDBException {
        return localXmldbCollectionFunction -> {
            return modify(dBBroker, txn, xmldbURI).apply((collection, dBBroker2, txn2) -> {
                Object apply = localXmldbCollectionFunction.apply(collection, dBBroker2, txn2);
                dBBroker2.saveCollection(txn2, collection);
                return apply;
            });
        };
    }
}
