package org.apache.directory.server.core.operational;

import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.InterceptorEnum;
import org.apache.directory.server.core.api.filtering.EntryFilter;
import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.api.interceptor.context.GetRootDseOperationContext;
import org.apache.directory.server.core.api.interceptor.context.ListOperationContext;
import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
import org.apache.directory.server.core.api.interceptor.context.ModifyOperationContext;
import org.apache.directory.server.core.api.interceptor.context.MoveAndRenameOperationContext;
import org.apache.directory.server.core.api.interceptor.context.MoveOperationContext;
import org.apache.directory.server.core.api.interceptor.context.RenameOperationContext;
import org.apache.directory.server.core.api.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.api.interceptor.context.SearchingOperationContext;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.shared.ldap.model.entry.Attribute;
import org.apache.directory.shared.ldap.model.entry.DefaultAttribute;
import org.apache.directory.shared.ldap.model.entry.DefaultModification;
import org.apache.directory.shared.ldap.model.entry.Entry;
import org.apache.directory.shared.ldap.model.entry.Modification;
import org.apache.directory.shared.ldap.model.entry.ModificationOperation;
import org.apache.directory.shared.ldap.model.exception.LdapException;
import org.apache.directory.shared.ldap.model.exception.LdapNoPermissionException;
import org.apache.directory.shared.ldap.model.name.Ava;
import org.apache.directory.shared.ldap.model.name.Dn;
import org.apache.directory.shared.ldap.model.name.Rdn;
import org.apache.directory.shared.ldap.model.schema.AttributeType;
import org.apache.directory.shared.ldap.model.schema.UsageEnum;
import org.apache.directory.shared.util.DateUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/apacheds-interceptors-operational-2.0.0-M4.jar:org/apache/directory/server/core/operational/OperationalAttributeInterceptor.class */
public class OperationalAttributeInterceptor extends BaseInterceptor {
    private static Logger LOG = LoggerFactory.getLogger(OperationalAttributeInterceptor.class);
    private final EntryFilter DENORMALIZING_SEARCH_FILTER;
    private final EntryFilter SEARCH_FILTER;
    private Dn subschemaSubentryDn;
    private Dn adminDn;

    /* loaded from: input_file:lib/apacheds-interceptors-operational-2.0.0-M4.jar:org/apache/directory/server/core/operational/OperationalAttributeInterceptor$OperationalAttributeDenormalizingSearchFilter.class */
    private class OperationalAttributeDenormalizingSearchFilter implements EntryFilter {
        private OperationalAttributeDenormalizingSearchFilter() {
        }

        public boolean accept(SearchingOperationContext searchingOperationContext, Entry entry) throws Exception {
            if (searchingOperationContext.getSearchControls().getReturningAttributes() == null) {
                return true;
            }
            return OperationalAttributeInterceptor.this.filterDenormalized(entry);
        }
    }

    /* loaded from: input_file:lib/apacheds-interceptors-operational-2.0.0-M4.jar:org/apache/directory/server/core/operational/OperationalAttributeInterceptor$OperationalAttributeSearchFilter.class */
    private class OperationalAttributeSearchFilter implements EntryFilter {
        private OperationalAttributeSearchFilter() {
        }

        public boolean accept(SearchingOperationContext searchingOperationContext, Entry entry) throws Exception {
            return searchingOperationContext.getSearchControls().getReturningAttributes() != null || OperationalAttributeInterceptor.this.filterOperationalAttributes(entry);
        }
    }

    public OperationalAttributeInterceptor() {
        super(InterceptorEnum.OPERATIONAL_ATTRIBUTE_INTERCEPTOR);
        this.DENORMALIZING_SEARCH_FILTER = new OperationalAttributeDenormalizingSearchFilter();
        this.SEARCH_FILTER = new OperationalAttributeSearchFilter();
    }

    public void init(DirectoryService directoryService) throws LdapException {
        super.init(directoryService);
        this.subschemaSubentryDn = directoryService.getDnFactory().create(directoryService.getPartitionNexus().getRootDse((GetRootDseOperationContext) null).get("subschemaSubentry").get().getString());
        this.adminDn = directoryService.getDnFactory().create("uid=admin,ou=system");
    }

    public void destroy() {
    }

    private boolean checkAddOperationalAttribute(boolean z, Entry entry, String str) throws LdapException {
        if (!entry.containsAttribute(new String[]{str})) {
            return false;
        }
        if (z) {
            return true;
        }
        String err = I18n.err(I18n.ERR_30, new Object[]{str});
        LOG.error(err);
        throw new LdapNoPermissionException(err);
    }

    public void add(AddOperationContext addOperationContext) throws LdapException {
        String name = getPrincipal(addOperationContext).getName();
        Entry entry = addOperationContext.getEntry();
        boolean equals = addOperationContext.getSession().getAuthenticatedPrincipal().getName().equals("0.9.2342.19200300.100.1.1=admin,2.5.4.11=system");
        if (!checkAddOperationalAttribute(equals, entry, "entryUUID")) {
            entry.put("entryUUID", new String[]{UUID.randomUUID().toString()});
        }
        if (!checkAddOperationalAttribute(equals, entry, "entryCSN")) {
            entry.put("entryCSN", new String[]{this.directoryService.getCSN().toString()});
        }
        if (!checkAddOperationalAttribute(equals, entry, "creatorsName")) {
            entry.put("creatorsName", new String[]{name});
        }
        if (!checkAddOperationalAttribute(equals, entry, "createTimestamp")) {
            entry.put("createTimestamp", new String[]{DateUtils.getGeneralizedTime()});
        }
        checkAddOperationalAttribute(equals, entry, "accessControlSubentries");
        checkAddOperationalAttribute(equals, entry, "collectiveAttributeSubentries");
        checkAddOperationalAttribute(equals, entry, "triggerExecutionSubentries");
        checkAddOperationalAttribute(equals, entry, "subschemaSubentry");
        next(addOperationContext);
    }

    public EntryFilteringCursor list(ListOperationContext listOperationContext) throws LdapException {
        EntryFilteringCursor next = next(listOperationContext);
        next.addEntryFilter(this.SEARCH_FILTER);
        return next;
    }

    public Entry lookup(LookupOperationContext lookupOperationContext) throws LdapException {
        Entry next = next(lookupOperationContext);
        if (lookupOperationContext.hasAllUser()) {
            if (lookupOperationContext.hasAllOperational()) {
                return next;
            }
            filter(lookupOperationContext, next);
        } else if (lookupOperationContext.hasAllOperational()) {
            filterUserAttributes(lookupOperationContext, next);
        } else if (lookupOperationContext.getAttrsId() != null && lookupOperationContext.getAttrsId().size() != 0) {
            filterList(lookupOperationContext, next);
        } else if (lookupOperationContext.hasNoAttribute()) {
            next.clear();
        } else {
            filterOperationalAttributes(next);
        }
        denormalizeEntryOpAttrs(next);
        return next;
    }

    public void modify(ModifyOperationContext modifyOperationContext) throws LdapException {
        List modItems = modifyOperationContext.getModItems();
        boolean equals = modifyOperationContext.getSession().getAuthenticatedPrincipal().getDn().equals(this.adminDn);
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        Dn dn = modifyOperationContext.getDn();
        Iterator it = modItems.iterator();
        while (it.hasNext()) {
            AttributeType attributeType = ((Modification) it.next()).getAttribute().getAttributeType();
            if (attributeType.equals(MODIFIERS_NAME_AT)) {
                if (!equals) {
                    String err = I18n.err(I18n.ERR_31, new Object[0]);
                    LOG.error(err);
                    throw new LdapNoPermissionException(err);
                }
                z = true;
            }
            if (attributeType.equals(MODIFY_TIMESTAMP_AT)) {
                if (!equals) {
                    String err2 = I18n.err(I18n.ERR_32, new Object[0]);
                    LOG.error(err2);
                    throw new LdapNoPermissionException(err2);
                }
                z2 = true;
            }
            if (attributeType.equals(ENTRY_CSN_AT)) {
                if (!equals) {
                    String err3 = I18n.err(I18n.ERR_32, new Object[0]);
                    LOG.error(err3);
                    throw new LdapNoPermissionException(err3);
                }
                z3 = true;
            }
            if (PWD_POLICY_STATE_ATTRIBUTE_TYPES.contains(attributeType) && !equals) {
                String err4 = I18n.err(I18n.ERR_32, new Object[0]);
                LOG.error(err4);
                throw new LdapNoPermissionException(err4);
            }
        }
        if (!dn.equals(this.subschemaSubentryDn)) {
            if (!z) {
                modItems.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, new DefaultAttribute(MODIFIERS_NAME_AT, new String[]{getPrincipal(modifyOperationContext).getName()})));
            }
            if (!z2) {
                modItems.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, new DefaultAttribute(MODIFY_TIMESTAMP_AT, new String[]{DateUtils.getGeneralizedTime()})));
            }
            if (!z3) {
                modItems.add(new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, new DefaultAttribute(ENTRY_CSN_AT, new String[]{this.directoryService.getCSN().toString()})));
            }
        }
        next(modifyOperationContext);
    }

    public void move(MoveOperationContext moveOperationContext) throws LdapException {
        Entry clone = moveOperationContext.getOriginalEntry().clone();
        clone.put("modifiersName", new String[]{getPrincipal(moveOperationContext).getName()});
        clone.put("modifyTimestamp", new String[]{DateUtils.getGeneralizedTime()});
        clone.setDn(moveOperationContext.getNewDn());
        moveOperationContext.setModifiedEntry(clone);
        next(moveOperationContext);
    }

    public void moveAndRename(MoveAndRenameOperationContext moveAndRenameOperationContext) throws LdapException {
        Entry clone = moveAndRenameOperationContext.getOriginalEntry().clone();
        clone.put("modifiersName", new String[]{getPrincipal(moveAndRenameOperationContext).getName()});
        clone.put("modifyTimestamp", new String[]{DateUtils.getGeneralizedTime()});
        clone.setDn(moveAndRenameOperationContext.getNewDn());
        moveAndRenameOperationContext.setModifiedEntry(clone);
        next(moveAndRenameOperationContext);
    }

    public void rename(RenameOperationContext renameOperationContext) throws LdapException {
        Entry clonedEntry = renameOperationContext.getEntry().getClonedEntry();
        clonedEntry.put("modifiersName", new String[]{getPrincipal(renameOperationContext).getName()});
        clonedEntry.put("modifyTimestamp", new String[]{DateUtils.getGeneralizedTime()});
        Entry clone = renameOperationContext.getOriginalEntry().clone();
        clone.put("modifiersName", new String[]{getPrincipal(renameOperationContext).getName()});
        clone.put("modifyTimestamp", new String[]{DateUtils.getGeneralizedTime()});
        renameOperationContext.setModifiedEntry(clone);
        next(renameOperationContext);
    }

    public EntryFilteringCursor search(SearchOperationContext searchOperationContext) throws LdapException {
        EntryFilteringCursor next = next(searchOperationContext);
        if (!searchOperationContext.isAllOperationalAttributes() && (searchOperationContext.getReturningAttributes() == null || searchOperationContext.getReturningAttributes().isEmpty())) {
            next.addEntryFilter(this.SEARCH_FILTER);
            return next;
        }
        if (this.directoryService.isDenormalizeOpAttrsEnabled()) {
            next.addEntryFilter(this.DENORMALIZING_SEARCH_FILTER);
        }
        return next;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean filterOperationalAttributes(Entry entry) throws LdapException {
        HashSet hashSet = new HashSet();
        Iterator it = entry.getAttributes().iterator();
        while (it.hasNext()) {
            AttributeType attributeType = ((Attribute) it.next()).getAttributeType();
            if (attributeType.getUsage() != UsageEnum.USER_APPLICATIONS) {
                hashSet.add(attributeType);
            }
        }
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            entry.removeAttributes(new AttributeType[]{(AttributeType) it2.next()});
        }
        return true;
    }

    private boolean filterUserAttributes(LookupOperationContext lookupOperationContext, Entry entry) throws LdapException {
        HashSet hashSet = new HashSet();
        Iterator it = entry.getAttributes().iterator();
        while (it.hasNext()) {
            AttributeType attributeType = ((Attribute) it.next()).getAttributeType();
            if (attributeType.getUsage() == UsageEnum.USER_APPLICATIONS) {
                hashSet.add(attributeType.getOid());
            }
        }
        Iterator it2 = lookupOperationContext.getAttrsId().iterator();
        while (it2.hasNext()) {
            hashSet.remove((String) it2.next());
        }
        Iterator it3 = hashSet.iterator();
        while (it3.hasNext()) {
            entry.removeAttributes(new String[]{(String) it3.next()});
        }
        return true;
    }

    private void filter(LookupOperationContext lookupOperationContext, Entry entry) throws LdapException {
        Dn dn = lookupOperationContext.getDn();
        List attrsId = lookupOperationContext.getAttrsId();
        if (attrsId == null || attrsId.isEmpty()) {
            filterOperationalAttributes(entry);
            return;
        }
        if (dn.size() == 0) {
            HashSet hashSet = new HashSet();
            Iterator it = entry.getAttributes().iterator();
            while (it.hasNext()) {
                AttributeType attributeType = ((Attribute) it.next()).getAttributeType();
                if (attributeType.getUsage() != UsageEnum.USER_APPLICATIONS && !attrsId.contains(attributeType.getOid())) {
                    hashSet.add(attributeType);
                }
            }
            Iterator it2 = hashSet.iterator();
            while (it2.hasNext()) {
                entry.removeAttributes(new AttributeType[]{(AttributeType) it2.next()});
            }
        }
        denormalizeEntryOpAttrs(entry);
    }

    private void filterList(LookupOperationContext lookupOperationContext, Entry entry) throws LdapException {
        Dn dn = lookupOperationContext.getDn();
        List attrsId = lookupOperationContext.getAttrsId();
        if (attrsId == null || attrsId.isEmpty()) {
            filterOperationalAttributes(entry);
            return;
        }
        if (dn.size() == 0) {
            HashSet hashSet = new HashSet();
            Iterator it = entry.getAttributes().iterator();
            while (it.hasNext()) {
                AttributeType attributeType = ((Attribute) it.next()).getAttributeType();
                if (!attrsId.contains(attributeType.getOid())) {
                    hashSet.add(attributeType);
                }
            }
            Iterator it2 = hashSet.iterator();
            while (it2.hasNext()) {
                entry.removeAttributes(new AttributeType[]{(AttributeType) it2.next()});
            }
        }
        denormalizeEntryOpAttrs(entry);
    }

    private void denormalizeEntryOpAttrs(Entry entry) throws LdapException {
        if (this.directoryService.isDenormalizeOpAttrsEnabled()) {
            Attribute attribute = entry.get("creatorsName");
            if (attribute != null) {
                Dn create = this.directoryService.getDnFactory().create(attribute.getString());
                attribute.clear();
                attribute.add(new String[]{denormalizeTypes(create).getName()});
            }
            Attribute attribute2 = entry.get("modifiersName");
            if (attribute2 != null) {
                Dn create2 = this.directoryService.getDnFactory().create(attribute2.getString());
                attribute2.clear();
                attribute2.add(new String[]{denormalizeTypes(create2).getName()});
            }
            Attribute attribute3 = entry.get("schemaModifiersName");
            if (attribute3 != null) {
                Dn create3 = this.directoryService.getDnFactory().create(attribute3.getString());
                attribute3.clear();
                attribute3.add(new String[]{denormalizeTypes(create3).getName()});
            }
        }
    }

    private Dn denormalizeTypes(Dn dn) throws LdapException {
        Dn add;
        Dn dn2 = new Dn(this.schemaManager);
        int size = dn.size();
        for (int i = 0; i < size; i++) {
            Rdn rdn = dn.getRdn((size - 1) - i);
            if (rdn.size() == 0) {
                add = dn2.add(new Rdn());
            } else if (rdn.size() == 1) {
                add = dn2.add(new Rdn(this.schemaManager.lookupAttributeTypeRegistry(rdn.getNormType()).getName(), rdn.getNormValue().getString()));
            } else {
                StringBuffer stringBuffer = new StringBuffer();
                Iterator it = rdn.iterator();
                while (it.hasNext()) {
                    stringBuffer.append(this.schemaManager.lookupAttributeTypeRegistry(rdn.getNormType()).getName()).append('=').append(((Ava) it.next()).getNormValue());
                    if (it.hasNext()) {
                        stringBuffer.append('+');
                    }
                }
                add = dn2.add(new Rdn(stringBuffer.toString()));
            }
            dn2 = add;
        }
        return dn2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean filterDenormalized(Entry entry) throws Exception {
        denormalizeEntryOpAttrs(entry);
        return true;
    }
}
