package org.apache.directory.server.core.authz.support;

import java.util.Collection;
import java.util.Iterator;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import org.apache.directory.server.core.ServerUtils;
import org.apache.directory.server.core.event.Evaluator;
import org.apache.directory.server.core.jndi.JavaLdapSupport;
import org.apache.directory.server.core.partition.PartitionNexusProxy;
import org.apache.directory.server.core.schema.AttributeTypeRegistry;
import org.apache.directory.server.core.schema.OidRegistry;
import org.apache.directory.server.core.subtree.RefinementEvaluator;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.schema.AttributeType;
import org.apache.directory.shared.ldap.util.AttributeUtils;

/* loaded from: input_file:BOOT-INF/lib/apacheds-core-1.0.2.jar:org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.class */
public class RelatedProtectedItemFilter implements ACITupleFilter {
    private final RefinementEvaluator refinementEvaluator;
    private final Evaluator entryEvaluator;
    private final OidRegistry oidRegistry;
    private final AttributeTypeRegistry attrRegistry;

    public RelatedProtectedItemFilter(RefinementEvaluator refinementEvaluator, Evaluator evaluator, OidRegistry oidRegistry, AttributeTypeRegistry attributeTypeRegistry) {
        this.refinementEvaluator = refinementEvaluator;
        this.entryEvaluator = evaluator;
        this.oidRegistry = oidRegistry;
        this.attrRegistry = attributeTypeRegistry;
    }

    @Override // org.apache.directory.server.core.authz.support.ACITupleFilter
    public Collection filter(Collection collection, OperationScope operationScope, PartitionNexusProxy partitionNexusProxy, Collection collection2, LdapDN ldapDN, Attributes attributes, AuthenticationLevel authenticationLevel, LdapDN ldapDN2, String str, Object obj, Attributes attributes2, Collection collection3) throws NamingException {
        if (collection.size() == 0) {
            return collection;
        }
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            if (!isRelated((ACITuple) it.next(), operationScope, ldapDN, ldapDN2, str, obj, attributes2)) {
                it.remove();
            }
        }
        return collection;
    }

    private boolean isRelated(ACITuple aCITuple, OperationScope operationScope, LdapDN ldapDN, LdapDN ldapDN2, String str, Object obj, Attributes attributes) throws NamingException, InternalError {
        Attribute attribute;
        String oid = str != null ? this.oidRegistry.getOid(str) : null;
        for (ProtectedItem protectedItem : aCITuple.getProtectedItems()) {
            if (protectedItem == ProtectedItem.ENTRY) {
                if (operationScope == OperationScope.ENTRY) {
                    return true;
                }
            } else if (protectedItem == ProtectedItem.ALL_USER_ATTRIBUTE_TYPES) {
                if (operationScope == OperationScope.ATTRIBUTE_TYPE || operationScope == OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    return true;
                }
            } else if (protectedItem == ProtectedItem.ALL_USER_ATTRIBUTE_TYPES_AND_VALUES) {
                if (operationScope == OperationScope.ATTRIBUTE_TYPE || operationScope == OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    return true;
                }
            } else if (protectedItem instanceof ProtectedItem.AllAttributeValues) {
                if (operationScope == OperationScope.ATTRIBUTE_TYPE || operationScope == OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    Iterator it = ((ProtectedItem.AllAttributeValues) protectedItem).iterator();
                    while (it.hasNext()) {
                        if (oid.equals(this.oidRegistry.getOid((String) it.next()))) {
                            return true;
                        }
                    }
                }
            } else if (protectedItem instanceof ProtectedItem.AttributeType) {
                if (operationScope != OperationScope.ATTRIBUTE_TYPE) {
                    continue;
                } else {
                    Iterator it2 = ((ProtectedItem.AttributeType) protectedItem).iterator();
                    while (it2.hasNext()) {
                        if (oid.equals(this.oidRegistry.getOid((String) it2.next()))) {
                            return true;
                        }
                    }
                }
            } else if (protectedItem instanceof ProtectedItem.AttributeValue) {
                if (operationScope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    continue;
                } else {
                    Iterator it3 = ((ProtectedItem.AttributeValue) protectedItem).iterator();
                    while (it3.hasNext()) {
                        Attribute attribute2 = (Attribute) it3.next();
                        String oid2 = this.oidRegistry.getOid(attribute2.getID());
                        AttributeType lookup = this.attrRegistry.lookup(oid2);
                        if (oid.equals(oid2) && AttributeUtils.containsValue(attribute2, obj, lookup)) {
                            return true;
                        }
                    }
                }
            } else if (protectedItem instanceof ProtectedItem.Classes) {
                if (this.refinementEvaluator.evaluate(((ProtectedItem.Classes) protectedItem).getClasses(), attributes.get(JavaLdapSupport.OBJECTCLASS_ATTR))) {
                    return true;
                }
            } else {
                if (protectedItem instanceof ProtectedItem.MaxImmSub) {
                    return true;
                }
                if (protectedItem instanceof ProtectedItem.MaxValueCount) {
                    if (operationScope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                        continue;
                    } else {
                        Iterator it4 = ((ProtectedItem.MaxValueCount) protectedItem).iterator();
                        while (it4.hasNext()) {
                            if (oid.equals(this.oidRegistry.getOid(((ProtectedItem.MaxValueCountItem) it4.next()).getAttributeType()))) {
                                return true;
                            }
                        }
                    }
                } else if (protectedItem instanceof ProtectedItem.RangeOfValues) {
                    if (this.entryEvaluator.evaluate(((ProtectedItem.RangeOfValues) protectedItem).getFilter(), ldapDN2.toString(), attributes)) {
                        return true;
                    }
                } else if (!(protectedItem instanceof ProtectedItem.RestrictedBy)) {
                    if (!(protectedItem instanceof ProtectedItem.SelfValue)) {
                        throw new InternalError(new StringBuffer().append("Unexpected protectedItem: ").append(protectedItem.getClass().getName()).toString());
                    }
                    if (operationScope == OperationScope.ATTRIBUTE_TYPE_AND_VALUE || operationScope == OperationScope.ATTRIBUTE_TYPE) {
                        Iterator it5 = ((ProtectedItem.SelfValue) protectedItem).iterator();
                        while (it5.hasNext()) {
                            if (oid.equals(this.oidRegistry.getOid(String.valueOf(it5.next()))) && (attribute = ServerUtils.getAttribute(this.attrRegistry.lookup(oid), attributes)) != null && (attribute.contains(ldapDN.toNormName()) || attribute.contains(ldapDN.getUpName()))) {
                                return true;
                            }
                        }
                    }
                } else if (operationScope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE) {
                    continue;
                } else {
                    Iterator it6 = ((ProtectedItem.RestrictedBy) protectedItem).iterator();
                    while (it6.hasNext()) {
                        if (oid.equals(this.oidRegistry.getOid(((ProtectedItem.RestrictedByItem) it6.next()).getAttributeType()))) {
                            return true;
                        }
                    }
                }
            }
        }
        return false;
    }
}
