package org.opends.server.workflowelement.localbackend;

import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizableMessageBuilder;
import org.forgerock.i18n.LocalizableMessageDescriptor;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.AVA;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.forgerock.opendj.ldap.schema.ObjectClass;
import org.forgerock.opendj.ldap.schema.Syntax;
import org.forgerock.opendj.server.config.server.SynchronizationProviderCfg;
import org.opends.messages.CoreMessages;
import org.opends.server.api.AccessControlHandler;
import org.opends.server.api.AuthenticationPolicy;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.LocalBackend;
import org.opends.server.api.PasswordStorageScheme;
import org.opends.server.api.PasswordValidator;
import org.opends.server.api.SynchronizationProvider;
import org.opends.server.config.ConfigConstants;
import org.opends.server.controls.LDAPAssertionRequestControl;
import org.opends.server.controls.LDAPPostReadRequestControl;
import org.opends.server.controls.PasswordPolicyErrorType;
import org.opends.server.controls.PasswordPolicyResponseControl;
import org.opends.server.core.AccessControlConfigManager;
import org.opends.server.core.AddOperation;
import org.opends.server.core.AddOperationWrapper;
import org.opends.server.core.BackendConfigManager;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.PasswordPolicy;
import org.opends.server.core.PersistentSearch;
import org.opends.server.core.ServerContext;
import org.opends.server.schema.AuthPasswordSyntax;
import org.opends.server.schema.UserPasswordSyntax;
import org.opends.server.types.AbstractOperation;
import org.opends.server.types.Attribute;
import org.opends.server.types.AttributeBuilder;
import org.opends.server.types.Attributes;
import org.opends.server.types.CanceledOperationException;
import org.opends.server.types.Control;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.LockManager;
import org.opends.server.types.Privilege;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.operation.PostOperationAddOperation;
import org.opends.server.types.operation.PostResponseAddOperation;
import org.opends.server.types.operation.PostSynchronizationAddOperation;
import org.opends.server.types.operation.PreOperationAddOperation;
import org.opends.server.util.CollectionUtils;
import org.opends.server.util.ServerConstants;
import org.opends.server.util.StaticUtils;
import org.opends.server.util.TimeThread;

/* JADX WARN: Classes with same name are omitted:
  input_file:embedded-opendj/opendj.zip:opendj/lib/opendj.jar:org/opends/server/workflowelement/localbackend/LocalBackendAddOperation.class
 */
/* loaded from: input_file:embedded-opendj/opendj.zip:opendj/lib/org.openidentityplatform.opendj.opendj-server-legacy.jar:org/opends/server/workflowelement/localbackend/LocalBackendAddOperation.class */
public class LocalBackendAddOperation extends AddOperationWrapper implements PreOperationAddOperation, PostOperationAddOperation, PostResponseAddOperation, PostSynchronizationAddOperation {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private LocalBackend<?> backend;
    private boolean noOp;
    private DN entryDN;
    private Entry entry;
    private LDAPPostReadRequestControl postReadRequest;
    private Map<ObjectClass, String> objectClasses;
    private Map<AttributeType, List<Attribute>> operationalAttributes;
    private Map<AttributeType, List<Attribute>> userAttributes;

    public LocalBackendAddOperation(AddOperation addOperation) {
        super(addOperation);
        LocalBackendWorkflowElement.attachLocalOperation(addOperation, this);
    }

    @Override // org.opends.server.types.operation.PreOperationAddOperation, org.opends.server.types.operation.PostOperationAddOperation, org.opends.server.types.operation.PostResponseAddOperation
    public final Entry getEntryToAdd() {
        return this.entry;
    }

    public void processLocalAdd(final LocalBackend<?> localBackend) throws CanceledOperationException {
        this.backend = localBackend;
        ClientConnection clientConnection = getClientConnection();
        checkIfCanceled(false);
        try {
            AtomicBoolean atomicBoolean = new AtomicBoolean(false);
            processAdd(clientConnection, atomicBoolean);
            if (isSynchronizationOperation()) {
                if (getResultCode() == ResultCode.SUCCESS) {
                    DirectoryServer.getPluginConfigManager().invokePostSynchronizationAddPlugins(this);
                }
            } else if (atomicBoolean.get() && !AbstractOperation.processOperationResult(this, DirectoryServer.getPluginConfigManager().invokePostOperationAddPlugins(this))) {
                return;
            }
            LocalBackendWorkflowElement.filterNonDisclosableMatchedDN(this);
            if (getResultCode() == ResultCode.SUCCESS) {
                registerPostResponseCallback(new Runnable() { // from class: org.opends.server.workflowelement.localbackend.LocalBackendAddOperation.1
                    @Override // java.lang.Runnable
                    public void run() {
                        Iterator<PersistentSearch> it = localBackend.getPersistentSearches().iterator();
                        while (it.hasNext()) {
                            it.next().processAdd(LocalBackendAddOperation.this.entry);
                        }
                    }
                });
            }
        } finally {
            LocalBackendWorkflowElement.filterNonDisclosableMatchedDN(this);
        }
    }

    private void processAdd(ClientConnection clientConnection, AtomicBoolean atomicBoolean) throws CanceledOperationException {
        this.entryDN = getEntryDN();
        if (this.entryDN == null) {
            return;
        }
        checkIfCanceled(false);
        LockManager.DNLock tryWriteLockEntry = DirectoryServer.getLockManager().tryWriteLockEntry(this.entryDN);
        try {
            try {
                if (tryWriteLockEntry == null) {
                    setResultCode(ResultCode.BUSY);
                    appendErrorMessage(CoreMessages.ERR_ADD_CANNOT_LOCK_ENTRY.get(this.entryDN));
                    if (tryWriteLockEntry != null) {
                        tryWriteLockEntry.unlock();
                    }
                    processSynchPostOperationPlugins();
                    return;
                }
                ServerContext serverContext = DirectoryServer.getInstance().getServerContext();
                BackendConfigManager backendConfigManager = serverContext.getBackendConfigManager();
                DN parentDNInSuffix = backendConfigManager.getParentDNInSuffix(this.entryDN);
                if (parentDNInSuffix == null && !backendConfigManager.containsLocalNamingContext(this.entryDN)) {
                    if (!this.entryDN.isRootDN()) {
                        throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, CoreMessages.ERR_ADD_ENTRY_NOT_SUFFIX.get(this.entryDN));
                    }
                    throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, CoreMessages.ERR_ADD_CANNOT_ADD_ROOT_DSE.get());
                }
                checkIfCanceled(false);
                Iterator<SynchronizationProvider<SynchronizationProviderCfg>> it = DirectoryServer.getSynchronizationProviders().iterator();
                while (it.hasNext()) {
                    try {
                        if (!AbstractOperation.processOperationResult(this, it.next().handleConflictResolution(this))) {
                            if (tryWriteLockEntry != null) {
                                tryWriteLockEntry.unlock();
                            }
                            processSynchPostOperationPlugins();
                            return;
                        }
                    } catch (DirectoryException e) {
                        logger.error((LocalizableMessageDescriptor.Arg3<LocalizableMessageDescriptor.Arg3<Number, Number, Object>, Long, Long>) CoreMessages.ERR_ADD_SYNCH_CONFLICT_RESOLUTION_FAILED, (LocalizableMessageDescriptor.Arg3<Number, Number, Object>) Long.valueOf(getConnectionID()), Long.valueOf(getOperationID()), (Long) StaticUtils.getExceptionMessage(e));
                        throw e;
                    }
                }
                this.objectClasses = getObjectClasses();
                this.userAttributes = getUserAttributes();
                this.operationalAttributes = getOperationalAttributes();
                if (this.objectClasses == null || this.userAttributes == null || this.operationalAttributes == null) {
                    if (tryWriteLockEntry != null) {
                        tryWriteLockEntry.unlock();
                    }
                    processSynchPostOperationPlugins();
                    return;
                }
                if (checkHasReadOnlyAttributes(this.userAttributes) || checkHasReadOnlyAttributes(this.operationalAttributes)) {
                    if (tryWriteLockEntry != null) {
                        tryWriteLockEntry.unlock();
                    }
                    processSynchPostOperationPlugins();
                    return;
                }
                if (DirectoryServer.entryExists(this.entryDN)) {
                    setResultCodeAndMessageNoInfoDisclosure(this.entryDN, ResultCode.ENTRY_ALREADY_EXISTS, CoreMessages.ERR_ADD_ENTRY_ALREADY_EXISTS.get(this.entryDN));
                    if (tryWriteLockEntry != null) {
                        tryWriteLockEntry.unlock();
                    }
                    processSynchPostOperationPlugins();
                    return;
                }
                Entry entry = null;
                if (parentDNInSuffix != null) {
                    entry = DirectoryServer.getEntry(parentDNInSuffix);
                    if (entry == null) {
                        DN findMatchedDN = LocalBackendWorkflowElement.findMatchedDN(parentDNInSuffix);
                        setMatchedDN(findMatchedDN);
                        if (findMatchedDN != null) {
                            setResultCodeAndMessageNoInfoDisclosure(findMatchedDN, ResultCode.NO_SUCH_OBJECT, CoreMessages.ERR_ADD_NO_PARENT.get(this.entryDN, parentDNInSuffix));
                        } else {
                            setResultCode(ResultCode.NO_SUCH_OBJECT);
                            appendErrorMessage(CoreMessages.ERR_ADD_NO_PARENT.get(this.entryDN, parentDNInSuffix));
                        }
                        if (tryWriteLockEntry != null) {
                            tryWriteLockEntry.unlock();
                        }
                        processSynchPostOperationPlugins();
                        return;
                    }
                }
                addRDNAttributesIfNecessary();
                StaticUtils.addSuperiorObjectClasses(this.objectClasses);
                this.entry = new Entry(this.entryDN, this.objectClasses, this.userAttributes, this.operationalAttributes);
                if (this.entry.hasAttribute(serverContext.getSchema().getAttributeType(ConfigConstants.OP_ATTR_PRIVILEGE_NAME)) && !clientConnection.hasPrivilege(Privilege.PRIVILEGE_CHANGE, this)) {
                    appendErrorMessage(CoreMessages.ERR_ADD_CHANGE_PRIVILEGE_INSUFFICIENT_PRIVILEGES.get());
                    setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
                    if (tryWriteLockEntry != null) {
                        tryWriteLockEntry.unlock();
                    }
                    processSynchPostOperationPlugins();
                    return;
                }
                if (!isSynchronizationOperation()) {
                    handlePasswordPolicy();
                }
                if (DirectoryServer.getCoreConfigManager().isCheckSchema() && !isSynchronizationOperation()) {
                    checkSchema(entry);
                }
                if (this.backend == null) {
                    setResultCode(ResultCode.NO_SUCH_OBJECT);
                    appendErrorMessage(LocalizableMessage.raw("No backend for entry " + this.entryDN, new Object[0]));
                    if (tryWriteLockEntry != null) {
                        tryWriteLockEntry.unlock();
                    }
                    processSynchPostOperationPlugins();
                    return;
                }
                processControls(parentDNInSuffix);
                try {
                    if (!getAccessControlHandler().isAllowed(this)) {
                        setResultCodeAndMessageNoInfoDisclosure(this.entryDN, ResultCode.INSUFFICIENT_ACCESS_RIGHTS, CoreMessages.ERR_ADD_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS.get(this.entryDN));
                        if (tryWriteLockEntry != null) {
                            tryWriteLockEntry.unlock();
                        }
                        processSynchPostOperationPlugins();
                        return;
                    }
                    checkIfCanceled(false);
                    if (!isSynchronizationOperation()) {
                        atomicBoolean.set(true);
                        if (!AbstractOperation.processOperationResult(this, DirectoryServer.getPluginConfigManager().invokePreOperationAddPlugins(this))) {
                            if (tryWriteLockEntry != null) {
                                tryWriteLockEntry.unlock();
                            }
                            processSynchPostOperationPlugins();
                            return;
                        }
                    }
                    LocalBackendWorkflowElement.checkIfBackendIsWritable(this.backend, this, this.entryDN, CoreMessages.ERR_ADD_SERVER_READONLY, CoreMessages.ERR_ADD_BACKEND_READONLY);
                    if (this.noOp) {
                        appendErrorMessage(CoreMessages.INFO_ADD_NOOP.get());
                        setResultCode(ResultCode.NO_OPERATION);
                    } else {
                        Iterator<SynchronizationProvider<SynchronizationProviderCfg>> it2 = DirectoryServer.getSynchronizationProviders().iterator();
                        while (it2.hasNext()) {
                            try {
                                if (!AbstractOperation.processOperationResult(this, it2.next().doPreOperation(this))) {
                                    if (tryWriteLockEntry != null) {
                                        tryWriteLockEntry.unlock();
                                    }
                                    processSynchPostOperationPlugins();
                                    return;
                                }
                            } catch (DirectoryException e2) {
                                logger.error((LocalizableMessageDescriptor.Arg3<LocalizableMessageDescriptor.Arg3<Number, Number, Object>, Long, Long>) CoreMessages.ERR_ADD_SYNCH_PREOP_FAILED, (LocalizableMessageDescriptor.Arg3<Number, Number, Object>) Long.valueOf(getConnectionID()), Long.valueOf(getOperationID()), (Long) StaticUtils.getExceptionMessage(e2));
                                throw e2;
                            }
                        }
                        this.backend.addEntry(this.entry, this);
                    }
                    LocalBackendWorkflowElement.addPostReadResponse(this, this.postReadRequest, this.entry);
                    if (!this.noOp) {
                        setResultCode(ResultCode.SUCCESS);
                    }
                    if (tryWriteLockEntry != null) {
                        tryWriteLockEntry.unlock();
                    }
                    processSynchPostOperationPlugins();
                } catch (DirectoryException e3) {
                    setResultCode(e3.getResultCode());
                    appendErrorMessage(e3.getMessageObject());
                    if (tryWriteLockEntry != null) {
                        tryWriteLockEntry.unlock();
                    }
                    processSynchPostOperationPlugins();
                }
            } catch (DirectoryException e4) {
                logger.traceException(e4);
                setResponseData(e4);
                if (tryWriteLockEntry != null) {
                    tryWriteLockEntry.unlock();
                }
                processSynchPostOperationPlugins();
            }
        } catch (Throwable th) {
            if (tryWriteLockEntry != null) {
                tryWriteLockEntry.unlock();
            }
            processSynchPostOperationPlugins();
            throw th;
        }
    }

    private void processSynchPostOperationPlugins() {
        Iterator<SynchronizationProvider<SynchronizationProviderCfg>> it = DirectoryServer.getSynchronizationProviders().iterator();
        while (it.hasNext()) {
            try {
                it.next().doPostOperation(this);
            } catch (DirectoryException e) {
                logger.traceException(e);
                logger.error((LocalizableMessageDescriptor.Arg3<LocalizableMessageDescriptor.Arg3<Number, Number, Object>, Long, Long>) CoreMessages.ERR_ADD_SYNCH_POSTOP_FAILED, (LocalizableMessageDescriptor.Arg3<Number, Number, Object>) Long.valueOf(getConnectionID()), Long.valueOf(getOperationID()), (Long) StaticUtils.getExceptionMessage(e));
                setResponseData(e);
                return;
            }
        }
    }

    private boolean checkHasReadOnlyAttributes(Map<AttributeType, List<Attribute>> map) throws DirectoryException {
        for (AttributeType attributeType : map.keySet()) {
            if (attributeType.isNoUserModification() && !isInternalOperation() && !isSynchronizationOperation()) {
                setResultCodeAndMessageNoInfoDisclosure(this.entryDN, ResultCode.CONSTRAINT_VIOLATION, CoreMessages.ERR_ADD_ATTR_IS_NO_USER_MOD.get(this.entryDN, attributeType.getNameOrOID()));
                return true;
            }
        }
        return false;
    }

    private DirectoryException newDirectoryException(DN dn, ResultCode resultCode, LocalizableMessage localizableMessage) throws DirectoryException {
        return LocalBackendWorkflowElement.newDirectoryException(this, null, dn, resultCode, localizableMessage, ResultCode.INSUFFICIENT_ACCESS_RIGHTS, CoreMessages.ERR_ADD_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS.get(dn));
    }

    private void setResultCodeAndMessageNoInfoDisclosure(DN dn, ResultCode resultCode, LocalizableMessage localizableMessage) throws DirectoryException {
        LocalBackendWorkflowElement.setResultCodeAndMessageNoInfoDisclosure(this, null, dn, resultCode, localizableMessage, ResultCode.INSUFFICIENT_ACCESS_RIGHTS, CoreMessages.ERR_ADD_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS.get(dn));
    }

    private void addRDNAttributesIfNecessary() throws DirectoryException {
        Iterator<AVA> it = this.entryDN.rdn().iterator();
        while (it.hasNext()) {
            AVA next = it.next();
            addRDNAttributesIfNecessary(next.getAttributeType().isOperational() ? this.operationalAttributes : this.userAttributes, next);
        }
    }

    private void addRDNAttributesIfNecessary(Map<AttributeType, List<Attribute>> map, AVA ava) throws DirectoryException {
        AttributeType attributeType = ava.getAttributeType();
        String attributeName = ava.getAttributeName();
        ByteString attributeValue = ava.getAttributeValue();
        List<Attribute> list = map.get(attributeType);
        if (list == null) {
            if (!isSynchronizationOperation() && !DirectoryServer.getCoreConfigManager().isAddMissingRDNAttributes()) {
                throw newDirectoryException(this.entryDN, ResultCode.CONSTRAINT_VIOLATION, CoreMessages.ERR_ADD_MISSING_RDN_ATTRIBUTE.get(this.entryDN, attributeName));
            }
            map.put(attributeType, CollectionUtils.newArrayList(Attributes.create(attributeType, attributeName, attributeValue)));
            return;
        }
        for (int i = 0; i < list.size(); i++) {
            Attribute attribute = list.get(i);
            if (!attribute.getAttributeDescription().hasOptions()) {
                if (attribute.contains(attributeValue)) {
                    return;
                }
                AttributeBuilder attributeBuilder = new AttributeBuilder(attribute);
                attributeBuilder.add(attributeValue);
                list.set(i, attributeBuilder.toAttribute());
                return;
            }
        }
        if (!isSynchronizationOperation() && !DirectoryServer.getCoreConfigManager().isAddMissingRDNAttributes()) {
            throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, CoreMessages.ERR_ADD_MISSING_RDN_ATTRIBUTE.get(this.entryDN, attributeName));
        }
        list.add(Attributes.create(attributeType, attributeName, attributeValue));
    }

    private final void handlePasswordPolicy() throws DirectoryException {
        Entry duplicate = this.entry.duplicate(true);
        AuthenticationPolicy forUser = AuthenticationPolicy.forUser(duplicate, false);
        if (forUser.isPasswordPolicy()) {
            PasswordPolicy passwordPolicy = (PasswordPolicy) forUser;
            AttributeType passwordAttribute = passwordPolicy.getPasswordAttribute();
            List<Attribute> allAttributes = this.entry.getAllAttributes(passwordAttribute);
            if (allAttributes.isEmpty()) {
                return;
            }
            if (allAttributes.size() > 1) {
                throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, CoreMessages.ERR_PWPOLICY_ATTRIBUTE_OPTIONS_NOT_ALLOWED.get(passwordAttribute.getNameOrOID()));
            }
            Attribute attribute = allAttributes.get(0);
            if (attribute.getAttributeDescription().hasOptions()) {
                throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, CoreMessages.ERR_PWPOLICY_ATTRIBUTE_OPTIONS_NOT_ALLOWED.get(passwordAttribute.getNameOrOID()));
            }
            if (attribute.isEmpty()) {
                return;
            }
            if (!isInternalOperation() && !passwordPolicy.isAllowMultiplePasswordValues() && attribute.size() > 1) {
                addPWPolicyControl(PasswordPolicyErrorType.PASSWORD_MOD_NOT_ALLOWED);
                throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, CoreMessages.ERR_PWPOLICY_MULTIPLE_PW_VALUES_NOT_ALLOWED.get(passwordAttribute.getNameOrOID()));
            }
            List<PasswordStorageScheme<?>> defaultPasswordStorageSchemes = passwordPolicy.getDefaultPasswordStorageSchemes();
            AttributeBuilder attributeBuilder = new AttributeBuilder(attribute.getAttributeDescription());
            for (ByteString byteString : attribute) {
                if (!(passwordPolicy.isAuthPasswordSyntax() ? AuthPasswordSyntax.isEncoded(byteString) : UserPasswordSyntax.isEncoded(byteString))) {
                    if (!passwordPolicy.isSkipValidationForAdministrators()) {
                        HashSet hashSet = new HashSet(0);
                        LocalizableMessageBuilder localizableMessageBuilder = new LocalizableMessageBuilder();
                        duplicate.removeAttribute(passwordAttribute);
                        Iterator<PasswordValidator<?>> it = passwordPolicy.getPasswordValidators().iterator();
                        while (it.hasNext()) {
                            if (!it.next().passwordIsAcceptable(byteString, hashSet, this, duplicate, localizableMessageBuilder)) {
                                addPWPolicyControl(PasswordPolicyErrorType.INSUFFICIENT_PASSWORD_QUALITY);
                                throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, CoreMessages.ERR_PWPOLICY_VALIDATION_FAILED.get(passwordAttribute.getNameOrOID(), localizableMessageBuilder));
                            }
                        }
                    }
                    if (passwordPolicy.isAuthPasswordSyntax()) {
                        Iterator<PasswordStorageScheme<?>> it2 = defaultPasswordStorageSchemes.iterator();
                        while (it2.hasNext()) {
                            attributeBuilder.add(it2.next().encodeAuthPassword(byteString));
                        }
                    } else {
                        Iterator<PasswordStorageScheme<?>> it3 = defaultPasswordStorageSchemes.iterator();
                        while (it3.hasNext()) {
                            attributeBuilder.add(it3.next().encodePasswordWithScheme(byteString));
                        }
                    }
                } else {
                    if (!isInternalOperation() && !passwordPolicy.isAllowPreEncodedPasswords()) {
                        addPWPolicyControl(PasswordPolicyErrorType.INSUFFICIENT_PASSWORD_QUALITY);
                        throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, CoreMessages.ERR_PWPOLICY_PREENCODED_NOT_ALLOWED.get(passwordAttribute.getNameOrOID()));
                    }
                    attributeBuilder.add(byteString);
                }
            }
            this.entry.replaceAttribute(attributeBuilder.toAttribute());
            Attribute create = Attributes.create(ConfigConstants.OP_ATTR_PWPOLICY_CHANGED_TIME, TimeThread.getGeneralizedTime());
            this.entry.putAttribute(create.getAttributeDescription().getAttributeType(), CollectionUtils.newArrayList(create));
            if (passwordPolicy.isForceChangeOnAdd()) {
                addPWPolicyControl(PasswordPolicyErrorType.CHANGE_AFTER_RESET);
                Attribute create2 = Attributes.create(ConfigConstants.OP_ATTR_PWPOLICY_RESET_REQUIRED, "TRUE");
                this.entry.putAttribute(create2.getAttributeDescription().getAttributeType(), CollectionUtils.newArrayList(create2));
            }
        }
    }

    private void addPWPolicyControl(PasswordPolicyErrorType passwordPolicyErrorType) {
        Iterator<Control> it = getRequestControls().iterator();
        while (it.hasNext()) {
            if ("1.3.6.1.4.1.42.2.27.8.5.1".equals(it.next().getOID())) {
                addResponseControl(new PasswordPolicyResponseControl(null, 0, passwordPolicyErrorType));
            }
        }
    }

    private void checkSchema(Entry entry) throws DirectoryException {
        LocalizableMessageBuilder localizableMessageBuilder = new LocalizableMessageBuilder();
        if (!this.entry.conformsToSchema(entry, true, true, true, localizableMessageBuilder)) {
            throw new DirectoryException(ResultCode.OBJECTCLASS_VIOLATION, localizableMessageBuilder.toMessage());
        }
        LocalizableMessageBuilder localizableMessageBuilder2 = new LocalizableMessageBuilder();
        checkAttributesConformToSyntax(localizableMessageBuilder2, this.userAttributes);
        checkAttributesConformToSyntax(localizableMessageBuilder2, this.operationalAttributes);
        for (AttributeType attributeType : this.userAttributes.keySet()) {
            if (attributeType.isObsolete()) {
                throw newDirectoryException(this.entryDN, ResultCode.CONSTRAINT_VIOLATION, CoreMessages.WARN_ADD_ATTR_IS_OBSOLETE.get(this.entryDN, attributeType.getNameOrOID()));
            }
        }
        for (AttributeType attributeType2 : this.operationalAttributes.keySet()) {
            if (attributeType2.isObsolete()) {
                throw newDirectoryException(this.entryDN, ResultCode.CONSTRAINT_VIOLATION, CoreMessages.WARN_ADD_ATTR_IS_OBSOLETE.get(this.entryDN, attributeType2.getNameOrOID()));
            }
        }
        for (ObjectClass objectClass : this.objectClasses.keySet()) {
            if (objectClass.isObsolete()) {
                throw newDirectoryException(this.entryDN, ResultCode.CONSTRAINT_VIOLATION, CoreMessages.WARN_ADD_OC_IS_OBSOLETE.get(this.entryDN, objectClass.getNameOrOID()));
            }
        }
    }

    private void checkAttributesConformToSyntax(LocalizableMessageBuilder localizableMessageBuilder, Map<AttributeType, List<Attribute>> map) throws DirectoryException {
        Iterator<List<Attribute>> it = map.values().iterator();
        while (it.hasNext()) {
            for (Attribute attribute : it.next()) {
                Syntax syntax = attribute.getAttributeDescription().getAttributeType().getSyntax();
                if (syntax != null) {
                    for (ByteString byteString : attribute) {
                        if (!syntax.valueIsAcceptable(byteString, localizableMessageBuilder)) {
                            LocalizableMessage localizableMessage = (!syntax.isHumanReadable() || syntax.isBEREncodingRequired()) ? CoreMessages.WARN_ADD_OP_INVALID_SYNTAX_NO_VALUE.get(this.entryDN, attribute.getAttributeDescription(), localizableMessageBuilder) : CoreMessages.WARN_ADD_OP_INVALID_SYNTAX.get(this.entryDN, byteString, attribute.getAttributeDescription(), localizableMessageBuilder);
                            switch (DirectoryServer.getCoreConfigManager().getSyntaxEnforcementPolicy()) {
                                case REJECT:
                                    throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, localizableMessage);
                                case WARN:
                                    logger.error(localizableMessage);
                                    break;
                            }
                        }
                    }
                }
            }
        }
    }

    private void processControls(DN dn) throws DirectoryException {
        LocalBackendWorkflowElement.evaluateProxyAuthControls(this);
        LocalBackendWorkflowElement.removeAllDisallowedControls(dn, this);
        for (Control control : getRequestControls()) {
            String oid = control.getOID();
            if ("1.3.6.1.1.12".equals(oid)) {
                try {
                    SearchFilter searchFilter = ((LDAPAssertionRequestControl) getRequestControl(LDAPAssertionRequestControl.DECODER)).getSearchFilter();
                    if (!getAccessControlHandler().isAllowed(this, this.entry, searchFilter)) {
                        throw new DirectoryException(ResultCode.INSUFFICIENT_ACCESS_RIGHTS, CoreMessages.ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
                    }
                    try {
                        if (!searchFilter.matchesEntry(this.entry)) {
                            throw newDirectoryException(this.entryDN, ResultCode.ASSERTION_FAILED, CoreMessages.ERR_ADD_ASSERTION_FAILED.get(this.entryDN));
                        }
                    } catch (DirectoryException e) {
                        if (e.getResultCode() == ResultCode.ASSERTION_FAILED) {
                            throw e;
                        }
                        logger.traceException(e);
                        throw newDirectoryException(this.entryDN, e.getResultCode(), CoreMessages.ERR_ADD_CANNOT_PROCESS_ASSERTION_FILTER.get(this.entryDN, e.getMessageObject()));
                    }
                } catch (DirectoryException e2) {
                    logger.traceException(e2);
                    throw newDirectoryException(this.entryDN, e2.getResultCode(), CoreMessages.ERR_ADD_CANNOT_PROCESS_ASSERTION_FILTER.get(this.entryDN, e2.getMessageObject()));
                }
            } else if (ServerConstants.OID_LDAP_NOOP_OPENLDAP_ASSIGNED.equals(oid)) {
                this.noOp = true;
            } else if ("1.3.6.1.1.13.2".equals(oid)) {
                this.postReadRequest = (LDAPPostReadRequestControl) getRequestControl(LDAPPostReadRequestControl.DECODER);
            } else if (!LocalBackendWorkflowElement.isProxyAuthzControl(oid) && !"1.3.6.1.4.1.42.2.27.8.5.1".equals(oid) && control.isCritical() && !this.backend.supportsControl(oid)) {
                throw newDirectoryException(this.entryDN, ResultCode.UNAVAILABLE_CRITICAL_EXTENSION, CoreMessages.ERR_ADD_UNSUPPORTED_CRITICAL_CONTROL.get(this.entryDN, oid));
            }
        }
    }

    private AccessControlHandler<?> getAccessControlHandler() {
        return AccessControlConfigManager.getInstance().getAccessControlHandler();
    }
}
