package org.apache.directory.server.core.collective;

import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.DefaultAttribute;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Modification;
import org.apache.directory.api.ldap.model.entry.ModificationOperation;
import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeTypeException;
import org.apache.directory.api.ldap.model.exception.LdapSchemaViolationException;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.schema.AttributeType;
import org.apache.directory.api.ldap.model.schema.SchemaUtils;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.InterceptorEnum;
import org.apache.directory.server.core.api.entry.ClonedServerEntry;
import org.apache.directory.server.core.api.filtering.EntryFilter;
import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext;
import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
import org.apache.directory.server.core.api.interceptor.context.ModifyOperationContext;
import org.apache.directory.server.core.api.interceptor.context.SearchOperationContext;
import org.apache.directory.server.i18n.I18n;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/core/collective/CollectiveAttributeInterceptor.class */
public class CollectiveAttributeInterceptor extends BaseInterceptor {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CollectiveAttributeInterceptor.class);
    private final EntryFilter searchFilter;

    /* loaded from: input_file:org/apache/directory/server/core/collective/CollectiveAttributeInterceptor$CollectiveAttributeFilter.class */
    private class CollectiveAttributeFilter implements EntryFilter {
        private CollectiveAttributeFilter() {
        }

        @Override // org.apache.directory.server.core.api.filtering.EntryFilter
        public boolean accept(SearchOperationContext searchOperationContext, Entry entry) throws LdapException {
            CollectiveAttributeInterceptor.this.addCollectiveAttributes(searchOperationContext, entry);
            return true;
        }

        @Override // org.apache.directory.server.core.api.filtering.EntryFilter
        public String toString(String str) {
            return str + "CollectiveAttributeFilter";
        }
    }

    public CollectiveAttributeInterceptor() {
        super(InterceptorEnum.COLLECTIVE_ATTRIBUTE_INTERCEPTOR);
        this.searchFilter = new CollectiveAttributeFilter();
    }

    @Override // org.apache.directory.server.core.api.interceptor.BaseInterceptor, org.apache.directory.server.core.api.interceptor.Interceptor
    public void init(DirectoryService directoryService) throws LdapException {
        super.init(directoryService);
        LOG.debug("CollectiveAttribute interceptor initialized");
    }

    @Override // org.apache.directory.server.core.api.interceptor.BaseInterceptor, org.apache.directory.server.core.api.interceptor.Interceptor
    public void add(AddOperationContext addOperationContext) throws LdapException {
        checkAdd(addOperationContext.getDn(), addOperationContext.getEntry());
        next(addOperationContext);
    }

    @Override // org.apache.directory.server.core.api.interceptor.BaseInterceptor, org.apache.directory.server.core.api.interceptor.Interceptor
    public Entry lookup(LookupOperationContext lookupOperationContext) throws LdapException {
        Entry next = next(lookupOperationContext);
        if (lookupOperationContext.isSyncreplLookup()) {
            return next;
        }
        addCollectiveAttributes(lookupOperationContext, next);
        return next;
    }

    @Override // org.apache.directory.server.core.api.interceptor.BaseInterceptor, org.apache.directory.server.core.api.interceptor.Interceptor
    public void modify(ModifyOperationContext modifyOperationContext) throws LdapException {
        checkModify(modifyOperationContext);
        next(modifyOperationContext);
    }

    @Override // org.apache.directory.server.core.api.interceptor.BaseInterceptor, org.apache.directory.server.core.api.interceptor.Interceptor
    public EntryFilteringCursor search(SearchOperationContext searchOperationContext) throws LdapException {
        EntryFilteringCursor next = next(searchOperationContext);
        if (!searchOperationContext.isSyncreplSearch()) {
            next.addEntryFilter(this.searchFilter);
        }
        return next;
    }

    private void checkAdd(Dn dn, Entry entry) throws LdapException {
        if (!entry.hasObjectClass(SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRY_OC)) {
            if (containsAnyCollectiveAttributes(entry)) {
                LOG.info("Cannot add the entry {} : it contains some CollectiveAttributes and is not a collective subentry", entry);
                throw new LdapSchemaViolationException(ResultCodeEnum.OBJECT_CLASS_VIOLATION, I18n.err(I18n.ERR_241_CANNOT_STORE_COLLECTIVE_ATT_IN_ENTRY, new Object[0]));
            }
        } else {
            Iterator<Attribute> it = entry.iterator();
            while (it.hasNext()) {
                if (it.next().getAttributeType().isCollective()) {
                    return;
                }
            }
            LOG.info("A CollectiveAttribute subentry *should* have at least one collectiveAttribute");
            throw new LdapSchemaViolationException(ResultCodeEnum.OBJECT_CLASS_VIOLATION, I18n.err(I18n.ERR_257_COLLECTIVE_SUBENTRY_WITHOUT_COLLECTIVE_AT, new Object[0]));
        }
    }

    private void checkModify(ModifyOperationContext modifyOperationContext) throws LdapException {
        List<Modification> modItems = modifyOperationContext.getModItems();
        Entry targetEntry = SchemaUtils.getTargetEntry(modItems, modifyOperationContext.getEntry());
        if (!targetEntry.contains(this.directoryService.getAtProvider().getObjectClass(), SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRY_OC) && hasCollectiveAttributes(modItems)) {
            LOG.info("Cannot modify the entry {} : it contains some CollectiveAttributes and is not a collective subentry", targetEntry);
            throw new LdapSchemaViolationException(ResultCodeEnum.OBJECT_CLASS_VIOLATION, I18n.err(I18n.ERR_242, new Object[0]));
        }
    }

    private boolean hasCollectiveAttributes(List<Modification> list) throws LdapException {
        for (Modification modification : list) {
            Attribute attribute = modification.getAttribute();
            AttributeType attributeType = attribute.getAttributeType();
            if (attributeType == null) {
                try {
                    attributeType = this.schemaManager.lookupAttributeTypeRegistry(attribute.getUpId());
                } catch (LdapException e) {
                    throw new LdapInvalidAttributeTypeException();
                }
            }
            ModificationOperation operation = modification.getOperation();
            if (attributeType.isCollective() && operation != ModificationOperation.REMOVE_ATTRIBUTE) {
                return true;
            }
        }
        return false;
    }

    private boolean containsAnyCollectiveAttributes(Entry entry) throws LdapException {
        Iterator<Attribute> it = entry.getAttributes().iterator();
        while (it.hasNext()) {
            if (it.next().getAttributeType().isCollective()) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void addCollectiveAttributes(FilteringOperationContext filteringOperationContext, Entry entry) throws LdapException {
        CoreSession session = filteringOperationContext.getSession();
        Attribute attribute = ((ClonedServerEntry) entry).getOriginalEntry().get(this.directoryService.getAtProvider().getCollectiveAttributeSubentries());
        if (attribute == null) {
            return;
        }
        LOG.debug("Filtering entry " + entry.getDn());
        Attribute attribute2 = ((ClonedServerEntry) entry).getOriginalEntry().get(this.directoryService.getAtProvider().getCollectiveExclusions());
        HashSet hashSet = new HashSet();
        if (attribute2 != null) {
            LOG.debug("The entry has some exclusions : {}", attribute2);
            if (attribute2.contains(SchemaConstants.EXCLUDE_ALL_COLLECTIVE_ATTRIBUTES_AT_OID) || attribute2.contains(SchemaConstants.EXCLUDE_ALL_COLLECTIVE_ATTRIBUTES_AT)) {
                LOG.debug("The entry excludes all the collectiveAttributes");
                return;
            }
            Iterator<Value> it = attribute2.iterator();
            while (it.hasNext()) {
                AttributeType lookupAttributeTypeRegistry = this.schemaManager.lookupAttributeTypeRegistry(it.next().getValue());
                hashSet.add(lookupAttributeTypeRegistry);
                LOG.debug("Adding {} in the list of excluded collectiveAttributes", lookupAttributeTypeRegistry.getName());
            }
        }
        Iterator<Value> it2 = attribute.iterator();
        while (it2.hasNext()) {
            Dn create = this.dnFactory.create(it2.next().getValue());
            LOG.debug("Applying subentries {}", create.getName());
            LookupOperationContext lookupOperationContext = new LookupOperationContext(session, create, SchemaConstants.ALL_ATTRIBUTES_ARRAY);
            lookupOperationContext.setPartition(filteringOperationContext.getPartition());
            lookupOperationContext.setTransaction(filteringOperationContext.getTransaction());
            Entry lookup = this.directoryService.getPartitionNexus().lookup(lookupOperationContext);
            Iterator<Attribute> it3 = lookup.getAttributes().iterator();
            while (it3.hasNext()) {
                AttributeType attributeType = it3.next().getAttributeType();
                if (attributeType.isCollective()) {
                    if (hashSet.contains(attributeType)) {
                        LOG.debug("The {} subentry attribute has been removed, it's in the exclusion list", attributeType.getName());
                    } else if (filteringOperationContext.isAllUserAttributes() || filteringOperationContext.contains(this.schemaManager, attributeType)) {
                        Attribute attribute3 = lookup.get(attributeType);
                        Attribute attribute4 = entry.get(attributeType);
                        if (attribute4 == null) {
                            attribute4 = new DefaultAttribute(attributeType);
                            entry.put(attribute4);
                        }
                        for (Value value : attribute3) {
                            LOG.debug("Adding the {} collective attribute into the entry", attribute3);
                            attribute4.add(value.getValue());
                        }
                    } else {
                        LOG.debug("The {} subentry attribute is not in the list of attributes to return", attributeType.getName());
                    }
                }
            }
        }
    }
}
