package org.apache.directory.server.core.authz;

import java.io.Serializable;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.naming.directory.SearchControls;
import net.sf.ehcache.Cache;
import net.sf.ehcache.Element;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Modification;
import org.apache.directory.api.ldap.model.entry.ModificationOperation;
import org.apache.directory.api.ldap.model.entry.StringValue;
import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapOperationException;
import org.apache.directory.api.ldap.model.filter.EqualityNode;
import org.apache.directory.api.ldap.model.filter.OrNode;
import org.apache.directory.api.ldap.model.message.AliasDerefMode;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.schema.AttributeType;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.DnFactory;
import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.api.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.api.partition.PartitionNexus;
import org.apache.directory.server.i18n.I18n;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/core/authz/GroupCache.class */
public class GroupCache {
    private final PartitionNexus nexus;
    private AttributeType OBJECT_CLASS_AT;
    private AttributeType MEMBER_AT;
    private AttributeType UNIQUE_MEMBER_AT;
    private SchemaManager schemaManager;
    private DnFactory dnFactory;
    private Dn administratorsGroupDn = parseNormalized(ServerDNConstants.ADMINISTRATORS_GROUP_DN);
    private Cache ehCache;
    private static final Logger LOG = LoggerFactory.getLogger(GroupCache.class);
    private static final boolean IS_DEBUG = LOG.isDebugEnabled();
    private static final Set<Dn> EMPTY_GROUPS = new HashSet();

    public GroupCache(DirectoryService directoryService) throws LdapException {
        this.schemaManager = directoryService.getSchemaManager();
        this.dnFactory = directoryService.getDnFactory();
        this.nexus = directoryService.getPartitionNexus();
        this.OBJECT_CLASS_AT = this.schemaManager.getAttributeType(SchemaConstants.OBJECT_CLASS_AT);
        this.MEMBER_AT = this.schemaManager.getAttributeType(SchemaConstants.MEMBER_AT);
        this.UNIQUE_MEMBER_AT = this.schemaManager.getAttributeType(SchemaConstants.UNIQUE_MEMBER_AT);
        this.ehCache = directoryService.getCacheService().getCache("groupCache");
        initialize(directoryService.getAdminSession());
    }

    private Dn parseNormalized(String str) throws LdapException {
        return this.dnFactory.create(str);
    }

    private void initialize(CoreSession coreSession) throws LdapException {
        for (String str : this.nexus.listSuffixes()) {
            OrNode orNode = new OrNode();
            orNode.addNode(new EqualityNode(this.OBJECT_CLASS_AT, new StringValue(SchemaConstants.GROUP_OF_NAMES_OC)));
            orNode.addNode(new EqualityNode(this.OBJECT_CLASS_AT, new StringValue(SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC)));
            Dn create = this.dnFactory.create(str);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[]{"*", "+"});
            SearchOperationContext searchOperationContext = new SearchOperationContext(coreSession, create, orNode, searchControls);
            searchOperationContext.setAliasDerefMode(AliasDerefMode.DEREF_ALWAYS);
            EntryFilteringCursor search = this.nexus.search(searchOperationContext);
            while (search.next()) {
                try {
                    Entry entry = search.get();
                    Dn apply = entry.getDn().apply(this.schemaManager);
                    Attribute memberAttribute = getMemberAttribute(entry);
                    if (memberAttribute != null) {
                        HashSet hashSet = new HashSet(memberAttribute.size());
                        addMembers(hashSet, memberAttribute);
                        this.ehCache.put(new Element((Object) apply.getNormName(), (Object) hashSet));
                    } else {
                        LOG.warn("Found group '{}' without any member or uniqueMember attributes", apply.getName());
                    }
                } catch (Exception e) {
                    e.printStackTrace();
                    LdapOperationException ldapOperationException = new LdapOperationException(e.getMessage(), e);
                    ldapOperationException.initCause(e);
                    throw ldapOperationException;
                }
            }
            search.close();
        }
        if (IS_DEBUG) {
            LOG.debug("group cache contents on startup:\n {}", this.ehCache.getAllWithLoader(this.ehCache.getKeys(), null));
        }
    }

    private Attribute getMemberAttribute(Entry entry) throws LdapException {
        Attribute attribute = entry.get(this.MEMBER_AT);
        if (attribute != null) {
            return attribute;
        }
        Attribute attribute2 = entry.get(this.UNIQUE_MEMBER_AT);
        if (attribute2 != null) {
            return attribute2;
        }
        return null;
    }

    private void addMembers(Set<String> set, Attribute attribute) throws LdapException {
        Iterator<Value<?>> it = attribute.iterator();
        while (it.hasNext()) {
            String string = it.next().getString();
            try {
                string = parseNormalized(string).getNormName();
            } catch (LdapException e) {
                LOG.warn("Malformed member Dn in groupOf[Unique]Names entry.  Member not added to GroupCache.", (Throwable) e);
            }
            set.add(string);
        }
    }

    private void removeMembers(Set<String> set, Attribute attribute) throws LdapException {
        Iterator<Value<?>> it = attribute.iterator();
        while (it.hasNext()) {
            String string = it.next().getString();
            try {
                string = parseNormalized(string).getNormName();
            } catch (LdapException e) {
                LOG.warn("Malformed member Dn in groupOf[Unique]Names entry.  Member not removed from GroupCache.", (Throwable) e);
            }
            set.remove(string);
        }
    }

    public void groupAdded(Dn dn, Entry entry) throws LdapException {
        Attribute memberAttribute = getMemberAttribute(entry);
        if (memberAttribute == null) {
            return;
        }
        HashSet hashSet = new HashSet(memberAttribute.size());
        addMembers(hashSet, memberAttribute);
        this.ehCache.put(new Element((Object) dn.getNormName(), (Object) hashSet));
        if (IS_DEBUG) {
            LOG.debug("group cache contents after adding '{}' :\n {}", dn.getName(), this.ehCache.getAllWithLoader(this.ehCache.getKeys(), null));
        }
    }

    public void groupDeleted(Dn dn, Entry entry) throws LdapException {
        if (getMemberAttribute(entry) == null) {
            return;
        }
        this.ehCache.remove((Serializable) dn.getNormName());
        if (IS_DEBUG) {
            LOG.debug("group cache contents after deleting '{}' :\n {}", dn.getName(), this.ehCache.getAllWithLoader(this.ehCache.getKeys(), null));
        }
    }

    private void modify(Set<String> set, ModificationOperation modificationOperation, Attribute attribute) throws LdapException {
        switch (modificationOperation) {
            case ADD_ATTRIBUTE:
                addMembers(set, attribute);
                return;
            case REPLACE_ATTRIBUTE:
                if (attribute.size() > 0) {
                    set.clear();
                    addMembers(set, attribute);
                    return;
                }
                return;
            case REMOVE_ATTRIBUTE:
                removeMembers(set, attribute);
                return;
            default:
                throw new InternalError(I18n.err(I18n.ERR_235, modificationOperation));
        }
    }

    public void groupModified(Dn dn, List<Modification> list, Entry entry, SchemaManager schemaManager) throws LdapException {
        Attribute attribute = null;
        AttributeType attributeType = null;
        Attribute attribute2 = entry.get(this.OBJECT_CLASS_AT);
        if (attribute2.contains(SchemaConstants.GROUP_OF_NAMES_OC)) {
            attribute = entry.get(this.MEMBER_AT);
            attributeType = schemaManager.getAttributeType(SchemaConstants.MEMBER_AT);
        }
        if (attribute2.contains(SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC)) {
            attribute = entry.get(this.UNIQUE_MEMBER_AT);
            attributeType = schemaManager.getAttributeType(SchemaConstants.UNIQUE_MEMBER_AT);
        }
        if (attribute == null) {
            return;
        }
        Iterator<Modification> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Modification next = it.next();
            if (attributeType.getOid() == next.getAttribute().getId()) {
                Element element = this.ehCache.get((Serializable) dn.getNormName());
                if (element != null) {
                    modify((Set) element.getValue(), next.getOperation(), next.getAttribute());
                }
            }
        }
        if (IS_DEBUG) {
            LOG.debug("group cache contents after modifying '{}' :\n {}", dn.getName(), this.ehCache.getAllWithLoader(this.ehCache.getKeys(), null));
        }
    }

    public void groupModified(Dn dn, ModificationOperation modificationOperation, Entry entry) throws LdapException {
        Attribute memberAttribute = getMemberAttribute(entry);
        if (memberAttribute == null) {
            return;
        }
        Element element = this.ehCache.get((Serializable) dn.getNormName());
        if (element != null) {
            modify((Set) element.getValue(), modificationOperation, memberAttribute);
        }
        if (IS_DEBUG) {
            LOG.debug("group cache contents after modifying '{}' :\n {}", dn.getName(), this.ehCache.getAllWithLoader(this.ehCache.getKeys(), null));
        }
    }

    public final boolean isPrincipalAnAdministrator(Dn dn) {
        if (dn.getNormName().equals(ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED)) {
            return true;
        }
        Element element = this.ehCache.get((Serializable) this.administratorsGroupDn.getNormName());
        if (element != null) {
            return ((Set) element.getValue()).contains(dn.getNormName());
        }
        LOG.warn("What do you mean there is no administrators group? This is bad news.");
        return false;
    }

    public Set<Dn> getGroups(String str) throws LdapException {
        Set set;
        try {
            Dn parseNormalized = parseNormalized(str);
            HashSet hashSet = null;
            for (String str2 : this.ehCache.getKeys()) {
                Element element = this.ehCache.get((Serializable) str2);
                if (element != null && (set = (Set) element.getValue()) != null && set.contains(parseNormalized.getNormName())) {
                    if (hashSet == null) {
                        hashSet = new HashSet();
                    }
                    hashSet.add(parseNormalized(str2));
                }
            }
            return hashSet == null ? EMPTY_GROUPS : hashSet;
        } catch (LdapException e) {
            LOG.warn("Malformed member Dn.  Could not find groups for member '{}' in GroupCache. Returning empty set for groups!", str, e);
            return EMPTY_GROUPS;
        }
    }

    public boolean groupRenamed(Dn dn, Dn dn2) {
        Element element = this.ehCache.get((Serializable) dn.getNormName());
        if (element == null) {
            return false;
        }
        Set set = (Set) element.getValue();
        this.ehCache.remove((Serializable) dn.getNormName());
        this.ehCache.put(new Element(dn2.getNormName(), set));
        if (!IS_DEBUG) {
            return true;
        }
        LOG.debug("group cache contents after renaming '{}' :\n{}", dn.getName(), this.ehCache.getAllWithLoader(this.ehCache.getKeys(), null));
        return true;
    }
}
