package org.apache.directory.server.core.authz.support;

import java.util.Collection;
import java.util.Iterator;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import org.apache.directory.server.core.partition.PartitionNexusProxy;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
import org.apache.directory.shared.ldap.name.LdapDN;

/* loaded from: input_file:lib/apacheds-core-1.0.2.jar:org/apache/directory/server/core/authz/support/RestrictedByFilter.class */
public class RestrictedByFilter implements ACITupleFilter {
    @Override // org.apache.directory.server.core.authz.support.ACITupleFilter
    public Collection filter(Collection collection, OperationScope operationScope, PartitionNexusProxy partitionNexusProxy, Collection collection2, LdapDN ldapDN, Attributes attributes, AuthenticationLevel authenticationLevel, LdapDN ldapDN2, String str, Object obj, Attributes attributes2, Collection collection3) throws NamingException {
        if (operationScope == OperationScope.ATTRIBUTE_TYPE_AND_VALUE && collection.size() != 0) {
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                ACITuple aCITuple = (ACITuple) it.next();
                if (aCITuple.isGrant() && isRemovable(aCITuple, str, obj, attributes2)) {
                    it.remove();
                }
            }
            return collection;
        }
        return collection;
    }

    public boolean isRemovable(ACITuple aCITuple, String str, Object obj, Attributes attributes) {
        Attribute attribute;
        for (ProtectedItem protectedItem : aCITuple.getProtectedItems()) {
            if (protectedItem instanceof ProtectedItem.RestrictedBy) {
                Iterator it = ((ProtectedItem.RestrictedBy) protectedItem).iterator();
                while (it.hasNext()) {
                    ProtectedItem.RestrictedByItem restrictedByItem = (ProtectedItem.RestrictedByItem) it.next();
                    if (str.equalsIgnoreCase(restrictedByItem.getAttributeType()) && ((attribute = attributes.get(restrictedByItem.getValuesIn())) == null || !attribute.contains(obj))) {
                        return true;
                    }
                }
            }
        }
        return false;
    }
}
