package org.apache.james.mailbox.acl;

import com.github.steveash.guavate.Guavate;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.Predicate;
import java.util.stream.Stream;
import org.apache.james.core.Username;
import org.apache.james.mailbox.exception.UnsupportedRightException;
import org.apache.james.mailbox.model.MailboxACL;

/* loaded from: input_file:org/apache/james/mailbox/acl/UnionMailboxACLResolver.class */
public class UnionMailboxACLResolver implements MailboxACLResolver {
    public static final MailboxACL DEFAULT_GLOBAL_GROUP_ACL = MailboxACL.OWNER_FULL_EXCEPT_ADMINISTRATION_ACL;
    public static final MailboxACL DEFAULT_GLOBAL_USER_ACL = MailboxACL.OWNER_FULL_ACL;
    private static final int POSITIVE_INDEX = 0;
    private static final int NEGATIVE_INDEX = 1;
    private final MailboxACL groupGlobalACL;
    private final MailboxACL userGlobalACL;

    public UnionMailboxACLResolver() {
        this.userGlobalACL = DEFAULT_GLOBAL_USER_ACL;
        this.groupGlobalACL = DEFAULT_GLOBAL_GROUP_ACL;
    }

    public UnionMailboxACLResolver(MailboxACL mailboxACL, MailboxACL mailboxACL2) {
        if (mailboxACL == null) {
            throw new NullPointerException("Missing userGlobalACL.");
        }
        if (mailboxACL2 == null) {
            throw new NullPointerException("Missing groupGlobalACL.");
        }
        this.userGlobalACL = mailboxACL;
        this.groupGlobalACL = mailboxACL2;
    }

    protected static boolean applies(MailboxACL.EntryKey entryKey, MailboxACL.EntryKey entryKey2, GroupMembershipResolver groupMembershipResolver, String str, boolean z) {
        String name = entryKey.getName();
        MailboxACL.NameType nameType = entryKey.getNameType();
        if (MailboxACL.SpecialName.anybody.name().equals(name)) {
            return true;
        }
        if (entryKey2 == null) {
            return false;
        }
        String name2 = entryKey2.getName();
        switch (entryKey2.getNameType()) {
            case special:
                switch (nameType) {
                    case special:
                        if (name.equals(name2)) {
                            return true;
                        }
                        return MailboxACL.SpecialName.owner.name().equals(name2) && MailboxACL.SpecialName.authenticated.name().equals(name);
                    case user:
                    case group:
                        return false;
                    default:
                        throw new IllegalStateException("Unexpected " + MailboxACL.NameType.class.getName() + "." + nameType);
                }
            case user:
                switch (nameType) {
                    case special:
                        if (MailboxACL.SpecialName.authenticated.name().equals(name)) {
                            return true;
                        }
                        if (MailboxACL.SpecialName.owner.name().equals(name)) {
                            return (!z && name2.equals(str)) || (z && groupMembershipResolver.isMember(Username.of(name2), str));
                        }
                        throw new IllegalStateException("Unexpected " + MailboxACL.SpecialName.class.getName() + "." + name);
                    case user:
                        return name.equals(name2);
                    case group:
                        return groupMembershipResolver.isMember(Username.of(name2), name);
                    default:
                        throw new IllegalStateException("Unexpected " + MailboxACL.NameType.class.getName() + "." + nameType);
                }
            case group:
                switch (nameType) {
                    case special:
                        if (MailboxACL.SpecialName.authenticated.name().equals(name)) {
                            return true;
                        }
                        if (MailboxACL.SpecialName.owner.name().equals(name)) {
                            return z && name2.equals(str);
                        }
                        throw new IllegalStateException("Unexpected " + MailboxACL.SpecialName.class.getName() + "." + name);
                    case user:
                        return false;
                    case group:
                        return name.equals(name2);
                    default:
                        throw new IllegalStateException("Unexpected " + MailboxACL.NameType.class.getName() + "." + nameType);
                }
            default:
                throw new IllegalStateException("Unexpected " + MailboxACL.NameType.class.getName() + "." + entryKey2.getNameType());
        }
    }

    @Override // org.apache.james.mailbox.acl.MailboxACLResolver
    public MailboxACL applyGlobalACL(MailboxACL mailboxACL, boolean z) throws UnsupportedRightException {
        return z ? mailboxACL.union(this.groupGlobalACL) : mailboxACL.union(this.userGlobalACL);
    }

    @Override // org.apache.james.mailbox.acl.MailboxACLResolver
    public List<MailboxACL.Rfc4314Rights> listRights(MailboxACL.EntryKey entryKey, GroupMembershipResolver groupMembershipResolver, String str, boolean z) throws UnsupportedRightException {
        MailboxACL.Rfc4314Rights[] rfc4314RightsArr = {MailboxACL.NO_RIGHTS, MailboxACL.NO_RIGHTS};
        resolveRights(entryKey, groupMembershipResolver, (z ? this.groupGlobalACL : this.userGlobalACL).getEntries(), str, z, rfc4314RightsArr);
        return entryKey.isNegative() ? toListRights(rfc4314RightsArr[1]) : toListRights(rfc4314RightsArr[0].except(rfc4314RightsArr[1]));
    }

    private static List<MailboxACL.Rfc4314Rights> toListRights(MailboxACL.Rfc4314Rights rfc4314Rights) throws UnsupportedRightException {
        Stream<MailboxACL.Right> stream = MailboxACL.FULL_RIGHTS.list().stream();
        Objects.requireNonNull(rfc4314Rights);
        return (List) Stream.concat(stream.filter(Predicate.not(rfc4314Rights::contains)).map(right -> {
            return new MailboxACL.Rfc4314Rights(right);
        }), Stream.of(rfc4314Rights)).collect(Guavate.toImmutableList());
    }

    @Override // org.apache.james.mailbox.acl.MailboxACLResolver
    public MailboxACL.Rfc4314Rights resolveRights(Username username, GroupMembershipResolver groupMembershipResolver, MailboxACL mailboxACL, String str, boolean z) throws UnsupportedRightException {
        MailboxACL.Rfc4314Rights[] rfc4314RightsArr = {MailboxACL.NO_RIGHTS, MailboxACL.NO_RIGHTS};
        MailboxACL.EntryKey createUserEntryKey = username == null ? null : MailboxACL.EntryKey.createUserEntryKey(username);
        resolveRights(createUserEntryKey, groupMembershipResolver, (z ? this.groupGlobalACL : this.userGlobalACL).getEntries(), str, z, rfc4314RightsArr);
        if (mailboxACL != null) {
            resolveRights(createUserEntryKey, groupMembershipResolver, mailboxACL.getEntries(), str, z, rfc4314RightsArr);
        }
        return rfc4314RightsArr[0].except(rfc4314RightsArr[1]);
    }

    private void resolveRights(MailboxACL.EntryKey entryKey, GroupMembershipResolver groupMembershipResolver, Map<MailboxACL.EntryKey, MailboxACL.Rfc4314Rights> map, String str, boolean z, MailboxACL.Rfc4314Rights[] rfc4314RightsArr) throws UnsupportedRightException {
        if (map != null) {
            for (Map.Entry<MailboxACL.EntryKey, MailboxACL.Rfc4314Rights> entry : map.entrySet()) {
                MailboxACL.EntryKey key = entry.getKey();
                if (applies(key, entryKey, groupMembershipResolver, str, z)) {
                    if (key.isNegative()) {
                        rfc4314RightsArr[1] = rfc4314RightsArr[1].union(entry.getValue());
                    } else {
                        rfc4314RightsArr[0] = rfc4314RightsArr[0].union(entry.getValue());
                    }
                }
            }
        }
    }
}
