package org.opends.server.authorization.dseecompat;

import java.util.Iterator;
import java.util.LinkedList;
import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.opends.messages.AccessControlMessages;
import org.opends.server.core.DirectoryServer;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.Requests;
import org.opends.server.types.Attribute;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.LDAPURL;
import org.opends.server.types.SearchResultEntry;

/* JADX WARN: Classes with same name are omitted:
  input_file:embedded-opendj/opendj.zip:opendj/lib/opendj.jar:org/opends/server/authorization/dseecompat/UserAttr.class
 */
/* loaded from: input_file:embedded-opendj/opendj.zip:opendj/lib/org.openidentityplatform.opendj.opendj-server-legacy.jar:org/opends/server/authorization/dseecompat/UserAttr.class */
public class UserAttr implements KeywordBindRule {
    private final String attrStr;
    private final String attrVal;
    private final UserAttrType userAttrType;
    private final EnumBindRuleType type;
    private final ParentInheritance parentInheritance;

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:embedded-opendj/opendj.zip:opendj/lib/opendj.jar:org/opends/server/authorization/dseecompat/UserAttr$UserAttrType.class
     */
    /* loaded from: input_file:embedded-opendj/opendj.zip:opendj/lib/org.openidentityplatform.opendj.opendj-server-legacy.jar:org/opends/server/authorization/dseecompat/UserAttr$UserAttrType.class */
    public enum UserAttrType {
        USERDN,
        GROUPDN,
        ROLEDN,
        URL,
        VALUE;

        /* JADX INFO: Access modifiers changed from: private */
        public static UserAttrType getType(String str) throws AciException {
            return "userdn".equalsIgnoreCase(str) ? USERDN : "groupdn".equalsIgnoreCase(str) ? GROUPDN : "roledn".equalsIgnoreCase(str) ? ROLEDN : "ldapurl".equalsIgnoreCase(str) ? URL : VALUE;
        }
    }

    private UserAttr(String str, String str2, UserAttrType userAttrType, EnumBindRuleType enumBindRuleType) {
        this.attrStr = str;
        this.attrVal = str2;
        this.userAttrType = userAttrType;
        this.type = enumBindRuleType;
        this.parentInheritance = null;
    }

    private UserAttr(UserAttrType userAttrType, EnumBindRuleType enumBindRuleType, ParentInheritance parentInheritance) {
        this.attrStr = null;
        this.attrVal = null;
        this.userAttrType = userAttrType;
        this.type = enumBindRuleType;
        this.parentInheritance = parentInheritance;
    }

    public static KeywordBindRule decode(String str, EnumBindRuleType enumBindRuleType) throws AciException {
        String[] split = str.split("#");
        if (split.length != 2) {
            throw new AciException(AccessControlMessages.WARN_ACI_SYNTAX_INVALID_USERATTR_EXPRESSION.get(str));
        }
        UserAttrType type = UserAttrType.getType(split[1]);
        switch (type) {
            case GROUPDN:
            case USERDN:
                return new UserAttr(type, enumBindRuleType, new ParentInheritance(split[0], false));
            case ROLEDN:
                throw new AciException(AccessControlMessages.WARN_ACI_SYNTAX_ROLEDN_NOT_SUPPORTED.get(str));
            default:
                return new UserAttr(split[0], split[1], type, enumBindRuleType);
        }
    }

    @Override // org.opends.server.authorization.dseecompat.KeywordBindRule
    public EnumEvalResult evaluate(AciEvalContext aciEvalContext) {
        switch (this.userAttrType) {
            case GROUPDN:
            case USERDN:
            case ROLEDN:
                return evalDNKeywords(aciEvalContext);
            case URL:
                return evalURL(aciEvalContext);
            default:
                return evalVAL(aciEvalContext);
        }
    }

    private EnumEvalResult evalVAL(AciEvalContext aciEvalContext) {
        EnumEvalResult enumEvalResult = EnumEvalResult.FALSE;
        AttributeType attributeType = DirectoryServer.getInstance().getServerContext().getSchema().getAttributeType(this.attrStr);
        LinkedList<SearchResultEntry> searchEntries = InternalClientConnection.getRootConnection().processSearch(Requests.newSearchRequest(aciEvalContext.getClientDN(), SearchScope.BASE_OBJECT)).getSearchEntries();
        if (!searchEntries.isEmpty()) {
            ByteString valueOfUtf8 = ByteString.valueOfUtf8(this.attrVal);
            if (searchEntries.getFirst().hasValue(attributeType, valueOfUtf8) && aciEvalContext.getResourceEntry().hasValue(attributeType, valueOfUtf8)) {
                enumEvalResult = EnumEvalResult.TRUE;
            }
        }
        return enumEvalResult.getRet(this.type, false);
    }

    private EnumEvalResult evalURL(AciEvalContext aciEvalContext) {
        EnumEvalResult enumEvalResult = EnumEvalResult.FALSE;
        Iterator<Attribute> it = aciEvalContext.getResourceEntry().getAllAttributes(DirectoryServer.getInstance().getServerContext().getSchema().getAttributeType(this.attrStr)).iterator();
        while (it.hasNext()) {
            Iterator<ByteString> it2 = it.next().iterator();
            while (it2.hasNext()) {
                try {
                    enumEvalResult = UserDN.evalURL(aciEvalContext, LDAPURL.decode(it2.next().toString(), true));
                    if (enumEvalResult != EnumEvalResult.FALSE) {
                        break;
                    }
                } catch (LocalizedIllegalArgumentException | DirectoryException e) {
                }
            }
            if (enumEvalResult == EnumEvalResult.TRUE) {
                break;
            }
        }
        return enumEvalResult.getRet(this.type, enumEvalResult == EnumEvalResult.ERR);
    }

    private EnumEvalResult evalDNKeywords(AciEvalContext aciEvalContext) {
        boolean z = false;
        boolean z2 = false;
        int numLevels = this.parentInheritance.getNumLevels();
        int[] levels = this.parentInheritance.getLevels();
        AttributeType attributeType = this.parentInheritance.getAttributeType();
        DN baseDN = this.parentInheritance.getBaseDN();
        Entry resourceEntry = aciEvalContext.getResourceEntry();
        if (baseDN != null) {
            z = resourceEntry.hasAttribute(attributeType) && GroupDN.evaluate(resourceEntry, aciEvalContext, attributeType, baseDN);
        } else {
            int i = 0;
            while (true) {
                if (i >= numLevels) {
                    break;
                }
                if (levels[i] == 0) {
                    if (!aciEvalContext.isAddOperation()) {
                        if (resourceEntry.hasAttribute(attributeType) && evalEntryAttr(resourceEntry, aciEvalContext, attributeType)) {
                            z = true;
                            break;
                        }
                    } else {
                        z2 = true;
                    }
                    i++;
                } else {
                    DN parent = aciEvalContext.getResourceDN().parent(levels[i]);
                    if (parent == null) {
                        continue;
                    } else {
                        LinkedList<SearchResultEntry> searchEntries = InternalClientConnection.getRootConnection().processSearch(Requests.newSearchRequest(parent, SearchScope.BASE_OBJECT).addAttribute(this.parentInheritance.getAttrTypeStr())).getSearchEntries();
                        if (!searchEntries.isEmpty()) {
                            SearchResultEntry first = searchEntries.getFirst();
                            if (first.hasAttribute(attributeType) && evalEntryAttr(first, aciEvalContext, attributeType)) {
                                z = true;
                                break;
                            }
                        } else {
                            continue;
                        }
                    }
                    i++;
                }
            }
        }
        return (z ? EnumEvalResult.TRUE : EnumEvalResult.FALSE).getRet(this.type, z2);
    }

    private boolean evalEntryAttr(Entry entry, AciEvalContext aciEvalContext, AttributeType attributeType) {
        switch (this.userAttrType) {
            case GROUPDN:
                return GroupDN.evaluate(entry, aciEvalContext, attributeType, null);
            case USERDN:
                return UserDN.evaluate(entry, aciEvalContext.getClientDN(), attributeType);
            default:
                return false;
        }
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        toString(sb);
        return sb.toString();
    }

    @Override // org.opends.server.authorization.dseecompat.KeywordBindRule
    public final void toString(StringBuilder sb) {
        sb.append(super.toString());
    }
}
