package org.apache.directory.server.core.authz.support;

import java.util.ArrayList;
import java.util.Iterator;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.event.ExpressionEvaluator;
import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
import org.apache.directory.server.core.api.subtree.RefinementEvaluator;
import org.apache.directory.server.core.api.subtree.RefinementLeafEvaluator;
import org.apache.directory.server.core.api.subtree.SubtreeEvaluator;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.model.constants.SchemaConstants;
import org.apache.directory.shared.ldap.model.entry.Entry;
import org.apache.directory.shared.ldap.model.exception.LdapException;
import org.apache.directory.shared.ldap.model.exception.LdapNoPermissionException;
import org.apache.directory.shared.ldap.model.schema.SchemaManager;

/* loaded from: input_file:lib/apacheds-interceptors-authz-2.0.0-M5.jar:org/apache/directory/server/core/authz/support/ACDFEngine.class */
public class ACDFEngine {
    private final ACITupleFilter[] filters;

    public ACDFEngine(SchemaManager schemaManager) {
        this.filters = new ACITupleFilter[]{new RelatedUserClassFilter(new SubtreeEvaluator(schemaManager)), new RelatedProtectedItemFilter(new RefinementEvaluator(new RefinementLeafEvaluator(schemaManager)), new ExpressionEvaluator(schemaManager), schemaManager), new MaxValueCountFilter(), new MaxImmSubFilter(schemaManager), new RestrictedByFilter(), new MicroOperationFilter(), new HighestPrecedenceFilter(), new MostSpecificUserClassFilter(), new MostSpecificProtectedItemFilter()};
    }

    public void checkPermission(AciContext aciContext) throws LdapException {
        if (!hasPermission(aciContext)) {
            throw new LdapNoPermissionException();
        }
    }

    public boolean hasPermission(AciContext aciContext) throws LdapException {
        if (aciContext.getEntryDn() == null) {
            throw new IllegalArgumentException("entryName");
        }
        CoreSession session = aciContext.getOperationContext().getSession();
        Entry lookup = session.getDirectoryService().getPartitionNexus().lookup(new LookupOperationContext(session, aciContext.getUserDn(), SchemaConstants.ALL_ATTRIBUTES_ARRAY));
        OperationScope operationScope = aciContext.getAttributeType() == null ? OperationScope.ENTRY : aciContext.getAttrValue() == null ? OperationScope.ATTRIBUTE_TYPE : OperationScope.ATTRIBUTE_TYPE_AND_VALUE;
        aciContext.setAciTuples(new ArrayList(aciContext.getAciTuples()));
        for (ACITupleFilter aCITupleFilter : this.filters) {
            if (aciContext.getAciTuples().size() == 0) {
                return false;
            }
            aciContext.setAciTuples(aCITupleFilter.filter(aciContext, operationScope, lookup));
        }
        if (aciContext.getAciTuples().size() == 0) {
            return false;
        }
        Iterator<ACITuple> it = aciContext.getAciTuples().iterator();
        while (it.hasNext()) {
            if (!it.next().isGrant()) {
                return false;
            }
        }
        return true;
    }
}
