package org.exist.xquery.functions.system;

import com.evolvedbinary.j8fu.function.SupplierE;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.exist.client.InteractiveClient;
import org.exist.security.AuthenticationException;
import org.exist.security.Subject;
import org.exist.storage.DBBroker;
import org.exist.xquery.Expression;
import org.exist.xquery.Function;
import org.exist.xquery.FunctionDSL;
import org.exist.xquery.FunctionSignature;
import org.exist.xquery.XPathException;
import org.exist.xquery.XQueryContext;
import org.exist.xquery.value.FunctionReference;
import org.exist.xquery.value.Item;
import org.exist.xquery.value.Sequence;

/* loaded from: input_file:org/exist/xquery/functions/system/AsUser.class */
public class AsUser extends Function {
    private static final Logger logger = LogManager.getLogger(AsUser.class);
    private static String FS_AS_USER_NAME = "as-user";
    public static final FunctionSignature FS_AS_USER = SystemModule.functionSignature(FS_AS_USER_NAME, "A pseudo-function to execute a limited block of code as a different user. The first argument is the name of the user, the second is the password. If the user can be authenticated, the function will execute the code block given in the third argument with the permissions of that user andreturns the result of the execution. Before the function completes, it switches the current user back to the old user.", FunctionDSL.returnsOptMany(11, "the results of the code block executed"), FunctionDSL.param("username", 22, "The username of the user to run the code against"), FunctionDSL.optParam(InteractiveClient.PASSWORD, 22, "The password of the user to run the code against"), FunctionDSL.optManyParam("code-block", 11, "The code block to run as the identified user"));
    private static String FS_FUNCTION_AS_USER_NAME = "function-as-user";
    public static final FunctionSignature FS_FUNCTION_AS_USER = SystemModule.functionSignature(FS_FUNCTION_AS_USER_NAME, "A pseudo-function to execute a function as a different user. The first argument is the name of the user, the second is the password. If the user can be authenticated, the function will execute the function given in the third argument with the permissions of that user andreturns the result of the execution. Before the function completes, it switches the current user back to the old user.", FunctionDSL.returnsOptMany(11, "the results of the code block executed"), FunctionDSL.param("username", 22, "The username of the user to run the code against"), FunctionDSL.optParam(InteractiveClient.PASSWORD, 22, "The password of the user to run the code against"), FunctionDSL.param("function", 101, "The zero arity function to run as the identified user"));

    public AsUser(XQueryContext xQueryContext, FunctionSignature functionSignature) {
        super(xQueryContext, functionSignature);
    }

    @Override // org.exist.xquery.PathExpr, org.exist.xquery.Materializable, org.exist.xquery.CompiledXQuery
    public Sequence eval(Sequence sequence, Item item) throws XPathException {
        SupplierE supplierE;
        logger.debug("Entering the system:as-user XQuery function");
        DBBroker broker = this.context.getBroker();
        Sequence eval = getArgument(0).eval(sequence, item);
        if (eval.isEmpty()) {
            XPathException xPathException = new XPathException(this, "No user specified");
            logger.error("No user specified, throwing an exception!", xPathException);
            throw xPathException;
        }
        Sequence eval2 = getArgument(1).eval(sequence, item);
        String stringValue = eval.getStringValue();
        try {
            Subject authenticate = broker.getBrokerPool().getSecurityManager().authenticate(stringValue, eval2.getStringValue());
            if (isCalledAs(FS_AS_USER_NAME)) {
                Expression argument = getArgument(2);
                supplierE = () -> {
                    return argument.eval(sequence, item);
                };
            } else {
                if (!isCalledAs(FS_FUNCTION_AS_USER_NAME)) {
                    throw new XPathException(this, "Unknown function: " + getSignature().getName());
                }
                FunctionReference functionReference = (FunctionReference) getArgument(2).eval(sequence, item).itemAt(0);
                int argumentCount = functionReference.getSignature().getArgumentCount();
                if (argumentCount != 0) {
                    throw new XPathException(this, "$function argument must be a zero arity function, but found a function with arity: " + argumentCount);
                }
                supplierE = () -> {
                    return functionReference.evalFunction(null, null, null);
                };
            }
            if (logger.isTraceEnabled()) {
                logger.trace("Setting the effective user to: [{}]", stringValue);
            }
            try {
                broker.pushSubject(authenticate);
                return (Sequence) supplierE.get();
            } finally {
                broker.popSubject();
                if (logger.isTraceEnabled()) {
                    logger.trace("Returned the effective user to: [{}]", broker.getCurrentSubject());
                }
            }
        } catch (AuthenticationException e) {
            XPathException xPathException2 = new XPathException(this, "Authentication failed", e);
            logger.error("Authentication failed for [{}] because of [{}].", stringValue, e.getMessage(), xPathException2);
            throw xPathException2;
        }
    }

    @Override // org.exist.xquery.Function, org.exist.xquery.PathExpr, org.exist.xquery.AbstractExpression, org.exist.xquery.Expression
    public int getDependencies() {
        return getArgument(2).getDependencies();
    }

    @Override // org.exist.xquery.Function, org.exist.xquery.PathExpr, org.exist.xquery.Expression
    public int returnsType() {
        return getArgument(2).returnsType();
    }
}
