package org.apache.directory.server.core.authz.support;

import java.util.Collection;
import java.util.Iterator;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.event.Evaluator;
import org.apache.directory.server.core.interceptor.context.OperationContext;
import org.apache.directory.server.core.subtree.RefinementEvaluator;
import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
import org.apache.directory.server.schema.registries.OidRegistry;
import org.apache.directory.server.schema.registries.Registries;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.schema.AttributeType;
import org.apache.directory.shared.ldap.util.AttributeUtils;

/* loaded from: input_file:lib/apacheds-core-1.5.5.jar:org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.class */
public class RelatedProtectedItemFilter implements ACITupleFilter {
    private final RefinementEvaluator refinementEvaluator;
    private final Evaluator entryEvaluator;
    private final OidRegistry oidRegistry;
    private final AttributeTypeRegistry attrRegistry;

    public RelatedProtectedItemFilter(RefinementEvaluator refinementEvaluator, Evaluator evaluator, OidRegistry oidRegistry, AttributeTypeRegistry attributeTypeRegistry) {
        this.refinementEvaluator = refinementEvaluator;
        this.entryEvaluator = evaluator;
        this.oidRegistry = oidRegistry;
        this.attrRegistry = attributeTypeRegistry;
    }

    @Override // org.apache.directory.server.core.authz.support.ACITupleFilter
    public Collection<ACITuple> filter(Registries registries, Collection<ACITuple> collection, OperationScope operationScope, OperationContext operationContext, Collection<LdapDN> collection2, LdapDN ldapDN, ServerEntry serverEntry, AuthenticationLevel authenticationLevel, LdapDN ldapDN2, String str, Value<?> value, ServerEntry serverEntry2, Collection<MicroOperation> collection3, ServerEntry serverEntry3) throws NamingException {
        if (collection.size() == 0) {
            return collection;
        }
        Iterator<ACITuple> it = collection.iterator();
        while (it.hasNext()) {
            if (!isRelated(it.next(), operationScope, ldapDN, ldapDN2, str, value, serverEntry2)) {
                it.remove();
            }
        }
        return collection;
    }

    private boolean isRelated(ACITuple aCITuple, OperationScope operationScope, LdapDN ldapDN, LdapDN ldapDN2, String str, Value<?> value, ServerEntry serverEntry) throws NamingException, InternalError {
        EntryAttribute entryAttribute;
        String oid = str != null ? this.oidRegistry.getOid(str) : null;
        for (ProtectedItem protectedItem : aCITuple.getProtectedItems()) {
            if (protectedItem == ProtectedItem.ENTRY) {
                if (operationScope == OperationScope.ENTRY) {
                    return true;
                }
            } else if (protectedItem == ProtectedItem.ALL_USER_ATTRIBUTE_TYPES) {
                if (operationScope == OperationScope.ATTRIBUTE_TYPE || operationScope == OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    return true;
                }
            } else if (protectedItem == ProtectedItem.ALL_USER_ATTRIBUTE_TYPES_AND_VALUES) {
                if (operationScope == OperationScope.ATTRIBUTE_TYPE || operationScope == OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    return true;
                }
            } else if (protectedItem instanceof ProtectedItem.AllAttributeValues) {
                if (operationScope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    continue;
                } else {
                    Iterator it = ((ProtectedItem.AllAttributeValues) protectedItem).iterator();
                    while (it.hasNext()) {
                        if (oid.equals(this.oidRegistry.getOid((String) it.next()))) {
                            return true;
                        }
                    }
                }
            } else if (protectedItem instanceof ProtectedItem.AttributeType) {
                if (operationScope != OperationScope.ATTRIBUTE_TYPE) {
                    continue;
                } else {
                    Iterator it2 = ((ProtectedItem.AttributeType) protectedItem).iterator();
                    while (it2.hasNext()) {
                        if (oid.equals(this.oidRegistry.getOid((String) it2.next()))) {
                            return true;
                        }
                    }
                }
            } else if (protectedItem instanceof ProtectedItem.AttributeValue) {
                if (operationScope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    continue;
                } else {
                    Iterator<Attribute> it3 = ((ProtectedItem.AttributeValue) protectedItem).iterator();
                    while (it3.hasNext()) {
                        Attribute next = it3.next();
                        String oid2 = this.oidRegistry.getOid(next.getID());
                        AttributeType lookup = this.attrRegistry.lookup(oid2);
                        if (oid.equals(oid2) && AttributeUtils.containsValue(next, value, lookup)) {
                            return true;
                        }
                    }
                }
            } else if (protectedItem instanceof ProtectedItem.Classes) {
                if (this.refinementEvaluator.evaluate(((ProtectedItem.Classes) protectedItem).getClasses(), serverEntry.get(SchemaConstants.OBJECT_CLASS_AT))) {
                    return true;
                }
            } else {
                if (protectedItem instanceof ProtectedItem.MaxImmSub) {
                    return true;
                }
                if (protectedItem instanceof ProtectedItem.MaxValueCount) {
                    if (operationScope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                        continue;
                    } else {
                        Iterator<ProtectedItem.MaxValueCountItem> it4 = ((ProtectedItem.MaxValueCount) protectedItem).iterator();
                        while (it4.hasNext()) {
                            if (oid.equals(this.oidRegistry.getOid(it4.next().getAttributeType()))) {
                                return true;
                            }
                        }
                    }
                } else if (protectedItem instanceof ProtectedItem.RangeOfValues) {
                    if (this.entryEvaluator.evaluate(((ProtectedItem.RangeOfValues) protectedItem).getFilter(), ldapDN2.toString(), serverEntry)) {
                        return true;
                    }
                } else if (!(protectedItem instanceof ProtectedItem.RestrictedBy)) {
                    if (!(protectedItem instanceof ProtectedItem.SelfValue)) {
                        throw new InternalError("Unexpected protectedItem: " + protectedItem.getClass().getName());
                    }
                    if (operationScope == OperationScope.ATTRIBUTE_TYPE_AND_VALUE || operationScope == OperationScope.ATTRIBUTE_TYPE) {
                        Iterator it5 = ((ProtectedItem.SelfValue) protectedItem).iterator();
                        while (it5.hasNext()) {
                            if (oid.equals(this.oidRegistry.getOid((String) it5.next())) && (entryAttribute = serverEntry.get(oid)) != null && (entryAttribute.contains(ldapDN.toNormName()) || entryAttribute.contains(ldapDN.getUpName()))) {
                                return true;
                            }
                        }
                    }
                } else if (operationScope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    continue;
                } else {
                    Iterator<ProtectedItem.RestrictedByItem> it6 = ((ProtectedItem.RestrictedBy) protectedItem).iterator();
                    while (it6.hasNext()) {
                        if (oid.equals(this.oidRegistry.getOid(it6.next().getAttributeType()))) {
                            return true;
                        }
                    }
                }
            }
        }
        return false;
    }
}
