package org.exist.xquery.functions.securitymanager;

import java.util.Iterator;
import java.util.Set;
import org.exist.dom.QName;
import org.exist.security.AXSchemaType;
import org.exist.security.EXistSchemaType;
import org.exist.security.Group;
import org.exist.security.Principal;
import org.exist.security.SchemaType;
import org.exist.security.SecurityManager;
import org.exist.security.Subject;
import org.exist.storage.DBBroker;
import org.exist.xquery.BasicFunction;
import org.exist.xquery.FunctionSignature;
import org.exist.xquery.XPathException;
import org.exist.xquery.XQueryContext;
import org.exist.xquery.value.AnyURIValue;
import org.exist.xquery.value.FunctionParameterSequenceType;
import org.exist.xquery.value.FunctionReturnSequenceType;
import org.exist.xquery.value.Sequence;
import org.exist.xquery.value.SequenceType;
import org.exist.xquery.value.StringValue;
import org.exist.xquery.value.ValueSequence;

/* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/xquery/functions/securitymanager/GetPrincipalMetadataFunction.class */
public class GetPrincipalMetadataFunction extends BasicFunction {
    public static final SchemaType[] GROUP_METADATA_KEYS = {AXSchemaType.LANGUAGE, AXSchemaType.EMAIL, EXistSchemaType.DESCRIPTION};
    private static final QName qnGetAccountMetadataKeys = new QName("get-account-metadata-keys", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnGetAccountMetadata = new QName("get-account-metadata", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnGetGroupMetadataKeys = new QName("get-group-metadata-keys", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnGetGroupMetadata = new QName("get-group-metadata", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    public static final FunctionSignature FNS_GET_ALL_ACCOUNT_METADATA_KEYS = new FunctionSignature(qnGetAccountMetadataKeys, "Gets a sequence of the metadata attribute keys that may be used for an account.", (SequenceType[]) null, new FunctionReturnSequenceType(25, 7, "The fully qualified metadata attribute key names"));
    public static final FunctionSignature FNS_GET_ACCOUNT_METADATA_KEYS = new FunctionSignature(qnGetAccountMetadataKeys, "Gets a sequence of the metadata attribute keys present for an account", new SequenceType[]{new FunctionParameterSequenceType("username", 22, 2, "The username of the account to retrieve metadata from.")}, new FunctionReturnSequenceType(25, 7, "The fully qualified metadata attribute key names"));
    public static final FunctionSignature FNS_GET_ACCOUNT_METADATA = new FunctionSignature(qnGetAccountMetadata, "Gets a metadata attribute value for an account", new SequenceType[]{new FunctionParameterSequenceType("username", 22, 2, "The username of the account to retrieve metadata from."), new FunctionParameterSequenceType("attribute", 25, 2, "The fully qualified metadata attribute key name")}, new FunctionReturnSequenceType(22, 3, "The metadata value"));
    public static final FunctionSignature FNS_GET_ALL_GROUP_METADATA_KEYS = new FunctionSignature(qnGetGroupMetadataKeys, "Gets a sequence of the metadata attribute keys that may be used for a group.", (SequenceType[]) null, new FunctionReturnSequenceType(25, 7, "The fully qualified metadata attribute key names"));
    public static final FunctionSignature FNS_GET_GROUP_METADATA_KEYS = new FunctionSignature(qnGetGroupMetadataKeys, "Gets a sequence of the metadata attribute keys present for a group", new SequenceType[]{new FunctionParameterSequenceType("group-name", 22, 2, "The name of the group to retrieve metadata from.")}, new FunctionReturnSequenceType(25, 7, "The fully qualified metadata attribute key names"));
    public static final FunctionSignature FNS_GET_GROUP_METADATA = new FunctionSignature(qnGetGroupMetadata, "Gets a metadata attribute value for a group", new SequenceType[]{new FunctionParameterSequenceType("group-name", 22, 2, "The name of the group to retrieve metadata from."), new FunctionParameterSequenceType("attribute", 25, 2, "The fully qualified metadata attribute key name")}, new FunctionReturnSequenceType(22, 3, "The metadata value"));

    public GetPrincipalMetadataFunction(XQueryContext xQueryContext, FunctionSignature functionSignature) {
        super(xQueryContext, functionSignature);
    }

    @Override // org.exist.xquery.BasicFunction
    public Sequence eval(Sequence[] sequenceArr, Sequence sequence) throws XPathException {
        Group account;
        Sequence principalMetadataKeys;
        Sequence sequence2 = Sequence.EMPTY_SEQUENCE;
        DBBroker broker = getContext().getBroker();
        Subject subject = broker.getSubject();
        if (sequenceArr.length != 0) {
            SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
            String stringValue = sequenceArr[0].getStringValue();
            if (isCalledAs(qnGetAccountMetadataKeys.getLocalPart()) || isCalledAs(qnGetAccountMetadata.getLocalPart())) {
                if (!subject.hasDbaRole() && !subject.getUsername().equals(stringValue)) {
                    throw new XPathException("You must be a DBA to retrieve metadata about other users, otherwise you may only retrieve metadata about yourself.");
                }
                account = securityManager.getAccount(stringValue);
            } else {
                if (!isCalledAs(qnGetGroupMetadataKeys.getLocalPart()) && !isCalledAs(qnGetGroupMetadata.getLocalPart())) {
                    throw new XPathException("Unknown function");
                }
                if (!subject.hasDbaRole() && !subject.hasGroup(stringValue)) {
                    throw new XPathException("You must be a DBA to retrieve metadata about other groups, otherwise you may only retrieve metadata about groups you are a member of.");
                }
                account = securityManager.getGroup(stringValue);
            }
            if (account == null) {
                principalMetadataKeys = Sequence.EMPTY_SEQUENCE;
            } else if (isCalledAs(qnGetAccountMetadataKeys.getLocalPart()) || isCalledAs(qnGetGroupMetadataKeys.getLocalPart())) {
                principalMetadataKeys = getPrincipalMetadataKeys(account);
            } else {
                if (!isCalledAs(qnGetAccountMetadata.getLocalPart()) && !isCalledAs(qnGetGroupMetadata.getLocalPart())) {
                    throw new XPathException("Unknown function");
                }
                principalMetadataKeys = getPrincipalMetadata(account, sequenceArr[1].getStringValue());
            }
        } else if (isCalledAs(qnGetAccountMetadataKeys.getLocalPart())) {
            principalMetadataKeys = getAllAccountMetadataKeys();
        } else {
            if (!isCalledAs(qnGetGroupMetadataKeys.getLocalPart())) {
                throw new XPathException("Unknown function");
            }
            principalMetadataKeys = getAllGroupMetadataKeys();
        }
        return principalMetadataKeys;
    }

    private Sequence getAllAccountMetadataKeys() throws XPathException {
        ValueSequence valueSequence = new ValueSequence();
        for (AXSchemaType aXSchemaType : AXSchemaType.values()) {
            valueSequence.add(new AnyURIValue(aXSchemaType.getNamespace()));
        }
        for (EXistSchemaType eXistSchemaType : EXistSchemaType.values()) {
            valueSequence.add(new AnyURIValue(eXistSchemaType.getNamespace()));
        }
        return valueSequence;
    }

    private Sequence getAllGroupMetadataKeys() throws XPathException {
        ValueSequence valueSequence = new ValueSequence();
        for (SchemaType schemaType : GROUP_METADATA_KEYS) {
            valueSequence.add(new AnyURIValue(schemaType.getNamespace()));
        }
        return valueSequence;
    }

    private Sequence getPrincipalMetadata(Principal principal, String str) {
        AXSchemaType valueOfNamespace = AXSchemaType.valueOfNamespace(str);
        String str2 = null;
        if (valueOfNamespace != null) {
            str2 = principal.getMetadataValue(valueOfNamespace);
        } else {
            EXistSchemaType valueOfNamespace2 = EXistSchemaType.valueOfNamespace(str);
            if (valueOfNamespace2 != null) {
                str2 = principal.getMetadataValue(valueOfNamespace2);
            }
        }
        return (str2 == null || str2.isEmpty()) ? Sequence.EMPTY_SEQUENCE : new StringValue(str2);
    }

    private Sequence getPrincipalMetadataKeys(Principal principal) throws XPathException {
        Set<SchemaType> metadataKeys = principal.getMetadataKeys();
        ValueSequence valueSequence = new ValueSequence(metadataKeys.size());
        Iterator<SchemaType> it = metadataKeys.iterator();
        while (it.hasNext()) {
            valueSequence.add(new AnyURIValue(it.next().getNamespace()));
        }
        return valueSequence;
    }
}
