package org.apache.directory.server.core.authz;

import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.naming.directory.SearchControls;
import org.apache.directory.api.ldap.aci.ACIItem;
import org.apache.directory.api.ldap.aci.ACIItemParser;
import org.apache.directory.api.ldap.aci.ACITuple;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Modification;
import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapOperationErrorException;
import org.apache.directory.api.ldap.model.exception.LdapSchemaViolationException;
import org.apache.directory.api.ldap.model.filter.EqualityNode;
import org.apache.directory.api.ldap.model.message.AliasDerefMode;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.schema.AttributeType;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.apache.directory.api.ldap.model.schema.normalizers.ConcreteNameComponentNormalizer;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.DnFactory;
import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.api.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.api.partition.Partition;
import org.apache.directory.server.core.api.partition.PartitionNexus;
import org.apache.directory.server.i18n.I18n;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:apacheds-interceptors-authz-2.0.0.AM27.jar:org/apache/directory/server/core/authz/TupleCache.class */
public class TupleCache {
    private static final Logger LOG = LoggerFactory.getLogger(TupleCache.class);
    private final Map<String, List<ACITuple>> tuples = new HashMap();
    private final DirectoryService directoryService;
    private final DnFactory dnFactory;
    private final PartitionNexus nexus;
    private final ACIItemParser aciParser;

    public TupleCache(CoreSession coreSession) throws LdapException {
        this.directoryService = coreSession.getDirectoryService();
        SchemaManager schemaManager = this.directoryService.getSchemaManager();
        this.dnFactory = this.directoryService.getDnFactory();
        this.nexus = this.directoryService.getPartitionNexus();
        this.aciParser = new ACIItemParser(new ConcreteNameComponentNormalizer(schemaManager), schemaManager);
        initialize(coreSession);
    }

    private void initialize(CoreSession coreSession) throws LdapException {
        for (String str : this.nexus.listSuffixes()) {
            AttributeType objectClass = this.directoryService.getAtProvider().getObjectClass();
            EqualityNode equalityNode = new EqualityNode(objectClass, new Value(objectClass, SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC));
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[]{SchemaConstants.ALL_USER_ATTRIBUTES, SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES});
            Dn create = this.dnFactory.create(str);
            Partition partition = this.nexus.getPartition(create);
            SearchOperationContext searchOperationContext = new SearchOperationContext(coreSession, create, equalityNode, searchControls);
            searchOperationContext.setAliasDerefMode(AliasDerefMode.NEVER_DEREF_ALIASES);
            searchOperationContext.setPartition(partition);
            searchOperationContext.setTransaction(partition.beginReadTransaction());
            EntryFilteringCursor search = this.nexus.search(searchOperationContext);
            while (search.next()) {
                try {
                    Entry entry = search.get();
                    Dn dn = entry.getDn();
                    if (!dn.isSchemaAware()) {
                        dn = new Dn(coreSession.getDirectoryService().getSchemaManager(), dn);
                    }
                    if (entry.get(this.directoryService.getAtProvider().getPrescriptiveACI()) == null) {
                        LOG.warn("Found accessControlSubentry '{}' without any {}", dn, SchemaConstants.PRESCRIPTIVE_ACI_AT);
                    } else {
                        subentryAdded(dn, entry);
                    }
                } catch (Exception e) {
                    throw new LdapOperationErrorException(e.getMessage(), e);
                }
            }
            search.close();
        }
    }

    private boolean hasPrescriptiveACI(Entry entry) throws LdapException {
        if (entry.get(this.directoryService.getAtProvider().getPrescriptiveACI()) != null) {
            return true;
        }
        if (entry.contains(this.directoryService.getAtProvider().getObjectClass(), SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC)) {
            throw new LdapSchemaViolationException(ResultCodeEnum.OBJECT_CLASS_VIOLATION, "");
        }
        return false;
    }

    public void subentryAdded(Dn dn, Entry entry) throws LdapException {
        if (hasPrescriptiveACI(entry)) {
            Attribute attribute = entry.get(this.directoryService.getAtProvider().getPrescriptiveACI());
            ArrayList arrayList = new ArrayList();
            Iterator<Value> it = attribute.iterator();
            while (it.hasNext()) {
                ACIItem aCIItem = null;
                try {
                    aCIItem = this.aciParser.parse(it.next().getString());
                    arrayList.addAll(aCIItem.toTuples());
                } catch (ParseException e) {
                    LOG.error(I18n.err(I18n.ERR_28, aCIItem), e);
                }
            }
            this.tuples.put(dn.getNormName(), arrayList);
        }
    }

    public void subentryDeleted(Dn dn, Entry entry) throws LdapException {
        if (hasPrescriptiveACI(entry)) {
            this.tuples.remove(dn.getNormName());
        }
    }

    public void subentryModified(Dn dn, List<Modification> list, Entry entry) throws LdapException {
        if (hasPrescriptiveACI(entry)) {
            Iterator<Modification> it = list.iterator();
            while (it.hasNext()) {
                if (it.next().getAttribute().isInstanceOf(this.directoryService.getAtProvider().getPrescriptiveACI())) {
                    subentryDeleted(dn, entry);
                    subentryAdded(dn, entry);
                }
            }
        }
    }

    public void subentryModified(Dn dn, Entry entry, Entry entry2) throws LdapException {
        if (hasPrescriptiveACI(entry2) && entry.get(this.directoryService.getAtProvider().getPrescriptiveACI()) != null) {
            subentryDeleted(dn, entry2);
            subentryAdded(dn, entry2);
        }
    }

    public List<ACITuple> getACITuples(String str) {
        List<ACITuple> list = this.tuples.get(str);
        return list == null ? Collections.emptyList() : Collections.unmodifiableList(list);
    }

    public void subentryRenamed(Dn dn, Dn dn2) {
        this.tuples.put(dn2.getNormName(), this.tuples.remove(dn.getNormName()));
    }
}
