package org.apache.directory.server.core.authz;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.CoreSession;
import org.apache.directory.server.core.entry.ClonedServerEntry;
import org.apache.directory.server.core.entry.ServerAttribute;
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.partition.PartitionNexus;
import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
import org.apache.directory.server.schema.registries.Registries;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.Modification;
import org.apache.directory.shared.ldap.entry.ModificationOperation;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.entry.client.ClientStringValue;
import org.apache.directory.shared.ldap.filter.EqualityNode;
import org.apache.directory.shared.ldap.filter.OrNode;
import org.apache.directory.shared.ldap.message.AliasDerefMode;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.schema.AttributeType;
import org.apache.directory.shared.ldap.schema.normalizers.OidNormalizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/apacheds-all-1.5.5.jar:org/apache/directory/server/core/authz/GroupCache.class */
public class GroupCache {
    private final Map<String, Set<String>> groups = new HashMap();
    private final PartitionNexus nexus;
    private AttributeType memberAT;
    private AttributeType uniqueMemberAT;
    private Map<String, OidNormalizer> normalizerMap;
    private LdapDN administratorsGroupDn;
    private static final Logger LOG = LoggerFactory.getLogger(GroupCache.class);
    private static final boolean IS_DEBUG = LOG.isDebugEnabled();
    private static final Set<LdapDN> EMPTY_GROUPS = new HashSet();

    public GroupCache(CoreSession coreSession) throws Exception {
        this.normalizerMap = coreSession.getDirectoryService().getRegistries().getAttributeTypeRegistry().getNormalizerMapping();
        this.nexus = coreSession.getDirectoryService().getPartitionNexus();
        AttributeTypeRegistry attributeTypeRegistry = coreSession.getDirectoryService().getRegistries().getAttributeTypeRegistry();
        this.memberAT = attributeTypeRegistry.lookup(SchemaConstants.MEMBER_AT_OID);
        this.uniqueMemberAT = attributeTypeRegistry.lookup(SchemaConstants.UNIQUE_MEMBER_AT_OID);
        this.administratorsGroupDn = parseNormalized(ServerDNConstants.ADMINISTRATORS_GROUP_DN);
        initialize(coreSession);
    }

    private LdapDN parseNormalized(String str) throws NamingException {
        LdapDN ldapDN = new LdapDN(str);
        ldapDN.normalize(this.normalizerMap);
        return ldapDN;
    }

    private void initialize(CoreSession coreSession) throws Exception {
        OrNode orNode = new OrNode();
        orNode.addNode(new EqualityNode(SchemaConstants.OBJECT_CLASS_AT, new ClientStringValue(SchemaConstants.GROUP_OF_NAMES_OC)));
        orNode.addNode(new EqualityNode(SchemaConstants.OBJECT_CLASS_AT, new ClientStringValue(SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC)));
        Iterator<String> it = this.nexus.listSuffixes(null).iterator();
        while (it.hasNext()) {
            LdapDN ldapDN = new LdapDN(it.next());
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            EntryFilteringCursor search = this.nexus.search(new SearchOperationContext(coreSession, ldapDN, AliasDerefMode.DEREF_ALWAYS, orNode, searchControls));
            while (search.next()) {
                ClonedServerEntry clonedServerEntry = search.get();
                LdapDN normalize = clonedServerEntry.getDn().normalize(this.normalizerMap);
                EntryAttribute memberAttribute = getMemberAttribute(clonedServerEntry);
                if (memberAttribute != null) {
                    HashSet hashSet = new HashSet(memberAttribute.size());
                    addMembers(hashSet, memberAttribute);
                    this.groups.put(normalize.getNormName(), hashSet);
                } else {
                    LOG.warn("Found group '{}' without any member or uniqueMember attributes", normalize.getUpName());
                }
            }
            search.close();
        }
        if (IS_DEBUG) {
            LOG.debug("group cache contents on startup:\n {}", this.groups);
        }
    }

    private EntryAttribute getMemberAttribute(ServerEntry serverEntry) throws NamingException {
        EntryAttribute entryAttribute = serverEntry.get(SchemaConstants.OBJECT_CLASS_AT);
        if (entryAttribute == null) {
            EntryAttribute entryAttribute2 = serverEntry.get(this.memberAT);
            if (entryAttribute2 != null) {
                return entryAttribute2;
            }
            EntryAttribute entryAttribute3 = serverEntry.get(this.uniqueMemberAT);
            if (entryAttribute3 != null) {
                return entryAttribute3;
            }
            return null;
        }
        if (entryAttribute.contains(SchemaConstants.GROUP_OF_NAMES_OC) || entryAttribute.contains(SchemaConstants.GROUP_OF_NAMES_OC_OID)) {
            return serverEntry.get(this.memberAT);
        }
        if (entryAttribute.contains(SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC) || entryAttribute.contains(SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC_OID)) {
            return serverEntry.get(this.uniqueMemberAT);
        }
        return null;
    }

    private void addMembers(Set<String> set, EntryAttribute entryAttribute) throws NamingException {
        Iterator<Value<?>> it = entryAttribute.iterator();
        while (it.hasNext()) {
            String string = it.next().getString();
            try {
                string = parseNormalized(string).toString();
            } catch (NamingException e) {
                LOG.warn("Malformed member DN in groupOf[Unique]Names entry.  Member not added to GroupCache.", e);
            }
            set.add(string);
        }
    }

    private void removeMembers(Set<String> set, EntryAttribute entryAttribute) throws NamingException {
        Iterator<Value<?>> it = entryAttribute.iterator();
        while (it.hasNext()) {
            String string = it.next().getString();
            try {
                string = parseNormalized(string).toString();
            } catch (NamingException e) {
                LOG.warn("Malformed member DN in groupOf[Unique]Names entry.  Member not removed from GroupCache.", e);
            }
            set.remove(string);
        }
    }

    public void groupAdded(LdapDN ldapDN, ServerEntry serverEntry) throws NamingException {
        EntryAttribute memberAttribute = getMemberAttribute(serverEntry);
        if (memberAttribute == null) {
            return;
        }
        HashSet hashSet = new HashSet(memberAttribute.size());
        addMembers(hashSet, memberAttribute);
        this.groups.put(ldapDN.getNormName(), hashSet);
        if (IS_DEBUG) {
            LOG.debug("group cache contents after adding '{}' :\n {}", ldapDN.getUpName(), this.groups);
        }
    }

    public void groupDeleted(LdapDN ldapDN, ServerEntry serverEntry) throws NamingException {
        if (getMemberAttribute(serverEntry) == null) {
            return;
        }
        this.groups.remove(ldapDN.getNormName());
        if (IS_DEBUG) {
            LOG.debug("group cache contents after deleting '{}' :\n {}", ldapDN.getUpName(), this.groups);
        }
    }

    private void modify(Set<String> set, ModificationOperation modificationOperation, EntryAttribute entryAttribute) throws NamingException {
        switch (modificationOperation) {
            case ADD_ATTRIBUTE:
                addMembers(set, entryAttribute);
                return;
            case REPLACE_ATTRIBUTE:
                if (entryAttribute.size() > 0) {
                    set.clear();
                    addMembers(set, entryAttribute);
                    return;
                }
                return;
            case REMOVE_ATTRIBUTE:
                removeMembers(set, entryAttribute);
                return;
            default:
                throw new InternalError("Undefined modify operation value of " + modificationOperation);
        }
    }

    public void groupModified(LdapDN ldapDN, List<Modification> list, ServerEntry serverEntry, Registries registries) throws NamingException {
        EntryAttribute entryAttribute = null;
        String str = null;
        EntryAttribute entryAttribute2 = serverEntry.get(SchemaConstants.OBJECT_CLASS_AT);
        if (entryAttribute2.contains(SchemaConstants.GROUP_OF_NAMES_OC)) {
            entryAttribute = serverEntry.get(this.memberAT);
            str = "member";
        }
        if (entryAttribute2.contains(SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC)) {
            entryAttribute = serverEntry.get(this.uniqueMemberAT);
            str = SchemaConstants.UNIQUE_MEMBER_AT;
        }
        if (entryAttribute == null) {
            return;
        }
        Iterator<Modification> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Modification next = it.next();
            if (str.equalsIgnoreCase(next.getAttribute().getId())) {
                Set<String> set = this.groups.get(ldapDN.getNormName());
                if (set != null) {
                    modify(set, next.getOperation(), (ServerAttribute) next.getAttribute());
                }
            }
        }
        if (IS_DEBUG) {
            LOG.debug("group cache contents after modifying '{}' :\n {}", ldapDN.getUpName(), this.groups);
        }
    }

    public void groupModified(LdapDN ldapDN, ModificationOperation modificationOperation, ServerEntry serverEntry) throws NamingException {
        EntryAttribute memberAttribute = getMemberAttribute(serverEntry);
        if (memberAttribute == null) {
            return;
        }
        Set<String> set = this.groups.get(ldapDN.getNormName());
        if (set != null) {
            modify(set, modificationOperation, memberAttribute);
        }
        if (IS_DEBUG) {
            LOG.debug("group cache contents after modifying '{}' :\n {}", ldapDN.getUpName(), this.groups);
        }
    }

    public final boolean isPrincipalAnAdministrator(LdapDN ldapDN) {
        if (ldapDN.getNormName().equals(ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED)) {
            return true;
        }
        Set<String> set = this.groups.get(this.administratorsGroupDn.getNormName());
        if (set != null) {
            return set.contains(ldapDN.toNormName());
        }
        LOG.warn("What do you mean there is no administrators group? This is bad news.");
        return false;
    }

    public Set<LdapDN> getGroups(String str) throws NamingException {
        try {
            LdapDN parseNormalized = parseNormalized(str);
            HashSet hashSet = null;
            for (String str2 : this.groups.keySet()) {
                Set<String> set = this.groups.get(str2);
                if (set != null && set.contains(parseNormalized.getNormName())) {
                    if (hashSet == null) {
                        hashSet = new HashSet();
                    }
                    hashSet.add(parseNormalized(str2));
                }
            }
            return hashSet == null ? EMPTY_GROUPS : hashSet;
        } catch (NamingException e) {
            LOG.warn("Malformed member DN.  Could not find groups for member '{}' in GroupCache. Returning empty set for groups!", str, e);
            return EMPTY_GROUPS;
        }
    }

    public boolean groupRenamed(LdapDN ldapDN, LdapDN ldapDN2) {
        Set<String> remove = this.groups.remove(ldapDN.getNormName());
        if (remove == null) {
            return false;
        }
        this.groups.put(ldapDN2.getNormName(), remove);
        if (!IS_DEBUG) {
            return true;
        }
        LOG.debug("group cache contents after renaming '{}' :\n{}", ldapDN.getUpName(), this.groups);
        return true;
    }
}
