package org.opends.server.workflowelement.localbackend;

import java.util.Iterator;
import java.util.concurrent.atomic.AtomicBoolean;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.AttributeDescription;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.messages.CoreMessages;
import org.opends.server.api.AccessControlHandler;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.LocalBackend;
import org.opends.server.backends.ConfigurationBackend;
import org.opends.server.controls.LDAPAssertionRequestControl;
import org.opends.server.core.AccessControlConfigManager;
import org.opends.server.core.CompareOperation;
import org.opends.server.core.CompareOperationWrapper;
import org.opends.server.core.DirectoryServer;
import org.opends.server.types.AbstractOperation;
import org.opends.server.types.Attribute;
import org.opends.server.types.CanceledOperationException;
import org.opends.server.types.Control;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.Privilege;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.operation.PostOperationCompareOperation;
import org.opends.server.types.operation.PostResponseCompareOperation;
import org.opends.server.types.operation.PreOperationCompareOperation;
import org.opends.server.util.CollectionUtils;

/* loaded from: input_file:WEB-INF/lib/opendj.jar:org/opends/server/workflowelement/localbackend/LocalBackendCompareOperation.class */
public class LocalBackendCompareOperation extends CompareOperationWrapper implements PreOperationCompareOperation, PostOperationCompareOperation, PostResponseCompareOperation {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private LocalBackend<?> backend;
    private ClientConnection clientConnection;
    private DN entryDN;
    private Entry entry;

    public LocalBackendCompareOperation(CompareOperation compareOperation) {
        super(compareOperation);
        LocalBackendWorkflowElement.attachLocalOperation(compareOperation, this);
    }

    @Override // org.opends.server.types.operation.PreOperationCompareOperation, org.opends.server.types.operation.PostOperationCompareOperation, org.opends.server.types.operation.PostResponseCompareOperation
    public Entry getEntryToCompare() {
        return this.entry;
    }

    public void processLocalCompare(LocalBackend<?> localBackend) throws CanceledOperationException {
        this.backend = localBackend;
        this.clientConnection = getClientConnection();
        checkIfCanceled(false);
        try {
            AtomicBoolean atomicBoolean = new AtomicBoolean(false);
            processCompare(atomicBoolean);
            checkIfCanceled(false);
            if (atomicBoolean.get()) {
                AbstractOperation.processOperationResult(this, DirectoryServer.getPluginConfigManager().invokePostOperationComparePlugins(this));
            }
        } finally {
            LocalBackendWorkflowElement.filterNonDisclosableMatchedDN(this);
        }
    }

    private void processCompare(AtomicBoolean atomicBoolean) throws CanceledOperationException {
        this.entryDN = getEntryDN();
        if (this.entryDN == null) {
            return;
        }
        if (DirectoryServer.getInstance().getServerContext().getBackendConfigManager().getLocalBackendById(ConfigurationBackend.CONFIG_BACKEND_ID).handlesEntry(this.entryDN) && !this.clientConnection.hasPrivilege(Privilege.CONFIG_READ, this)) {
            appendErrorMessage(CoreMessages.ERR_COMPARE_CONFIG_INSUFFICIENT_PRIVILEGES.get());
            setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
            return;
        }
        checkIfCanceled(false);
        try {
            try {
                this.entry = DirectoryServer.getEntry(this.entryDN);
                if (this.entry == null) {
                    setResultCode(ResultCode.NO_SUCH_OBJECT);
                    appendErrorMessage(CoreMessages.ERR_COMPARE_NO_SUCH_ENTRY.get(this.entryDN));
                    setMatchedDN(LocalBackendWorkflowElement.findMatchedDN(this.entryDN));
                    return;
                }
                handleRequestControls();
                try {
                    if (!getAccessControlHandler().isAllowed(this)) {
                        setResultCodeAndMessageNoInfoDisclosure(this.entry, this.entryDN, ResultCode.INSUFFICIENT_ACCESS_RIGHTS, CoreMessages.ERR_COMPARE_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS.get(this.entryDN));
                        return;
                    }
                    checkIfCanceled(false);
                    atomicBoolean.set(true);
                    if (AbstractOperation.processOperationResult(this, DirectoryServer.getPluginConfigManager().invokePreOperationComparePlugins(this))) {
                        AttributeDescription attributeDescription = getAttributeDescription();
                        Iterable<Attribute> allAttributes = this.entry.getAllAttributes(attributeDescription);
                        if (CollectionUtils.isEmpty(allAttributes)) {
                            setResultCode(ResultCode.NO_SUCH_ATTRIBUTE);
                            appendErrorMessage((attributeDescription.hasOptions() ? CoreMessages.WARN_COMPARE_OP_NO_SUCH_ATTR : CoreMessages.WARN_COMPARE_OP_NO_SUCH_ATTR_WITH_OPTIONS).get(this.entryDN, getRawAttributeType()));
                        } else {
                            setResultCode(matchExists(allAttributes, getAssertionValue()));
                        }
                        return;
                    }
                    return;
                } catch (DirectoryException e) {
                    setResultCode(e.getResultCode());
                    appendErrorMessage(e.getMessageObject());
                    return;
                }
            } catch (DirectoryException e2) {
                logger.traceException(e2);
                setResultCodeAndMessageNoInfoDisclosure(this.entry, this.entryDN, e2.getResultCode(), e2.getMessageObject());
                return;
            }
        } catch (DirectoryException e3) {
            logger.traceException(e3);
            setResponseData(e3);
        }
        logger.traceException(e3);
        setResponseData(e3);
    }

    private ResultCode matchExists(Iterable<Attribute> iterable, ByteString byteString) {
        Iterator<Attribute> it = iterable.iterator();
        while (it.hasNext()) {
            if (it.next().contains(byteString)) {
                return ResultCode.COMPARE_TRUE;
            }
        }
        return ResultCode.COMPARE_FALSE;
    }

    private DirectoryException newDirectoryException(Entry entry, ResultCode resultCode, LocalizableMessage localizableMessage) throws DirectoryException {
        return LocalBackendWorkflowElement.newDirectoryException(this, entry, null, resultCode, localizableMessage, ResultCode.NO_SUCH_OBJECT, CoreMessages.ERR_COMPARE_NO_SUCH_ENTRY.get(this.entryDN));
    }

    private void setResultCodeAndMessageNoInfoDisclosure(Entry entry, DN dn, ResultCode resultCode, LocalizableMessage localizableMessage) throws DirectoryException {
        LocalBackendWorkflowElement.setResultCodeAndMessageNoInfoDisclosure(this, entry, dn, resultCode, localizableMessage, ResultCode.NO_SUCH_OBJECT, CoreMessages.ERR_COMPARE_NO_SUCH_ENTRY.get(dn));
    }

    private void handleRequestControls() throws DirectoryException {
        LocalBackendWorkflowElement.evaluateProxyAuthControls(this);
        LocalBackendWorkflowElement.removeAllDisallowedControls(this.entryDN, this);
        for (Control control : getRequestControls()) {
            String oid = control.getOID();
            if ("1.3.6.1.1.12".equals(oid)) {
                try {
                    SearchFilter searchFilter = ((LDAPAssertionRequestControl) getRequestControl(LDAPAssertionRequestControl.DECODER)).getSearchFilter();
                    if (!getAccessControlHandler().isAllowed(this, this.entry, searchFilter)) {
                        throw new DirectoryException(ResultCode.INSUFFICIENT_ACCESS_RIGHTS, CoreMessages.ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
                    }
                    try {
                        if (!searchFilter.matchesEntry(this.entry)) {
                            throw newDirectoryException(this.entry, ResultCode.ASSERTION_FAILED, CoreMessages.ERR_COMPARE_ASSERTION_FAILED.get(this.entryDN));
                        }
                    } catch (DirectoryException e) {
                        if (e.getResultCode() == ResultCode.ASSERTION_FAILED) {
                            throw e;
                        }
                        logger.traceException(e);
                        throw newDirectoryException(this.entry, e.getResultCode(), CoreMessages.ERR_COMPARE_CANNOT_PROCESS_ASSERTION_FILTER.get(this.entryDN, e.getMessageObject()));
                    }
                } catch (DirectoryException e2) {
                    logger.traceException(e2);
                    throw newDirectoryException(this.entry, e2.getResultCode(), CoreMessages.ERR_COMPARE_CANNOT_PROCESS_ASSERTION_FILTER.get(this.entryDN, e2.getMessageObject()));
                }
            } else if (!LocalBackendWorkflowElement.isProxyAuthzControl(oid) && control.isCritical() && (this.backend == null || !this.backend.supportsControl(oid))) {
                throw new DirectoryException(ResultCode.UNAVAILABLE_CRITICAL_EXTENSION, CoreMessages.ERR_COMPARE_UNSUPPORTED_CRITICAL_CONTROL.get(this.entryDN, oid));
            }
        }
    }

    private AccessControlHandler<?> getAccessControlHandler() {
        return AccessControlConfigManager.getInstance().getAccessControlHandler();
    }
}
