package org.apache.directory.server.core.authz;

import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.naming.directory.SearchControls;
import org.apache.directory.server.core.CoreSession;
import org.apache.directory.server.core.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.interceptor.context.ListSuffixOperationContext;
import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.partition.PartitionNexus;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.shared.ldap.aci.ACIItem;
import org.apache.directory.shared.ldap.aci.ACIItemParser;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.Modification;
import org.apache.directory.shared.ldap.entry.ServerEntry;
import org.apache.directory.shared.ldap.entry.StringValue;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.exception.LdapException;
import org.apache.directory.shared.ldap.exception.LdapSchemaViolationException;
import org.apache.directory.shared.ldap.filter.EqualityNode;
import org.apache.directory.shared.ldap.message.AliasDerefMode;
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.name.DN;
import org.apache.directory.shared.ldap.schema.AttributeType;
import org.apache.directory.shared.ldap.schema.SchemaManager;
import org.apache.directory.shared.ldap.schema.normalizers.ConcreteNameComponentNormalizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/core/authz/TupleCache.class */
public class TupleCache {
    private static final Logger LOG = LoggerFactory.getLogger(TupleCache.class);
    private final Map<String, List<ACITuple>> tuples = new HashMap();
    private final PartitionNexus nexus;
    private final ACIItemParser aciParser;
    private AttributeType prescriptiveAciAT;

    public TupleCache(CoreSession coreSession) throws Exception {
        SchemaManager schemaManager = coreSession.getDirectoryService().getSchemaManager();
        this.nexus = coreSession.getDirectoryService().getPartitionNexus();
        this.aciParser = new ACIItemParser(new ConcreteNameComponentNormalizer(schemaManager), schemaManager.getNormalizerMapping());
        this.prescriptiveAciAT = schemaManager.lookupAttributeTypeRegistry("prescriptiveACI");
        initialize(coreSession);
    }

    private DN parseNormalized(SchemaManager schemaManager, String str) throws LdapException {
        DN dn = new DN(str);
        dn.normalize(schemaManager.getNormalizerMapping());
        return dn;
    }

    private void initialize(CoreSession coreSession) throws Exception {
        Iterator it = this.nexus.listSuffixes((ListSuffixOperationContext) null).iterator();
        while (it.hasNext()) {
            DN parseNormalized = parseNormalized(coreSession.getDirectoryService().getSchemaManager(), (String) it.next());
            EqualityNode equalityNode = new EqualityNode("objectClass", new StringValue("accessControlSubentry"));
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            SearchOperationContext searchOperationContext = new SearchOperationContext(coreSession, parseNormalized, equalityNode, searchControls);
            searchOperationContext.setAliasDerefMode(AliasDerefMode.NEVER_DEREF_ALIASES);
            EntryFilteringCursor search = this.nexus.search(searchOperationContext);
            while (search.next()) {
                ServerEntry serverEntry = (ServerEntry) search.get();
                DN normalize = serverEntry.getDn().normalize(coreSession.getDirectoryService().getSchemaManager().getNormalizerMapping());
                if (serverEntry.get(this.prescriptiveAciAT) == null) {
                    LOG.warn("Found accessControlSubentry '" + normalize + "' without any prescriptiveACI");
                } else {
                    subentryAdded(normalize, serverEntry);
                }
            }
            search.close();
        }
    }

    private boolean hasPrescriptiveACI(ServerEntry serverEntry) throws LdapException {
        if (serverEntry.get(this.prescriptiveAciAT) != null) {
            return true;
        }
        if (serverEntry.contains("objectClass", new String[]{"accessControlSubentry"}) || serverEntry.contains("objectClass", new String[]{"2.5.17.1"})) {
            throw new LdapSchemaViolationException(ResultCodeEnum.OBJECT_CLASS_VIOLATION, "");
        }
        return false;
    }

    public void subentryAdded(DN dn, ServerEntry serverEntry) throws LdapException {
        EntryAttribute entryAttribute = serverEntry.get(this.prescriptiveAciAT);
        if (hasPrescriptiveACI(serverEntry)) {
            ArrayList arrayList = new ArrayList();
            Iterator it = entryAttribute.iterator();
            while (it.hasNext()) {
                ACIItem aCIItem = null;
                try {
                    aCIItem = this.aciParser.parse(((Value) it.next()).getString());
                    arrayList.addAll(aCIItem.toTuples());
                } catch (ParseException e) {
                    LOG.error(I18n.err(I18n.ERR_28, new Object[]{aCIItem}), e);
                }
            }
            this.tuples.put(dn.getNormName(), arrayList);
        }
    }

    public void subentryDeleted(DN dn, ServerEntry serverEntry) throws LdapException {
        if (hasPrescriptiveACI(serverEntry)) {
            this.tuples.remove(dn.toString());
        }
    }

    public void subentryModified(DN dn, List<Modification> list, ServerEntry serverEntry) throws LdapException {
        if (hasPrescriptiveACI(serverEntry)) {
            Iterator<Modification> it = list.iterator();
            while (it.hasNext()) {
                if (it.next().getAttribute().instanceOf("prescriptiveACI")) {
                    subentryDeleted(dn, serverEntry);
                    subentryAdded(dn, serverEntry);
                }
            }
        }
    }

    public void subentryModified(DN dn, ServerEntry serverEntry, ServerEntry serverEntry2) throws LdapException {
        if (hasPrescriptiveACI(serverEntry2) && serverEntry.get(this.prescriptiveAciAT) != null) {
            subentryDeleted(dn, serverEntry2);
            subentryAdded(dn, serverEntry2);
        }
    }

    public List<ACITuple> getACITuples(String str) {
        List<ACITuple> list = this.tuples.get(str);
        return list == null ? Collections.EMPTY_LIST : Collections.unmodifiableList(list);
    }

    public void subentryRenamed(DN dn, DN dn2) {
        this.tuples.put(dn2.getNormName(), this.tuples.remove(dn.getNormName()));
    }
}
