package org.exist.security;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.exist.config.Configuration;
import org.exist.config.ConfigurationException;
import org.exist.config.annotation.ConfigurationClass;
import org.exist.config.annotation.ConfigurationFieldAsElement;
import org.exist.config.annotation.ConfigurationFieldSettings;
import org.exist.config.annotation.ConfigurationReferenceBy;
import org.exist.storage.BrokerPool;
import org.exist.storage.DBBroker;

@ConfigurationClass("")
/* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/AbstractAccount.class */
public abstract class AbstractAccount extends AbstractPrincipal implements Account {

    @ConfigurationFieldAsElement("group")
    @ConfigurationReferenceBy("name")
    protected List<Group> groups;
    private boolean accountLocked;

    @ConfigurationFieldAsElement("expired")
    private boolean accountExpired;
    private boolean credentialsExpired;

    @ConfigurationFieldAsElement(BrokerPool.RECOVERY_ENABLED_ATTRIBUTE)
    private boolean enabled;

    @ConfigurationFieldAsElement("umask")
    @ConfigurationFieldSettings(ConfigurationFieldSettings.OCTAL_STRING_KEY)
    private int umask;

    @ConfigurationFieldAsElement("metadata")
    private Map<String, String> metadata;
    protected Credential _cred;
    protected boolean hasDbaRole;

    public AbstractAccount(AbstractRealm abstractRealm, int i, String str) throws ConfigurationException {
        super(abstractRealm, abstractRealm.collectionAccounts, i, str);
        this.groups = new ArrayList();
        this.accountLocked = false;
        this.accountExpired = false;
        this.credentialsExpired = false;
        this.enabled = true;
        this.umask = 18;
        this.metadata = new HashMap();
        this._cred = null;
        this.hasDbaRole = false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAccount(DBBroker dBBroker, AbstractRealm abstractRealm, int i, String str) throws ConfigurationException {
        super(dBBroker, abstractRealm, abstractRealm.collectionAccounts, i, str);
        this.groups = new ArrayList();
        this.accountLocked = false;
        this.accountExpired = false;
        this.credentialsExpired = false;
        this.enabled = true;
        this.umask = 18;
        this.metadata = new HashMap();
        this._cred = null;
        this.hasDbaRole = false;
    }

    public AbstractAccount(AbstractRealm abstractRealm, Configuration configuration) throws ConfigurationException {
        super(abstractRealm, configuration);
        this.groups = new ArrayList();
        this.accountLocked = false;
        this.accountExpired = false;
        this.credentialsExpired = false;
        this.enabled = true;
        this.umask = 18;
        this.metadata = new HashMap();
        this._cred = null;
        this.hasDbaRole = false;
    }

    public boolean checkCredentials(Object obj) {
        if (this._cred == null) {
            return false;
        }
        return this._cred.check(obj);
    }

    @Override // org.exist.security.User
    public Group addGroup(String str) throws PermissionDeniedException {
        Group group = getRealm().getGroup(str);
        if (group == null) {
            group = getRealm().getSecurityManager().getGroup(str);
        }
        return addGroup(group);
    }

    protected final Group addGroup(Configuration configuration) throws PermissionDeniedException {
        String property;
        if (configuration == null || (property = configuration.getProperty("name")) == null) {
            return null;
        }
        return addGroup(property);
    }

    @Override // org.exist.security.User
    public Group addGroup(Group group) throws PermissionDeniedException {
        if (group == null) {
            return null;
        }
        group.assertCanModifyGroup(getDatabase().getSubject());
        if (!this.groups.contains(group)) {
            this.groups.add(group);
            if (SecurityManager.DBA_GROUP.equals(group.getName())) {
                this.hasDbaRole = true;
            }
        }
        return group;
    }

    @Override // org.exist.security.Account
    public void setPrimaryGroup(Group group) throws PermissionDeniedException {
        group.assertCanModifyGroup(getDatabase().getSubject());
        if (!this.groups.contains(group)) {
            addGroup(group);
        }
        Collections.sort(this.groups, (group2, group3) -> {
            return group2.getName().equals(group.getName()) ? -1 : 1;
        });
    }

    @Override // org.exist.security.User
    public final void remGroup(String str) throws PermissionDeniedException {
        Subject subject = getDatabase().getSubject();
        Iterator<Group> it = this.groups.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Group next = it.next();
            if (next.getName().equals(str)) {
                next.assertCanModifyGroup(subject);
                this.groups.remove(next);
                break;
            }
        }
        if (SecurityManager.DBA_GROUP.equals(str)) {
            this.hasDbaRole = false;
        }
    }

    @Override // org.exist.security.User
    public final void setGroups(String[] strArr) {
    }

    @Override // org.exist.security.User
    public String[] getGroups() {
        if (this.groups == null) {
            return new String[0];
        }
        int i = 0;
        String[] strArr = new String[this.groups.size()];
        Iterator<Group> it = this.groups.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            strArr[i2] = it.next().getName();
        }
        return strArr;
    }

    @Override // org.exist.security.User
    public int[] getGroupIds() {
        if (this.groups == null) {
            return new int[0];
        }
        int i = 0;
        int[] iArr = new int[this.groups.size()];
        Iterator<Group> it = this.groups.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            iArr[i2] = it.next().getId();
        }
        return iArr;
    }

    @Override // org.exist.security.User
    public final boolean hasGroup(String str) {
        if (this.groups == null) {
            return false;
        }
        Iterator<Group> it = this.groups.iterator();
        while (it.hasNext()) {
            if (it.next().getName().equals(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.exist.security.User
    public final boolean hasDbaRole() {
        return this.hasDbaRole;
    }

    @Override // java.security.Principal
    public final String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("<account name=\"");
        sb.append(this.name);
        sb.append("\" ");
        sb.append("id=\"");
        sb.append(Integer.toString(this.id));
        sb.append("\"");
        sb.append(">");
        if (this.groups != null) {
            Iterator<Group> it = this.groups.iterator();
            while (it.hasNext()) {
                sb.append(it.next().toString());
            }
        }
        sb.append("</account>");
        return sb.toString();
    }

    @Override // java.security.Principal
    public boolean equals(Object obj) {
        AbstractAccount abstractAccount = obj instanceof AbstractSubject ? ((AbstractSubject) obj).account : obj instanceof AbstractAccount ? (AbstractAccount) obj : null;
        return abstractAccount != null && getRealm() == abstractAccount.getRealm() && this.name.equals(abstractAccount.name);
    }

    @Override // org.exist.security.User
    public final String getPrimaryGroup() {
        Group defaultGroup = getDefaultGroup();
        if (defaultGroup != null) {
            return defaultGroup.getName();
        }
        return null;
    }

    @Override // org.exist.security.User
    @Deprecated
    public Group getDefaultGroup() {
        if (this.groups == null || this.groups.size() <= 0) {
            return null;
        }
        return this.groups.get(0);
    }

    @Override // org.exist.security.User
    public String getUsername() {
        return getName();
    }

    @Override // org.exist.security.User
    public boolean isAccountNonExpired() {
        return !this.accountExpired;
    }

    @Override // org.exist.security.User
    public boolean isAccountNonLocked() {
        return !this.accountLocked;
    }

    @Override // org.exist.security.User
    public boolean isCredentialsNonExpired() {
        return !this.credentialsExpired;
    }

    @Override // org.exist.security.User
    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    @Override // org.exist.security.User
    public boolean isEnabled() {
        return this.enabled;
    }

    @Override // org.exist.security.Principal
    public String getMetadataValue(SchemaType schemaType) {
        return this.metadata.get(schemaType.getNamespace());
    }

    @Override // org.exist.security.Principal
    public void setMetadataValue(SchemaType schemaType, String str) {
        this.metadata.put(schemaType.getNamespace(), str);
    }

    @Override // org.exist.security.Principal
    public Set<SchemaType> getMetadataKeys() {
        HashSet hashSet = new HashSet();
        for (String str : this.metadata.keySet()) {
            if (AXSchemaType.valueOfNamespace(str) != null) {
                hashSet.add(AXSchemaType.valueOfNamespace(str));
            } else if (EXistSchemaType.valueOfNamespace(str) != null) {
                hashSet.add(EXistSchemaType.valueOfNamespace(str));
            }
        }
        return hashSet;
    }

    @Override // org.exist.security.Principal
    public void clearMetadata() {
        if (this.metadata != null) {
            this.metadata.clear();
        }
    }

    @Override // org.exist.security.Account
    public void assertCanModifyAccount(Account account) throws PermissionDeniedException {
        if (account == null) {
            throw new PermissionDeniedException("Unspecified User is not allowed to modify account '" + getName() + "'");
        }
        if (!account.hasDbaRole() && !account.getName().equals(getName())) {
            throw new PermissionDeniedException("User '" + account.getName() + "' is not allowed to modify account '" + getName() + "'");
        }
    }

    @Override // org.exist.security.Account
    public void setUserMask(int i) {
        this.umask = i;
    }

    @Override // org.exist.security.Account
    public int getUserMask() {
        return this.umask;
    }
}
