package org.opends.server.core;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.concurrent.locks.Condition;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import org.opends.admin.ads.ADSContext;
import org.opends.messages.CoreMessages;
import org.opends.messages.Message;
import org.opends.server.api.Backend;
import org.opends.server.api.BackendInitializationListener;
import org.opends.server.api.ChangeNotificationListener;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.DirectoryThread;
import org.opends.server.api.ServerShutdownListener;
import org.opends.server.config.ConfigConstants;
import org.opends.server.controls.EntryChangeNotificationControl;
import org.opends.server.controls.PersistentSearchChangeType;
import org.opends.server.loggers.ErrorLogger;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.InternalSearchListener;
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.types.Attribute;
import org.opends.server.types.AttributeType;
import org.opends.server.types.Control;
import org.opends.server.types.DN;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DereferencePolicy;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.LDAPException;
import org.opends.server.types.ObjectClass;
import org.opends.server.types.RDN;
import org.opends.server.types.ResultCode;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.SearchResultEntry;
import org.opends.server.types.SearchResultReference;
import org.opends.server.types.SearchScope;
import org.opends.server.types.operation.PostResponseAddOperation;
import org.opends.server.types.operation.PostResponseDeleteOperation;
import org.opends.server.types.operation.PostResponseModifyDNOperation;
import org.opends.server.types.operation.PostResponseModifyOperation;
import org.opends.server.util.ServerConstants;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/core/TrustStoreSyncThread.class */
public class TrustStoreSyncThread extends DirectoryThread implements ServerShutdownListener, BackendInitializationListener, InternalSearchListener, ChangeNotificationListener {
    private static final DebugTracer TRACER = DebugLogger.getTracer();
    private Lock lock;
    private Condition condition;
    private DN adminSuffixDN;
    private DN instanceKeysDN;
    private DN trustStoreRootDN;
    AttributeType attrCert;
    AttributeType attrAlias;
    AttributeType attrCompromisedTime;
    private SearchFilter instanceKeyFilter;
    private boolean adminBackendInitialized;
    private boolean trustStoreBackendInitialized;
    private boolean shutdownRequested;
    private boolean searchDone;

    public TrustStoreSyncThread() {
        super("Trust Store Synchronization Thread");
        setDaemon(true);
        this.shutdownRequested = false;
        this.adminBackendInitialized = false;
        this.trustStoreBackendInitialized = false;
        this.searchDone = false;
        DirectoryServer.registerShutdownListener(this);
        DirectoryServer.registerBackendInitializationListener(this);
        this.lock = new ReentrantLock();
        this.condition = this.lock.newCondition();
        try {
            this.adminSuffixDN = DN.decode(ADSContext.getAdministrationSuffixDN());
            this.instanceKeysDN = this.adminSuffixDN.concat(DN.decode("cn=instance keys"));
            this.trustStoreRootDN = DN.decode(ConfigConstants.DN_TRUST_STORE_ROOT);
            this.instanceKeyFilter = SearchFilter.createFilterFromString("(objectclass=ds-cfg-instance-key)");
        } catch (DirectoryException e) {
        }
        this.attrCert = DirectoryServer.getAttributeType(ConfigConstants.ATTR_ADS_CERTIFICATE, true);
        this.attrAlias = DirectoryServer.getAttributeType(ConfigConstants.ATTR_CERT_ALIAS, true);
        this.attrCompromisedTime = DirectoryServer.getAttributeType("ds-cfg-key-compromised-time", true);
        if (DirectoryServer.getBackendWithBaseDN(this.adminSuffixDN) != null) {
            this.adminBackendInitialized = true;
        }
        if (DirectoryServer.getBackendWithBaseDN(this.trustStoreRootDN) != null) {
            this.trustStoreBackendInitialized = true;
        }
    }

    private SearchOperation runSearch() {
        InternalClientConnection rootConnection = InternalClientConnection.getRootConnection();
        LinkedHashSet linkedHashSet = new LinkedHashSet(0);
        InternalSearchOperation internalSearchOperation = new InternalSearchOperation((ClientConnection) rootConnection, InternalClientConnection.nextOperationID(), InternalClientConnection.nextMessageID(), (List<Control>) new ArrayList(0), this.adminSuffixDN, SearchScope.WHOLE_SUBTREE, DereferencePolicy.NEVER_DEREF_ALIASES, 0, 0, false, this.instanceKeyFilter, (LinkedHashSet<String>) linkedHashSet, (InternalSearchListener) this);
        internalSearchOperation.run();
        return internalSearchOperation;
    }

    @Override // java.lang.Thread, java.lang.Runnable
    public void run() {
        while (!this.shutdownRequested) {
            try {
                if (!this.searchDone && this.adminBackendInitialized && this.trustStoreBackendInitialized) {
                    SearchOperation runSearch = runSearch();
                    if (runSearch.getResultCode() != ResultCode.SUCCESS) {
                        ErrorLogger.logError(CoreMessages.INFO_TRUSTSTORESYNC_ADMIN_SUFFIX_SEARCH_FAILED.get(String.valueOf(this.adminSuffixDN), runSearch.getErrorMessage().toString()));
                    }
                    this.searchDone = true;
                    DirectoryServer.registerChangeNotificationListener(this);
                }
                awaitCondition();
            } catch (Exception e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                ErrorLogger.logError(CoreMessages.ERR_TRUSTSTORESYNC_EXCEPTION.get(StaticUtils.stackTraceToSingleLineString(e)));
            }
        }
    }

    @Override // org.opends.server.api.ServerShutdownListener
    public String getShutdownListenerName() {
        return "Trust Store Synchronization Thread";
    }

    @Override // org.opends.server.api.ServerShutdownListener
    public void processServerShutdown(Message message) {
        this.shutdownRequested = true;
        notifyCondition();
    }

    private void notifyCondition() {
        this.lock.lock();
        try {
            this.condition.signalAll();
            this.lock.unlock();
        } catch (Throwable th) {
            this.lock.unlock();
            throw th;
        }
    }

    private void awaitCondition() {
        this.lock.lock();
        try {
            this.condition.await();
            this.lock.unlock();
        } catch (InterruptedException e) {
            this.lock.unlock();
        } catch (Throwable th) {
            this.lock.unlock();
            throw th;
        }
    }

    @Override // org.opends.server.api.BackendInitializationListener
    public void performBackendInitializationProcessing(Backend backend) {
        boolean z = false;
        DN[] baseDNs = backend.getBaseDNs();
        if (baseDNs != null) {
            for (DN dn : baseDNs) {
                if (dn.equals(this.adminSuffixDN)) {
                    this.adminBackendInitialized = true;
                    z = true;
                } else if (dn.equals(this.trustStoreRootDN)) {
                    this.trustStoreBackendInitialized = true;
                    z = true;
                }
            }
        }
        if (z) {
            notifyCondition();
        }
    }

    @Override // org.opends.server.api.BackendInitializationListener
    public void performBackendFinalizationProcessing(Backend backend) {
        boolean z = false;
        DN[] baseDNs = backend.getBaseDNs();
        if (baseDNs != null) {
            for (DN dn : baseDNs) {
                if (dn.equals(this.adminSuffixDN)) {
                    this.adminBackendInitialized = false;
                    z = true;
                } else if (dn.equals(this.trustStoreRootDN)) {
                    this.adminBackendInitialized = false;
                    z = true;
                }
            }
        }
        if (z) {
            notifyCondition();
        }
    }

    @Override // org.opends.server.protocols.internal.InternalSearchListener
    public void handleInternalSearchEntry(InternalSearchOperation internalSearchOperation, SearchResultEntry searchResultEntry) throws DirectoryException {
        RDN rdn = searchResultEntry.getDN().getRDN();
        if (rdn.isMultiValued() || !rdn.getAttributeType(0).equals(this.attrAlias)) {
            return;
        }
        DN concat = this.trustStoreRootDN.concat(rdn);
        EntryChangeNotificationControl entryChangeNotificationControl = null;
        try {
            for (Control control : searchResultEntry.getControls()) {
                if (control.getOID().equals(ServerConstants.OID_ENTRY_CHANGE_NOTIFICATION)) {
                    entryChangeNotificationControl = EntryChangeNotificationControl.decodeControl(control);
                }
            }
        } catch (LDAPException e) {
        }
        Entry entry = DirectoryServer.getEntry(concat);
        if (entryChangeNotificationControl != null && entryChangeNotificationControl.getChangeType() == PersistentSearchChangeType.DELETE) {
            if (entry != null) {
                deleteEntry(concat);
            }
        } else if (searchResultEntry.hasAttribute(this.attrCompromisedTime)) {
            if (entry != null) {
                deleteEntry(concat);
            }
        } else if (entry == null) {
            addEntry(searchResultEntry, concat);
        } else {
            modifyEntry(searchResultEntry, entry);
        }
    }

    private void modifyEntry(Entry entry, Entry entry2) {
        List<Attribute> attribute = entry.getAttribute(this.attrCert);
        List<Attribute> attribute2 = entry2.getAttribute(this.attrCert);
        boolean z = false;
        if (attribute == null) {
            if (attribute2 != null) {
                z = true;
            }
        } else if (attribute2 == null) {
            z = true;
        } else if (attribute.size() != attribute2.size()) {
            z = true;
        } else if (!attribute.equals(attribute2)) {
            z = true;
        }
        if (z) {
            DN dn = entry2.getDN();
            deleteEntry(dn);
            addEntry(entry, dn);
        }
    }

    private void deleteEntry(DN dn) {
        DeleteOperation processDelete = InternalClientConnection.getRootConnection().processDelete(dn);
        if (processDelete.getResultCode() != ResultCode.SUCCESS) {
            ErrorLogger.logError(CoreMessages.INFO_TRUSTSTORESYNC_DELETE_FAILED.get(String.valueOf(dn), String.valueOf(processDelete.getErrorMessage())));
        }
    }

    private void addEntry(Entry entry, DN dn) {
        ObjectClass objectClass = DirectoryServer.getObjectClass(ConfigConstants.OC_INSTANCE_KEY, true);
        LinkedHashMap linkedHashMap = new LinkedHashMap(2);
        linkedHashMap.put(DirectoryServer.getTopObjectClass(), "top");
        linkedHashMap.put(objectClass, ConfigConstants.OC_INSTANCE_KEY);
        HashMap hashMap = new HashMap();
        List<Attribute> attribute = entry.getAttribute(this.attrAlias);
        if (attribute != null) {
            hashMap.put(this.attrAlias, attribute);
        }
        List<Attribute> attribute2 = entry.getAttribute(this.attrCert);
        if (attribute2 != null) {
            hashMap.put(this.attrCert, attribute2);
        }
        AddOperation processAdd = InternalClientConnection.getRootConnection().processAdd(new Entry(dn, linkedHashMap, hashMap, null));
        if (processAdd.getResultCode() != ResultCode.SUCCESS) {
            ErrorLogger.logError(CoreMessages.INFO_TRUSTSTORESYNC_ADD_FAILED.get(String.valueOf(dn), String.valueOf(processAdd.getErrorMessage())));
        }
    }

    @Override // org.opends.server.protocols.internal.InternalSearchListener
    public void handleInternalSearchReference(InternalSearchOperation internalSearchOperation, SearchResultReference searchResultReference) throws DirectoryException {
    }

    @Override // org.opends.server.api.ChangeNotificationListener
    public void handleAddOperation(PostResponseAddOperation postResponseAddOperation, Entry entry) {
        if (postResponseAddOperation.getEntryDN().isDescendantOf(this.instanceKeysDN)) {
            RDN rdn = entry.getDN().getRDN();
            if (rdn.isMultiValued() || !rdn.getAttributeType(0).equals(this.attrAlias)) {
                return;
            }
            DN concat = this.trustStoreRootDN.concat(rdn);
            if (entry.hasAttribute(this.attrCompromisedTime)) {
                return;
            }
            addEntry(entry, concat);
        }
    }

    @Override // org.opends.server.api.ChangeNotificationListener
    public void handleDeleteOperation(PostResponseDeleteOperation postResponseDeleteOperation, Entry entry) {
        if (postResponseDeleteOperation.getEntryDN().isDescendantOf(this.instanceKeysDN)) {
            RDN rdn = entry.getDN().getRDN();
            if (rdn.isMultiValued() || !rdn.getAttributeType(0).equals(this.attrAlias)) {
                return;
            }
            deleteEntry(this.trustStoreRootDN.concat(rdn));
        }
    }

    @Override // org.opends.server.api.ChangeNotificationListener
    public void handleModifyOperation(PostResponseModifyOperation postResponseModifyOperation, Entry entry, Entry entry2) {
        if (postResponseModifyOperation.getEntryDN().isDescendantOf(this.instanceKeysDN)) {
            RDN rdn = entry2.getDN().getRDN();
            if (rdn.isMultiValued() || !rdn.getAttributeType(0).equals(this.attrAlias)) {
                return;
            }
            DN concat = this.trustStoreRootDN.concat(rdn);
            Entry entry3 = null;
            try {
                entry3 = DirectoryServer.getEntry(concat);
            } catch (DirectoryException e) {
            }
            if (entry2.hasAttribute(this.attrCompromisedTime)) {
                if (entry3 != null) {
                    deleteEntry(concat);
                }
            } else if (entry3 == null) {
                addEntry(entry2, concat);
            } else {
                modifyEntry(entry2, entry3);
            }
        }
    }

    @Override // org.opends.server.api.ChangeNotificationListener
    public void handleModifyDNOperation(PostResponseModifyDNOperation postResponseModifyDNOperation, Entry entry, Entry entry2) {
    }
}
