package org.opends.server.workflowelement.localbackend;

import java.util.List;
import org.opends.messages.CoreMessages;
import org.opends.server.api.Backend;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.plugin.PluginResult;
import org.opends.server.controls.LDAPAssertionRequestControl;
import org.opends.server.controls.MatchedValuesControl;
import org.opends.server.controls.PersistentSearchControl;
import org.opends.server.controls.ProxiedAuthV1Control;
import org.opends.server.controls.ProxiedAuthV2Control;
import org.opends.server.core.AccessControlConfigManager;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.PersistentSearch;
import org.opends.server.core.PluginConfigManager;
import org.opends.server.core.SearchOperation;
import org.opends.server.core.SearchOperationWrapper;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.types.CanceledOperationException;
import org.opends.server.types.Control;
import org.opends.server.types.DN;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.Privilege;
import org.opends.server.types.ResultCode;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.operation.PostOperationSearchOperation;
import org.opends.server.types.operation.PreOperationSearchOperation;
import org.opends.server.types.operation.SearchEntrySearchOperation;
import org.opends.server.types.operation.SearchReferenceSearchOperation;
import org.opends.server.util.ServerConstants;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:WEB-INF/lib/OpenDS.jar:org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.class */
public class LocalBackendSearchOperation extends SearchOperationWrapper implements PreOperationSearchOperation, PostOperationSearchOperation, SearchEntrySearchOperation, SearchReferenceSearchOperation {
    private static final DebugTracer TRACER = DebugLogger.getTracer();
    protected Backend backend;
    protected boolean processSearch;
    protected ClientConnection clientConnection;
    protected DN baseDN;
    protected PersistentSearch persistentSearch;
    protected SearchFilter filter;

    public LocalBackendSearchOperation(SearchOperation searchOperation) {
        super(searchOperation);
        LocalBackendWorkflowElement.attachLocalOperation(searchOperation, this);
    }

    public void processLocalSearch(LocalBackendWorkflowElement localBackendWorkflowElement) throws CanceledOperationException {
        boolean z = false;
        this.backend = localBackendWorkflowElement.getBackend();
        this.clientConnection = getClientConnection();
        PluginConfigManager pluginConfigManager = DirectoryServer.getPluginConfigManager();
        this.processSearch = true;
        checkIfCanceled(false);
        this.baseDN = getBaseDN();
        this.filter = getFilter();
        if (this.baseDN != null && this.filter != null) {
            try {
                handleRequestControls();
                try {
                    if (AccessControlConfigManager.getInstance().getAccessControlHandler().isAllowed(this)) {
                        checkIfCanceled(false);
                        z = true;
                        PluginResult.PreOperation invokePreOperationSearchPlugins = pluginConfigManager.invokePreOperationSearchPlugins(this);
                        if (invokePreOperationSearchPlugins.continueProcessing()) {
                            checkIfCanceled(false);
                            if (this.backend == null) {
                                setResultCode(ResultCode.NO_SUCH_OBJECT);
                                appendErrorMessage(CoreMessages.ERR_SEARCH_BASE_DOESNT_EXIST.get(String.valueOf(this.baseDN)));
                            } else {
                                setResultCode(ResultCode.SUCCESS);
                                if (this.persistentSearch != null) {
                                    localBackendWorkflowElement.registerPersistentSearch(this.persistentSearch);
                                    this.persistentSearch.enable();
                                }
                                try {
                                    if (this.processSearch) {
                                        this.backend.search(this);
                                    }
                                } catch (CanceledOperationException e) {
                                    if (this.persistentSearch != null) {
                                        this.persistentSearch.cancel();
                                        setSendResponse(true);
                                    }
                                    throw e;
                                } catch (DirectoryException e2) {
                                    if (DebugLogger.debugEnabled()) {
                                        TRACER.debugCaught(DebugLogLevel.VERBOSE, e2);
                                    }
                                    setResponseData(e2);
                                    if (this.persistentSearch != null) {
                                        this.persistentSearch.cancel();
                                        setSendResponse(true);
                                    }
                                } catch (Exception e3) {
                                    if (DebugLogger.debugEnabled()) {
                                        TRACER.debugCaught(DebugLogLevel.ERROR, e3);
                                    }
                                    setResultCode(DirectoryServer.getServerErrorResultCode());
                                    appendErrorMessage(CoreMessages.ERR_SEARCH_BACKEND_EXCEPTION.get(StaticUtils.getExceptionMessage(e3)));
                                    if (this.persistentSearch != null) {
                                        this.persistentSearch.cancel();
                                        setSendResponse(true);
                                    }
                                }
                            }
                        } else {
                            setResultCode(invokePreOperationSearchPlugins.getResultCode());
                            appendErrorMessage(invokePreOperationSearchPlugins.getErrorMessage());
                            setMatchedDN(invokePreOperationSearchPlugins.getMatchedDN());
                            setReferralURLs(invokePreOperationSearchPlugins.getReferralURLs());
                        }
                    } else {
                        setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
                        appendErrorMessage(CoreMessages.ERR_SEARCH_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS.get(String.valueOf(this.baseDN)));
                    }
                } catch (DirectoryException e4) {
                    setResultCode(e4.getResultCode());
                    appendErrorMessage(e4.getMessageObject());
                }
            } catch (DirectoryException e5) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e5);
                }
                setResponseData(e5);
            }
        }
        checkIfCanceled(false);
        if (z) {
            PluginResult.PostOperation invokePostOperationSearchPlugins = pluginConfigManager.invokePostOperationSearchPlugins(this);
            if (invokePostOperationSearchPlugins.continueProcessing()) {
                return;
            }
            setResultCode(invokePostOperationSearchPlugins.getResultCode());
            appendErrorMessage(invokePostOperationSearchPlugins.getErrorMessage());
            setMatchedDN(invokePostOperationSearchPlugins.getMatchedDN());
            setReferralURLs(invokePostOperationSearchPlugins.getReferralURLs());
        }
    }

    protected void handleRequestControls() throws DirectoryException {
        List<Control> requestControls = getRequestControls();
        if (requestControls == null || requestControls.isEmpty()) {
            return;
        }
        for (int i = 0; i < requestControls.size(); i++) {
            Control control = requestControls.get(i);
            String oid = control.getOID();
            if (!AccessControlConfigManager.getInstance().getAccessControlHandler().isAllowed(this.baseDN, this, control)) {
                throw new DirectoryException(ResultCode.INSUFFICIENT_ACCESS_RIGHTS, CoreMessages.ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
            }
            if (oid.equals(ServerConstants.OID_LDAP_ASSERTION)) {
                try {
                    SearchFilter searchFilter = ((LDAPAssertionRequestControl) getRequestControl(LDAPAssertionRequestControl.DECODER)).getSearchFilter();
                    try {
                        Entry entry = DirectoryServer.getEntry(this.baseDN);
                        if (entry == null) {
                            throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, CoreMessages.ERR_SEARCH_NO_SUCH_ENTRY_FOR_ASSERTION.get());
                        }
                        if (!AccessControlConfigManager.getInstance().getAccessControlHandler().isAllowed(this, entry, searchFilter)) {
                            throw new DirectoryException(ResultCode.INSUFFICIENT_ACCESS_RIGHTS, CoreMessages.ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
                        }
                        try {
                            if (!searchFilter.matchesEntry(entry)) {
                                throw new DirectoryException(ResultCode.ASSERTION_FAILED, CoreMessages.ERR_SEARCH_ASSERTION_FAILED.get());
                            }
                        } catch (DirectoryException e) {
                            if (e.getResultCode() == ResultCode.ASSERTION_FAILED) {
                                throw e;
                            }
                            if (DebugLogger.debugEnabled()) {
                                TRACER.debugCaught(DebugLogLevel.ERROR, e);
                            }
                            throw new DirectoryException(e.getResultCode(), CoreMessages.ERR_SEARCH_CANNOT_PROCESS_ASSERTION_FILTER.get(e.getMessageObject()), e);
                        }
                    } catch (DirectoryException e2) {
                        if (DebugLogger.debugEnabled()) {
                            TRACER.debugCaught(DebugLogLevel.ERROR, e2);
                        }
                        throw new DirectoryException(e2.getResultCode(), CoreMessages.ERR_SEARCH_CANNOT_GET_ENTRY_FOR_ASSERTION.get(e2.getMessageObject()));
                    }
                } catch (DirectoryException e3) {
                    if (DebugLogger.debugEnabled()) {
                        TRACER.debugCaught(DebugLogLevel.ERROR, e3);
                    }
                    throw new DirectoryException(e3.getResultCode(), CoreMessages.ERR_SEARCH_CANNOT_PROCESS_ASSERTION_FILTER.get(e3.getMessageObject()), e3);
                }
            } else if (oid.equals(ServerConstants.OID_PROXIED_AUTH_V1)) {
                if (!this.clientConnection.hasPrivilege(Privilege.PROXIED_AUTH, this)) {
                    throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, CoreMessages.ERR_PROXYAUTH_INSUFFICIENT_PRIVILEGES.get());
                }
                Entry authorizationEntry = ((ProxiedAuthV1Control) getRequestControl(ProxiedAuthV1Control.DECODER)).getAuthorizationEntry();
                setAuthorizationEntry(authorizationEntry);
                if (authorizationEntry == null) {
                    setProxiedAuthorizationDN(DN.nullDN());
                } else {
                    setProxiedAuthorizationDN(authorizationEntry.getDN());
                }
            } else if (oid.equals(ServerConstants.OID_PROXIED_AUTH_V2)) {
                if (!this.clientConnection.hasPrivilege(Privilege.PROXIED_AUTH, this)) {
                    throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, CoreMessages.ERR_PROXYAUTH_INSUFFICIENT_PRIVILEGES.get());
                }
                Entry authorizationEntry2 = ((ProxiedAuthV2Control) getRequestControl(ProxiedAuthV2Control.DECODER)).getAuthorizationEntry();
                setAuthorizationEntry(authorizationEntry2);
                if (authorizationEntry2 == null) {
                    setProxiedAuthorizationDN(DN.nullDN());
                } else {
                    setProxiedAuthorizationDN(authorizationEntry2.getDN());
                }
            } else if (oid.equals(ServerConstants.OID_PERSISTENT_SEARCH)) {
                PersistentSearchControl persistentSearchControl = (PersistentSearchControl) getRequestControl(PersistentSearchControl.DECODER);
                this.persistentSearch = new PersistentSearch(this, persistentSearchControl.getChangeTypes(), persistentSearchControl.getReturnECs());
                if (persistentSearchControl.getChangesOnly()) {
                    this.processSearch = false;
                }
            } else if (oid.equals(ServerConstants.OID_LDAP_SUBENTRIES)) {
                setReturnLDAPSubentries(true);
            } else if (oid.equals(ServerConstants.OID_MATCHED_VALUES)) {
                setMatchedValuesControl((MatchedValuesControl) getRequestControl(MatchedValuesControl.DECODER));
            } else if (oid.equals(ServerConstants.OID_ACCOUNT_USABLE_CONTROL)) {
                setIncludeUsableControl(true);
            } else if (oid.equals(ServerConstants.OID_REAL_ATTRS_ONLY)) {
                setRealAttributesOnly(true);
            } else if (oid.equals(ServerConstants.OID_VIRTUAL_ATTRS_ONLY)) {
                setVirtualAttributesOnly(true);
            } else if ((!oid.equals(ServerConstants.OID_GET_EFFECTIVE_RIGHTS) || !DirectoryServer.isSupportedControl(ServerConstants.OID_GET_EFFECTIVE_RIGHTS)) && control.isCritical() && (this.backend == null || !this.backend.supportsControl(oid))) {
                throw new DirectoryException(ResultCode.UNAVAILABLE_CRITICAL_EXTENSION, CoreMessages.ERR_SEARCH_UNSUPPORTED_CRITICAL_CONTROL.get(oid));
            }
        }
    }
}
