package org.apache.directory.server.core.authz;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.naming.directory.SearchControls;
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.CoreSession;
import org.apache.directory.server.core.entry.ClonedServerEntry;
import org.apache.directory.server.core.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.partition.PartitionNexus;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.Modification;
import org.apache.directory.shared.ldap.entry.ModificationOperation;
import org.apache.directory.shared.ldap.entry.ServerEntry;
import org.apache.directory.shared.ldap.entry.StringValue;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.exception.LdapException;
import org.apache.directory.shared.ldap.filter.EqualityNode;
import org.apache.directory.shared.ldap.filter.OrNode;
import org.apache.directory.shared.ldap.message.AliasDerefMode;
import org.apache.directory.shared.ldap.name.DN;
import org.apache.directory.shared.ldap.schema.AttributeType;
import org.apache.directory.shared.ldap.schema.SchemaManager;
import org.apache.directory.shared.ldap.schema.normalizers.OidNormalizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/apacheds-all-1.5.7.jar:org/apache/directory/server/core/authz/GroupCache.class */
public class GroupCache {
    private final Map<String, Set<String>> groups = new HashMap();
    private final PartitionNexus nexus;
    private AttributeType memberAT;
    private AttributeType uniqueMemberAT;
    private Map<String, OidNormalizer> normalizerMap;
    private DN administratorsGroupDn;
    private static final Logger LOG = LoggerFactory.getLogger(GroupCache.class);
    private static final boolean IS_DEBUG = LOG.isDebugEnabled();
    private static final Set<DN> EMPTY_GROUPS = new HashSet();

    public GroupCache(CoreSession coreSession) throws Exception {
        SchemaManager schemaManager = coreSession.getDirectoryService().getSchemaManager();
        this.normalizerMap = schemaManager.getNormalizerMapping();
        this.nexus = coreSession.getDirectoryService().getPartitionNexus();
        this.memberAT = schemaManager.lookupAttributeTypeRegistry(SchemaConstants.MEMBER_AT_OID);
        this.uniqueMemberAT = schemaManager.lookupAttributeTypeRegistry(SchemaConstants.UNIQUE_MEMBER_AT_OID);
        this.administratorsGroupDn = parseNormalized(ServerDNConstants.ADMINISTRATORS_GROUP_DN);
        initialize(coreSession);
    }

    private DN parseNormalized(String str) throws LdapException {
        DN dn = new DN(str);
        dn.normalize(this.normalizerMap);
        return dn;
    }

    private void initialize(CoreSession coreSession) throws Exception {
        OrNode orNode = new OrNode();
        orNode.addNode(new EqualityNode(SchemaConstants.OBJECT_CLASS_AT, new StringValue(SchemaConstants.GROUP_OF_NAMES_OC)));
        orNode.addNode(new EqualityNode(SchemaConstants.OBJECT_CLASS_AT, new StringValue(SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC)));
        Iterator<String> it = this.nexus.listSuffixes(null).iterator();
        while (it.hasNext()) {
            DN normalize = new DN(it.next()).normalize(this.normalizerMap);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            SearchOperationContext searchOperationContext = new SearchOperationContext(coreSession, normalize, orNode, searchControls);
            searchOperationContext.setAliasDerefMode(AliasDerefMode.DEREF_ALWAYS);
            EntryFilteringCursor search = this.nexus.search(searchOperationContext);
            while (search.next()) {
                ClonedServerEntry clonedServerEntry = search.get();
                DN normalize2 = clonedServerEntry.getDn().normalize(this.normalizerMap);
                EntryAttribute memberAttribute = getMemberAttribute(clonedServerEntry);
                if (memberAttribute != null) {
                    HashSet hashSet = new HashSet(memberAttribute.size());
                    addMembers(hashSet, memberAttribute);
                    this.groups.put(normalize2.getNormName(), hashSet);
                } else {
                    LOG.warn("Found group '{}' without any member or uniqueMember attributes", normalize2.getName());
                }
            }
            search.close();
        }
        if (IS_DEBUG) {
            LOG.debug("group cache contents on startup:\n {}", this.groups);
        }
    }

    private EntryAttribute getMemberAttribute(ServerEntry serverEntry) throws LdapException {
        EntryAttribute entryAttribute = serverEntry.get(SchemaConstants.OBJECT_CLASS_AT);
        if (entryAttribute == null) {
            EntryAttribute entryAttribute2 = serverEntry.get(this.memberAT);
            if (entryAttribute2 != null) {
                return entryAttribute2;
            }
            EntryAttribute entryAttribute3 = serverEntry.get(this.uniqueMemberAT);
            if (entryAttribute3 != null) {
                return entryAttribute3;
            }
            return null;
        }
        if (entryAttribute.contains(SchemaConstants.GROUP_OF_NAMES_OC) || entryAttribute.contains(SchemaConstants.GROUP_OF_NAMES_OC_OID)) {
            return serverEntry.get(this.memberAT);
        }
        if (entryAttribute.contains(SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC) || entryAttribute.contains(SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC_OID)) {
            return serverEntry.get(this.uniqueMemberAT);
        }
        return null;
    }

    private void addMembers(Set<String> set, EntryAttribute entryAttribute) throws LdapException {
        Iterator<Value<?>> it = entryAttribute.iterator();
        while (it.hasNext()) {
            String string = it.next().getString();
            try {
                string = parseNormalized(string).getNormName();
            } catch (LdapException e) {
                LOG.warn("Malformed member DN in groupOf[Unique]Names entry.  Member not added to GroupCache.", (Throwable) e);
            }
            set.add(string);
        }
    }

    private void removeMembers(Set<String> set, EntryAttribute entryAttribute) throws LdapException {
        Iterator<Value<?>> it = entryAttribute.iterator();
        while (it.hasNext()) {
            String string = it.next().getString();
            try {
                string = parseNormalized(string).getNormName();
            } catch (LdapException e) {
                LOG.warn("Malformed member DN in groupOf[Unique]Names entry.  Member not removed from GroupCache.", (Throwable) e);
            }
            set.remove(string);
        }
    }

    public void groupAdded(DN dn, ServerEntry serverEntry) throws LdapException {
        EntryAttribute memberAttribute = getMemberAttribute(serverEntry);
        if (memberAttribute == null) {
            return;
        }
        HashSet hashSet = new HashSet(memberAttribute.size());
        addMembers(hashSet, memberAttribute);
        this.groups.put(dn.getNormName(), hashSet);
        if (IS_DEBUG) {
            LOG.debug("group cache contents after adding '{}' :\n {}", dn.getName(), this.groups);
        }
    }

    public void groupDeleted(DN dn, ServerEntry serverEntry) throws LdapException {
        if (getMemberAttribute(serverEntry) == null) {
            return;
        }
        this.groups.remove(dn.getNormName());
        if (IS_DEBUG) {
            LOG.debug("group cache contents after deleting '{}' :\n {}", dn.getName(), this.groups);
        }
    }

    private void modify(Set<String> set, ModificationOperation modificationOperation, EntryAttribute entryAttribute) throws LdapException {
        switch (modificationOperation) {
            case ADD_ATTRIBUTE:
                addMembers(set, entryAttribute);
                return;
            case REPLACE_ATTRIBUTE:
                if (entryAttribute.size() > 0) {
                    set.clear();
                    addMembers(set, entryAttribute);
                    return;
                }
                return;
            case REMOVE_ATTRIBUTE:
                removeMembers(set, entryAttribute);
                return;
            default:
                throw new InternalError(I18n.err(I18n.ERR_235, modificationOperation));
        }
    }

    public void groupModified(DN dn, List<Modification> list, ServerEntry serverEntry, SchemaManager schemaManager) throws LdapException {
        EntryAttribute entryAttribute = null;
        String str = null;
        EntryAttribute entryAttribute2 = serverEntry.get(SchemaConstants.OBJECT_CLASS_AT);
        if (entryAttribute2.contains(SchemaConstants.GROUP_OF_NAMES_OC)) {
            entryAttribute = serverEntry.get(this.memberAT);
            str = SchemaConstants.MEMBER_AT;
        }
        if (entryAttribute2.contains(SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC)) {
            entryAttribute = serverEntry.get(this.uniqueMemberAT);
            str = SchemaConstants.UNIQUE_MEMBER_AT;
        }
        if (entryAttribute == null) {
            return;
        }
        Iterator<Modification> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Modification next = it.next();
            if (str.equalsIgnoreCase(next.getAttribute().getId())) {
                Set<String> set = this.groups.get(dn.getNormName());
                if (set != null) {
                    modify(set, next.getOperation(), next.getAttribute());
                }
            }
        }
        if (IS_DEBUG) {
            LOG.debug("group cache contents after modifying '{}' :\n {}", dn.getName(), this.groups);
        }
    }

    public void groupModified(DN dn, ModificationOperation modificationOperation, ServerEntry serverEntry) throws LdapException {
        EntryAttribute memberAttribute = getMemberAttribute(serverEntry);
        if (memberAttribute == null) {
            return;
        }
        Set<String> set = this.groups.get(dn.getNormName());
        if (set != null) {
            modify(set, modificationOperation, memberAttribute);
        }
        if (IS_DEBUG) {
            LOG.debug("group cache contents after modifying '{}' :\n {}", dn.getName(), this.groups);
        }
    }

    public final boolean isPrincipalAnAdministrator(DN dn) {
        if (dn.getNormName().equals(ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED)) {
            return true;
        }
        Set<String> set = this.groups.get(this.administratorsGroupDn.getNormName());
        if (set != null) {
            return set.contains(dn.getNormName());
        }
        LOG.warn("What do you mean there is no administrators group? This is bad news.");
        return false;
    }

    public Set<DN> getGroups(String str) throws LdapException {
        try {
            DN parseNormalized = parseNormalized(str);
            HashSet hashSet = null;
            for (String str2 : this.groups.keySet()) {
                Set<String> set = this.groups.get(str2);
                if (set != null && set.contains(parseNormalized.getNormName())) {
                    if (hashSet == null) {
                        hashSet = new HashSet();
                    }
                    hashSet.add(parseNormalized(str2));
                }
            }
            return hashSet == null ? EMPTY_GROUPS : hashSet;
        } catch (LdapException e) {
            LOG.warn("Malformed member DN.  Could not find groups for member '{}' in GroupCache. Returning empty set for groups!", str, e);
            return EMPTY_GROUPS;
        }
    }

    public boolean groupRenamed(DN dn, DN dn2) {
        Set<String> remove = this.groups.remove(dn.getNormName());
        if (remove == null) {
            return false;
        }
        this.groups.put(dn2.getNormName(), remove);
        if (!IS_DEBUG) {
            return true;
        }
        LOG.debug("group cache contents after renaming '{}' :\n{}", dn.getName(), this.groups);
        return true;
    }
}
