package org.apache.directory.server.core.authz.support;

import java.util.Collection;
import java.util.Iterator;
import org.apache.directory.api.ldap.aci.ACITuple;
import org.apache.directory.api.ldap.aci.ProtectedItem;
import org.apache.directory.api.ldap.aci.protectedItem.AllAttributeValuesItem;
import org.apache.directory.api.ldap.aci.protectedItem.AttributeTypeItem;
import org.apache.directory.api.ldap.aci.protectedItem.AttributeValueItem;
import org.apache.directory.api.ldap.aci.protectedItem.ClassesItem;
import org.apache.directory.api.ldap.aci.protectedItem.MaxImmSubItem;
import org.apache.directory.api.ldap.aci.protectedItem.MaxValueCountElem;
import org.apache.directory.api.ldap.aci.protectedItem.MaxValueCountItem;
import org.apache.directory.api.ldap.aci.protectedItem.RangeOfValuesItem;
import org.apache.directory.api.ldap.aci.protectedItem.RestrictedByElem;
import org.apache.directory.api.ldap.aci.protectedItem.RestrictedByItem;
import org.apache.directory.api.ldap.aci.protectedItem.SelfValueItem;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.schema.AttributeType;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.apache.directory.server.core.api.event.Evaluator;
import org.apache.directory.server.core.api.subtree.RefinementEvaluator;
import org.apache.directory.server.i18n.I18n;

/* loaded from: input_file:WEB-INF/lib/apacheds-all-2.0.0-M24.jar:org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.class */
public class RelatedProtectedItemFilter implements ACITupleFilter {
    private final RefinementEvaluator refinementEvaluator;
    private final Evaluator entryEvaluator;
    private final SchemaManager schemaManager;

    public RelatedProtectedItemFilter(RefinementEvaluator refinementEvaluator, Evaluator evaluator, SchemaManager schemaManager) {
        this.refinementEvaluator = refinementEvaluator;
        this.entryEvaluator = evaluator;
        this.schemaManager = schemaManager;
    }

    @Override // org.apache.directory.server.core.authz.support.ACITupleFilter
    public Collection<ACITuple> filter(AciContext aciContext, OperationScope operationScope, Entry entry) throws LdapException {
        if (aciContext.getAciTuples().size() == 0) {
            return aciContext.getAciTuples();
        }
        Iterator<ACITuple> it = aciContext.getAciTuples().iterator();
        while (it.hasNext()) {
            if (!isRelated(it.next(), operationScope, aciContext.getUserDn(), aciContext.getEntryDn(), aciContext.getAttributeType(), aciContext.getAttrValue(), aciContext.getEntry())) {
                it.remove();
            }
        }
        return aciContext.getAciTuples();
    }

    private boolean isRelated(ACITuple aCITuple, OperationScope operationScope, Dn dn, Dn dn2, AttributeType attributeType, Value<?> value, Entry entry) throws LdapException, InternalError {
        String oid;
        Attribute attribute;
        String oid2 = attributeType != null ? attributeType.getOid() : null;
        for (ProtectedItem protectedItem : aCITuple.getProtectedItems()) {
            if (protectedItem == ProtectedItem.ENTRY) {
                if (operationScope == OperationScope.ENTRY) {
                    return true;
                }
            } else if (protectedItem == ProtectedItem.ALL_USER_ATTRIBUTE_TYPES) {
                if (operationScope == OperationScope.ATTRIBUTE_TYPE || operationScope == OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    return true;
                }
            } else if (protectedItem == ProtectedItem.ALL_USER_ATTRIBUTE_TYPES_AND_VALUES) {
                if (operationScope == OperationScope.ATTRIBUTE_TYPE || operationScope == OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    return true;
                }
            } else if (protectedItem instanceof AllAttributeValuesItem) {
                if (operationScope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    continue;
                } else {
                    Iterator<AttributeType> it = ((AllAttributeValuesItem) protectedItem).iterator();
                    while (it.hasNext()) {
                        if (oid2.equals(it.next().getOid())) {
                            return true;
                        }
                    }
                }
            } else if (protectedItem instanceof AttributeTypeItem) {
                if (operationScope != OperationScope.ATTRIBUTE_TYPE) {
                    continue;
                } else {
                    Iterator<AttributeType> it2 = ((AttributeTypeItem) protectedItem).iterator();
                    while (it2.hasNext()) {
                        if (oid2.equals(it2.next().getOid())) {
                            return true;
                        }
                    }
                }
            } else if (protectedItem instanceof AttributeValueItem) {
                if (operationScope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    continue;
                } else {
                    Iterator<Attribute> it3 = ((AttributeValueItem) protectedItem).iterator();
                    while (it3.hasNext()) {
                        Attribute next = it3.next();
                        if (next.getAttributeType() != null) {
                            oid = next.getAttributeType().getOid();
                        } else {
                            AttributeType lookupAttributeTypeRegistry = this.schemaManager.lookupAttributeTypeRegistry(next.getId());
                            oid = lookupAttributeTypeRegistry.getOid();
                            next.apply(lookupAttributeTypeRegistry);
                        }
                        if (oid2.equals(oid) && next.contains(value)) {
                            return true;
                        }
                    }
                }
            } else if (protectedItem instanceof ClassesItem) {
                if (this.refinementEvaluator.evaluate(((ClassesItem) protectedItem).getClasses(), entry.get(SchemaConstants.OBJECT_CLASS_AT))) {
                    return true;
                }
            } else {
                if (protectedItem instanceof MaxImmSubItem) {
                    return true;
                }
                if (protectedItem instanceof MaxValueCountItem) {
                    if (operationScope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                        continue;
                    } else {
                        Iterator<MaxValueCountElem> it4 = ((MaxValueCountItem) protectedItem).iterator();
                        while (it4.hasNext()) {
                            if (oid2.equals(it4.next().getAttributeType().getOid())) {
                                return true;
                            }
                        }
                    }
                } else if (protectedItem instanceof RangeOfValuesItem) {
                    if (this.entryEvaluator.evaluate(((RangeOfValuesItem) protectedItem).getRefinement(), dn2, entry)) {
                        return true;
                    }
                } else if (!(protectedItem instanceof RestrictedByItem)) {
                    if (!(protectedItem instanceof SelfValueItem)) {
                        throw new InternalError(I18n.err(I18n.ERR_232, protectedItem.getClass().getName()));
                    }
                    if (operationScope == OperationScope.ATTRIBUTE_TYPE_AND_VALUE || operationScope == OperationScope.ATTRIBUTE_TYPE) {
                        Iterator<AttributeType> it5 = ((SelfValueItem) protectedItem).iterator();
                        while (it5.hasNext()) {
                            if (oid2.equals(it5.next().getOid()) && (attribute = entry.get(oid2)) != null && (attribute.contains(dn.getNormName()) || attribute.contains(dn.getName()))) {
                                return true;
                            }
                        }
                    }
                } else if (operationScope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    continue;
                } else {
                    Iterator<RestrictedByElem> it6 = ((RestrictedByItem) protectedItem).iterator();
                    while (it6.hasNext()) {
                        if (oid2.equals(it6.next().getAttributeType().getOid())) {
                            return true;
                        }
                    }
                }
            }
        }
        return false;
    }
}
