package org.dcache.acl.mapper;

import java.util.Iterator;
import javax.security.auth.Subject;
import org.dcache.acl.ACE;
import org.dcache.acl.ACL;
import org.dcache.acl.ACLException;
import org.dcache.acl.Owner;
import org.dcache.acl.Permission;
import org.dcache.acl.enums.AceFlags;
import org.dcache.acl.enums.RsType;
import org.dcache.acl.enums.Who;
import org.dcache.acl.unix.ACLUnix;
import org.dcache.auth.Origin;
import org.dcache.auth.Subjects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/dcache/acl/mapper/AclMapper.class */
public class AclMapper {
    private static final Logger logger = LoggerFactory.getLogger("logger.org.dcache.authorization." + AclMapper.class.getName());

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.dcache.acl.mapper.AclMapper$1, reason: invalid class name */
    /* loaded from: input_file:org/dcache/acl/mapper/AclMapper$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$dcache$acl$enums$Who = new int[Who.values().length];

        static {
            try {
                $SwitchMap$org$dcache$acl$enums$Who[Who.OWNER.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$dcache$acl$enums$Who[Who.OWNER_GROUP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$dcache$acl$enums$Who[Who.EVERYONE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$dcache$acl$enums$Who[Who.ANONYMOUS.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$dcache$acl$enums$Who[Who.AUTHENTICATED.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$dcache$acl$enums$Who[Who.USER.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$dcache$acl$enums$Who[Who.GROUP.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    private AclMapper() {
    }

    public static Permission getPermission(Subject subject, Origin origin, Owner owner, ACL acl) {
        int defMsk;
        Permission permission = new Permission();
        try {
            try {
            } catch (ACLException e) {
                logger.error(e.getMessage());
                if (logger.isDebugEnabled()) {
                    logger.debug("Getted Permission: " + (0 == 0 ? permission.toString() : permission.asString(null)));
                }
            }
            if (Subjects.isRoot(subject)) {
                permission.setAll();
                if (logger.isDebugEnabled()) {
                    logger.debug("ROOT has an access to everything.");
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("Getted Permission: " + (0 == 0 ? permission.toString() : permission.asString(null)));
                }
                return permission;
            }
            if (acl == null) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Getted Permission: " + (0 == 0 ? permission.toString() : permission.asString(null)));
                }
                return permission;
            }
            RsType rsType = acl.getRsType();
            int i = 0;
            int i2 = 0;
            Iterator it = acl.getList().iterator();
            while (it.hasNext()) {
                Permission permission2 = getPermission(subject, origin, owner, (ACE) it.next(), rsType);
                if (permission2 != null && (defMsk = permission2.getDefMsk() & (i ^ (-1))) != 0) {
                    i |= defMsk;
                    if (permission2.getAllowMsk() == 0) {
                        i2 |= defMsk;
                    }
                }
            }
            permission.setDefMsk(i);
            permission.setAllowMsk(i2);
            if (logger.isDebugEnabled()) {
                logger.debug("Getted Permission: " + (rsType == null ? permission.toString() : permission.asString(rsType)));
            }
            return permission;
        } catch (Throwable th) {
            if (logger.isDebugEnabled()) {
                logger.debug("Getted Permission: " + (0 == 0 ? permission.toString() : permission.asString(null)));
            }
            throw th;
        }
    }

    public static Permission[] getPermissions(Subject subject, Origin origin, Owner[] ownerArr, ACL[] aclArr) {
        int length = aclArr.length;
        Permission[] permissionArr = new Permission[length];
        for (int i = 0; i < length; i++) {
            permissionArr[i] = getPermission(subject, origin, ownerArr[i], aclArr[i]);
        }
        return permissionArr;
    }

    private static Permission getPermission(Subject subject, Origin origin, Owner owner, ACE ace, RsType rsType) throws ACLException {
        Permission permission = null;
        if (rsType == RsType.DIR && AceFlags.INHERIT_ONLY_ACE.matches(ace.getFlags())) {
            return null;
        }
        switch (AnonymousClass1.$SwitchMap$org$dcache$acl$enums$Who[ace.getWho().ordinal()]) {
            case ACLUnix.GROUP_OWNER_INDEX /* 1 */:
                if (Subjects.hasUid(subject, owner.getUid())) {
                    permission = new Permission(ace.getAccessMsk(), ace.getType().getValue());
                    break;
                }
                break;
            case ACLUnix.OTHER_INDEX /* 2 */:
                if (Subjects.hasGid(subject, owner.getGid())) {
                    permission = new Permission(ace.getAccessMsk(), ace.getType().getValue());
                    break;
                }
                break;
            case ACLUnix.NUM_ACES /* 3 */:
                permission = new Permission(ace.getAccessMsk(), ace.getType().getValue());
                break;
            case 4:
                if (Subjects.isNobody(subject)) {
                    permission = new Permission(ace.getAccessMsk(), ace.getType().getValue());
                    break;
                }
                break;
            case 5:
                if (!Subjects.isNobody(subject)) {
                    permission = new Permission(ace.getAccessMsk(), ace.getType().getValue());
                    break;
                }
                break;
            case 6:
                if (Subjects.hasUid(subject, ace.getWhoID())) {
                    permission = new Permission(ace.getAccessMsk(), ace.getType().getValue());
                    break;
                }
                break;
            case 7:
                if (Subjects.hasGid(subject, ace.getWhoID())) {
                    permission = new Permission(ace.getAccessMsk(), ace.getType().getValue());
                    break;
                }
                break;
            default:
                throw new ACLException("Get Permission", "Invalid who: " + ace.getWho());
        }
        return permission;
    }
}
