package org.exist.xquery.functions.securitymanager;

import com.siemens.ct.exi.core.AbstractEXIHeader;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.xpath.compiler.Keywords;
import org.exist.dom.QName;
import org.exist.security.SecurityManager;
import org.exist.security.Subject;
import org.exist.storage.DBBroker;
import org.exist.xquery.BasicFunction;
import org.exist.xquery.FunctionSignature;
import org.exist.xquery.XPathException;
import org.exist.xquery.XQueryContext;
import org.exist.xquery.value.BooleanValue;
import org.exist.xquery.value.FunctionParameterSequenceType;
import org.exist.xquery.value.FunctionReturnSequenceType;
import org.exist.xquery.value.Sequence;
import org.exist.xquery.value.SequenceType;
import org.exist.xquery.value.StringValue;
import org.exist.xquery.value.ValueSequence;

/* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/xquery/functions/securitymanager/FindGroupFunction.class */
public class FindGroupFunction extends BasicFunction {
    private static final QName qnFindGroupsByGroupname = new QName("find-groups-by-groupname", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnListGroups = new QName("list-groups", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnFindGroupsWhereGroupnameContains = new QName("find-groups-where-groupname-contains", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnGetUserGroups = new QName("get-user-groups", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnGetUserPrimaryGroup = new QName("get-user-primary-group", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnGroupExists = new QName("group-exists", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnGetGroups = new QName("get-groups", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    public static final FunctionSignature FNS_LIST_GROUPS = new FunctionSignature(qnListGroups, "List all groups", (SequenceType[]) null, new FunctionReturnSequenceType(22, 7, "The list of groups"));
    public static final FunctionSignature FNS_GET_GROUPS = new FunctionSignature(qnGetGroups, "List all groups", (SequenceType[]) null, new FunctionReturnSequenceType(22, 7, "The list of groups"), FNS_LIST_GROUPS);
    public static final FunctionSignature FNS_FIND_GROUPS_BY_GROUPNAME = new FunctionSignature(qnFindGroupsByGroupname, "Finds groups whoose group name starts with a matching string", new SequenceType[]{new FunctionParameterSequenceType(Keywords.FUNC_STARTS_WITH_STRING, 22, 2, "The starting string against which to match group names")}, new FunctionReturnSequenceType(22, 7, "The list of matching group names"));
    public static final FunctionSignature FNS_FIND_GROUPS_WHERE_GROUPNAME_CONTANINS = new FunctionSignature(qnFindGroupsWhereGroupnameContains, "Finds groups whoose group name contains the string fragment", new SequenceType[]{new FunctionParameterSequenceType(AbstractEXIHeader.FRAGMENT, 22, 2, "The fragment against which to match group names")}, new FunctionReturnSequenceType(22, 7, "The list of matching group names"));
    public static final FunctionSignature FNS_GET_USER_GROUPS = new FunctionSignature(qnGetUserGroups, "Returns the sequence of groups that the user $user is a member of. You must be a DBA or logged in as the user for which you are trying to retrieve group details for.", new SequenceType[]{new FunctionParameterSequenceType("user", 22, 2, "The username to retrieve the group membership list for.")}, new FunctionReturnSequenceType(22, 6, "The users group memberships"));
    public static final FunctionSignature FNS_GET_USER_PRIMARY_GROUP = new FunctionSignature(qnGetUserPrimaryGroup, "Returns the primary group of the user $user. You must be a DBA or logged in as the user for which you are trying to retrieve group details for.", new SequenceType[]{new FunctionParameterSequenceType("user", 22, 2, "The username to retrieve the primary group of.")}, new FunctionReturnSequenceType(22, 2, "The users primary group"));
    public static final FunctionSignature FNS_GROUP_EXISTS = new FunctionSignature(qnGroupExists, "Determines whether a user group exists.", new SequenceType[]{new FunctionParameterSequenceType("group", 22, 2, "The name of the user group to check for existence.")}, new FunctionReturnSequenceType(23, 2, "true if the user group exists, false otherwise."));

    public FindGroupFunction(XQueryContext xQueryContext, FunctionSignature functionSignature) {
        super(xQueryContext, functionSignature);
    }

    @Override // org.exist.xquery.BasicFunction
    public Sequence eval(Sequence[] sequenceArr, Sequence sequence) throws XPathException {
        List<String> findAllGroupNames;
        Sequence valueSequence;
        DBBroker broker = getContext().getBroker();
        Subject subject = broker.getSubject();
        if (!isCalledAs(qnGetUserGroups.getLocalPart()) && subject.getName().equals("guest")) {
            throw new XPathException("You must be an authenticated user");
        }
        SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
        if (isCalledAs(qnGetUserPrimaryGroup.getLocalPart())) {
            valueSequence = new StringValue(securityManager.getAccount(sequenceArr[0].getStringValue()).getPrimaryGroup());
        } else if (isCalledAs(qnGroupExists.getLocalPart())) {
            valueSequence = BooleanValue.valueOf(securityManager.hasGroup(sequenceArr[0].getStringValue()));
        } else {
            if (isCalledAs(qnListGroups.getLocalPart()) || isCalledAs(qnGetGroups.getLocalPart())) {
                findAllGroupNames = securityManager.findAllGroupNames();
            } else if (isCalledAs(qnFindGroupsByGroupname.getLocalPart())) {
                findAllGroupNames = securityManager.findGroupnamesWhereGroupnameStarts(sequenceArr[0].getStringValue());
            } else if (isCalledAs(qnFindGroupsWhereGroupnameContains.getLocalPart())) {
                findAllGroupNames = securityManager.findGroupnamesWhereGroupnameContains(sequenceArr[0].getStringValue());
            } else {
                if (!isCalledAs(qnGetUserGroups.getLocalPart())) {
                    throw new XPathException("Unknown function");
                }
                String stringValue = sequenceArr[0].getStringValue();
                if (!subject.hasDbaRole() && !subject.getName().equals(stringValue)) {
                    throw new XPathException("You must be a DBA or enquiring about your own user account!");
                }
                findAllGroupNames = Arrays.asList(securityManager.getAccount(stringValue).getGroups());
            }
            Collections.sort(findAllGroupNames);
            valueSequence = new ValueSequence();
            Iterator<String> it = findAllGroupNames.iterator();
            while (it.hasNext()) {
                valueSequence.add(new StringValue(it.next()));
            }
        }
        return valueSequence;
    }
}
