package org.apache.directory.server.core.authz.support;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import javax.naming.Name;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import org.apache.directory.server.core.event.ExpressionEvaluator;
import org.apache.directory.server.core.partition.DirectoryPartitionNexusProxy;
import org.apache.directory.server.core.schema.AttributeTypeRegistry;
import org.apache.directory.server.core.schema.OidRegistry;
import org.apache.directory.server.core.subtree.RefinementEvaluator;
import org.apache.directory.server.core.subtree.RefinementLeafEvaluator;
import org.apache.directory.server.core.subtree.SubtreeEvaluator;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;

/* loaded from: input_file:org/apache/directory/server/core/authz/support/ACDFEngine.class */
public class ACDFEngine {
    private final ACITupleFilter[] filters;
    public static final Collection USER_LOOKUP_BYPASS;

    public ACDFEngine(OidRegistry oidRegistry, AttributeTypeRegistry attributeTypeRegistry) throws NamingException {
        this.filters = new ACITupleFilter[]{new RelatedUserClassFilter(new SubtreeEvaluator(oidRegistry)), new RelatedProtectedItemFilter(new RefinementEvaluator(new RefinementLeafEvaluator(oidRegistry)), new ExpressionEvaluator(oidRegistry, attributeTypeRegistry)), new MaxValueCountFilter(), new MaxImmSubFilter(), new RestrictedByFilter(), new MicroOperationFilter(), new HighestPrecedenceFilter(), new MostSpecificUserClassFilter(), new MostSpecificProtectedItemFilter()};
    }

    public void checkPermission(DirectoryPartitionNexusProxy directoryPartitionNexusProxy, Collection collection, Name name, AuthenticationLevel authenticationLevel, Name name2, String str, Object obj, Collection collection2, Collection collection3, Attributes attributes) throws NamingException {
        if (!hasPermission(directoryPartitionNexusProxy, collection, name, authenticationLevel, name2, str, obj, collection2, collection3, attributes)) {
            throw new LdapNoPermissionException();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v28, types: [java.util.Collection] */
    public boolean hasPermission(DirectoryPartitionNexusProxy directoryPartitionNexusProxy, Collection collection, Name name, AuthenticationLevel authenticationLevel, Name name2, String str, Object obj, Collection collection2, Collection collection3, Attributes attributes) throws NamingException {
        if (name2 == null) {
            throw new NullPointerException("entryName");
        }
        Attributes lookup = directoryPartitionNexusProxy.lookup(name, USER_LOOKUP_BYPASS);
        OperationScope operationScope = str == null ? OperationScope.ENTRY : obj == null ? OperationScope.ATTRIBUTE_TYPE : OperationScope.ATTRIBUTE_TYPE_AND_VALUE;
        ArrayList arrayList = new ArrayList(collection3);
        for (int i = 0; i < this.filters.length; i++) {
            arrayList = this.filters[i].filter(arrayList, operationScope, directoryPartitionNexusProxy, collection, name, lookup, authenticationLevel, name2, str, obj, attributes, collection2);
        }
        if (arrayList.size() == 0) {
            return false;
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            if (!((ACITuple) it.next()).isGrant()) {
                return false;
            }
        }
        return true;
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add("normalizationService");
        hashSet.add("authenticationService");
        hashSet.add("authorizationService");
        hashSet.add("defaultAuthorizationService");
        hashSet.add("schemaService");
        hashSet.add("subentryService");
        hashSet.add("operationalAttributeService");
        hashSet.add("eventService");
        USER_LOOKUP_BYPASS = Collections.unmodifiableCollection(hashSet);
    }
}
