package org.opends.server.authorization.dseecompat;

import java.net.InetAddress;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.forgerock.i18n.LocalizableMessageDescriptor;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.opends.messages.AccessControlMessages;
import org.opends.server.util.StaticUtils;
import org.slf4j.Marker;

/* loaded from: input_file:WEB-INF/lib/opendj.jar:org/opends/server/authorization/dseecompat/DNS.class */
public class DNS implements KeywordBindRule {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private final List<String> patterns;
    private final EnumBindRuleType type;
    private static final String valueRegex = "([a-zA-Z0-9\\.\\-\\*]+)";
    private static final String valuesRegExGroup = "([a-zA-Z0-9\\.\\-\\*]+)\\s*(,\\s*([a-zA-Z0-9\\.\\-\\*]+))*";

    DNS(List<String> list, EnumBindRuleType enumBindRuleType) {
        this.patterns = list;
        this.type = enumBindRuleType;
    }

    public static DNS decode(String str, EnumBindRuleType enumBindRuleType) throws AciException {
        if (!Pattern.matches(valuesRegExGroup, str)) {
            throw new AciException(AccessControlMessages.WARN_ACI_SYNTAX_INVALID_DNS_EXPRESSION.get(str));
        }
        LinkedList linkedList = new LinkedList();
        Matcher matcher = Pattern.compile(valueRegex).matcher(str);
        while (matcher.find()) {
            String group = matcher.group(1);
            String[] split = group.split("\\.", -1);
            int length = split.length;
            for (int i = 1; i < length; i++) {
                if (Marker.ANY_MARKER.equals(split[i])) {
                    throw new AciException(AccessControlMessages.WARN_ACI_SYNTAX_INVALID_DNS_WILDCARD.get(str));
                }
            }
            if (!group.contains(Marker.ANY_MARKER)) {
                try {
                    for (InetAddress inetAddress : InetAddress.getAllByName(group)) {
                        String canonicalHostName = inetAddress.getCanonicalHostName();
                        if (!group.equalsIgnoreCase(canonicalHostName)) {
                            if (!"localhost".equalsIgnoreCase(group) || linkedList.contains(canonicalHostName)) {
                                logger.warn((LocalizableMessageDescriptor.Arg4<LocalizableMessageDescriptor.Arg4<Object, Object, Object, Object>, String, String, String>) AccessControlMessages.WARN_ACI_HOSTNAME_DOESNT_MATCH_CANONICAL_VALUE, (LocalizableMessageDescriptor.Arg4<Object, Object, Object, Object>) str, group, inetAddress.getHostAddress(), inetAddress.getCanonicalHostName());
                            } else {
                                linkedList.add(canonicalHostName);
                                logger.warn((LocalizableMessageDescriptor.Arg3<LocalizableMessageDescriptor.Arg3<Object, Object, Object>, String, String>) AccessControlMessages.WARN_ACI_LOCALHOST_DOESNT_MATCH_CANONICAL_VALUE, (LocalizableMessageDescriptor.Arg3<Object, Object, Object>) str, group, canonicalHostName);
                            }
                        }
                    }
                } catch (Exception e) {
                    logger.traceException(e);
                    logger.warn((LocalizableMessageDescriptor.Arg3<LocalizableMessageDescriptor.Arg3<Object, Object, Object>, String, String>) AccessControlMessages.WARN_ACI_ERROR_CHECKING_CANONICAL_HOSTNAME, (LocalizableMessageDescriptor.Arg3<Object, Object, Object>) group, str, (String) StaticUtils.getExceptionMessage(e));
                }
            }
            linkedList.add(group);
        }
        return new DNS(linkedList, enumBindRuleType);
    }

    @Override // org.opends.server.authorization.dseecompat.KeywordBindRule
    public EnumEvalResult evaluate(AciEvalContext aciEvalContext) {
        EnumEvalResult enumEvalResult = EnumEvalResult.FALSE;
        String[] split = aciEvalContext.getHostName().split("\\.", -1);
        Iterator<String> it = this.patterns.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (evalHostName(split, it.next().split("\\.", -1))) {
                enumEvalResult = EnumEvalResult.TRUE;
                break;
            }
        }
        return enumEvalResult.getRet(this.type, false);
    }

    boolean evalHostName(String[] strArr, String[] strArr2) {
        int i;
        boolean equals = Marker.ANY_MARKER.equals(strArr2[0]);
        if (strArr2.length == 1 && equals) {
            return true;
        }
        int length = strArr.length - strArr2.length;
        if (length < 0) {
            return false;
        }
        int i2 = 0;
        if (equals) {
            i2 = 1;
            i = length + 1;
        } else {
            i = 0;
        }
        for (int i3 = i; i3 < strArr.length; i3++) {
            int i4 = i2;
            i2++;
            if (!strArr2[i4].equalsIgnoreCase(strArr[i3])) {
                return false;
            }
        }
        return true;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        toString(sb);
        return sb.toString();
    }

    @Override // org.opends.server.authorization.dseecompat.KeywordBindRule
    public final void toString(StringBuilder sb) {
        sb.append(super.toString());
    }
}
