package org.apache.directory.server.core.subtree;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.directory.server.core.DirectoryServiceConfiguration;
import org.apache.directory.server.core.configuration.InterceptorConfiguration;
import org.apache.directory.server.core.enumeration.SearchResultFilter;
import org.apache.directory.server.core.enumeration.SearchResultFilteringEnumeration;
import org.apache.directory.server.core.interceptor.BaseInterceptor;
import org.apache.directory.server.core.interceptor.NextInterceptor;
import org.apache.directory.server.core.invocation.Invocation;
import org.apache.directory.server.core.invocation.InvocationStack;
import org.apache.directory.server.core.jndi.JavaLdapSupport;
import org.apache.directory.server.core.partition.DirectoryPartitionNexus;
import org.apache.directory.server.core.partition.DirectoryPartitionNexusProxy;
import org.apache.directory.server.core.schema.ConcreteNameComponentNormalizer;
import org.apache.directory.shared.ldap.exception.LdapInvalidAttributeValueException;
import org.apache.directory.shared.ldap.exception.LdapNoSuchAttributeException;
import org.apache.directory.shared.ldap.exception.LdapSchemaViolationException;
import org.apache.directory.shared.ldap.filter.ExprNode;
import org.apache.directory.shared.ldap.filter.PresenceNode;
import org.apache.directory.shared.ldap.filter.SimpleNode;
import org.apache.directory.shared.ldap.message.LockableAttributeImpl;
import org.apache.directory.shared.ldap.message.LockableAttributesImpl;
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.message.SubentriesControl;
import org.apache.directory.shared.ldap.name.DnParser;
import org.apache.directory.shared.ldap.name.LdapName;
import org.apache.directory.shared.ldap.subtree.SubtreeSpecification;
import org.apache.directory.shared.ldap.subtree.SubtreeSpecificationParser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/core/subtree/SubentryService.class */
public class SubentryService extends BaseInterceptor {
    private static final String SUBENTRY_CONTROL = "1.3.6.1.4.1.4203.1.10.1";
    private static final String SUBENTRY_OBJECTCLASS = "subentry";
    private static final String SUBENTRY_OBJECTCLASS_OID = "2.5.17.0";
    public static final String AUTONOUMOUS_AREA = "autonomousArea";
    public static final String AC_AREA = "accessControlSpecificArea";
    public static final String AC_INNERAREA = "accessControlInnerArea";
    public static final String SCHEMA_AREA = "subschemaAdminSpecificArea";
    public static final String COLLECTIVE_AREA = "collectiveAttributeSpecificArea";
    public static final String COLLECTIVE_INNERAREA = "collectiveAttributeInnerArea";
    private static final Logger log;
    private final Map subtrees = new HashMap();
    private DirectoryServiceConfiguration factoryCfg;
    private DnParser dnParser;
    private SubtreeSpecificationParser ssParser;
    private SubtreeEvaluator evaluator;
    private DirectoryPartitionNexus nexus;
    static Class class$org$apache$directory$server$core$subtree$SubentryService;
    public static final String AUTONOUMOUS_AREA_SUBENTRY = "autonomousAreaSubentry";
    public static final String AC_SUBENTRY = "accessControlSubentries";
    public static final String SCHEMA_AREA_SUBENTRY = "subschemaSubentry";
    public static final String COLLECTIVE_ATTRIBUTE_SUBENTRIES = "collectiveAttributeSubentries";
    public static final String[] SUBENTRY_OPATTRS = {AUTONOUMOUS_AREA_SUBENTRY, AC_SUBENTRY, SCHEMA_AREA_SUBENTRY, COLLECTIVE_ATTRIBUTE_SUBENTRIES};

    /* loaded from: input_file:org/apache/directory/server/core/subtree/SubentryService$HideEntriesFilter.class */
    public class HideEntriesFilter implements SearchResultFilter {
        private final SubentryService this$0;

        public HideEntriesFilter(SubentryService subentryService) {
            this.this$0 = subentryService;
        }

        @Override // org.apache.directory.server.core.enumeration.SearchResultFilter
        public boolean accept(Invocation invocation, SearchResult searchResult, SearchControls searchControls) throws NamingException {
            String name = searchResult.getName();
            if (this.this$0.subtrees.containsKey(name)) {
                return true;
            }
            Attribute attribute = searchResult.getAttributes().get(JavaLdapSupport.OBJECTCLASS_ATTR);
            if (attribute == null) {
                if (!searchResult.isRelative()) {
                    return this.this$0.subtrees.containsKey(this.this$0.dnParser.parse(name).toString());
                }
                Name parse = this.this$0.dnParser.parse(invocation.getCaller().getNameInNamespace());
                parse.addAll(this.this$0.dnParser.parse(searchResult.getName()));
                return this.this$0.subtrees.containsKey(parse.toString());
            }
            if (attribute.contains(SubentryService.SUBENTRY_OBJECTCLASS) || attribute.contains(SubentryService.SUBENTRY_OBJECTCLASS_OID)) {
                return true;
            }
            for (int i = 0; i < attribute.size(); i++) {
                if (((String) attribute.get(i)).equalsIgnoreCase(SubentryService.SUBENTRY_OBJECTCLASS)) {
                    return true;
                }
            }
            return false;
        }
    }

    /* loaded from: input_file:org/apache/directory/server/core/subtree/SubentryService$HideSubentriesFilter.class */
    public class HideSubentriesFilter implements SearchResultFilter {
        private final SubentryService this$0;

        public HideSubentriesFilter(SubentryService subentryService) {
            this.this$0 = subentryService;
        }

        @Override // org.apache.directory.server.core.enumeration.SearchResultFilter
        public boolean accept(Invocation invocation, SearchResult searchResult, SearchControls searchControls) throws NamingException {
            String name = searchResult.getName();
            if (this.this$0.subtrees.containsKey(name)) {
                return false;
            }
            Attribute attribute = searchResult.getAttributes().get(JavaLdapSupport.OBJECTCLASS_ATTR);
            if (attribute == null) {
                if (!searchResult.isRelative()) {
                    return !this.this$0.subtrees.containsKey(this.this$0.dnParser.parse(name).toString());
                }
                Name parse = this.this$0.dnParser.parse(invocation.getCaller().getNameInNamespace());
                parse.addAll(this.this$0.dnParser.parse(searchResult.getName()));
                return !this.this$0.subtrees.containsKey(parse.toString());
            }
            if (attribute.contains(SubentryService.SUBENTRY_OBJECTCLASS) || attribute.contains(SubentryService.SUBENTRY_OBJECTCLASS_OID)) {
                return false;
            }
            for (int i = 0; i < attribute.size(); i++) {
                if (((String) attribute.get(i)).equalsIgnoreCase(SubentryService.SUBENTRY_OBJECTCLASS)) {
                    return false;
                }
            }
            return true;
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void init(DirectoryServiceConfiguration directoryServiceConfiguration, InterceptorConfiguration interceptorConfiguration) throws NamingException {
        super.init(directoryServiceConfiguration, interceptorConfiguration);
        this.nexus = directoryServiceConfiguration.getPartitionNexus();
        this.factoryCfg = directoryServiceConfiguration;
        ConcreteNameComponentNormalizer concreteNameComponentNormalizer = new ConcreteNameComponentNormalizer(directoryServiceConfiguration.getGlobalRegistries().getAttributeTypeRegistry());
        this.ssParser = new SubtreeSpecificationParser(concreteNameComponentNormalizer);
        this.dnParser = new DnParser(concreteNameComponentNormalizer);
        this.evaluator = new SubtreeEvaluator(directoryServiceConfiguration.getGlobalRegistries().getOidRegistry());
        Iterator listSuffixes = this.nexus.listSuffixes(true);
        ExprNode simpleNode = new SimpleNode("objectclass", SUBENTRY_OBJECTCLASS, 0);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"subtreeSpecification"});
        while (listSuffixes.hasNext()) {
            NamingEnumeration search = this.nexus.search(this.dnParser.parse((String) listSuffixes.next()), directoryServiceConfiguration.getEnvironment(), simpleNode, searchControls);
            while (search.hasMore()) {
                SearchResult searchResult = (SearchResult) search.next();
                Attributes attributes = searchResult.getAttributes();
                String name = searchResult.getName();
                try {
                    this.subtrees.put(this.dnParser.parse(name).toString(), this.ssParser.parse((String) attributes.get("subtreeSpecification").get()));
                } catch (Exception e) {
                    log.warn(new StringBuffer().append("Failed while parsing subtreeSpecification for ").append(name).toString());
                }
            }
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public NamingEnumeration list(NextInterceptor nextInterceptor, Name name) throws NamingException {
        NamingEnumeration list = nextInterceptor.list(name);
        Invocation peek = InvocationStack.getInstance().peek();
        return !isSubentryVisible(peek) ? new SearchResultFilteringEnumeration(list, new SearchControls(), peek, new HideSubentriesFilter(this)) : list;
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public NamingEnumeration search(NextInterceptor nextInterceptor, Name name, Map map, ExprNode exprNode, SearchControls searchControls) throws NamingException {
        NamingEnumeration search = nextInterceptor.search(name, map, exprNode, searchControls);
        Invocation peek = InvocationStack.getInstance().peek();
        return searchControls.getSearchScope() == 0 ? search : !isSubentryVisible(peek) ? new SearchResultFilteringEnumeration(search, searchControls, peek, new HideSubentriesFilter(this)) : new SearchResultFilteringEnumeration(search, searchControls, peek, new HideEntriesFilter(this));
    }

    private boolean isSubentryVisible(Invocation invocation) throws NamingException {
        SubentriesControl[] requestControls = invocation.getCaller().getRequestControls();
        if (requestControls == null || requestControls.length <= 0) {
            return false;
        }
        for (int i = 0; i < requestControls.length; i++) {
            if (requestControls[i].getID().equals(SUBENTRY_CONTROL)) {
                return requestControls[i].isVisible();
            }
        }
        return false;
    }

    public Attributes getSubentryAttributes(Name name, Attributes attributes) throws NamingException {
        Attribute attribute;
        LockableAttributesImpl lockableAttributesImpl = new LockableAttributesImpl();
        Attribute attribute2 = attributes.get(JavaLdapSupport.OBJECTCLASS_ATTR);
        for (String str : this.subtrees.keySet()) {
            LdapName ldapName = new LdapName(str);
            Name name2 = (Name) ldapName.clone();
            name2.remove(name2.size() - 1);
            if (this.evaluator.evaluate((SubtreeSpecification) this.subtrees.get(ldapName), name2, name, attribute2)) {
                NamingEnumeration all = this.nexus.lookup(name2).get("administrativeRole").getAll();
                while (all.hasMore()) {
                    String str2 = (String) all.next();
                    if (str2.equalsIgnoreCase(AUTONOUMOUS_AREA)) {
                        attribute = lockableAttributesImpl.get(AUTONOUMOUS_AREA_SUBENTRY);
                        if (attribute == null) {
                            attribute = new LockableAttributeImpl(AUTONOUMOUS_AREA_SUBENTRY);
                            lockableAttributesImpl.put(attribute);
                        }
                    } else if (str2.equalsIgnoreCase(AC_AREA) || str2.equalsIgnoreCase(AC_INNERAREA)) {
                        attribute = lockableAttributesImpl.get(AC_SUBENTRY);
                        if (attribute == null) {
                            attribute = new LockableAttributeImpl(AC_SUBENTRY);
                            lockableAttributesImpl.put(attribute);
                        }
                    } else if (str2.equalsIgnoreCase(SCHEMA_AREA)) {
                        attribute = lockableAttributesImpl.get(SCHEMA_AREA_SUBENTRY);
                        if (attribute == null) {
                            attribute = new LockableAttributeImpl(SCHEMA_AREA_SUBENTRY);
                            lockableAttributesImpl.put(attribute);
                        }
                    } else {
                        if (!str2.equalsIgnoreCase(COLLECTIVE_AREA) && !str2.equalsIgnoreCase(COLLECTIVE_INNERAREA)) {
                            throw new LdapInvalidAttributeValueException(new StringBuffer().append("Encountered invalid administrativeRole '").append(str2).append("' in administrative point of subentry ").append(str).append(". The values of this attribute").append(" are constrained to autonomousArea, accessControlSpecificArea, accessControlInnerArea,").append(" subschemaAdminSpecificArea, collectiveAttributeSpecificArea, and").append(" collectiveAttributeInnerArea.").toString(), ResultCodeEnum.CONSTRAINTVIOLATION);
                        }
                        attribute = lockableAttributesImpl.get(COLLECTIVE_ATTRIBUTE_SUBENTRIES);
                        if (attribute == null) {
                            attribute = new LockableAttributeImpl(COLLECTIVE_ATTRIBUTE_SUBENTRIES);
                            lockableAttributesImpl.put(attribute);
                        }
                    }
                    attribute.add(ldapName.toString());
                }
            }
        }
        return lockableAttributesImpl;
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void add(NextInterceptor nextInterceptor, String str, Name name, Attributes attributes) throws NamingException {
        Attribute attribute;
        Attribute attribute2 = attributes.get(JavaLdapSupport.OBJECTCLASS_ATTR);
        if (attribute2.contains(SUBENTRY_OBJECTCLASS)) {
            Name name2 = (Name) name.clone();
            name2.remove(name.size() - 1);
            Attribute attribute3 = this.nexus.lookup(name2).get("administrativeRole");
            if (attribute3 == null || attribute3.size() <= 0) {
                throw new LdapNoSuchAttributeException(new StringBuffer().append("Administration point ").append(name2).append(" does not contain an administrativeRole attribute! An").append(" administrativeRole attribute in the administrative point is").append(" required to add a subordinate subentry.").toString());
            }
            Attributes subentryOperatationalAttributes = getSubentryOperatationalAttributes(name, attribute3);
            try {
                SubtreeSpecification parse = this.ssParser.parse((String) attributes.get("subtreeSpecification").get());
                this.subtrees.put(name.toString(), parse);
                nextInterceptor.add(str, name, attributes);
                Name name3 = (Name) name2.clone();
                name3.addAll(parse.getBase());
                ExprNode presenceNode = new PresenceNode("objectclass");
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                searchControls.setReturningAttributes(new String[]{"+", DirectoryPartitionNexusProxy.BYPASS_ALL});
                NamingEnumeration search = this.nexus.search(name3, this.factoryCfg.getEnvironment(), presenceNode, searchControls);
                while (search.hasMore()) {
                    SearchResult searchResult = (SearchResult) search.next();
                    Attributes attributes2 = searchResult.getAttributes();
                    Name parse2 = this.dnParser.parse(searchResult.getName());
                    if (this.evaluator.evaluate(parse, name2, parse2, attributes2.get(JavaLdapSupport.OBJECTCLASS_ATTR))) {
                        this.nexus.modify(parse2, getOperationalModsForAdd(attributes2, subentryOperatationalAttributes));
                    }
                }
                return;
            } catch (Exception e) {
                String stringBuffer = new StringBuffer().append("Failed while parsing subtreeSpecification for ").append(str).toString();
                log.warn(stringBuffer);
                throw new LdapInvalidAttributeValueException(stringBuffer, ResultCodeEnum.INVALIDATTRIBUTESYNTAX);
            }
        }
        for (String str2 : this.subtrees.keySet()) {
            LdapName ldapName = new LdapName(str2);
            Name name4 = (Name) ldapName.clone();
            name4.remove(name4.size() - 1);
            if (this.evaluator.evaluate((SubtreeSpecification) this.subtrees.get(ldapName), name4, name, attribute2)) {
                NamingEnumeration all = this.nexus.lookup(name4).get("administrativeRole").getAll();
                while (all.hasMore()) {
                    String str3 = (String) all.next();
                    if (str3.equalsIgnoreCase(AUTONOUMOUS_AREA)) {
                        attribute = attributes.get(AUTONOUMOUS_AREA_SUBENTRY);
                        if (attribute == null) {
                            attribute = new LockableAttributeImpl(AUTONOUMOUS_AREA_SUBENTRY);
                            attributes.put(attribute);
                        }
                    } else if (str3.equalsIgnoreCase(AC_AREA) || str3.equalsIgnoreCase(AC_INNERAREA)) {
                        attribute = attributes.get(AC_SUBENTRY);
                        if (attribute == null) {
                            attribute = new LockableAttributeImpl(AC_SUBENTRY);
                            attributes.put(attribute);
                        }
                    } else if (str3.equalsIgnoreCase(SCHEMA_AREA)) {
                        attribute = attributes.get(SCHEMA_AREA_SUBENTRY);
                        if (attribute == null) {
                            attribute = new LockableAttributeImpl(SCHEMA_AREA_SUBENTRY);
                            attributes.put(attribute);
                        }
                    } else {
                        if (!str3.equalsIgnoreCase(COLLECTIVE_AREA) && !str3.equalsIgnoreCase(COLLECTIVE_INNERAREA)) {
                            throw new LdapInvalidAttributeValueException(new StringBuffer().append("Encountered invalid administrativeRole '").append(str3).append("' in administrative point of subentry ").append(str2).append(". The values of this attribute").append(" are constrained to autonomousArea, accessControlSpecificArea, accessControlInnerArea,").append(" subschemaAdminSpecificArea, collectiveAttributeSpecificArea, and").append(" collectiveAttributeInnerArea.").toString(), ResultCodeEnum.CONSTRAINTVIOLATION);
                        }
                        attribute = attributes.get(COLLECTIVE_ATTRIBUTE_SUBENTRIES);
                        if (attribute == null) {
                            attribute = new LockableAttributeImpl(COLLECTIVE_ATTRIBUTE_SUBENTRIES);
                            attributes.put(attribute);
                        }
                    }
                    attribute.add(ldapName.toString());
                }
            }
        }
        nextInterceptor.add(str, name, attributes);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void delete(NextInterceptor nextInterceptor, Name name) throws NamingException {
        if (!this.nexus.lookup(name).get(JavaLdapSupport.OBJECTCLASS_ATTR).contains(SUBENTRY_OBJECTCLASS)) {
            nextInterceptor.delete(name);
            return;
        }
        SubtreeSpecification subtreeSpecification = (SubtreeSpecification) this.subtrees.get(name.toString());
        this.subtrees.remove(subtreeSpecification);
        nextInterceptor.delete(name);
        Name name2 = (Name) name.clone();
        name2.remove(name.size() - 1);
        Name name3 = (Name) name2.clone();
        name3.addAll(subtreeSpecification.getBase());
        ExprNode presenceNode = new PresenceNode("objectclass");
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"+", DirectoryPartitionNexusProxy.BYPASS_ALL});
        NamingEnumeration search = this.nexus.search(name3, this.factoryCfg.getEnvironment(), presenceNode, searchControls);
        while (search.hasMore()) {
            SearchResult searchResult = (SearchResult) search.next();
            Attributes attributes = searchResult.getAttributes();
            Name parse = this.dnParser.parse(searchResult.getName());
            if (this.evaluator.evaluate(subtreeSpecification, name2, parse, attributes.get(JavaLdapSupport.OBJECTCLASS_ATTR))) {
                this.nexus.modify(parse, getOperationalModsForRemove(name, attributes));
            }
        }
    }

    private boolean hasAdministrativeDescendant(Name name) throws NamingException {
        ExprNode presenceNode = new PresenceNode("administrativeRole");
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search = this.nexus.search(name, this.factoryCfg.getEnvironment(), presenceNode, searchControls);
        if (!search.hasMore()) {
            return false;
        }
        search.close();
        return true;
    }

    private ModificationItem[] getModsOnEntryRdnChange(Name name, Name name2, Attributes attributes) throws NamingException {
        Attribute attribute = attributes.get(JavaLdapSupport.OBJECTCLASS_ATTR);
        ArrayList arrayList = new ArrayList();
        for (String str : this.subtrees.keySet()) {
            Name ldapName = new LdapName(str);
            ldapName.remove(ldapName.size() - 1);
            SubtreeSpecification subtreeSpecification = (SubtreeSpecification) this.subtrees.get(str);
            boolean evaluate = this.evaluator.evaluate(subtreeSpecification, ldapName, name, attribute);
            boolean evaluate2 = this.evaluator.evaluate(subtreeSpecification, ldapName, name2, attribute);
            if (evaluate != evaluate2) {
                if (evaluate && !evaluate2) {
                    for (int i = 0; i < SUBENTRY_OPATTRS.length; i++) {
                        Attribute attribute2 = attributes.get(SUBENTRY_OPATTRS[i]);
                        if (attribute2 != null) {
                            Attribute attribute3 = (Attribute) attribute2.clone();
                            attribute3.remove(str);
                            arrayList.add(new ModificationItem(attribute3.size() < 1 ? 3 : 2, attribute3));
                        }
                    }
                } else if (evaluate2 && !evaluate) {
                    for (int i2 = 0; i2 < SUBENTRY_OPATTRS.length; i2++) {
                        LockableAttributeImpl lockableAttributeImpl = new LockableAttributeImpl(SUBENTRY_OPATTRS[i2]);
                        lockableAttributeImpl.add(str);
                        arrayList.add(new ModificationItem(1, lockableAttributeImpl));
                    }
                }
            }
        }
        return (ModificationItem[]) arrayList.toArray(new ModificationItem[arrayList.size()]);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void modifyRn(NextInterceptor nextInterceptor, Name name, String str, boolean z) throws NamingException {
        Attributes lookup = this.nexus.lookup(name);
        if (!lookup.get(JavaLdapSupport.OBJECTCLASS_ATTR).contains(SUBENTRY_OBJECTCLASS)) {
            if (hasAdministrativeDescendant(name)) {
                log.warn("Will not allow rename operation on entries with administrative descendants.");
                throw new LdapSchemaViolationException("Will not allow rename operation on entries with administrative descendants.", ResultCodeEnum.NOTALLOWEDONRDN);
            }
            nextInterceptor.modifyRn(name, str, z);
            Name name2 = (Name) name.clone();
            name2.remove(name2.size() - 1);
            name2.add(str);
            ModificationItem[] modsOnEntryRdnChange = getModsOnEntryRdnChange(name, name2, lookup);
            if (modsOnEntryRdnChange.length > 0) {
                this.nexus.modify(name2, modsOnEntryRdnChange);
                return;
            }
            return;
        }
        SubtreeSpecification subtreeSpecification = (SubtreeSpecification) this.subtrees.get(name.toString());
        Name name3 = (Name) name.clone();
        name3.remove(name3.size() - 1);
        Name name4 = (Name) name3.clone();
        name4.addAll(subtreeSpecification.getBase());
        Name name5 = (Name) name.clone();
        name5.remove(name5.size() - 1);
        name5.addAll(this.dnParser.parse(str));
        this.subtrees.put(name5.toString(), subtreeSpecification);
        nextInterceptor.modifyRn(name, str, z);
        Attribute attribute = this.nexus.lookup(name3).get("administrativeRole");
        ExprNode presenceNode = new PresenceNode("objectclass");
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"+", DirectoryPartitionNexusProxy.BYPASS_ALL});
        NamingEnumeration search = this.nexus.search(name4, this.factoryCfg.getEnvironment(), presenceNode, searchControls);
        while (search.hasMore()) {
            SearchResult searchResult = (SearchResult) search.next();
            Attributes attributes = searchResult.getAttributes();
            Name parse = this.dnParser.parse(searchResult.getName());
            if (this.evaluator.evaluate(subtreeSpecification, name3, parse, attributes.get(JavaLdapSupport.OBJECTCLASS_ATTR))) {
                this.nexus.modify(parse, getOperationalModsForReplace(name, name5, attribute, attributes));
            }
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void move(NextInterceptor nextInterceptor, Name name, Name name2, String str, boolean z) throws NamingException {
        Attributes lookup = this.nexus.lookup(name);
        if (!lookup.get(JavaLdapSupport.OBJECTCLASS_ATTR).contains(SUBENTRY_OBJECTCLASS)) {
            if (hasAdministrativeDescendant(name)) {
                log.warn("Will not allow rename operation on entries with administrative descendants.");
                throw new LdapSchemaViolationException("Will not allow rename operation on entries with administrative descendants.", ResultCodeEnum.NOTALLOWEDONRDN);
            }
            nextInterceptor.move(name, name2, str, z);
            Name name3 = (Name) name2.clone();
            name3.add(str);
            ModificationItem[] modsOnEntryRdnChange = getModsOnEntryRdnChange(name, name3, lookup);
            if (modsOnEntryRdnChange.length > 0) {
                this.nexus.modify(name3, modsOnEntryRdnChange);
                return;
            }
            return;
        }
        SubtreeSpecification subtreeSpecification = (SubtreeSpecification) this.subtrees.get(name.toString());
        Name name4 = (Name) name.clone();
        name4.remove(name4.size() - 1);
        Name name5 = (Name) name4.clone();
        name5.addAll(subtreeSpecification.getBase());
        Name name6 = (Name) name2.clone();
        name6.remove(name6.size() - 1);
        name6.addAll(this.dnParser.parse(str));
        this.subtrees.put(name6.toString(), subtreeSpecification);
        nextInterceptor.move(name, name2, str, z);
        Attribute attribute = this.nexus.lookup(name4).get("administrativeRole");
        ExprNode presenceNode = new PresenceNode("objectclass");
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"+", DirectoryPartitionNexusProxy.BYPASS_ALL});
        NamingEnumeration search = this.nexus.search(name5, this.factoryCfg.getEnvironment(), presenceNode, searchControls);
        while (search.hasMore()) {
            SearchResult searchResult = (SearchResult) search.next();
            Attributes attributes = searchResult.getAttributes();
            Name parse = this.dnParser.parse(searchResult.getName());
            if (this.evaluator.evaluate(subtreeSpecification, name4, parse, attributes.get(JavaLdapSupport.OBJECTCLASS_ATTR))) {
                this.nexus.modify(parse, getOperationalModsForReplace(name, name6, attribute, attributes));
            }
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void move(NextInterceptor nextInterceptor, Name name, Name name2) throws NamingException {
        Attributes lookup = this.nexus.lookup(name);
        if (!lookup.get(JavaLdapSupport.OBJECTCLASS_ATTR).contains(SUBENTRY_OBJECTCLASS)) {
            if (hasAdministrativeDescendant(name)) {
                log.warn("Will not allow rename operation on entries with administrative descendants.");
                throw new LdapSchemaViolationException("Will not allow rename operation on entries with administrative descendants.", ResultCodeEnum.NOTALLOWEDONRDN);
            }
            nextInterceptor.move(name, name2);
            Name name3 = (Name) name2.clone();
            name3.add(name.get(name.size() - 1));
            ModificationItem[] modsOnEntryRdnChange = getModsOnEntryRdnChange(name, name3, lookup);
            if (modsOnEntryRdnChange.length > 0) {
                this.nexus.modify(name3, modsOnEntryRdnChange);
                return;
            }
            return;
        }
        SubtreeSpecification subtreeSpecification = (SubtreeSpecification) this.subtrees.get(name.toString());
        Name name4 = (Name) name.clone();
        name4.remove(name4.size() - 1);
        Name name5 = (Name) name4.clone();
        name5.addAll(subtreeSpecification.getBase());
        Name name6 = (Name) name2.clone();
        name6.remove(name6.size() - 1);
        name6.add(name2.get(name2.size() - 1));
        this.subtrees.put(name6.toString(), subtreeSpecification);
        nextInterceptor.move(name, name2);
        Attribute attribute = this.nexus.lookup(name4).get("administrativeRole");
        ExprNode presenceNode = new PresenceNode("objectclass");
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"+", DirectoryPartitionNexusProxy.BYPASS_ALL});
        NamingEnumeration search = this.nexus.search(name5, this.factoryCfg.getEnvironment(), presenceNode, searchControls);
        while (search.hasMore()) {
            SearchResult searchResult = (SearchResult) search.next();
            Attributes attributes = searchResult.getAttributes();
            Name parse = this.dnParser.parse(searchResult.getName());
            if (this.evaluator.evaluate(subtreeSpecification, name4, parse, attributes.get(JavaLdapSupport.OBJECTCLASS_ATTR))) {
                this.nexus.modify(parse, getOperationalModsForReplace(name, name6, attribute, attributes));
            }
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void modify(NextInterceptor nextInterceptor, Name name, int i, Attributes attributes) throws NamingException {
        if (!this.nexus.lookup(name).get(JavaLdapSupport.OBJECTCLASS_ATTR).contains(SUBENTRY_OBJECTCLASS) || attributes.get("subtreeSpecification") == null) {
            nextInterceptor.modify(name, i, attributes);
            return;
        }
        SubtreeSpecification subtreeSpecification = (SubtreeSpecification) this.subtrees.remove(name.toString());
        try {
            SubtreeSpecification parse = this.ssParser.parse((String) attributes.get("subtreeSpecification").get());
            this.subtrees.put(name.toString(), parse);
            nextInterceptor.modify(name, i, attributes);
            Name name2 = (Name) name.clone();
            name2.remove(name2.size() - 1);
            Name name3 = (Name) name2.clone();
            name3.addAll(subtreeSpecification.getBase());
            ExprNode presenceNode = new PresenceNode(JavaLdapSupport.OBJECTCLASS_ATTR);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[]{"+", DirectoryPartitionNexusProxy.BYPASS_ALL});
            NamingEnumeration search = this.nexus.search(name3, this.factoryCfg.getEnvironment(), presenceNode, searchControls);
            while (search.hasMore()) {
                SearchResult searchResult = (SearchResult) search.next();
                Attributes attributes2 = searchResult.getAttributes();
                Name parse2 = this.dnParser.parse(searchResult.getName());
                if (this.evaluator.evaluate(subtreeSpecification, name2, parse2, attributes2.get(JavaLdapSupport.OBJECTCLASS_ATTR))) {
                    this.nexus.modify(parse2, getOperationalModsForRemove(name, attributes2));
                }
            }
            Attributes subentryOperatationalAttributes = getSubentryOperatationalAttributes(name, this.nexus.lookup(name2).get("administrativeRole"));
            Name name4 = (Name) name2.clone();
            name4.addAll(parse.getBase());
            NamingEnumeration search2 = this.nexus.search(name4, this.factoryCfg.getEnvironment(), presenceNode, searchControls);
            while (search2.hasMore()) {
                SearchResult searchResult2 = (SearchResult) search2.next();
                Attributes attributes3 = searchResult2.getAttributes();
                Name parse3 = this.dnParser.parse(searchResult2.getName());
                if (this.evaluator.evaluate(parse, name2, parse3, attributes3.get(JavaLdapSupport.OBJECTCLASS_ATTR))) {
                    this.nexus.modify(parse3, getOperationalModsForAdd(attributes3, subentryOperatationalAttributes));
                }
            }
        } catch (Exception e) {
            log.error("failed to parse the new subtreeSpecification", e);
            throw new LdapInvalidAttributeValueException("failed to parse the new subtreeSpecification", ResultCodeEnum.INVALIDATTRIBUTESYNTAX);
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void modify(NextInterceptor nextInterceptor, Name name, ModificationItem[] modificationItemArr) throws NamingException {
        Attribute attribute = this.nexus.lookup(name).get(JavaLdapSupport.OBJECTCLASS_ATTR);
        boolean z = false;
        ModificationItem modificationItem = null;
        for (int i = 0; i < modificationItemArr.length; i++) {
            if ("subtreeSpecification".equalsIgnoreCase(modificationItemArr[i].getAttribute().getID())) {
                z = true;
                modificationItem = modificationItemArr[i];
            }
        }
        if (!attribute.contains(SUBENTRY_OBJECTCLASS) || !z) {
            nextInterceptor.modify(name, modificationItemArr);
            return;
        }
        SubtreeSpecification subtreeSpecification = (SubtreeSpecification) this.subtrees.remove(name.toString());
        try {
            SubtreeSpecification parse = this.ssParser.parse((String) modificationItem.getAttribute().get());
            this.subtrees.put(name.toString(), parse);
            nextInterceptor.modify(name, modificationItemArr);
            Name name2 = (Name) name.clone();
            name2.remove(name2.size() - 1);
            Name name3 = (Name) name2.clone();
            name3.addAll(subtreeSpecification.getBase());
            ExprNode presenceNode = new PresenceNode(JavaLdapSupport.OBJECTCLASS_ATTR);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[]{"+", DirectoryPartitionNexusProxy.BYPASS_ALL});
            NamingEnumeration search = this.nexus.search(name3, this.factoryCfg.getEnvironment(), presenceNode, searchControls);
            while (search.hasMore()) {
                SearchResult searchResult = (SearchResult) search.next();
                Attributes attributes = searchResult.getAttributes();
                Name parse2 = this.dnParser.parse(searchResult.getName());
                if (this.evaluator.evaluate(subtreeSpecification, name2, parse2, attributes.get(JavaLdapSupport.OBJECTCLASS_ATTR))) {
                    this.nexus.modify(parse2, getOperationalModsForRemove(name, attributes));
                }
            }
            Attributes subentryOperatationalAttributes = getSubentryOperatationalAttributes(name, this.nexus.lookup(name2).get("administrativeRole"));
            Name name4 = (Name) name2.clone();
            name4.addAll(parse.getBase());
            NamingEnumeration search2 = this.nexus.search(name4, this.factoryCfg.getEnvironment(), presenceNode, searchControls);
            while (search2.hasMore()) {
                SearchResult searchResult2 = (SearchResult) search2.next();
                Attributes attributes2 = searchResult2.getAttributes();
                Name parse3 = this.dnParser.parse(searchResult2.getName());
                if (this.evaluator.evaluate(parse, name2, parse3, attributes2.get(JavaLdapSupport.OBJECTCLASS_ATTR))) {
                    this.nexus.modify(parse3, getOperationalModsForAdd(attributes2, subentryOperatationalAttributes));
                }
            }
        } catch (Exception e) {
            log.error("failed to parse the new subtreeSpecification", e);
            throw new LdapInvalidAttributeValueException("failed to parse the new subtreeSpecification", ResultCodeEnum.INVALIDATTRIBUTESYNTAX);
        }
    }

    private ModificationItem[] getOperationalModsForReplace(Name name, Name name2, Attribute attribute, Attributes attributes) throws NamingException {
        Attribute attribute2;
        ArrayList arrayList = new ArrayList();
        NamingEnumeration all = attribute.getAll();
        while (all.hasMore()) {
            String str = (String) all.next();
            if (str.equalsIgnoreCase(AUTONOUMOUS_AREA)) {
                attribute2 = (Attribute) attributes.get(AUTONOUMOUS_AREA_SUBENTRY).clone();
                if (attribute2 == null) {
                    attribute2 = new LockableAttributeImpl(AUTONOUMOUS_AREA_SUBENTRY);
                    attribute2.add(name2.toString());
                } else {
                    attribute2.remove(name.toString());
                    attribute2.add(name2.toString());
                }
            } else if (str.equalsIgnoreCase(AC_AREA) || str.equalsIgnoreCase(AC_INNERAREA)) {
                attribute2 = (Attribute) attributes.get(AC_SUBENTRY).clone();
                if (attribute2 == null) {
                    attribute2 = new LockableAttributeImpl(AC_SUBENTRY);
                    attribute2.add(name2.toString());
                } else {
                    attribute2.remove(name.toString());
                    attribute2.add(name2.toString());
                }
            } else if (str.equalsIgnoreCase(SCHEMA_AREA)) {
                attribute2 = (Attribute) attributes.get(SCHEMA_AREA_SUBENTRY).clone();
                if (attribute2 == null) {
                    attribute2 = new LockableAttributeImpl(SCHEMA_AREA_SUBENTRY);
                    attribute2.add(name2.toString());
                } else {
                    attribute2.remove(name.toString());
                    attribute2.add(name2.toString());
                }
            } else {
                if (!str.equalsIgnoreCase(COLLECTIVE_AREA) && !str.equalsIgnoreCase(COLLECTIVE_INNERAREA)) {
                    throw new LdapInvalidAttributeValueException(new StringBuffer().append("Encountered invalid administrativeRole '").append(str).append("' in administrative point of subentry ").append(name).append(". The values of this attribute").append(" are constrained to autonomousArea, accessControlSpecificArea, accessControlInnerArea,").append(" subschemaAdminSpecificArea, collectiveAttributeSpecificArea, and").append(" collectiveAttributeInnerArea.").toString(), ResultCodeEnum.CONSTRAINTVIOLATION);
                }
                attribute2 = (Attribute) attributes.get(COLLECTIVE_ATTRIBUTE_SUBENTRIES).clone();
                if (attribute2 == null) {
                    attribute2 = new LockableAttributeImpl(COLLECTIVE_ATTRIBUTE_SUBENTRIES);
                    attribute2.add(name2.toString());
                } else {
                    attribute2.remove(name.toString());
                    attribute2.add(name2.toString());
                }
            }
            arrayList.add(new ModificationItem(2, attribute2));
        }
        return (ModificationItem[]) arrayList.toArray(new ModificationItem[arrayList.size()]);
    }

    private Attributes getSubentryOperatationalAttributes(Name name, Attribute attribute) throws NamingException {
        LockableAttributesImpl lockableAttributesImpl = new LockableAttributesImpl();
        NamingEnumeration all = attribute.getAll();
        while (all.hasMore()) {
            String str = (String) all.next();
            if (str.equalsIgnoreCase(AUTONOUMOUS_AREA)) {
                if (lockableAttributesImpl.get(AUTONOUMOUS_AREA_SUBENTRY) == null) {
                    lockableAttributesImpl.put(AUTONOUMOUS_AREA_SUBENTRY, name.toString());
                } else {
                    lockableAttributesImpl.get(AUTONOUMOUS_AREA_SUBENTRY).add(name.toString());
                }
            } else if (str.equalsIgnoreCase(AC_AREA) || str.equalsIgnoreCase(AC_INNERAREA)) {
                if (lockableAttributesImpl.get(AC_SUBENTRY) == null) {
                    lockableAttributesImpl.put(AC_SUBENTRY, name.toString());
                } else {
                    lockableAttributesImpl.get(AC_SUBENTRY).add(name.toString());
                }
            } else if (str.equalsIgnoreCase(SCHEMA_AREA)) {
                if (lockableAttributesImpl.get(SCHEMA_AREA_SUBENTRY) == null) {
                    lockableAttributesImpl.put(SCHEMA_AREA_SUBENTRY, name.toString());
                } else {
                    lockableAttributesImpl.get(SCHEMA_AREA_SUBENTRY).add(name.toString());
                }
            } else {
                if (!str.equalsIgnoreCase(COLLECTIVE_AREA) && !str.equalsIgnoreCase(COLLECTIVE_INNERAREA)) {
                    throw new LdapInvalidAttributeValueException(new StringBuffer().append("Encountered invalid administrativeRole '").append(str).append("' in administrative point of subentry ").append(name).append(". The values of this attribute are").append(" constrained to autonomousArea, accessControlSpecificArea, accessControlInnerArea,").append(" subschemaAdminSpecificArea, collectiveAttributeSpecificArea, and").append(" collectiveAttributeInnerArea.").toString(), ResultCodeEnum.CONSTRAINTVIOLATION);
                }
                if (lockableAttributesImpl.get(COLLECTIVE_ATTRIBUTE_SUBENTRIES) == null) {
                    lockableAttributesImpl.put(COLLECTIVE_ATTRIBUTE_SUBENTRIES, name.toString());
                } else {
                    lockableAttributesImpl.get(COLLECTIVE_ATTRIBUTE_SUBENTRIES).add(name.toString());
                }
            }
        }
        return lockableAttributesImpl;
    }

    private ModificationItem[] getOperationalModsForRemove(Name name, Attributes attributes) {
        ArrayList arrayList = new ArrayList();
        String obj = name.toString();
        for (int i = 0; i < SUBENTRY_OPATTRS.length; i++) {
            Attribute attribute = attributes.get(SUBENTRY_OPATTRS[i]);
            if (attribute != null && attribute.contains(obj)) {
                LockableAttributeImpl lockableAttributeImpl = new LockableAttributeImpl(SUBENTRY_OPATTRS[i]);
                lockableAttributeImpl.add(obj);
                arrayList.add(new ModificationItem(3, lockableAttributeImpl));
            }
        }
        return (ModificationItem[]) arrayList.toArray(new ModificationItem[arrayList.size()]);
    }

    public ModificationItem[] getOperationalModsForAdd(Attributes attributes, Attributes attributes2) throws NamingException {
        ArrayList arrayList = new ArrayList();
        NamingEnumeration iDs = attributes2.getIDs();
        while (iDs.hasMore()) {
            int i = 2;
            String str = (String) iDs.next();
            LockableAttributeImpl lockableAttributeImpl = new LockableAttributeImpl(str);
            Attribute attribute = attributes2.get(str);
            Attribute attribute2 = attributes.get(str);
            for (int i2 = 0; i2 < attribute.size(); i2++) {
                lockableAttributeImpl.add(attribute.get(i2));
            }
            if (attribute2 == null || attribute2.size() <= 0) {
                i = 1;
            } else {
                for (int i3 = 0; i3 < attribute2.size(); i3++) {
                    lockableAttributeImpl.add(attribute2.get(i3));
                }
            }
            arrayList.add(new ModificationItem(i, lockableAttributeImpl));
        }
        return (ModificationItem[]) arrayList.toArray(new ModificationItem[arrayList.size()]);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$directory$server$core$subtree$SubentryService == null) {
            cls = class$("org.apache.directory.server.core.subtree.SubentryService");
            class$org$apache$directory$server$core$subtree$SubentryService = cls;
        } else {
            cls = class$org$apache$directory$server$core$subtree$SubentryService;
        }
        log = LoggerFactory.getLogger(cls);
    }
}
