package org.opends.server.authorization.dseecompat;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import org.opends.messages.AccessControlMessages;
import org.opends.messages.Message;
import org.opends.server.api.AlertGenerator;
import org.opends.server.api.Backend;
import org.opends.server.api.BackendInitializationListener;
import org.opends.server.api.ChangeNotificationListener;
import org.opends.server.api.ClientConnection;
import org.opends.server.core.DirectoryServer;
import org.opends.server.loggers.ErrorLogger;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.InternalSearchListener;
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.types.AttributeType;
import org.opends.server.types.Control;
import org.opends.server.types.DN;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DereferencePolicy;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.IndexType;
import org.opends.server.types.Modification;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.SearchScope;
import org.opends.server.types.operation.PostResponseAddOperation;
import org.opends.server.types.operation.PostResponseDeleteOperation;
import org.opends.server.types.operation.PostResponseModifyDNOperation;
import org.opends.server.types.operation.PostResponseModifyOperation;
import org.opends.server.util.ServerConstants;
import org.opends.server.workflowelement.localbackend.LocalBackendSearchOperation;

/* loaded from: input_file:org/opends/server/authorization/dseecompat/AciListenerManager.class */
public class AciListenerManager implements ChangeNotificationListener, BackendInitializationListener, AlertGenerator {
    private static final String CLASS_NAME = "org.opends.server.authorization.dseecompat.AciListenerManager";
    private DN configurationDN;
    private boolean inLockDownMode = false;
    private AciList aciList;
    private static SearchFilter aciFilter;
    private static final DebugTracer TRACER = DebugLogger.getTracer();
    private static LinkedHashSet<String> attrs = new LinkedHashSet<>();

    public AciListenerManager(AciList aciList, DN dn) {
        this.aciList = aciList;
        this.configurationDN = dn;
        DirectoryServer.registerChangeNotificationListener(this);
        DirectoryServer.registerBackendInitializationListener(this);
        DirectoryServer.registerAlertGenerator(this);
    }

    public void finalizeListenerManager() {
        DirectoryServer.deregisterChangeNotificationListener(this);
        DirectoryServer.deregisterBackendInitializationListener(this);
        DirectoryServer.deregisterAlertGenerator(this);
    }

    @Override // org.opends.server.api.ChangeNotificationListener
    public void handleDeleteOperation(PostResponseDeleteOperation postResponseDeleteOperation, Entry entry) {
        boolean z = false;
        boolean hasOperationalAttribute = entry.hasOperationalAttribute(AciHandler.aciType);
        if (!hasOperationalAttribute) {
            boolean hasAttribute = entry.hasAttribute(AciHandler.globalAciType);
            z = hasAttribute;
            if (!hasAttribute) {
                return;
            }
        }
        this.aciList.removeAci(entry, hasOperationalAttribute, z);
    }

    @Override // org.opends.server.api.ChangeNotificationListener
    public void handleAddOperation(PostResponseAddOperation postResponseAddOperation, Entry entry) {
        boolean z = false;
        LinkedList<Message> linkedList = new LinkedList<>();
        boolean hasOperationalAttribute = entry.hasOperationalAttribute(AciHandler.aciType);
        if (!hasOperationalAttribute) {
            boolean hasAttribute = entry.hasAttribute(AciHandler.globalAciType);
            z = hasAttribute;
            if (!hasAttribute) {
                return;
            }
        }
        this.aciList.addAci(entry, hasOperationalAttribute, z, linkedList);
    }

    @Override // org.opends.server.api.ChangeNotificationListener
    public void handleModifyOperation(PostResponseModifyOperation postResponseModifyOperation, Entry entry, Entry entry2) {
        boolean z = false;
        boolean z2 = false;
        Iterator<Modification> it = postResponseModifyOperation.getModifications().iterator();
        while (it.hasNext()) {
            AttributeType attributeType = it.next().getAttribute().getAttributeType();
            if (attributeType.equals(AciHandler.aciType)) {
                z = true;
            } else if (attributeType.equals(AciHandler.globalAciType)) {
                z2 = true;
            }
            if (z && z2) {
                break;
            }
        }
        if (z || z2) {
            this.aciList.modAciOldNewEntry(entry, entry2, z, z2);
        }
    }

    @Override // org.opends.server.api.ChangeNotificationListener
    public void handleModifyDNOperation(PostResponseModifyDNOperation postResponseModifyDNOperation, Entry entry, Entry entry2) {
        this.aciList.renameAci(entry.getDN(), entry2.getDN());
    }

    @Override // org.opends.server.api.BackendInitializationListener
    public void performBackendInitializationProcessing(Backend backend) {
        if (!backend.isIndexed(DirectoryServer.getAttributeType("aci", true), IndexType.PRESENCE)) {
            ErrorLogger.logError(AccessControlMessages.WARN_ACI_ATTRIBUTE_NOT_INDEXED.get(backend.getBackendID(), "aci"));
        }
        InternalClientConnection rootConnection = InternalClientConnection.getRootConnection();
        LinkedList<Message> linkedList = new LinkedList<>();
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(new Control(ServerConstants.OID_MANAGE_DSAIT_CONTROL, true));
        for (DN dn : backend.getBaseDNs()) {
            try {
                if (backend.entryExists(dn)) {
                    InternalSearchOperation internalSearchOperation = new InternalSearchOperation((ClientConnection) rootConnection, InternalClientConnection.nextOperationID(), InternalClientConnection.nextMessageID(), (List<Control>) arrayList, dn, SearchScope.WHOLE_SUBTREE, DereferencePolicy.NEVER_DEREF_ALIASES, 0, 0, false, aciFilter, attrs, (InternalSearchListener) null);
                    try {
                        backend.search(new LocalBackendSearchOperation(internalSearchOperation));
                        if (!internalSearchOperation.getSearchEntries().isEmpty()) {
                            int addAci = this.aciList.addAci(internalSearchOperation.getSearchEntries(), linkedList);
                            if (!linkedList.isEmpty()) {
                                logMsgsSetLockDownMode(linkedList);
                            }
                            ErrorLogger.logError(AccessControlMessages.INFO_ACI_ADD_LIST_ACIS.get(Integer.toString(addAci), String.valueOf(dn)));
                        }
                    } catch (Exception e) {
                        if (DebugLogger.debugEnabled()) {
                            TRACER.debugCaught(DebugLogLevel.ERROR, e);
                        }
                    }
                }
            } catch (Exception e2) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e2);
                }
            }
        }
    }

    @Override // org.opends.server.api.BackendInitializationListener
    public void performBackendFinalizationProcessing(Backend backend) {
        this.aciList.removeAci(backend);
    }

    @Override // org.opends.server.api.AlertGenerator
    public String getClassName() {
        return CLASS_NAME;
    }

    @Override // org.opends.server.api.AlertGenerator
    public DN getComponentEntryDN() {
        return this.configurationDN;
    }

    @Override // org.opends.server.api.AlertGenerator
    public LinkedHashMap<String, String> getAlerts() {
        LinkedHashMap<String, String> linkedHashMap = new LinkedHashMap<>();
        linkedHashMap.put(ServerConstants.ALERT_TYPE_ACCESS_CONTROL_PARSE_FAILED, ServerConstants.ALERT_DESCRIPTION_ACCESS_CONTROL_PARSE_FAILED);
        return linkedHashMap;
    }

    public void logMsgsSetLockDownMode(LinkedList<Message> linkedList) {
        Iterator<Message> it = linkedList.iterator();
        while (it.hasNext()) {
            ErrorLogger.logError(AccessControlMessages.WARN_ACI_SERVER_DECODE_FAILED.get(it.next()));
        }
        if (this.inLockDownMode) {
            return;
        }
        setLockDownMode();
    }

    private void setLockDownMode() {
        if (this.inLockDownMode) {
            return;
        }
        this.inLockDownMode = true;
        DirectoryServer.sendAlertNotification(this, ServerConstants.ALERT_TYPE_ACCESS_CONTROL_PARSE_FAILED, AccessControlMessages.WARN_ACI_ENTER_LOCKDOWN_MODE.get());
        DirectoryServer.setLockdownMode(true);
    }

    static {
        try {
            aciFilter = SearchFilter.createFilterFromString("(aci=*)");
        } catch (DirectoryException e) {
        }
        attrs.add("aci");
    }
}
