package org.apache.directory.server.core.authz;

import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import org.apache.directory.server.core.CoreSession;
import org.apache.directory.server.core.entry.ClonedServerEntry;
import org.apache.directory.server.core.entry.ServerAttribute;
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.partition.PartitionNexus;
import org.apache.directory.server.schema.ConcreteNameComponentNormalizer;
import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
import org.apache.directory.shared.ldap.aci.ACIItem;
import org.apache.directory.shared.ldap.aci.ACIItemParser;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.Modification;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.entry.client.ClientStringValue;
import org.apache.directory.shared.ldap.exception.LdapSchemaViolationException;
import org.apache.directory.shared.ldap.filter.EqualityNode;
import org.apache.directory.shared.ldap.message.AliasDerefMode;
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.schema.AttributeType;
import org.apache.directory.shared.ldap.schema.OidNormalizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:resources/libs/apacheds-1.5.3/apacheds-core-1.5.3.jar:org/apache/directory/server/core/authz/TupleCache.class
 */
/* loaded from: input_file:resources/libs/apacheds-1.5.4/apacheds-core-1.5.4.jar:org/apache/directory/server/core/authz/TupleCache.class */
public class TupleCache {
    private static final Logger LOG = LoggerFactory.getLogger(TupleCache.class);
    private final Map<String, List<ACITuple>> tuples = new HashMap();
    private final PartitionNexus nexus;
    private final ACIItemParser aciParser;
    private AttributeType prescriptiveAciAT;
    private Map<String, OidNormalizer> normalizerMap;

    public TupleCache(CoreSession coreSession) throws Exception {
        this.normalizerMap = coreSession.getDirectoryService().getRegistries().getAttributeTypeRegistry().getNormalizerMapping();
        this.nexus = coreSession.getDirectoryService().getPartitionNexus();
        AttributeTypeRegistry attributeTypeRegistry = coreSession.getDirectoryService().getRegistries().getAttributeTypeRegistry();
        this.aciParser = new ACIItemParser(new ConcreteNameComponentNormalizer(attributeTypeRegistry, coreSession.getDirectoryService().getRegistries().getOidRegistry()), this.normalizerMap);
        this.prescriptiveAciAT = attributeTypeRegistry.lookup(SchemaConstants.PRESCRIPTIVE_ACI_AT);
        initialize(coreSession);
    }

    private LdapDN parseNormalized(String str) throws NamingException {
        LdapDN ldapDN = new LdapDN(str);
        ldapDN.normalize(this.normalizerMap);
        return ldapDN;
    }

    private void initialize(CoreSession coreSession) throws Exception {
        Iterator<String> listSuffixes = this.nexus.listSuffixes(null);
        while (listSuffixes.hasNext()) {
            LdapDN parseNormalized = parseNormalized(listSuffixes.next());
            EqualityNode equalityNode = new EqualityNode(SchemaConstants.OBJECT_CLASS_AT, new ClientStringValue(SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC));
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            EntryFilteringCursor search = this.nexus.search(new SearchOperationContext(coreSession, parseNormalized, AliasDerefMode.NEVER_DEREF_ALIASES, equalityNode, searchControls));
            while (search.next()) {
                ClonedServerEntry clonedServerEntry = search.get();
                LdapDN normalize = clonedServerEntry.getDn().normalize(this.normalizerMap);
                if (clonedServerEntry.get(this.prescriptiveAciAT) == null) {
                    LOG.warn("Found accessControlSubentry '" + normalize + "' without any " + SchemaConstants.PRESCRIPTIVE_ACI_AT);
                } else {
                    subentryAdded(normalize, clonedServerEntry);
                }
            }
            search.close();
        }
    }

    private boolean hasPrescriptiveACI(ServerEntry serverEntry) throws NamingException {
        if (serverEntry.get(this.prescriptiveAciAT) != null) {
            return true;
        }
        if (serverEntry.contains(SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC) || serverEntry.contains(SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC_OID)) {
            throw new LdapSchemaViolationException("", ResultCodeEnum.OBJECT_CLASS_VIOLATION);
        }
        return false;
    }

    public void subentryAdded(LdapDN ldapDN, ServerEntry serverEntry) throws NamingException {
        EntryAttribute entryAttribute = serverEntry.get(this.prescriptiveAciAT);
        if (hasPrescriptiveACI(serverEntry)) {
            ArrayList arrayList = new ArrayList();
            Iterator<Value<?>> it = entryAttribute.iterator();
            while (it.hasNext()) {
                ACIItem aCIItem = null;
                try {
                    aCIItem = this.aciParser.parse((String) it.next().get());
                    arrayList.addAll(aCIItem.toTuples());
                } catch (ParseException e) {
                    LOG.error("ACIItem parser failure on \n'" + aCIItem + "'\ndue to syntax error. Cannnot add ACITuples to TupleCache.\nCheck that the syntax of the ACI item is correct. \nUntil this error is fixed your security settings will not be as expected.", (Throwable) e);
                }
            }
            this.tuples.put(ldapDN.toNormName(), arrayList);
        }
    }

    public void subentryDeleted(LdapDN ldapDN, ServerEntry serverEntry) throws NamingException {
        if (hasPrescriptiveACI(serverEntry)) {
            this.tuples.remove(ldapDN.toString());
        }
    }

    public void subentryModified(LdapDN ldapDN, List<Modification> list, ServerEntry serverEntry) throws NamingException {
        if (hasPrescriptiveACI(serverEntry)) {
            Iterator<Modification> it = list.iterator();
            while (it.hasNext()) {
                if (((ServerAttribute) it.next().getAttribute()).instanceOf(SchemaConstants.PRESCRIPTIVE_ACI_AT)) {
                    subentryDeleted(ldapDN, serverEntry);
                    subentryAdded(ldapDN, serverEntry);
                }
            }
        }
    }

    public void subentryModified(LdapDN ldapDN, ServerEntry serverEntry, ServerEntry serverEntry2) throws NamingException {
        if (hasPrescriptiveACI(serverEntry2) && serverEntry.get(this.prescriptiveAciAT) != null) {
            subentryDeleted(ldapDN, serverEntry2);
            subentryAdded(ldapDN, serverEntry2);
        }
    }

    public List<ACITuple> getACITuples(String str) {
        List<ACITuple> list = this.tuples.get(str);
        return list == null ? Collections.EMPTY_LIST : Collections.unmodifiableList(list);
    }

    public void subentryRenamed(LdapDN ldapDN, LdapDN ldapDN2) {
        this.tuples.put(ldapDN2.toString(), this.tuples.remove(ldapDN.toString()));
    }
}
