package org.apache.directory.server.core.operational;

import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.DefaultAttribute;
import org.apache.directory.api.ldap.model.entry.DefaultModification;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Modification;
import org.apache.directory.api.ldap.model.entry.ModificationOperation;
import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapNoPermissionException;
import org.apache.directory.api.ldap.model.name.Ava;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.name.Rdn;
import org.apache.directory.api.ldap.model.schema.AttributeType;
import org.apache.directory.api.ldap.model.schema.AttributeTypeOptions;
import org.apache.directory.api.ldap.model.schema.ObjectClass;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.apache.directory.api.util.DateUtils;
import org.apache.directory.server.constants.ApacheSchemaConstants;
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.InterceptorEnum;
import org.apache.directory.server.core.api.entry.ClonedServerEntry;
import org.apache.directory.server.core.api.filtering.EntryFilter;
import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.api.interceptor.context.DeleteOperationContext;
import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
import org.apache.directory.server.core.api.interceptor.context.ModifyOperationContext;
import org.apache.directory.server.core.api.interceptor.context.MoveAndRenameOperationContext;
import org.apache.directory.server.core.api.interceptor.context.MoveOperationContext;
import org.apache.directory.server.core.api.interceptor.context.OperationContext;
import org.apache.directory.server.core.api.interceptor.context.RenameOperationContext;
import org.apache.directory.server.core.api.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.api.partition.Subordinates;
import org.apache.directory.server.core.shared.SchemaService;
import org.apache.directory.server.i18n.I18n;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:resources/libs/apacheds-service.jar:org/apache/directory/server/core/operational/OperationalAttributeInterceptor.class */
public class OperationalAttributeInterceptor extends BaseInterceptor {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) OperationalAttributeInterceptor.class);
    private final EntryFilter denormalizingSearchFilter;
    private final EntryFilter operationalAttributeSearchFilter;
    private final EntryFilter subordinatesSearchFilter;
    private Dn subschemaSubentryDn;
    private Dn adminDn;

    /* loaded from: input_file:resources/libs/apacheds-service.jar:org/apache/directory/server/core/operational/OperationalAttributeInterceptor$OperationalAttributeDenormalizingSearchFilter.class */
    private class OperationalAttributeDenormalizingSearchFilter implements EntryFilter {
        private OperationalAttributeDenormalizingSearchFilter() {
        }

        @Override // org.apache.directory.server.core.api.filtering.EntryFilter
        public boolean accept(SearchOperationContext searchOperationContext, Entry entry) throws LdapException {
            if (searchOperationContext.getReturningAttributesString() == null) {
                return true;
            }
            OperationalAttributeInterceptor.this.denormalizeEntryOpAttrs(entry);
            return true;
        }

        @Override // org.apache.directory.server.core.api.filtering.EntryFilter
        public String toString(String str) {
            return str + "OperationalAttributeDenormalizingSearchFilter";
        }
    }

    /* loaded from: input_file:resources/libs/apacheds-service.jar:org/apache/directory/server/core/operational/OperationalAttributeInterceptor$OperationalAttributeSearchFilter.class */
    private class OperationalAttributeSearchFilter implements EntryFilter {
        private OperationalAttributeSearchFilter() {
        }

        @Override // org.apache.directory.server.core.api.filtering.EntryFilter
        public boolean accept(SearchOperationContext searchOperationContext, Entry entry) throws LdapException {
            if (searchOperationContext.getReturningAttributesString() == null) {
                return true;
            }
            SchemaManager schemaManager = searchOperationContext.getSession().getDirectoryService().getSchemaManager();
            if (!searchOperationContext.isAllOperationalAttributes() && !searchOperationContext.getReturningAttributes().contains(new AttributeTypeOptions(schemaManager.getAttributeType(SchemaConstants.SUBSCHEMA_SUBENTRY_AT)))) {
                return true;
            }
            AttributeType attributeType = schemaManager.getAttributeType(SchemaConstants.SUBSCHEMA_SUBENTRY_AT);
            entry.add(new DefaultAttribute(attributeType, OperationalAttributeInterceptor.this.directoryService.getPartitionNexus().getRootDseValue(attributeType)));
            return true;
        }

        @Override // org.apache.directory.server.core.api.filtering.EntryFilter
        public String toString(String str) {
            return str + "OperationalAttributeSearchFilter";
        }
    }

    /* loaded from: input_file:resources/libs/apacheds-service.jar:org/apache/directory/server/core/operational/OperationalAttributeInterceptor$SubordinatesSearchFilter.class */
    private class SubordinatesSearchFilter implements EntryFilter {
        private SubordinatesSearchFilter() {
        }

        @Override // org.apache.directory.server.core.api.filtering.EntryFilter
        public boolean accept(SearchOperationContext searchOperationContext, Entry entry) throws LdapException {
            OperationalAttributeInterceptor.this.processSubordinates(searchOperationContext, searchOperationContext.getReturningAttributes(), searchOperationContext.isAllOperationalAttributes(), entry);
            return true;
        }

        @Override // org.apache.directory.server.core.api.filtering.EntryFilter
        public String toString(String str) {
            return str + "SubordinatesSearchFilter";
        }
    }

    public OperationalAttributeInterceptor() {
        super(InterceptorEnum.OPERATIONAL_ATTRIBUTE_INTERCEPTOR);
        this.denormalizingSearchFilter = new OperationalAttributeDenormalizingSearchFilter();
        this.operationalAttributeSearchFilter = new OperationalAttributeSearchFilter();
        this.subordinatesSearchFilter = new SubordinatesSearchFilter();
    }

    @Override // org.apache.directory.server.core.api.interceptor.BaseInterceptor, org.apache.directory.server.core.api.interceptor.Interceptor
    public void init(DirectoryService directoryService) throws LdapException {
        super.init(directoryService);
        this.subschemaSubentryDn = this.dnFactory.create(directoryService.getPartitionNexus().getRootDseValue(directoryService.getAtProvider().getSubschemaSubentry()).getString());
        this.adminDn = this.dnFactory.create(ServerDNConstants.ADMIN_SYSTEM_DN);
    }

    @Override // org.apache.directory.server.core.api.interceptor.BaseInterceptor, org.apache.directory.server.core.api.interceptor.Interceptor
    public void destroy() {
    }

    private boolean checkAddOperationalAttribute(boolean z, Entry entry, AttributeType attributeType) throws LdapException {
        if (!entry.containsAttribute(attributeType)) {
            return false;
        }
        if (z) {
            return true;
        }
        String err = I18n.err(I18n.ERR_30, attributeType);
        LOG.error(err);
        throw new LdapNoPermissionException(err);
    }

    @Override // org.apache.directory.server.core.api.interceptor.BaseInterceptor, org.apache.directory.server.core.api.interceptor.Interceptor
    public void add(AddOperationContext addOperationContext) throws LdapException {
        String name = getPrincipal(addOperationContext).getName();
        Entry entry = addOperationContext.getEntry();
        boolean equals = addOperationContext.getSession().getAuthenticatedPrincipal().getDn().equals(this.adminDn);
        if (!checkAddOperationalAttribute(equals, entry, this.directoryService.getAtProvider().getEntryUUID())) {
            entry.put(this.directoryService.getAtProvider().getEntryUUID(), UUID.randomUUID().toString());
        }
        if (!checkAddOperationalAttribute(equals, entry, this.directoryService.getAtProvider().getEntryCSN())) {
            entry.put(this.directoryService.getAtProvider().getEntryCSN(), this.directoryService.getCSN().toString());
        }
        if (!checkAddOperationalAttribute(equals, entry, this.directoryService.getAtProvider().getCreatorsName())) {
            entry.put(this.directoryService.getAtProvider().getCreatorsName(), name);
        }
        if (!checkAddOperationalAttribute(equals, entry, this.directoryService.getAtProvider().getCreateTimestamp())) {
            entry.put(this.directoryService.getAtProvider().getCreateTimestamp(), DateUtils.getGeneralizedTime(this.directoryService.getTimeProvider()));
        }
        checkAddOperationalAttribute(equals, entry, this.directoryService.getAtProvider().getAccessControlSubentries());
        checkAddOperationalAttribute(equals, entry, this.directoryService.getAtProvider().getCollectiveAttributeSubentries());
        checkAddOperationalAttribute(equals, entry, this.directoryService.getAtProvider().getTriggerExecutionSubentries());
        checkAddOperationalAttribute(equals, entry, this.directoryService.getAtProvider().getSubschemaSubentry());
        next(addOperationContext);
    }

    @Override // org.apache.directory.server.core.api.interceptor.BaseInterceptor, org.apache.directory.server.core.api.interceptor.Interceptor
    public Entry lookup(LookupOperationContext lookupOperationContext) throws LdapException {
        Dn dn = lookupOperationContext.getDn();
        if (dn.getNormName().equals(this.subschemaSubentryDn.getNormName())) {
            Entry subschemaEntry = SchemaService.getSubschemaEntry(this.directoryService, lookupOperationContext);
            subschemaEntry.setDn(dn);
            return subschemaEntry;
        }
        Entry next = next(lookupOperationContext);
        denormalizeEntryOpAttrs(next);
        processSubordinates(lookupOperationContext, lookupOperationContext.getReturningAttributes(), lookupOperationContext.isAllOperationalAttributes(), next);
        return next;
    }

    @Override // org.apache.directory.server.core.api.interceptor.BaseInterceptor, org.apache.directory.server.core.api.interceptor.Interceptor
    public void modify(ModifyOperationContext modifyOperationContext) throws LdapException {
        List<Modification> modItems = modifyOperationContext.getModItems();
        boolean equals = modifyOperationContext.getSession().getAuthenticatedPrincipal().getDn().equals(this.adminDn);
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        Dn dn = modifyOperationContext.getDn();
        Iterator<Modification> it = modItems.iterator();
        while (it.hasNext()) {
            AttributeType attributeType = it.next().getAttribute().getAttributeType();
            if (attributeType.equals(this.directoryService.getAtProvider().getModifiersName())) {
                if (!equals) {
                    String err = I18n.err(I18n.ERR_31, new Object[0]);
                    LOG.error(err);
                    throw new LdapNoPermissionException(err);
                }
                z = true;
            }
            if (attributeType.equals(this.directoryService.getAtProvider().getModifyTimestamp())) {
                if (!equals) {
                    String err2 = I18n.err(I18n.ERR_30, attributeType);
                    LOG.error(err2);
                    throw new LdapNoPermissionException(err2);
                }
                z2 = true;
            }
            if (attributeType.equals(this.directoryService.getAtProvider().getEntryCSN())) {
                if (!equals) {
                    String err3 = I18n.err(I18n.ERR_30, attributeType);
                    LOG.error(err3);
                    throw new LdapNoPermissionException(err3);
                }
                z3 = true;
            }
            if (PWD_POLICY_STATE_ATTRIBUTE_TYPES.contains(attributeType) && !equals) {
                String err4 = I18n.err(I18n.ERR_30, attributeType);
                LOG.error(err4);
                throw new LdapNoPermissionException(err4);
            }
        }
        if (!dn.equals(this.subschemaSubentryDn)) {
            if (!z) {
                modItems.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, new DefaultAttribute(this.directoryService.getAtProvider().getModifiersName(), getPrincipal(modifyOperationContext).getName())));
            }
            if (!z2) {
                modItems.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, new DefaultAttribute(this.directoryService.getAtProvider().getModifyTimestamp(), DateUtils.getGeneralizedTime(this.directoryService.getTimeProvider()))));
            }
            if (!z3) {
                modItems.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, new DefaultAttribute(this.directoryService.getAtProvider().getEntryCSN(), this.directoryService.getCSN().toString())));
            }
        }
        next(modifyOperationContext);
    }

    @Override // org.apache.directory.server.core.api.interceptor.BaseInterceptor, org.apache.directory.server.core.api.interceptor.Interceptor
    public void move(MoveOperationContext moveOperationContext) throws LdapException {
        Entry m546clone = moveOperationContext.getOriginalEntry().m546clone();
        m546clone.put(SchemaConstants.MODIFIERS_NAME_AT, getPrincipal(moveOperationContext).getName());
        m546clone.put(SchemaConstants.MODIFY_TIMESTAMP_AT, DateUtils.getGeneralizedTime(this.directoryService.getTimeProvider()));
        m546clone.put(new DefaultAttribute(this.directoryService.getAtProvider().getEntryCSN(), this.directoryService.getCSN().toString()));
        m546clone.setDn(moveOperationContext.getNewDn());
        moveOperationContext.setModifiedEntry(m546clone);
        next(moveOperationContext);
    }

    @Override // org.apache.directory.server.core.api.interceptor.BaseInterceptor, org.apache.directory.server.core.api.interceptor.Interceptor
    public void moveAndRename(MoveAndRenameOperationContext moveAndRenameOperationContext) throws LdapException {
        Entry modifiedEntry = moveAndRenameOperationContext.getModifiedEntry();
        modifiedEntry.put(SchemaConstants.MODIFIERS_NAME_AT, getPrincipal(moveAndRenameOperationContext).getName());
        modifiedEntry.put(SchemaConstants.MODIFY_TIMESTAMP_AT, DateUtils.getGeneralizedTime(this.directoryService.getTimeProvider()));
        modifiedEntry.setDn(moveAndRenameOperationContext.getNewDn());
        modifiedEntry.put(new DefaultAttribute(this.directoryService.getAtProvider().getEntryCSN(), this.directoryService.getCSN().toString()));
        moveAndRenameOperationContext.setModifiedEntry(modifiedEntry);
        next(moveAndRenameOperationContext);
    }

    @Override // org.apache.directory.server.core.api.interceptor.BaseInterceptor, org.apache.directory.server.core.api.interceptor.Interceptor
    public void rename(RenameOperationContext renameOperationContext) throws LdapException {
        Entry clonedEntry = ((ClonedServerEntry) renameOperationContext.getEntry()).getClonedEntry();
        clonedEntry.put(SchemaConstants.MODIFIERS_NAME_AT, getPrincipal(renameOperationContext).getName());
        clonedEntry.put(SchemaConstants.MODIFY_TIMESTAMP_AT, DateUtils.getGeneralizedTime(this.directoryService.getTimeProvider()));
        Entry m546clone = renameOperationContext.getOriginalEntry().m546clone();
        m546clone.put(SchemaConstants.MODIFIERS_NAME_AT, getPrincipal(renameOperationContext).getName());
        m546clone.put(SchemaConstants.MODIFY_TIMESTAMP_AT, DateUtils.getGeneralizedTime(this.directoryService.getTimeProvider()));
        m546clone.put(new DefaultAttribute(this.directoryService.getAtProvider().getEntryCSN(), this.directoryService.getCSN().toString()));
        renameOperationContext.setModifiedEntry(m546clone);
        next(renameOperationContext);
    }

    @Override // org.apache.directory.server.core.api.interceptor.BaseInterceptor, org.apache.directory.server.core.api.interceptor.Interceptor
    public EntryFilteringCursor search(SearchOperationContext searchOperationContext) throws LdapException {
        EntryFilteringCursor next = next(searchOperationContext);
        if (!searchOperationContext.isAllOperationalAttributes() && (searchOperationContext.getReturningAttributes() == null || searchOperationContext.getReturningAttributes().isEmpty())) {
            return next;
        }
        if (this.directoryService.isDenormalizeOpAttrsEnabled()) {
            next.addEntryFilter(this.denormalizingSearchFilter);
        }
        next.addEntryFilter(this.operationalAttributeSearchFilter);
        next.addEntryFilter(this.subordinatesSearchFilter);
        return next;
    }

    @Override // org.apache.directory.server.core.api.interceptor.BaseInterceptor, org.apache.directory.server.core.api.interceptor.Interceptor
    public void delete(DeleteOperationContext deleteOperationContext) throws LdapException {
        deleteOperationContext.getEntry().put(new DefaultAttribute(this.directoryService.getAtProvider().getEntryCSN(), this.directoryService.getCSN().toString()));
        next(deleteOperationContext);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void denormalizeEntryOpAttrs(Entry entry) throws LdapException {
        if (this.directoryService.isDenormalizeOpAttrsEnabled()) {
            Attribute attribute = entry.get(SchemaConstants.CREATORS_NAME_AT);
            if (attribute != null) {
                Dn create = this.dnFactory.create(attribute.getString());
                attribute.clear();
                attribute.add(denormalizeTypes(create).getName());
            }
            Attribute attribute2 = entry.get(SchemaConstants.MODIFIERS_NAME_AT);
            if (attribute2 != null) {
                Dn create2 = this.dnFactory.create(attribute2.getString());
                attribute2.clear();
                attribute2.add(denormalizeTypes(create2).getName());
            }
            Attribute attribute3 = entry.get(ApacheSchemaConstants.SCHEMA_MODIFIERS_NAME_AT);
            if (attribute3 != null) {
                Dn create3 = this.dnFactory.create(attribute3.getString());
                attribute3.clear();
                attribute3.add(denormalizeTypes(create3).getName());
            }
        }
    }

    private Dn denormalizeTypes(Dn dn) throws LdapException {
        Dn add;
        Dn dn2 = new Dn(this.schemaManager);
        int size = dn.size();
        for (int i = 0; i < size; i++) {
            Rdn rdn = dn.getRdn((size - 1) - i);
            if (rdn.size() == 0) {
                add = dn2.add(new Rdn());
            } else if (rdn.size() == 1) {
                add = dn2.add(new Rdn(this.schemaManager.lookupAttributeTypeRegistry(rdn.getNormType()).getName(), rdn.getValue()));
            } else {
                StringBuilder sb = new StringBuilder();
                Iterator<Ava> it = rdn.iterator();
                while (it.hasNext()) {
                    sb.append(this.schemaManager.lookupAttributeTypeRegistry(rdn.getNormType()).getName()).append('=').append(it.next().getValue().getString());
                    if (it.hasNext()) {
                        sb.append('+');
                    }
                }
                add = dn2.add(new Rdn(sb.toString()));
            }
            dn2 = add;
        }
        return dn2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void processSubordinates(OperationContext operationContext, Set<AttributeTypeOptions> set, boolean z, Entry entry) throws LdapException {
        if (Dn.isNullOrEmpty(entry.getDn())) {
            return;
        }
        AttributeType nbChildren = this.directoryService.getAtProvider().getNbChildren();
        AttributeTypeOptions attributeTypeOptions = new AttributeTypeOptions(nbChildren);
        AttributeType nbSubordinates = this.directoryService.getAtProvider().getNbSubordinates();
        AttributeTypeOptions attributeTypeOptions2 = new AttributeTypeOptions(nbSubordinates);
        AttributeType hasSubordinates = this.directoryService.getAtProvider().getHasSubordinates();
        AttributeTypeOptions attributeTypeOptions3 = new AttributeTypeOptions(hasSubordinates);
        AttributeType structuralObjectClass = this.directoryService.getAtProvider().getStructuralObjectClass();
        AttributeTypeOptions attributeTypeOptions4 = new AttributeTypeOptions(structuralObjectClass);
        if (set != null) {
            boolean z2 = set.contains(attributeTypeOptions) || z;
            boolean z3 = set.contains(attributeTypeOptions2) || z;
            boolean z4 = set.contains(attributeTypeOptions3) || z;
            boolean z5 = set.contains(attributeTypeOptions4) || z;
            if (z2 || z3 || z4 || z5) {
                Subordinates subordinates = this.directoryService.getPartitionNexus().getPartition(entry.getDn()).getSubordinates(operationContext.getTransaction(), entry);
                long nbChildren2 = subordinates.getNbChildren();
                long nbSubordinates2 = subordinates.getNbSubordinates();
                if (z2) {
                    entry.add(new DefaultAttribute(nbChildren, Long.toString(nbChildren2)));
                }
                if (z3) {
                    entry.add(new DefaultAttribute(nbSubordinates, Long.toString(nbSubordinates2)));
                }
                if (z4) {
                    if (nbSubordinates2 > 0) {
                        entry.add(new DefaultAttribute(hasSubordinates, "TRUE"));
                    } else {
                        entry.add(new DefaultAttribute(hasSubordinates, "FALSE"));
                    }
                }
                if (z5) {
                    Attribute attribute = entry.get(SchemaConstants.OBJECT_CLASS_AT);
                    HashMap hashMap = new HashMap();
                    ObjectClass[] objectClassArr = new ObjectClass[attribute.size()];
                    int i = 0;
                    Iterator<Value> it = attribute.iterator();
                    while (it.hasNext()) {
                        ObjectClass objectClass = this.schemaManager.getObjectClassRegistry().get(it.next().getNormalized());
                        if (objectClass.isStructural()) {
                            int i2 = i;
                            i++;
                            objectClassArr[i2] = objectClass;
                            hashMap.put(objectClass.getSuperiors().get(0).getOid(), objectClass);
                        }
                    }
                    if (i == 1) {
                        entry.add(new DefaultAttribute(structuralObjectClass, objectClassArr[0].getName()));
                        return;
                    }
                    ObjectClass objectClass2 = objectClassArr[0];
                    for (ObjectClass objectClass3 : objectClassArr) {
                        if (!hashMap.containsKey(objectClass3.getOid())) {
                            entry.add(new DefaultAttribute(structuralObjectClass, objectClass3.getName()));
                            return;
                        }
                    }
                }
            }
        }
    }
}
