package org.exist.xquery.functions.xmldb;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.exist.EXistException;
import org.exist.dom.QName;
import org.exist.security.Account;
import org.exist.security.Group;
import org.exist.security.PermissionDeniedException;
import org.exist.security.SecurityManager;
import org.exist.security.Subject;
import org.exist.xquery.BasicFunction;
import org.exist.xquery.FunctionSignature;
import org.exist.xquery.XPathException;
import org.exist.xquery.XQueryContext;
import org.exist.xquery.functions.securitymanager.GroupMembershipFunction;
import org.exist.xquery.value.BooleanValue;
import org.exist.xquery.value.FunctionParameterSequenceType;
import org.exist.xquery.value.FunctionReturnSequenceType;
import org.exist.xquery.value.Sequence;
import org.exist.xquery.value.SequenceType;

@Deprecated
/* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/xquery/functions/xmldb/XMLDBAddUserToGroup.class */
public class XMLDBAddUserToGroup extends BasicFunction {
    protected static final Logger logger = LogManager.getLogger((Class<?>) XMLDBAddUserToGroup.class);
    public static final FunctionSignature signature = new FunctionSignature(new QName("add-user-to-group", XMLDBModule.NAMESPACE_URI, "xmldb"), "Add a user to a group. $user is the username. $group is the group nameThe XQuery owner must have appropriate privileges to do this, e.g. having DBA role.", new SequenceType[]{new FunctionParameterSequenceType("user", 22, 2, "The user name"), new FunctionParameterSequenceType("group", 22, 2, "The group name")}, new FunctionReturnSequenceType(23, 2, "true() or false() indicating the outcome of the operation"), GroupMembershipFunction.FNS_ADD_GROUP_MEMBER);

    public XMLDBAddUserToGroup(XQueryContext xQueryContext) {
        super(xQueryContext, signature);
    }

    @Override // org.exist.xquery.BasicFunction
    public Sequence eval(Sequence[] sequenceArr, Sequence sequence) throws XPathException {
        SecurityManager securityManager;
        Group group;
        Account account;
        if ("guest".equals(this.context.getSubject().getName())) {
            XPathException xPathException = new XPathException(this, "Permission denied, calling account '" + this.context.getSubject().getName() + "' must be an authenticated account to call this function.");
            logger.error("Invalid user", (Throwable) xPathException);
            throw xPathException;
        }
        String stringValue = sequenceArr[0].getStringValue();
        String stringValue2 = sequenceArr[1].getStringValue();
        logger.info("Attempting to add user '" + stringValue + "' to group '" + stringValue2 + "'");
        try {
            securityManager = this.context.getBroker().getBrokerPool().getSecurityManager();
            group = securityManager.getGroup(stringValue2);
            account = securityManager.getAccount(stringValue);
        } catch (EXistException e) {
            logger.error("Failed to add user '" + stringValue + "' to group '" + stringValue2 + "'", (Throwable) e);
        } catch (PermissionDeniedException e2) {
            throw new XPathException(this, "Permission denied, calling account '" + this.context.getSubject().getName() + "' don not authorize to call this function.", e2);
        }
        if (account == null) {
            logger.warn("Could not find account for username '" + stringValue + "' in call to xmldb:add-user-to-group");
            return BooleanValue.FALSE;
        }
        account.addGroup(group);
        Subject subject = this.context.getBroker().getSubject();
        try {
            this.context.getBroker().setSubject(securityManager.getSystemSubject());
            securityManager.updateAccount(account);
            this.context.getBroker().setSubject(subject);
            return BooleanValue.TRUE;
        } catch (Throwable th) {
            this.context.getBroker().setSubject(subject);
            throw th;
        }
    }
}
