package org.apache.directory.server.core.subtree;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.naming.Name;
import javax.naming.directory.SearchControls;
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.DefaultCoreSession;
import org.apache.directory.server.core.DirectoryService;
import org.apache.directory.server.core.authn.LdapPrincipal;
import org.apache.directory.server.core.entry.ClonedServerEntry;
import org.apache.directory.server.core.entry.DefaultServerAttribute;
import org.apache.directory.server.core.entry.DefaultServerEntry;
import org.apache.directory.server.core.entry.ServerAttribute;
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.entry.ServerModification;
import org.apache.directory.server.core.filtering.EntryFilter;
import org.apache.directory.server.core.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.interceptor.BaseInterceptor;
import org.apache.directory.server.core.interceptor.NextInterceptor;
import org.apache.directory.server.core.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.interceptor.context.DeleteOperationContext;
import org.apache.directory.server.core.interceptor.context.ListOperationContext;
import org.apache.directory.server.core.interceptor.context.ModifyOperationContext;
import org.apache.directory.server.core.interceptor.context.MoveAndRenameOperationContext;
import org.apache.directory.server.core.interceptor.context.MoveOperationContext;
import org.apache.directory.server.core.interceptor.context.OperationContext;
import org.apache.directory.server.core.interceptor.context.RenameOperationContext;
import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.interceptor.context.SearchingOperationContext;
import org.apache.directory.server.core.partition.ByPassConstants;
import org.apache.directory.server.core.partition.PartitionNexus;
import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
import org.apache.directory.server.schema.registries.OidRegistry;
import org.apache.directory.server.schema.registries.Registries;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.Modification;
import org.apache.directory.shared.ldap.entry.ModificationOperation;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.entry.client.ClientStringValue;
import org.apache.directory.shared.ldap.exception.LdapInvalidAttributeValueException;
import org.apache.directory.shared.ldap.exception.LdapNoSuchAttributeException;
import org.apache.directory.shared.ldap.exception.LdapSchemaViolationException;
import org.apache.directory.shared.ldap.filter.EqualityNode;
import org.apache.directory.shared.ldap.filter.PresenceNode;
import org.apache.directory.shared.ldap.filter.SearchScope;
import org.apache.directory.shared.ldap.message.AliasDerefMode;
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.message.control.SubentriesControl;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.schema.AttributeType;
import org.apache.directory.shared.ldap.schema.NormalizerMappingResolver;
import org.apache.directory.shared.ldap.schema.normalizers.OidNormalizer;
import org.apache.directory.shared.ldap.subtree.SubtreeSpecification;
import org.apache.directory.shared.ldap.subtree.SubtreeSpecificationParser;
import org.apache.directory.shared.ldap.trigger.TriggerUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/apacheds-all-1.5.5.jar:org/apache/directory/server/core/subtree/SubentryInterceptor.class */
public class SubentryInterceptor extends BaseInterceptor {
    private static final String SUBENTRY_CONTROL = "1.3.6.1.4.1.4203.1.10.1";
    public static final String AC_AREA = "accessControlSpecificArea";
    public static final String AC_INNERAREA = "accessControlInnerArea";
    public static final String SCHEMA_AREA = "subschemaAdminSpecificArea";
    public static final String COLLECTIVE_AREA = "collectiveAttributeSpecificArea";
    public static final String COLLECTIVE_INNERAREA = "collectiveAttributeInnerArea";
    public static final String TRIGGER_AREA = "triggerExecutionSpecificArea";
    public static final String TRIGGER_INNERAREA = "triggerExecutionInnerArea";
    public static final String[] SUBENTRY_OPATTRS = {SchemaConstants.ACCESS_CONTROL_SUBENTRIES_AT, SchemaConstants.SUBSCHEMA_SUBENTRY_AT, SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT, SchemaConstants.TRIGGER_EXECUTION_SUBENTRIES_AT};
    private static final Logger LOG = LoggerFactory.getLogger(SubentryInterceptor.class);
    private final SubentryCache subentryCache = new SubentryCache();
    private SubtreeSpecificationParser ssParser;
    private SubtreeEvaluator evaluator;
    private PartitionNexus nexus;
    private Registries registries;
    private AttributeTypeRegistry atRegistry;
    private OidRegistry oidRegistry;
    private AttributeType objectClassType;

    /* loaded from: input_file:WEB-INF/lib/apacheds-all-1.5.5.jar:org/apache/directory/server/core/subtree/SubentryInterceptor$HideEntriesFilter.class */
    public class HideEntriesFilter implements EntryFilter {
        public HideEntriesFilter() {
        }

        @Override // org.apache.directory.server.core.filtering.EntryFilter
        public boolean accept(SearchingOperationContext searchingOperationContext, ClonedServerEntry clonedServerEntry) throws Exception {
            String normName = clonedServerEntry.getDn().getNormName();
            if (SubentryInterceptor.this.subentryCache.hasSubentry(normName)) {
                return true;
            }
            EntryAttribute entryAttribute = clonedServerEntry.get(SchemaConstants.OBJECT_CLASS_AT);
            if (entryAttribute != null) {
                return entryAttribute.contains(SchemaConstants.SUBENTRY_OC);
            }
            LdapDN ldapDN = new LdapDN(normName);
            ldapDN.normalize(SubentryInterceptor.this.atRegistry.getNormalizerMapping());
            return SubentryInterceptor.this.subentryCache.hasSubentry(ldapDN.toNormName());
        }
    }

    /* loaded from: input_file:WEB-INF/lib/apacheds-all-1.5.5.jar:org/apache/directory/server/core/subtree/SubentryInterceptor$HideSubentriesFilter.class */
    public class HideSubentriesFilter implements EntryFilter {
        public HideSubentriesFilter() {
        }

        @Override // org.apache.directory.server.core.filtering.EntryFilter
        public boolean accept(SearchingOperationContext searchingOperationContext, ClonedServerEntry clonedServerEntry) throws Exception {
            String normName = clonedServerEntry.getDn().getNormName();
            if (SubentryInterceptor.this.subentryCache.hasSubentry(normName)) {
                return false;
            }
            EntryAttribute entryAttribute = clonedServerEntry.get(SchemaConstants.OBJECT_CLASS_AT);
            if (entryAttribute != null) {
                return !entryAttribute.contains(SchemaConstants.SUBENTRY_OC);
            }
            LdapDN ldapDN = new LdapDN(normName);
            ldapDN.normalize(SubentryInterceptor.this.atRegistry.getNormalizerMapping());
            return !SubentryInterceptor.this.subentryCache.hasSubentry(ldapDN.toString());
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void init(DirectoryService directoryService) throws Exception {
        super.init(directoryService);
        this.nexus = directoryService.getPartitionNexus();
        this.registries = directoryService.getRegistries();
        this.atRegistry = this.registries.getAttributeTypeRegistry();
        this.oidRegistry = this.registries.getOidRegistry();
        this.objectClassType = this.atRegistry.lookup(this.oidRegistry.getOid(SchemaConstants.OBJECT_CLASS_AT));
        this.ssParser = new SubtreeSpecificationParser(new NormalizerMappingResolver() { // from class: org.apache.directory.server.core.subtree.SubentryInterceptor.1
            @Override // org.apache.directory.shared.ldap.schema.NormalizerMappingResolver
            public Map<String, OidNormalizer> getNormalizerMapping() throws Exception {
                return SubentryInterceptor.this.atRegistry.getNormalizerMapping();
            }
        }, this.atRegistry.getNormalizerMapping());
        this.evaluator = new SubtreeEvaluator(this.oidRegistry, this.atRegistry);
        Set<String> listSuffixes = this.nexus.listSuffixes(null);
        EqualityNode equalityNode = new EqualityNode(SchemaConstants.OBJECT_CLASS_AT, new ClientStringValue(SchemaConstants.SUBENTRY_OC));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{SchemaConstants.SUBTREE_SPECIFICATION_AT, SchemaConstants.OBJECT_CLASS_AT});
        Iterator<String> it = listSuffixes.iterator();
        while (it.hasNext()) {
            LdapDN ldapDN = new LdapDN(it.next());
            ldapDN.normalize(this.atRegistry.getNormalizerMapping());
            LdapDN ldapDN2 = new LdapDN(ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED);
            ldapDN2.normalize(this.registries.getAttributeTypeRegistry().getNormalizerMapping());
            EntryFilteringCursor search = this.nexus.search(new SearchOperationContext(new DefaultCoreSession(new LdapPrincipal(ldapDN2, AuthenticationLevel.STRONG), directoryService), ldapDN, AliasDerefMode.NEVER_DEREF_ALIASES, equalityNode, searchControls));
            while (search.next()) {
                ClonedServerEntry clonedServerEntry = search.get();
                LdapDN dn = clonedServerEntry.getDn();
                try {
                    SubtreeSpecification parse = this.ssParser.parse(clonedServerEntry.get(SchemaConstants.SUBTREE_SPECIFICATION_AT).getString());
                    dn.normalize(this.atRegistry.getNormalizerMapping());
                    this.subentryCache.setSubentry(dn.toString(), parse, getSubentryTypes(clonedServerEntry));
                } catch (Exception e) {
                    LOG.warn("Failed while parsing subtreeSpecification for " + dn);
                }
            }
        }
    }

    private int getSubentryTypes(ServerEntry serverEntry) throws Exception {
        int i = 0;
        EntryAttribute entryAttribute = serverEntry.get(SchemaConstants.OBJECT_CLASS_AT);
        if (entryAttribute == null) {
            throw new LdapSchemaViolationException("A subentry must have an objectClass attribute", ResultCodeEnum.OBJECT_CLASS_VIOLATION);
        }
        if (entryAttribute.contains(SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC)) {
            i = 0 | 4;
        }
        if (entryAttribute.contains(SchemaConstants.SUBSCHEMA_OC)) {
            i |= 2;
        }
        if (entryAttribute.contains(SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRY_OC)) {
            i |= 1;
        }
        if (entryAttribute.contains("triggerExecutionSubentry")) {
            i |= 8;
        }
        return i;
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public EntryFilteringCursor list(NextInterceptor nextInterceptor, ListOperationContext listOperationContext) throws Exception {
        EntryFilteringCursor list = nextInterceptor.list(listOperationContext);
        if (!isSubentryVisible(listOperationContext)) {
            list.addEntryFilter(new HideSubentriesFilter());
        }
        return list;
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public EntryFilteringCursor search(NextInterceptor nextInterceptor, SearchOperationContext searchOperationContext) throws Exception {
        EntryFilteringCursor search = nextInterceptor.search(searchOperationContext);
        if (searchOperationContext.getScope() == SearchScope.OBJECT) {
            return search;
        }
        if (isSubentryVisible(searchOperationContext)) {
            search.addEntryFilter(new HideEntriesFilter());
        } else {
            search.addEntryFilter(new HideSubentriesFilter());
        }
        return search;
    }

    private boolean isSubentryVisible(OperationContext operationContext) throws Exception {
        if (operationContext.hasRequestControls() && operationContext.hasRequestControl("1.3.6.1.4.1.4203.1.10.1")) {
            return ((SubentriesControl) operationContext.getRequestControl("1.3.6.1.4.1.4203.1.10.1")).isVisible();
        }
        return false;
    }

    public ServerEntry getSubentryAttributes(LdapDN ldapDN, ServerEntry serverEntry) throws Exception {
        DefaultServerEntry defaultServerEntry = new DefaultServerEntry(this.registries, ldapDN);
        Iterator<String> nameIterator = this.subentryCache.nameIterator();
        while (nameIterator.hasNext()) {
            String next = nameIterator.next();
            LdapDN ldapDN2 = new LdapDN(next);
            LdapDN ldapDN3 = (LdapDN) ldapDN2.clone();
            ldapDN3.remove(ldapDN3.size() - 1);
            Subentry subentry = this.subentryCache.getSubentry(next);
            if (this.evaluator.evaluate(subentry.getSubtreeSpecification(), ldapDN3, ldapDN, serverEntry)) {
                if (subentry.isAccessControlSubentry()) {
                    EntryAttribute entryAttribute = defaultServerEntry.get(SchemaConstants.ACCESS_CONTROL_SUBENTRIES_AT);
                    if (entryAttribute == null) {
                        entryAttribute = new DefaultServerAttribute(SchemaConstants.ACCESS_CONTROL_SUBENTRIES_AT, this.atRegistry.lookup(SchemaConstants.ACCESS_CONTROL_SUBENTRIES_AT));
                        defaultServerEntry.put(entryAttribute);
                    }
                    entryAttribute.add(ldapDN2.toString());
                }
                if (subentry.isSchemaSubentry()) {
                    EntryAttribute entryAttribute2 = defaultServerEntry.get(SchemaConstants.SUBSCHEMA_SUBENTRY_AT);
                    if (entryAttribute2 == null) {
                        entryAttribute2 = new DefaultServerAttribute(SchemaConstants.SUBSCHEMA_SUBENTRY_AT, this.atRegistry.lookup(SchemaConstants.SUBSCHEMA_SUBENTRY_AT));
                        defaultServerEntry.put(entryAttribute2);
                    }
                    entryAttribute2.add(ldapDN2.toString());
                }
                if (subentry.isCollectiveSubentry()) {
                    EntryAttribute entryAttribute3 = defaultServerEntry.get(SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT);
                    if (entryAttribute3 == null) {
                        entryAttribute3 = new DefaultServerAttribute(SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT, this.atRegistry.lookup(SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT));
                        defaultServerEntry.put(entryAttribute3);
                    }
                    entryAttribute3.add(ldapDN2.toString());
                }
                if (subentry.isTriggerSubentry()) {
                    EntryAttribute entryAttribute4 = defaultServerEntry.get(SchemaConstants.TRIGGER_EXECUTION_SUBENTRIES_AT);
                    if (entryAttribute4 == null) {
                        entryAttribute4 = new DefaultServerAttribute(SchemaConstants.TRIGGER_EXECUTION_SUBENTRIES_AT, this.atRegistry.lookup(SchemaConstants.TRIGGER_EXECUTION_SUBENTRIES_AT));
                        defaultServerEntry.put(entryAttribute4);
                    }
                    entryAttribute4.add(ldapDN2.toString());
                }
            }
        }
        return defaultServerEntry;
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void add(NextInterceptor nextInterceptor, AddOperationContext addOperationContext) throws Exception {
        LdapDN dn = addOperationContext.getDn();
        ClonedServerEntry entry = addOperationContext.getEntry();
        if (entry.get(SchemaConstants.OBJECT_CLASS_AT).contains(SchemaConstants.SUBENTRY_OC)) {
            LdapDN ldapDN = (LdapDN) dn.clone();
            ldapDN.remove(dn.size() - 1);
            EntryAttribute entryAttribute = addOperationContext.lookup(ldapDN, ByPassConstants.LOOKUP_BYPASS).get(TriggerUtils.ADMINISTRATIVE_ROLE_ATTR);
            if (entryAttribute == null || entryAttribute.size() <= 0) {
                throw new LdapNoSuchAttributeException("Administration point " + ldapDN + " does not contain an administrativeRole attribute! An administrativeRole attribute in the administrative point is required to add a subordinate subentry.");
            }
            Subentry subentry = new Subentry();
            subentry.setTypes(getSubentryTypes(entry));
            ServerEntry subentryOperatationalAttributes = getSubentryOperatationalAttributes(dn, subentry);
            try {
                SubtreeSpecification parse = this.ssParser.parse(entry.get(SchemaConstants.SUBTREE_SPECIFICATION_AT).getString());
                this.subentryCache.setSubentry(dn.getNormName(), parse, getSubentryTypes(entry));
                nextInterceptor.add(addOperationContext);
                LdapDN ldapDN2 = (LdapDN) ldapDN.clone();
                ldapDN2.addAll(parse.getBase());
                PresenceNode presenceNode = new PresenceNode(SchemaConstants.OBJECT_CLASS_AT_OID);
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                searchControls.setReturningAttributes(new String[]{"+", "*"});
                EntryFilteringCursor search = this.nexus.search(new SearchOperationContext(addOperationContext.getSession(), ldapDN2, AliasDerefMode.NEVER_DEREF_ALIASES, presenceNode, searchControls));
                while (search.next()) {
                    ClonedServerEntry clonedServerEntry = search.get();
                    LdapDN dn2 = clonedServerEntry.getDn();
                    dn2.normalize(this.atRegistry.getNormalizerMapping());
                    if (this.evaluator.evaluate(parse, ldapDN, dn2, clonedServerEntry)) {
                        this.nexus.modify(new ModifyOperationContext(addOperationContext.getSession(), dn2, getOperationalModsForAdd(clonedServerEntry, subentryOperatationalAttributes)));
                    }
                }
                addOperationContext.setEntry(entry);
                return;
            } catch (Exception e) {
                String str = "Failed while parsing subtreeSpecification for " + dn.getUpName();
                LOG.warn(str);
                throw new LdapInvalidAttributeValueException(str, ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX);
            }
        }
        Iterator<String> nameIterator = this.subentryCache.nameIterator();
        while (nameIterator.hasNext()) {
            String next = nameIterator.next();
            LdapDN ldapDN3 = new LdapDN(next);
            LdapDN ldapDN4 = (LdapDN) ldapDN3.clone();
            ldapDN4.remove(ldapDN4.size() - 1);
            Subentry subentry2 = this.subentryCache.getSubentry(next);
            if (this.evaluator.evaluate(subentry2.getSubtreeSpecification(), ldapDN4, dn, entry)) {
                if (subentry2.isAccessControlSubentry()) {
                    EntryAttribute entryAttribute2 = entry.get(SchemaConstants.ACCESS_CONTROL_SUBENTRIES_AT);
                    if (entryAttribute2 == null) {
                        entryAttribute2 = new DefaultServerAttribute(this.atRegistry.lookup(SchemaConstants.ACCESS_CONTROL_SUBENTRIES_AT));
                        entry.put(entryAttribute2);
                    }
                    entryAttribute2.add(ldapDN3.toString());
                }
                if (subentry2.isSchemaSubentry()) {
                    EntryAttribute entryAttribute3 = entry.get(SchemaConstants.SUBSCHEMA_SUBENTRY_AT);
                    if (entryAttribute3 == null) {
                        entryAttribute3 = new DefaultServerAttribute(this.atRegistry.lookup(SchemaConstants.SUBSCHEMA_SUBENTRY_AT));
                        entry.put(entryAttribute3);
                    }
                    entryAttribute3.add(ldapDN3.toString());
                }
                if (subentry2.isCollectiveSubentry()) {
                    EntryAttribute entryAttribute4 = entry.get(SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT);
                    if (entryAttribute4 == null) {
                        entryAttribute4 = new DefaultServerAttribute(this.atRegistry.lookup(SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT));
                        entry.put(entryAttribute4);
                    }
                    entryAttribute4.add(ldapDN3.toString());
                }
                if (subentry2.isTriggerSubentry()) {
                    EntryAttribute entryAttribute5 = entry.get(SchemaConstants.TRIGGER_EXECUTION_SUBENTRIES_AT);
                    if (entryAttribute5 == null) {
                        entryAttribute5 = new DefaultServerAttribute(this.atRegistry.lookup(SchemaConstants.TRIGGER_EXECUTION_SUBENTRIES_AT));
                        entry.put(entryAttribute5);
                    }
                    entryAttribute5.add(ldapDN3.toString());
                }
            }
        }
        addOperationContext.setEntry(entry);
        nextInterceptor.add(addOperationContext);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void delete(NextInterceptor nextInterceptor, DeleteOperationContext deleteOperationContext) throws Exception {
        LdapDN dn = deleteOperationContext.getDn();
        if (!deleteOperationContext.lookup(dn, ByPassConstants.LOOKUP_BYPASS).get(this.objectClassType).contains(SchemaConstants.SUBENTRY_OC)) {
            nextInterceptor.delete(deleteOperationContext);
            return;
        }
        SubtreeSpecification subtreeSpecification = this.subentryCache.removeSubentry(dn.toNormName()).getSubtreeSpecification();
        nextInterceptor.delete(deleteOperationContext);
        LdapDN ldapDN = (LdapDN) dn.clone();
        ldapDN.remove(dn.size() - 1);
        LdapDN ldapDN2 = (LdapDN) ldapDN.clone();
        ldapDN2.addAll(subtreeSpecification.getBase());
        PresenceNode presenceNode = new PresenceNode(this.oidRegistry.getOid(SchemaConstants.OBJECT_CLASS_AT));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"+", "*"});
        EntryFilteringCursor search = this.nexus.search(new SearchOperationContext(deleteOperationContext.getSession(), ldapDN2, AliasDerefMode.NEVER_DEREF_ALIASES, presenceNode, searchControls));
        while (search.next()) {
            ClonedServerEntry clonedServerEntry = search.get();
            LdapDN ldapDN3 = new LdapDN(clonedServerEntry.getDn());
            ldapDN3.normalize(this.atRegistry.getNormalizerMapping());
            if (this.evaluator.evaluate(subtreeSpecification, ldapDN, ldapDN3, clonedServerEntry)) {
                this.nexus.modify(new ModifyOperationContext(deleteOperationContext.getSession(), ldapDN3, getOperationalModsForRemove(dn, clonedServerEntry)));
            }
        }
    }

    private boolean hasAdministrativeDescendant(OperationContext operationContext, LdapDN ldapDN) throws Exception {
        PresenceNode presenceNode = new PresenceNode(TriggerUtils.ADMINISTRATIVE_ROLE_ATTR);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        EntryFilteringCursor search = this.nexus.search(new SearchOperationContext(operationContext.getSession(), ldapDN, AliasDerefMode.NEVER_DEREF_ALIASES, presenceNode, searchControls));
        if (!search.next()) {
            return false;
        }
        search.close();
        return true;
    }

    private List<Modification> getModsOnEntryRdnChange(Name name, Name name2, ServerEntry serverEntry) throws Exception {
        ArrayList arrayList = new ArrayList();
        Iterator<String> nameIterator = this.subentryCache.nameIterator();
        while (nameIterator.hasNext()) {
            String next = nameIterator.next();
            LdapDN ldapDN = new LdapDN(next);
            ldapDN.remove(ldapDN.size() - 1);
            SubtreeSpecification subtreeSpecification = this.subentryCache.getSubentry(next).getSubtreeSpecification();
            boolean evaluate = this.evaluator.evaluate(subtreeSpecification, ldapDN, name, serverEntry);
            boolean evaluate2 = this.evaluator.evaluate(subtreeSpecification, ldapDN, name2, serverEntry);
            if (evaluate != evaluate2) {
                if (evaluate && !evaluate2) {
                    for (String str : SUBENTRY_OPATTRS) {
                        ModificationOperation modificationOperation = ModificationOperation.REPLACE_ATTRIBUTE;
                        EntryAttribute entryAttribute = serverEntry.get(str);
                        if (entryAttribute != null) {
                            ServerAttribute serverAttribute = (ServerAttribute) entryAttribute.mo161clone();
                            serverAttribute.remove(next);
                            if (serverAttribute.size() < 1) {
                                modificationOperation = ModificationOperation.REMOVE_ATTRIBUTE;
                            }
                            arrayList.add(new ServerModification(modificationOperation, serverAttribute));
                        }
                    }
                } else if (evaluate2 && !evaluate) {
                    for (String str2 : SUBENTRY_OPATTRS) {
                        ModificationOperation modificationOperation2 = ModificationOperation.ADD_ATTRIBUTE;
                        DefaultServerAttribute defaultServerAttribute = new DefaultServerAttribute(str2, this.atRegistry.lookup(str2));
                        defaultServerAttribute.add(next);
                        arrayList.add(new ServerModification(modificationOperation2, defaultServerAttribute));
                    }
                }
            }
        }
        return arrayList;
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void rename(NextInterceptor nextInterceptor, RenameOperationContext renameOperationContext) throws Exception {
        LdapDN dn = renameOperationContext.getDn();
        ServerEntry lookup = renameOperationContext.lookup(dn, ByPassConstants.LOOKUP_BYPASS);
        if (!lookup.get(this.objectClassType).contains(SchemaConstants.SUBENTRY_OC)) {
            if (hasAdministrativeDescendant(renameOperationContext, dn)) {
                LOG.warn("Will not allow rename operation on entries with administrative descendants.");
                throw new LdapSchemaViolationException("Will not allow rename operation on entries with administrative descendants.", ResultCodeEnum.NOT_ALLOWED_ON_RDN);
            }
            nextInterceptor.rename(renameOperationContext);
            LdapDN ldapDN = (LdapDN) dn.clone();
            ldapDN.remove(ldapDN.size() - 1);
            ldapDN.add(renameOperationContext.getNewRdn());
            ldapDN.normalize(this.atRegistry.getNormalizerMapping());
            List<Modification> modsOnEntryRdnChange = getModsOnEntryRdnChange(dn, ldapDN, lookup);
            if (modsOnEntryRdnChange.size() > 0) {
                this.nexus.modify(new ModifyOperationContext(renameOperationContext.getSession(), ldapDN, modsOnEntryRdnChange));
                return;
            }
            return;
        }
        Subentry subentry = this.subentryCache.getSubentry(dn.toNormName());
        SubtreeSpecification subtreeSpecification = subentry.getSubtreeSpecification();
        LdapDN ldapDN2 = (LdapDN) dn.clone();
        ldapDN2.remove(ldapDN2.size() - 1);
        LdapDN ldapDN3 = (LdapDN) ldapDN2.clone();
        ldapDN3.addAll(subtreeSpecification.getBase());
        LdapDN ldapDN4 = (LdapDN) dn.clone();
        ldapDN4.remove(ldapDN4.size() - 1);
        ldapDN4.add(renameOperationContext.getNewRdn());
        String normName = ldapDN4.toNormName();
        this.subentryCache.setSubentry(normName, subtreeSpecification, subentry.getTypes());
        nextInterceptor.rename(renameOperationContext);
        Subentry subentry2 = this.subentryCache.getSubentry(normName);
        PresenceNode presenceNode = new PresenceNode(this.oidRegistry.getOid(SchemaConstants.OBJECT_CLASS_AT));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"+", "*"});
        EntryFilteringCursor search = this.nexus.search(new SearchOperationContext(renameOperationContext.getSession(), ldapDN3, AliasDerefMode.NEVER_DEREF_ALIASES, presenceNode, searchControls));
        while (search.next()) {
            ServerEntry serverEntry = search.get();
            LdapDN dn2 = serverEntry.getDn();
            dn2.normalize(this.atRegistry.getNormalizerMapping());
            if (this.evaluator.evaluate(subtreeSpecification, ldapDN2, dn2, serverEntry)) {
                this.nexus.modify(new ModifyOperationContext(renameOperationContext.getSession(), dn2, getOperationalModsForReplace(dn, ldapDN4, subentry2, serverEntry)));
            }
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void moveAndRename(NextInterceptor nextInterceptor, MoveAndRenameOperationContext moveAndRenameOperationContext) throws Exception {
        LdapDN dn = moveAndRenameOperationContext.getDn();
        LdapDN parent = moveAndRenameOperationContext.getParent();
        ServerEntry lookup = moveAndRenameOperationContext.lookup(dn, ByPassConstants.LOOKUP_BYPASS);
        if (!lookup.get(this.objectClassType).contains(SchemaConstants.SUBENTRY_OC)) {
            if (hasAdministrativeDescendant(moveAndRenameOperationContext, dn)) {
                LOG.warn("Will not allow rename operation on entries with administrative descendants.");
                throw new LdapSchemaViolationException("Will not allow rename operation on entries with administrative descendants.", ResultCodeEnum.NOT_ALLOWED_ON_RDN);
            }
            nextInterceptor.moveAndRename(moveAndRenameOperationContext);
            LdapDN ldapDN = (LdapDN) parent.clone();
            ldapDN.add(moveAndRenameOperationContext.getNewRdn());
            ldapDN.normalize(this.atRegistry.getNormalizerMapping());
            List<Modification> modsOnEntryRdnChange = getModsOnEntryRdnChange(dn, ldapDN, lookup);
            if (modsOnEntryRdnChange.size() > 0) {
                this.nexus.modify(new ModifyOperationContext(moveAndRenameOperationContext.getSession(), ldapDN, modsOnEntryRdnChange));
                return;
            }
            return;
        }
        Subentry subentry = this.subentryCache.getSubentry(dn.toNormName());
        SubtreeSpecification subtreeSpecification = subentry.getSubtreeSpecification();
        LdapDN ldapDN2 = (LdapDN) dn.clone();
        ldapDN2.remove(ldapDN2.size() - 1);
        LdapDN ldapDN3 = (LdapDN) ldapDN2.clone();
        ldapDN3.addAll(subtreeSpecification.getBase());
        LdapDN ldapDN4 = (LdapDN) parent.clone();
        ldapDN4.remove(ldapDN4.size() - 1);
        ldapDN4.add(moveAndRenameOperationContext.getNewRdn());
        String normName = ldapDN4.toNormName();
        this.subentryCache.setSubentry(normName, subtreeSpecification, subentry.getTypes());
        nextInterceptor.moveAndRename(moveAndRenameOperationContext);
        Subentry subentry2 = this.subentryCache.getSubentry(normName);
        PresenceNode presenceNode = new PresenceNode(this.oidRegistry.getOid(SchemaConstants.OBJECT_CLASS_AT));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"+", "*"});
        EntryFilteringCursor search = this.nexus.search(new SearchOperationContext(moveAndRenameOperationContext.getSession(), ldapDN3, AliasDerefMode.NEVER_DEREF_ALIASES, presenceNode, searchControls));
        while (search.next()) {
            ServerEntry serverEntry = search.get();
            LdapDN dn2 = serverEntry.getDn();
            dn2.normalize(this.atRegistry.getNormalizerMapping());
            if (this.evaluator.evaluate(subtreeSpecification, ldapDN2, dn2, serverEntry)) {
                this.nexus.modify(new ModifyOperationContext(moveAndRenameOperationContext.getSession(), dn2, getOperationalModsForReplace(dn, ldapDN4, subentry2, serverEntry)));
            }
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void move(NextInterceptor nextInterceptor, MoveOperationContext moveOperationContext) throws Exception {
        LdapDN dn = moveOperationContext.getDn();
        LdapDN parent = moveOperationContext.getParent();
        ServerEntry lookup = moveOperationContext.lookup(dn, ByPassConstants.LOOKUP_BYPASS);
        if (!lookup.get(SchemaConstants.OBJECT_CLASS_AT).contains(SchemaConstants.SUBENTRY_OC)) {
            if (hasAdministrativeDescendant(moveOperationContext, dn)) {
                LOG.warn("Will not allow rename operation on entries with administrative descendants.");
                throw new LdapSchemaViolationException("Will not allow rename operation on entries with administrative descendants.", ResultCodeEnum.NOT_ALLOWED_ON_RDN);
            }
            nextInterceptor.move(moveOperationContext);
            LdapDN ldapDN = (LdapDN) parent.clone();
            ldapDN.add(dn.get(dn.size() - 1));
            List<Modification> modsOnEntryRdnChange = getModsOnEntryRdnChange(dn, ldapDN, lookup);
            if (modsOnEntryRdnChange.size() > 0) {
                this.nexus.modify(new ModifyOperationContext(moveOperationContext.getSession(), ldapDN, modsOnEntryRdnChange));
                return;
            }
            return;
        }
        Subentry subentry = this.subentryCache.getSubentry(dn.toString());
        SubtreeSpecification subtreeSpecification = subentry.getSubtreeSpecification();
        LdapDN ldapDN2 = (LdapDN) dn.clone();
        ldapDN2.remove(ldapDN2.size() - 1);
        LdapDN ldapDN3 = (LdapDN) ldapDN2.clone();
        ldapDN3.addAll(subtreeSpecification.getBase());
        LdapDN ldapDN4 = (LdapDN) parent.clone();
        ldapDN4.remove(ldapDN4.size() - 1);
        ldapDN4.add(parent.get(parent.size() - 1));
        String normName = ldapDN4.toNormName();
        this.subentryCache.setSubentry(normName, subtreeSpecification, subentry.getTypes());
        nextInterceptor.move(moveOperationContext);
        Subentry subentry2 = this.subentryCache.getSubentry(normName);
        PresenceNode presenceNode = new PresenceNode(SchemaConstants.OBJECT_CLASS_AT);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"+", "*"});
        EntryFilteringCursor search = this.nexus.search(new SearchOperationContext(moveOperationContext.getSession(), ldapDN3, AliasDerefMode.NEVER_DEREF_ALIASES, presenceNode, searchControls));
        while (search.next()) {
            ServerEntry serverEntry = search.get();
            LdapDN dn2 = serverEntry.getDn();
            dn2.normalize(this.atRegistry.getNormalizerMapping());
            if (this.evaluator.evaluate(subtreeSpecification, ldapDN2, dn2, serverEntry)) {
                this.nexus.modify(new ModifyOperationContext(moveOperationContext.getSession(), dn2, getOperationalModsForReplace(dn, ldapDN4, subentry2, serverEntry)));
            }
        }
    }

    private int getSubentryTypes(ServerEntry serverEntry, List<Modification> list) throws Exception {
        ServerAttribute serverAttribute = (ServerAttribute) serverEntry.get(SchemaConstants.OBJECT_CLASS_AT).mo161clone();
        for (Modification modification : list) {
            if (modification.getAttribute().getId().equalsIgnoreCase(SchemaConstants.OBJECT_CLASS_AT)) {
                switch (modification.getOperation()) {
                    case ADD_ATTRIBUTE:
                        Iterator it = ((ServerAttribute) modification.getAttribute()).iterator();
                        while (it.hasNext()) {
                            serverAttribute.add(((Value) it.next()).getString());
                        }
                        break;
                    case REMOVE_ATTRIBUTE:
                        Iterator it2 = ((ServerAttribute) modification.getAttribute()).iterator();
                        while (it2.hasNext()) {
                            serverAttribute.remove(((Value) it2.next()).getString());
                        }
                        break;
                    case REPLACE_ATTRIBUTE:
                        serverAttribute = (ServerAttribute) modification.getAttribute();
                        break;
                }
            }
        }
        DefaultServerEntry defaultServerEntry = new DefaultServerEntry(this.registries, LdapDN.EMPTY_LDAPDN);
        defaultServerEntry.put(serverAttribute);
        return getSubentryTypes(defaultServerEntry);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void modify(NextInterceptor nextInterceptor, ModifyOperationContext modifyOperationContext) throws Exception {
        LdapDN dn = modifyOperationContext.getDn();
        List<Modification> modItems = modifyOperationContext.getModItems();
        ClonedServerEntry lookup = modifyOperationContext.lookup(dn, ByPassConstants.LOOKUP_BYPASS);
        ServerEntry serverEntry = (ServerEntry) lookup.mo163clone();
        EntryAttribute entryAttribute = lookup.get(this.objectClassType);
        boolean z = false;
        Modification modification = null;
        for (Modification modification2 : modItems) {
            if (SchemaConstants.SUBTREE_SPECIFICATION_AT.equalsIgnoreCase(modification2.getAttribute().getId())) {
                z = true;
                modification = modification2;
            }
        }
        if (!entryAttribute.contains(SchemaConstants.SUBENTRY_OC) || !z) {
            nextInterceptor.modify(modifyOperationContext);
            if (entryAttribute.contains(SchemaConstants.SUBENTRY_OC)) {
                return;
            }
            List<Modification> modsOnEntryModification = getModsOnEntryModification(dn, serverEntry, modifyOperationContext.lookup(dn, ByPassConstants.LOOKUP_BYPASS));
            if (modsOnEntryModification.size() > 0) {
                this.nexus.modify(new ModifyOperationContext(modifyOperationContext.getSession(), dn, modsOnEntryModification));
                return;
            }
            return;
        }
        SubtreeSpecification subtreeSpecification = this.subentryCache.removeSubentry(dn.toString()).getSubtreeSpecification();
        try {
            SubtreeSpecification parse = this.ssParser.parse(((ServerAttribute) modification.getAttribute()).getString());
            this.subentryCache.setSubentry(dn.toNormName(), parse, getSubentryTypes(lookup, modItems));
            nextInterceptor.modify(modifyOperationContext);
            LdapDN ldapDN = (LdapDN) dn.clone();
            ldapDN.remove(ldapDN.size() - 1);
            LdapDN ldapDN2 = (LdapDN) ldapDN.clone();
            ldapDN2.addAll(subtreeSpecification.getBase());
            PresenceNode presenceNode = new PresenceNode(this.oidRegistry.getOid(SchemaConstants.OBJECT_CLASS_AT));
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[]{"+", "*"});
            EntryFilteringCursor search = this.nexus.search(new SearchOperationContext(modifyOperationContext.getSession(), ldapDN2, AliasDerefMode.NEVER_DEREF_ALIASES, presenceNode, searchControls));
            while (search.next()) {
                ClonedServerEntry clonedServerEntry = search.get();
                LdapDN dn2 = clonedServerEntry.getDn();
                dn2.normalize(this.atRegistry.getNormalizerMapping());
                if (this.evaluator.evaluate(subtreeSpecification, ldapDN, dn2, clonedServerEntry)) {
                    this.nexus.modify(new ModifyOperationContext(modifyOperationContext.getSession(), dn2, getOperationalModsForRemove(dn, clonedServerEntry)));
                }
            }
            ServerEntry subentryOperatationalAttributes = getSubentryOperatationalAttributes(dn, this.subentryCache.getSubentry(dn.toNormName()));
            LdapDN ldapDN3 = (LdapDN) ldapDN.clone();
            ldapDN3.addAll(parse.getBase());
            EntryFilteringCursor search2 = this.nexus.search(new SearchOperationContext(modifyOperationContext.getSession(), ldapDN3, AliasDerefMode.NEVER_DEREF_ALIASES, presenceNode, searchControls));
            while (search2.next()) {
                ClonedServerEntry clonedServerEntry2 = search2.get();
                LdapDN dn3 = clonedServerEntry2.getDn();
                dn3.normalize(this.atRegistry.getNormalizerMapping());
                if (this.evaluator.evaluate(parse, ldapDN, dn3, clonedServerEntry2)) {
                    this.nexus.modify(new ModifyOperationContext(modifyOperationContext.getSession(), dn3, getOperationalModsForAdd(clonedServerEntry2, subentryOperatationalAttributes)));
                }
            }
        } catch (Exception e) {
            LOG.error("failed to parse the new subtreeSpecification", (Throwable) e);
            throw new LdapInvalidAttributeValueException("failed to parse the new subtreeSpecification", ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX);
        }
    }

    private List<Modification> getOperationalModsForReplace(Name name, Name name2, Subentry subentry, ServerEntry serverEntry) throws Exception {
        ArrayList arrayList = new ArrayList();
        if (subentry.isAccessControlSubentry()) {
            ServerAttribute serverAttribute = (ServerAttribute) serverEntry.get(SchemaConstants.ACCESS_CONTROL_SUBENTRIES_AT).mo161clone();
            if (serverAttribute == null) {
                serverAttribute = new DefaultServerAttribute(SchemaConstants.ACCESS_CONTROL_SUBENTRIES_AT, this.atRegistry.lookup(SchemaConstants.ACCESS_CONTROL_SUBENTRIES_AT));
                serverAttribute.add(name2.toString());
            } else {
                serverAttribute.remove(name.toString());
                serverAttribute.add(name2.toString());
            }
            arrayList.add(new ServerModification(ModificationOperation.REPLACE_ATTRIBUTE, serverAttribute));
        }
        if (subentry.isSchemaSubentry()) {
            ServerAttribute serverAttribute2 = (ServerAttribute) serverEntry.get(SchemaConstants.SUBSCHEMA_SUBENTRY_AT).mo161clone();
            if (serverAttribute2 == null) {
                serverAttribute2 = new DefaultServerAttribute(SchemaConstants.SUBSCHEMA_SUBENTRY_AT, this.atRegistry.lookup(SchemaConstants.SUBSCHEMA_SUBENTRY_AT));
                serverAttribute2.add(name2.toString());
            } else {
                serverAttribute2.remove(name.toString());
                serverAttribute2.add(name2.toString());
            }
            arrayList.add(new ServerModification(ModificationOperation.REPLACE_ATTRIBUTE, serverAttribute2));
        }
        if (subentry.isCollectiveSubentry()) {
            ServerAttribute serverAttribute3 = (ServerAttribute) serverEntry.get(SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT).mo161clone();
            if (serverAttribute3 == null) {
                serverAttribute3 = new DefaultServerAttribute(SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT, this.atRegistry.lookup(SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT));
                serverAttribute3.add(name2.toString());
            } else {
                serverAttribute3.remove(name.toString());
                serverAttribute3.add(name2.toString());
            }
            arrayList.add(new ServerModification(ModificationOperation.REPLACE_ATTRIBUTE, serverAttribute3));
        }
        if (subentry.isTriggerSubentry()) {
            ServerAttribute serverAttribute4 = (ServerAttribute) serverEntry.get(SchemaConstants.TRIGGER_EXECUTION_SUBENTRIES_AT).mo161clone();
            if (serverAttribute4 == null) {
                serverAttribute4 = new DefaultServerAttribute(SchemaConstants.TRIGGER_EXECUTION_SUBENTRIES_AT, this.atRegistry.lookup(SchemaConstants.TRIGGER_EXECUTION_SUBENTRIES_AT));
                serverAttribute4.add(name2.toString());
            } else {
                serverAttribute4.remove(name.toString());
                serverAttribute4.add(name2.toString());
            }
            arrayList.add(new ServerModification(ModificationOperation.REPLACE_ATTRIBUTE, serverAttribute4));
        }
        return arrayList;
    }

    private ServerEntry getSubentryOperatationalAttributes(LdapDN ldapDN, Subentry subentry) throws Exception {
        DefaultServerEntry defaultServerEntry = new DefaultServerEntry(this.registries, ldapDN);
        if (subentry.isAccessControlSubentry()) {
            if (defaultServerEntry.get(SchemaConstants.ACCESS_CONTROL_SUBENTRIES_AT) == null) {
                defaultServerEntry.put(SchemaConstants.ACCESS_CONTROL_SUBENTRIES_AT, ldapDN.toString());
            } else {
                defaultServerEntry.get(SchemaConstants.ACCESS_CONTROL_SUBENTRIES_AT).add(ldapDN.toString());
            }
        }
        if (subentry.isSchemaSubentry()) {
            if (defaultServerEntry.get(SchemaConstants.SUBSCHEMA_SUBENTRY_AT) == null) {
                defaultServerEntry.put(SchemaConstants.SUBSCHEMA_SUBENTRY_AT, ldapDN.toString());
            } else {
                defaultServerEntry.get(SchemaConstants.SUBSCHEMA_SUBENTRY_AT).add(ldapDN.toString());
            }
        }
        if (subentry.isCollectiveSubentry()) {
            if (defaultServerEntry.get(SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT) == null) {
                defaultServerEntry.put(SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT, ldapDN.toString());
            } else {
                defaultServerEntry.get(SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT).add(ldapDN.toString());
            }
        }
        if (subentry.isTriggerSubentry()) {
            if (defaultServerEntry.get(SchemaConstants.TRIGGER_EXECUTION_SUBENTRIES_AT) == null) {
                defaultServerEntry.put(SchemaConstants.TRIGGER_EXECUTION_SUBENTRIES_AT, ldapDN.toString());
            } else {
                defaultServerEntry.get(SchemaConstants.TRIGGER_EXECUTION_SUBENTRIES_AT).add(ldapDN.toString());
            }
        }
        return defaultServerEntry;
    }

    private List<Modification> getOperationalModsForRemove(LdapDN ldapDN, ServerEntry serverEntry) throws Exception {
        ArrayList arrayList = new ArrayList();
        String normName = ldapDN.toNormName();
        for (String str : SUBENTRY_OPATTRS) {
            EntryAttribute entryAttribute = serverEntry.get(str);
            if (entryAttribute != null && entryAttribute.contains(normName)) {
                arrayList.add(new ServerModification(ModificationOperation.REMOVE_ATTRIBUTE, new DefaultServerAttribute(str, this.atRegistry.lookup(str), normName)));
            }
        }
        return arrayList;
    }

    public List<Modification> getOperationalModsForAdd(ServerEntry serverEntry, ServerEntry serverEntry2) throws Exception {
        ArrayList arrayList = new ArrayList();
        for (AttributeType attributeType : serverEntry2.getAttributeTypes()) {
            ModificationOperation modificationOperation = ModificationOperation.REPLACE_ATTRIBUTE;
            DefaultServerAttribute defaultServerAttribute = new DefaultServerAttribute(attributeType);
            EntryAttribute entryAttribute = serverEntry2.get(attributeType);
            EntryAttribute entryAttribute2 = serverEntry.get(attributeType);
            Iterator<Value<?>> it = entryAttribute.iterator();
            while (it.hasNext()) {
                defaultServerAttribute.add(it.next());
            }
            if (entryAttribute2 == null || entryAttribute2.size() <= 0) {
                modificationOperation = ModificationOperation.ADD_ATTRIBUTE;
            } else {
                Iterator<Value<?>> it2 = entryAttribute2.iterator();
                while (it2.hasNext()) {
                    defaultServerAttribute.add(it2.next());
                }
            }
            arrayList.add(new ServerModification(modificationOperation, defaultServerAttribute));
        }
        return arrayList;
    }

    private List<Modification> getModsOnEntryModification(LdapDN ldapDN, ServerEntry serverEntry, ServerEntry serverEntry2) throws Exception {
        ArrayList arrayList = new ArrayList();
        Iterator<String> nameIterator = this.subentryCache.nameIterator();
        while (nameIterator.hasNext()) {
            String next = nameIterator.next();
            LdapDN ldapDN2 = new LdapDN(next);
            ldapDN2.remove(ldapDN2.size() - 1);
            SubtreeSpecification subtreeSpecification = this.subentryCache.getSubentry(next).getSubtreeSpecification();
            boolean evaluate = this.evaluator.evaluate(subtreeSpecification, ldapDN2, ldapDN, serverEntry);
            boolean evaluate2 = this.evaluator.evaluate(subtreeSpecification, ldapDN2, ldapDN, serverEntry2);
            if (evaluate != evaluate2) {
                if (evaluate && !evaluate2) {
                    for (String str : SUBENTRY_OPATTRS) {
                        ModificationOperation modificationOperation = ModificationOperation.REPLACE_ATTRIBUTE;
                        EntryAttribute entryAttribute = serverEntry.get(str);
                        if (entryAttribute != null) {
                            ServerAttribute serverAttribute = (ServerAttribute) entryAttribute.mo161clone();
                            serverAttribute.remove(next);
                            if (serverAttribute.size() < 1) {
                                modificationOperation = ModificationOperation.REMOVE_ATTRIBUTE;
                            }
                            arrayList.add(new ServerModification(modificationOperation, serverAttribute));
                        }
                    }
                } else if (evaluate2 && !evaluate) {
                    for (String str2 : SUBENTRY_OPATTRS) {
                        ModificationOperation modificationOperation2 = ModificationOperation.ADD_ATTRIBUTE;
                        DefaultServerAttribute defaultServerAttribute = new DefaultServerAttribute(str2, this.atRegistry.lookup(str2));
                        defaultServerAttribute.add(next);
                        arrayList.add(new ServerModification(modificationOperation2, defaultServerAttribute));
                    }
                }
            }
        }
        return arrayList;
    }
}
