package org.opends.server.authorization.dseecompat;

import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import org.opends.server.core.DirectoryServer;
import org.opends.server.messages.AciMessages;
import org.opends.server.messages.MessageHandler;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.types.Attribute;
import org.opends.server.types.AttributeType;
import org.opends.server.types.AttributeValue;
import org.opends.server.types.DN;
import org.opends.server.types.DereferencePolicy;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.LDAPURL;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.SearchResultEntry;
import org.opends.server.types.SearchScope;

/* loaded from: input_file:org/opends/server/authorization/dseecompat/UserAttr.class */
public class UserAttr implements KeywordBindRule {
    private static SearchFilter filter;
    private String attrStr;
    private String attrVal;
    private UserAttrType userAttrType;
    private EnumBindRuleType type;
    private ParentInheritance parentInheritance;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opends/server/authorization/dseecompat/UserAttr$UserAttrType.class */
    public enum UserAttrType {
        USERDN,
        GROUPDN,
        ROLEDN,
        URL,
        VALUE
    }

    private UserAttr(String str, String str2, UserAttrType userAttrType, EnumBindRuleType enumBindRuleType) {
        this.attrStr = null;
        this.attrVal = null;
        this.userAttrType = null;
        this.type = null;
        this.parentInheritance = null;
        this.attrStr = str;
        this.attrVal = str2;
        this.userAttrType = userAttrType;
        this.type = enumBindRuleType;
    }

    private UserAttr(UserAttrType userAttrType, EnumBindRuleType enumBindRuleType, ParentInheritance parentInheritance) {
        this.attrStr = null;
        this.attrVal = null;
        this.userAttrType = null;
        this.type = null;
        this.parentInheritance = null;
        this.userAttrType = userAttrType;
        this.type = enumBindRuleType;
        this.parentInheritance = parentInheritance;
    }

    public static KeywordBindRule decode(String str, EnumBindRuleType enumBindRuleType) throws AciException {
        String[] split = str.split("#");
        if (split.length != 2) {
            throw new AciException(AciMessages.MSGID_ACI_SYNTAX_INVALID_USERATTR_EXPRESSION, MessageHandler.getMessage(AciMessages.MSGID_ACI_SYNTAX_INVALID_USERATTR_EXPRESSION, str));
        }
        UserAttrType type = getType(split[1]);
        switch (type) {
            case GROUPDN:
            case USERDN:
                return new UserAttr(type, enumBindRuleType, new ParentInheritance(split[0], false));
            case ROLEDN:
                throw new AciException(AciMessages.MSGID_ACI_SYNTAX_ROLEDN_NOT_SUPPORTED, MessageHandler.getMessage(AciMessages.MSGID_ACI_SYNTAX_ROLEDN_NOT_SUPPORTED, str));
            default:
                return new UserAttr(split[0], split[1], type, enumBindRuleType);
        }
    }

    @Override // org.opends.server.authorization.dseecompat.KeywordBindRule
    public EnumEvalResult evaluate(AciEvalContext aciEvalContext) {
        EnumEvalResult evalVAL;
        aciEvalContext.useFullResourceEntry(true);
        switch (this.userAttrType) {
            case GROUPDN:
            case USERDN:
            case ROLEDN:
                evalVAL = evalDNKeywords(aciEvalContext);
                break;
            case URL:
                evalVAL = evalURL(aciEvalContext);
                break;
            default:
                evalVAL = evalVAL(aciEvalContext);
                break;
        }
        aciEvalContext.useFullResourceEntry(false);
        return evalVAL;
    }

    private EnumEvalResult evalVAL(AciEvalContext aciEvalContext) {
        EnumEvalResult enumEvalResult = EnumEvalResult.FALSE;
        AttributeType attributeType = DirectoryServer.getAttributeType(this.attrStr);
        AttributeType attributeType2 = attributeType;
        if (attributeType == null) {
            attributeType2 = DirectoryServer.getDefaultAttributeType(this.attrStr);
        }
        LinkedList<SearchResultEntry> searchEntries = InternalClientConnection.getRootConnection().processSearch(aciEvalContext.getClientDN(), SearchScope.BASE_OBJECT, DereferencePolicy.NEVER_DEREF_ALIASES, 0, 0, false, filter, (LinkedHashSet<String>) null).getSearchEntries();
        if (!searchEntries.isEmpty()) {
            AttributeValue attributeValue = new AttributeValue(attributeType2, this.attrVal);
            if (searchEntries.getFirst().hasValue(attributeType2, null, attributeValue) && aciEvalContext.getResourceEntry().hasValue(attributeType2, null, attributeValue)) {
                enumEvalResult = EnumEvalResult.TRUE;
            }
        }
        return enumEvalResult.getRet(this.type, false);
    }

    private static UserAttrType getType(String str) throws AciException {
        return str.equalsIgnoreCase("userdn") ? UserAttrType.USERDN : str.equalsIgnoreCase("groupdn") ? UserAttrType.GROUPDN : str.equalsIgnoreCase("roledn") ? UserAttrType.ROLEDN : str.equalsIgnoreCase("ldapurl") ? UserAttrType.URL : UserAttrType.VALUE;
    }

    private EnumEvalResult evalURL(AciEvalContext aciEvalContext) {
        EnumEvalResult enumEvalResult = EnumEvalResult.FALSE;
        boolean z = false;
        AttributeType attributeType = DirectoryServer.getAttributeType(this.attrStr);
        AttributeType attributeType2 = attributeType;
        if (attributeType == null) {
            attributeType2 = DirectoryServer.getDefaultAttributeType(this.attrStr);
        }
        List<Attribute> attribute = aciEvalContext.getResourceEntry().getAttribute(attributeType2);
        if (!attribute.isEmpty()) {
            Iterator<Attribute> it = attribute.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Iterator<AttributeValue> it2 = it.next().getValues().iterator();
                while (it2.hasNext()) {
                    try {
                        enumEvalResult = UserDN.evalURL(aciEvalContext, LDAPURL.decode(it2.next().getStringValue(), true));
                        if (enumEvalResult != EnumEvalResult.FALSE) {
                            break;
                        }
                    } catch (DirectoryException e) {
                    }
                }
                if (enumEvalResult == EnumEvalResult.TRUE) {
                    break;
                }
                if (enumEvalResult == EnumEvalResult.ERR) {
                    z = true;
                    break;
                }
            }
        }
        return enumEvalResult.getRet(this.type, z);
    }

    private EnumEvalResult evalDNKeywords(AciEvalContext aciEvalContext) {
        EnumEvalResult enumEvalResult = EnumEvalResult.FALSE;
        boolean z = false;
        boolean z2 = false;
        int numLevels = this.parentInheritance.getNumLevels();
        int[] levels = this.parentInheritance.getLevels();
        AttributeType attributeType = this.parentInheritance.getAttributeType();
        DN baseDN = this.parentInheritance.getBaseDN();
        if (baseDN == null) {
            for (int i = 0; i < numLevels && !z2; i++) {
                if (levels[i] != 0) {
                    DN dNParentLevel = getDNParentLevel(levels[i], aciEvalContext.getResourceDN());
                    if (dNParentLevel != null) {
                        LinkedHashSet<String> linkedHashSet = new LinkedHashSet<>(1);
                        linkedHashSet.add(this.parentInheritance.getAttrTypeStr());
                        LinkedList<SearchResultEntry> searchEntries = InternalClientConnection.getRootConnection().processSearch(dNParentLevel, SearchScope.BASE_OBJECT, DereferencePolicy.NEVER_DEREF_ALIASES, 0, 0, false, filter, linkedHashSet).getSearchEntries();
                        if (!searchEntries.isEmpty()) {
                            SearchResultEntry first = searchEntries.getFirst();
                            if (first.hasAttribute(attributeType)) {
                                enumEvalResult = evalEntryAttr(first, aciEvalContext, attributeType);
                                if (enumEvalResult.equals(EnumEvalResult.TRUE)) {
                                    z2 = true;
                                }
                            }
                        }
                    }
                } else if (aciEvalContext.isAddOperation()) {
                    z = true;
                } else if (aciEvalContext.getResourceEntry().hasAttribute(attributeType)) {
                    enumEvalResult = evalEntryAttr(aciEvalContext.getResourceEntry(), aciEvalContext, attributeType);
                    if (enumEvalResult.equals(EnumEvalResult.TRUE)) {
                        z2 = true;
                    }
                }
            }
        } else if (aciEvalContext.getResourceEntry().hasAttribute(attributeType)) {
            enumEvalResult = GroupDN.evaluate(aciEvalContext.getResourceEntry(), aciEvalContext, attributeType, baseDN);
        }
        return enumEvalResult.getRet(this.type, z);
    }

    private DN getDNParentLevel(int i, DN dn) {
        if (i > dn.getNumComponents()) {
            return null;
        }
        DN dn2 = dn;
        for (int i2 = 0; i2 < i; i2++) {
            dn2 = dn2.getParent();
        }
        return dn2;
    }

    private EnumEvalResult evalEntryAttr(Entry entry, AciEvalContext aciEvalContext, AttributeType attributeType) {
        EnumEvalResult enumEvalResult = EnumEvalResult.FALSE;
        switch (this.userAttrType) {
            case GROUPDN:
                enumEvalResult = GroupDN.evaluate(entry, aciEvalContext, attributeType, null);
                break;
            case USERDN:
                enumEvalResult = UserDN.evaluate(entry, aciEvalContext.getClientDN(), attributeType);
                break;
        }
        return enumEvalResult;
    }

    static {
        try {
            filter = SearchFilter.createFilterFromString("(objectclass=*)");
        } catch (DirectoryException e) {
        }
    }
}
