package org.apache.directory.server.core.authz.support;

import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import org.apache.directory.server.core.interceptor.context.OperationContext;
import org.apache.directory.server.core.subtree.SubtreeEvaluator;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.UserClass;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.entry.ServerEntry;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.exception.LdapException;
import org.apache.directory.shared.ldap.name.DN;
import org.apache.directory.shared.ldap.schema.SchemaManager;
import org.apache.directory.shared.ldap.subtree.SubtreeSpecification;

/* loaded from: input_file:WEB-INF/lib/apacheds-all-1.5.7.jar:org/apache/directory/server/core/authz/support/RelatedUserClassFilter.class */
public class RelatedUserClassFilter implements ACITupleFilter {
    private static final DN ROOTDSE_NAME = DN.EMPTY_DN;
    private final SubtreeEvaluator subtreeEvaluator;

    public RelatedUserClassFilter(SubtreeEvaluator subtreeEvaluator) {
        this.subtreeEvaluator = subtreeEvaluator;
    }

    @Override // org.apache.directory.server.core.authz.support.ACITupleFilter
    public Collection<ACITuple> filter(SchemaManager schemaManager, Collection<ACITuple> collection, OperationScope operationScope, OperationContext operationContext, Collection<DN> collection2, DN dn, ServerEntry serverEntry, AuthenticationLevel authenticationLevel, DN dn2, String str, Value<?> value, ServerEntry serverEntry2, Collection<MicroOperation> collection3, ServerEntry serverEntry3) throws LdapException {
        if (collection.size() == 0) {
            return collection;
        }
        Iterator<ACITuple> it = collection.iterator();
        while (it.hasNext()) {
            ACITuple next = it.next();
            if (next.isGrant()) {
                if (!isRelated(collection2, dn, serverEntry, dn2, next.getUserClasses()) || authenticationLevel.compareTo(next.getAuthenticationLevel()) < 0) {
                    it.remove();
                }
            } else if (!isRelated(collection2, dn, serverEntry, dn2, next.getUserClasses()) && authenticationLevel.compareTo(next.getAuthenticationLevel()) >= 0) {
                it.remove();
            }
        }
        return collection;
    }

    private boolean isRelated(Collection<DN> collection, DN dn, ServerEntry serverEntry, DN dn2, Collection<UserClass> collection2) throws LdapException {
        for (UserClass userClass : collection2) {
            if (userClass == UserClass.ALL_USERS) {
                return true;
            }
            if (userClass == UserClass.THIS_ENTRY) {
                if (dn.equals(dn2)) {
                    return true;
                }
            } else if (userClass == UserClass.PARENT_OF_ENTRY) {
                if (dn2.isChildOf(dn)) {
                    return true;
                }
            } else if (userClass instanceof UserClass.Name) {
                if (((UserClass.Name) userClass).getNames().contains(dn)) {
                    return true;
                }
            } else if (userClass instanceof UserClass.UserGroup) {
                UserClass.UserGroup userGroup = (UserClass.UserGroup) userClass;
                for (DN dn3 : collection) {
                    Set names = userGroup.getNames();
                    if (dn3 != null) {
                        Iterator it = names.iterator();
                        while (it.hasNext()) {
                            if (dn3.getNormName().equals(((DN) it.next()).getNormName())) {
                                return true;
                            }
                        }
                    }
                }
            } else {
                if (!(userClass instanceof UserClass.Subtree)) {
                    throw new InternalError(I18n.err(I18n.ERR_233, userClass.getClass().getName()));
                }
                if (matchUserClassSubtree(dn, serverEntry, (UserClass.Subtree) userClass)) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean matchUserClassSubtree(DN dn, ServerEntry serverEntry, UserClass.Subtree subtree) throws LdapException {
        Iterator<SubtreeSpecification> it = subtree.getSubtreeSpecifications().iterator();
        while (it.hasNext()) {
            if (this.subtreeEvaluator.evaluate(it.next(), ROOTDSE_NAME, dn, serverEntry)) {
                return true;
            }
        }
        return false;
    }
}
