package org.apache.directory.server.core.authz.support;

import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import javax.naming.directory.SearchControls;
import org.apache.directory.server.core.authn.AuthenticationInterceptor;
import org.apache.directory.server.core.authz.AciAuthorizationInterceptor;
import org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor;
import org.apache.directory.server.core.event.EventInterceptor;
import org.apache.directory.server.core.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.interceptor.context.OperationContext;
import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.normalization.NormalizationInterceptor;
import org.apache.directory.server.core.operational.OperationalAttributeInterceptor;
import org.apache.directory.server.core.schema.SchemaInterceptor;
import org.apache.directory.server.core.subtree.SubentryInterceptor;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.entry.ServerEntry;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.filter.ExprNode;
import org.apache.directory.shared.ldap.filter.PresenceNode;
import org.apache.directory.shared.ldap.message.AliasDerefMode;
import org.apache.directory.shared.ldap.name.DN;
import org.apache.directory.shared.ldap.schema.SchemaManager;

/* loaded from: input_file:org/apache/directory/server/core/authz/support/MaxImmSubFilter.class */
public class MaxImmSubFilter implements ACITupleFilter {
    private final ExprNode childrenFilter = new PresenceNode(SchemaConstants.OBJECT_CLASS_AT);
    private final SearchControls childrenSearchControls = new SearchControls();
    public static final Collection<String> SEARCH_BYPASS;

    public MaxImmSubFilter() {
        this.childrenSearchControls.setSearchScope(1);
    }

    @Override // org.apache.directory.server.core.authz.support.ACITupleFilter
    public Collection<ACITuple> filter(SchemaManager schemaManager, Collection<ACITuple> collection, OperationScope operationScope, OperationContext operationContext, Collection<DN> collection2, DN dn, ServerEntry serverEntry, AuthenticationLevel authenticationLevel, DN dn2, String str, Value<?> value, ServerEntry serverEntry2, Collection<MicroOperation> collection3, ServerEntry serverEntry3) throws Exception {
        if (dn2.size() != 0 && collection.size() != 0 && operationScope == OperationScope.ENTRY) {
            int i = -1;
            Iterator<ACITuple> it = collection.iterator();
            while (it.hasNext()) {
                ACITuple next = it.next();
                if (next.isGrant()) {
                    Iterator<ProtectedItem> it2 = next.getProtectedItems().iterator();
                    while (true) {
                        if (it2.hasNext()) {
                            ProtectedItem next2 = it2.next();
                            if (next2 instanceof ProtectedItem.MaxImmSub) {
                                if (i < 0) {
                                    i = getImmSubCount(schemaManager, operationContext, dn2);
                                }
                                if (i >= ((ProtectedItem.MaxImmSub) next2).getValue()) {
                                    it.remove();
                                    break;
                                }
                            }
                        }
                    }
                }
            }
            return collection;
        }
        return collection;
    }

    private int getImmSubCount(SchemaManager schemaManager, OperationContext operationContext, DN dn) throws Exception {
        int i = 0;
        EntryFilteringCursor entryFilteringCursor = null;
        try {
            SearchOperationContext searchOperationContext = new SearchOperationContext(operationContext.getSession(), dn.getPrefix(1), this.childrenFilter, this.childrenSearchControls);
            searchOperationContext.setByPassed(SEARCH_BYPASS);
            searchOperationContext.setAliasDerefMode(AliasDerefMode.DEREF_ALWAYS);
            entryFilteringCursor = operationContext.getSession().getDirectoryService().getOperationManager().search(searchOperationContext);
            while (entryFilteringCursor.next()) {
                entryFilteringCursor.get();
                i++;
            }
            if (entryFilteringCursor != null) {
                entryFilteringCursor.close();
            }
            return i;
        } catch (Throwable th) {
            if (entryFilteringCursor != null) {
                entryFilteringCursor.close();
            }
            throw th;
        }
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add(NormalizationInterceptor.class.getName());
        hashSet.add(AuthenticationInterceptor.class.getName());
        hashSet.add(AciAuthorizationInterceptor.class.getName());
        hashSet.add(DefaultAuthorizationInterceptor.class.getName());
        hashSet.add(OperationalAttributeInterceptor.class.getName());
        hashSet.add(SchemaInterceptor.class.getName());
        hashSet.add(SubentryInterceptor.class.getName());
        hashSet.add(EventInterceptor.class.getName());
        SEARCH_BYPASS = Collections.unmodifiableCollection(hashSet);
    }
}
