package org.apache.directory.server.core.authz.support;

import java.util.Collection;
import java.util.Iterator;
import org.apache.directory.api.ldap.aci.ACITuple;
import org.apache.directory.api.ldap.aci.ProtectedItem;
import org.apache.directory.api.ldap.aci.protectedItem.AllAttributeValuesItem;
import org.apache.directory.api.ldap.aci.protectedItem.AttributeTypeItem;
import org.apache.directory.api.ldap.aci.protectedItem.AttributeValueItem;
import org.apache.directory.api.ldap.aci.protectedItem.ClassesItem;
import org.apache.directory.api.ldap.aci.protectedItem.MaxImmSubItem;
import org.apache.directory.api.ldap.aci.protectedItem.MaxValueCountElem;
import org.apache.directory.api.ldap.aci.protectedItem.MaxValueCountItem;
import org.apache.directory.api.ldap.aci.protectedItem.RangeOfValuesItem;
import org.apache.directory.api.ldap.aci.protectedItem.RestrictedByElem;
import org.apache.directory.api.ldap.aci.protectedItem.RestrictedByItem;
import org.apache.directory.api.ldap.aci.protectedItem.SelfValueItem;
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.schema.AttributeType;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.apache.directory.server.core.api.event.Evaluator;
import org.apache.directory.server.core.api.subtree.RefinementEvaluator;
import org.apache.directory.server.i18n.I18n;

/* loaded from: input_file:org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.class */
public class RelatedProtectedItemFilter implements ACITupleFilter {
    private final RefinementEvaluator refinementEvaluator;
    private final Evaluator entryEvaluator;
    private final SchemaManager schemaManager;

    public RelatedProtectedItemFilter(RefinementEvaluator refinementEvaluator, Evaluator evaluator, SchemaManager schemaManager) {
        this.refinementEvaluator = refinementEvaluator;
        this.entryEvaluator = evaluator;
        this.schemaManager = schemaManager;
    }

    @Override // org.apache.directory.server.core.authz.support.ACITupleFilter
    public Collection<ACITuple> filter(AciContext aciContext, OperationScope operationScope, Entry entry) throws LdapException {
        if (aciContext.getAciTuples().size() == 0) {
            return aciContext.getAciTuples();
        }
        Iterator<ACITuple> it = aciContext.getAciTuples().iterator();
        while (it.hasNext()) {
            if (!isRelated(it.next(), operationScope, aciContext.getUserDn(), aciContext.getEntryDn(), aciContext.getAttributeType(), aciContext.getAttrValue(), aciContext.getEntry())) {
                it.remove();
            }
        }
        return aciContext.getAciTuples();
    }

    private boolean isRelated(ACITuple aCITuple, OperationScope operationScope, Dn dn, Dn dn2, AttributeType attributeType, Value<?> value, Entry entry) throws LdapException, InternalError {
        String oid;
        Attribute attribute;
        String oid2 = attributeType != null ? attributeType.getOid() : null;
        for (SelfValueItem selfValueItem : aCITuple.getProtectedItems()) {
            if (selfValueItem == ProtectedItem.ENTRY) {
                if (operationScope == OperationScope.ENTRY) {
                    return true;
                }
            } else if (selfValueItem == ProtectedItem.ALL_USER_ATTRIBUTE_TYPES) {
                if (operationScope == OperationScope.ATTRIBUTE_TYPE || operationScope == OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    return true;
                }
            } else if (selfValueItem == ProtectedItem.ALL_USER_ATTRIBUTE_TYPES_AND_VALUES) {
                if (operationScope == OperationScope.ATTRIBUTE_TYPE || operationScope == OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    return true;
                }
            } else if (selfValueItem instanceof AllAttributeValuesItem) {
                if (operationScope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    continue;
                } else {
                    Iterator it = ((AllAttributeValuesItem) selfValueItem).iterator();
                    while (it.hasNext()) {
                        if (oid2.equals(((AttributeType) it.next()).getOid())) {
                            return true;
                        }
                    }
                }
            } else if (selfValueItem instanceof AttributeTypeItem) {
                if (operationScope != OperationScope.ATTRIBUTE_TYPE) {
                    continue;
                } else {
                    Iterator it2 = ((AttributeTypeItem) selfValueItem).iterator();
                    while (it2.hasNext()) {
                        if (oid2.equals(((AttributeType) it2.next()).getOid())) {
                            return true;
                        }
                    }
                }
            } else if (selfValueItem instanceof AttributeValueItem) {
                if (operationScope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    continue;
                } else {
                    Iterator it3 = ((AttributeValueItem) selfValueItem).iterator();
                    while (it3.hasNext()) {
                        Attribute attribute2 = (Attribute) it3.next();
                        if (attribute2.getAttributeType() != null) {
                            oid = attribute2.getAttributeType().getOid();
                        } else {
                            AttributeType lookupAttributeTypeRegistry = this.schemaManager.lookupAttributeTypeRegistry(attribute2.getId());
                            oid = lookupAttributeTypeRegistry.getOid();
                            attribute2.apply(lookupAttributeTypeRegistry);
                        }
                        if (oid2.equals(oid) && attribute2.contains(new Value[]{value})) {
                            return true;
                        }
                    }
                }
            } else if (selfValueItem instanceof ClassesItem) {
                if (this.refinementEvaluator.evaluate(((ClassesItem) selfValueItem).getClasses(), entry.get("objectClass"))) {
                    return true;
                }
            } else {
                if (selfValueItem instanceof MaxImmSubItem) {
                    return true;
                }
                if (selfValueItem instanceof MaxValueCountItem) {
                    if (operationScope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                        continue;
                    } else {
                        Iterator it4 = ((MaxValueCountItem) selfValueItem).iterator();
                        while (it4.hasNext()) {
                            if (oid2.equals(((MaxValueCountElem) it4.next()).getAttributeType().getOid())) {
                                return true;
                            }
                        }
                    }
                } else if (selfValueItem instanceof RangeOfValuesItem) {
                    if (this.entryEvaluator.evaluate(((RangeOfValuesItem) selfValueItem).getRefinement(), dn2, entry)) {
                        return true;
                    }
                } else if (!(selfValueItem instanceof RestrictedByItem)) {
                    if (!(selfValueItem instanceof SelfValueItem)) {
                        throw new InternalError(I18n.err(I18n.ERR_232, new Object[]{selfValueItem.getClass().getName()}));
                    }
                    if (operationScope == OperationScope.ATTRIBUTE_TYPE_AND_VALUE || operationScope == OperationScope.ATTRIBUTE_TYPE) {
                        Iterator it5 = selfValueItem.iterator();
                        while (it5.hasNext()) {
                            if (oid2.equals(((AttributeType) it5.next()).getOid()) && (attribute = entry.get(oid2)) != null && (attribute.contains(new String[]{dn.getNormName()}) || attribute.contains(new String[]{dn.getName()}))) {
                                return true;
                            }
                        }
                    }
                } else if (operationScope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    continue;
                } else {
                    Iterator it6 = ((RestrictedByItem) selfValueItem).iterator();
                    while (it6.hasNext()) {
                        if (oid2.equals(((RestrictedByElem) it6.next()).getAttributeType().getOid())) {
                            return true;
                        }
                    }
                }
            }
        }
        return false;
    }
}
