package org.exist.xquery.functions.securitymanager;

import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.exist.dom.QName;
import org.exist.security.Permission;
import org.exist.security.SecurityManager;
import org.exist.security.Subject;
import org.exist.storage.DBBroker;
import org.exist.xquery.BasicFunction;
import org.exist.xquery.Cardinality;
import org.exist.xquery.FunctionSignature;
import org.exist.xquery.XPathException;
import org.exist.xquery.XQueryContext;
import org.exist.xquery.value.BooleanValue;
import org.exist.xquery.value.FunctionParameterSequenceType;
import org.exist.xquery.value.FunctionReturnSequenceType;
import org.exist.xquery.value.Sequence;
import org.exist.xquery.value.SequenceType;
import org.exist.xquery.value.StringValue;
import org.exist.xquery.value.ValueSequence;

/* loaded from: input_file:org/exist/xquery/functions/securitymanager/FindGroupFunction.class */
public class FindGroupFunction extends BasicFunction {
    private static final QName qnFindGroupsByGroupname = new QName("find-groups-by-groupname", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnListGroups = new QName("list-groups", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnFindGroupsWhereGroupnameContains = new QName("find-groups-where-groupname-contains", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnGetUserGroups = new QName("get-user-groups", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnGetUserPrimaryGroup = new QName("get-user-primary-group", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnGroupExists = new QName("group-exists", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    public static final FunctionSignature FNS_LIST_GROUPS = new FunctionSignature(qnListGroups, "List all groups", (SequenceType[]) null, new FunctionReturnSequenceType(22, Cardinality.ZERO_OR_MORE, "The list of groups"));
    public static final FunctionSignature FNS_FIND_GROUPS_BY_GROUPNAME = new FunctionSignature(qnFindGroupsByGroupname, "Finds groups whoose group name starts with a matching string", new SequenceType[]{new FunctionParameterSequenceType("starts-with", 22, Cardinality.EXACTLY_ONE, "The starting string against which to match group names")}, new FunctionReturnSequenceType(22, Cardinality.ZERO_OR_MORE, "The list of matching group names"));
    public static final FunctionSignature FNS_FIND_GROUPS_WHERE_GROUPNAME_CONTAINS = new FunctionSignature(qnFindGroupsWhereGroupnameContains, "Finds groups whoose group name contains the string fragment", new SequenceType[]{new FunctionParameterSequenceType("fragment", 22, Cardinality.EXACTLY_ONE, "The fragment against which to match group names")}, new FunctionReturnSequenceType(22, Cardinality.ZERO_OR_MORE, "The list of matching group names"));
    public static final FunctionSignature FNS_GET_USER_GROUPS = new FunctionSignature(qnGetUserGroups, "Returns the sequence of groups that the user $user is a member of. You must be a DBA or logged in as the user for which you are trying to retrieve group details for.", new SequenceType[]{new FunctionParameterSequenceType("user", 22, Cardinality.EXACTLY_ONE, "The username to retrieve the group membership list for.")}, new FunctionReturnSequenceType(22, Cardinality.ONE_OR_MORE, "The users group memberships"));
    public static final FunctionSignature FNS_GET_USER_PRIMARY_GROUP = new FunctionSignature(qnGetUserPrimaryGroup, "Returns the primary group of the user $user. You must be a DBA or logged in as the user for which you are trying to retrieve group details for.", new SequenceType[]{new FunctionParameterSequenceType("user", 22, Cardinality.EXACTLY_ONE, "The username to retrieve the primary group of.")}, new FunctionReturnSequenceType(22, Cardinality.EXACTLY_ONE, "The users primary group"));
    public static final FunctionSignature FNS_GROUP_EXISTS = new FunctionSignature(qnGroupExists, "Determines whether a user group exists.", new SequenceType[]{new FunctionParameterSequenceType(Permission.GROUP_STRING, 22, Cardinality.EXACTLY_ONE, "The name of the user group to check for existence.")}, new FunctionReturnSequenceType(23, Cardinality.EXACTLY_ONE, "true if the user group exists, false otherwise."));

    public FindGroupFunction(XQueryContext xQueryContext, FunctionSignature functionSignature) {
        super(xQueryContext, functionSignature);
    }

    @Override // org.exist.xquery.BasicFunction
    public Sequence eval(Sequence[] sequenceArr, Sequence sequence) throws XPathException {
        List<String> asList;
        Sequence valueSequence;
        DBBroker broker = getContext().getBroker();
        Subject currentSubject = broker.getCurrentSubject();
        if (!isCalledAs(qnGetUserGroups.getLocalPart()) && currentSubject.getName().equals("guest")) {
            throw new XPathException(this, "You must be an authenticated user");
        }
        SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
        if (isCalledAs(qnGetUserPrimaryGroup.getLocalPart())) {
            valueSequence = new StringValue(this, securityManager.getAccount(sequenceArr[0].getStringValue()).getPrimaryGroup());
        } else if (isCalledAs(qnGroupExists.getLocalPart())) {
            valueSequence = BooleanValue.valueOf(securityManager.hasGroup(sequenceArr[0].getStringValue()));
        } else {
            if (isCalledAs(qnListGroups.getLocalPart())) {
                asList = securityManager.findAllGroupNames();
            } else if (isCalledAs(qnFindGroupsByGroupname.getLocalPart())) {
                asList = securityManager.findGroupnamesWhereGroupnameStarts(sequenceArr[0].getStringValue());
            } else if (isCalledAs(qnFindGroupsWhereGroupnameContains.getLocalPart())) {
                asList = securityManager.findGroupnamesWhereGroupnameContains(sequenceArr[0].getStringValue());
            } else {
                if (!isCalledAs(qnGetUserGroups.getLocalPart())) {
                    throw new XPathException(this, "Unknown function");
                }
                String stringValue = sequenceArr[0].getStringValue();
                if (!currentSubject.hasDbaRole() && !currentSubject.getName().equals(stringValue)) {
                    throw new XPathException(this, "You must be a DBA or enquiring about your own user account!");
                }
                asList = Arrays.asList(securityManager.getAccount(stringValue).getGroups());
            }
            Collections.sort(asList);
            valueSequence = new ValueSequence();
            Iterator<String> it = asList.iterator();
            while (it.hasNext()) {
                valueSequence.add(new StringValue(this, it.next()));
            }
        }
        return valueSequence;
    }
}
