package org.opends.server.authorization.dseecompat;

import java.util.ArrayList;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.opends.messages.AccessControlMessages;
import org.opends.messages.Message;
import org.opends.server.api.AlertGenerator;
import org.opends.server.api.Backend;
import org.opends.server.api.BackendInitializationListener;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.plugin.InternalDirectoryServerPlugin;
import org.opends.server.api.plugin.PluginResult;
import org.opends.server.api.plugin.PluginType;
import org.opends.server.core.DirectoryServer;
import org.opends.server.loggers.ErrorLogger;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.InternalSearchListener;
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.protocols.ldap.LDAPControl;
import org.opends.server.types.AttributeType;
import org.opends.server.types.Control;
import org.opends.server.types.DN;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DereferencePolicy;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.IndexType;
import org.opends.server.types.Modification;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.SearchScope;
import org.opends.server.types.operation.PostOperationAddOperation;
import org.opends.server.types.operation.PostOperationDeleteOperation;
import org.opends.server.types.operation.PostOperationModifyDNOperation;
import org.opends.server.types.operation.PostOperationModifyOperation;
import org.opends.server.types.operation.PostSynchronizationAddOperation;
import org.opends.server.types.operation.PostSynchronizationDeleteOperation;
import org.opends.server.types.operation.PostSynchronizationModifyDNOperation;
import org.opends.server.types.operation.PostSynchronizationModifyOperation;
import org.opends.server.util.ServerConstants;
import org.opends.server.workflowelement.localbackend.LocalBackendSearchOperation;

/* loaded from: input_file:WEB-INF/lib/OpenDS.jar:org/opends/server/authorization/dseecompat/AciListenerManager.class */
public class AciListenerManager implements BackendInitializationListener, AlertGenerator {
    private static final String CLASS_NAME = "org.opends.server.authorization.dseecompat.AciListenerManager";
    private DN configurationDN;
    private AciList aciList;
    private static SearchFilter aciFilter;
    private static final DebugTracer TRACER = DebugLogger.getTracer();
    private static LinkedHashSet<String> attrs = new LinkedHashSet<>();
    private boolean inLockDownMode = false;
    private final AciChangeListenerPlugin plugin = new AciChangeListenerPlugin();

    /* loaded from: input_file:WEB-INF/lib/OpenDS.jar:org/opends/server/authorization/dseecompat/AciListenerManager$AciChangeListenerPlugin.class */
    private final class AciChangeListenerPlugin extends InternalDirectoryServerPlugin {
        private AciChangeListenerPlugin() {
            super(AciListenerManager.this.configurationDN, EnumSet.of(PluginType.POST_SYNCHRONIZATION_ADD, PluginType.POST_SYNCHRONIZATION_DELETE, PluginType.POST_SYNCHRONIZATION_MODIFY, PluginType.POST_SYNCHRONIZATION_MODIFY_DN, PluginType.POST_OPERATION_ADD, PluginType.POST_OPERATION_DELETE, PluginType.POST_OPERATION_MODIFY, PluginType.POST_OPERATION_MODIFY_DN), true);
        }

        @Override // org.opends.server.api.plugin.DirectoryServerPlugin
        public void doPostSynchronization(PostSynchronizationAddOperation postSynchronizationAddOperation) {
            doPostAdd(postSynchronizationAddOperation.getEntryToAdd());
        }

        @Override // org.opends.server.api.plugin.DirectoryServerPlugin
        public void doPostSynchronization(PostSynchronizationDeleteOperation postSynchronizationDeleteOperation) {
            doPostDelete(postSynchronizationDeleteOperation.getEntryToDelete());
        }

        @Override // org.opends.server.api.plugin.DirectoryServerPlugin
        public void doPostSynchronization(PostSynchronizationModifyDNOperation postSynchronizationModifyDNOperation) {
            doPostModifyDN(postSynchronizationModifyDNOperation.getOriginalEntry().getDN(), postSynchronizationModifyDNOperation.getUpdatedEntry().getDN());
        }

        @Override // org.opends.server.api.plugin.DirectoryServerPlugin
        public void doPostSynchronization(PostSynchronizationModifyOperation postSynchronizationModifyOperation) {
            doPostModify(postSynchronizationModifyOperation.getModifications(), postSynchronizationModifyOperation.getCurrentEntry(), postSynchronizationModifyOperation.getModifiedEntry());
        }

        @Override // org.opends.server.api.plugin.DirectoryServerPlugin
        public PluginResult.PostOperation doPostOperation(PostOperationAddOperation postOperationAddOperation) {
            doPostAdd(postOperationAddOperation.getEntryToAdd());
            return PluginResult.PostOperation.continueOperationProcessing();
        }

        @Override // org.opends.server.api.plugin.DirectoryServerPlugin
        public PluginResult.PostOperation doPostOperation(PostOperationDeleteOperation postOperationDeleteOperation) {
            doPostDelete(postOperationDeleteOperation.getEntryToDelete());
            return PluginResult.PostOperation.continueOperationProcessing();
        }

        @Override // org.opends.server.api.plugin.DirectoryServerPlugin
        public PluginResult.PostOperation doPostOperation(PostOperationModifyDNOperation postOperationModifyDNOperation) {
            doPostModifyDN(postOperationModifyDNOperation.getOriginalEntry().getDN(), postOperationModifyDNOperation.getUpdatedEntry().getDN());
            return PluginResult.PostOperation.continueOperationProcessing();
        }

        @Override // org.opends.server.api.plugin.DirectoryServerPlugin
        public PluginResult.PostOperation doPostOperation(PostOperationModifyOperation postOperationModifyOperation) {
            doPostModify(postOperationModifyOperation.getModifications(), postOperationModifyOperation.getCurrentEntry(), postOperationModifyOperation.getModifiedEntry());
            return PluginResult.PostOperation.continueOperationProcessing();
        }

        private void doPostAdd(Entry entry) {
            boolean z = false;
            boolean hasOperationalAttribute = entry.hasOperationalAttribute(AciHandler.aciType);
            if (!hasOperationalAttribute) {
                boolean hasAttribute = entry.hasAttribute(AciHandler.globalAciType);
                z = hasAttribute;
                if (!hasAttribute) {
                    return;
                }
            }
            AciListenerManager.this.aciList.addAci(entry, hasOperationalAttribute, z, new LinkedList<>());
        }

        private void doPostDelete(Entry entry) {
            boolean z = false;
            boolean hasOperationalAttribute = entry.hasOperationalAttribute(AciHandler.aciType);
            if (!hasOperationalAttribute) {
                boolean hasAttribute = entry.hasAttribute(AciHandler.globalAciType);
                z = hasAttribute;
                if (!hasAttribute) {
                    return;
                }
            }
            AciListenerManager.this.aciList.removeAci(entry, hasOperationalAttribute, z);
        }

        private void doPostModifyDN(DN dn, DN dn2) {
            AciListenerManager.this.aciList.renameAci(dn, dn2);
        }

        private void doPostModify(List<Modification> list, Entry entry, Entry entry2) {
            boolean z = false;
            boolean z2 = false;
            Iterator<Modification> it = list.iterator();
            while (it.hasNext()) {
                AttributeType attributeType = it.next().getAttribute().getAttributeType();
                if (attributeType.equals(AciHandler.aciType)) {
                    z = true;
                } else if (attributeType.equals(AciHandler.globalAciType)) {
                    z2 = true;
                }
                if (z && z2) {
                    break;
                }
            }
            if (z || z2) {
                AciListenerManager.this.aciList.modAciOldNewEntry(entry, entry2, z, z2);
            }
        }
    }

    public AciListenerManager(AciList aciList, DN dn) {
        this.aciList = aciList;
        this.configurationDN = dn;
        Map<String, Backend> backends = DirectoryServer.getBackends();
        if (backends != null) {
            Iterator<Backend> it = backends.values().iterator();
            while (it.hasNext()) {
                performBackendInitializationProcessing(it.next());
            }
        }
        DirectoryServer.registerInternalPlugin(this.plugin);
        DirectoryServer.registerBackendInitializationListener(this);
        DirectoryServer.registerAlertGenerator(this);
    }

    public void finalizeListenerManager() {
        DirectoryServer.deregisterInternalPlugin(this.plugin);
        DirectoryServer.deregisterBackendInitializationListener(this);
        DirectoryServer.deregisterAlertGenerator(this);
    }

    @Override // org.opends.server.api.BackendInitializationListener
    public void performBackendInitializationProcessing(Backend backend) {
        AttributeType attributeType = DirectoryServer.getAttributeType("aci", true);
        if (backend.getEntryCount() > 0 && !backend.isIndexed(attributeType, IndexType.PRESENCE)) {
            ErrorLogger.logError(AccessControlMessages.WARN_ACI_ATTRIBUTE_NOT_INDEXED.get(backend.getBackendID(), "aci"));
        }
        InternalClientConnection rootConnection = InternalClientConnection.getRootConnection();
        LinkedList<Message> linkedList = new LinkedList<>();
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(new LDAPControl(ServerConstants.OID_MANAGE_DSAIT_CONTROL, true));
        arrayList.add(new LDAPControl(ServerConstants.OID_INTERNAL_GROUP_MEMBERSHIP_UPDATE, false));
        for (DN dn : backend.getBaseDNs()) {
            try {
                if (backend.entryExists(dn)) {
                    InternalSearchOperation internalSearchOperation = new InternalSearchOperation((ClientConnection) rootConnection, InternalClientConnection.nextOperationID(), InternalClientConnection.nextMessageID(), (List<Control>) arrayList, dn, SearchScope.WHOLE_SUBTREE, DereferencePolicy.NEVER_DEREF_ALIASES, 0, 0, false, aciFilter, attrs, (InternalSearchListener) null);
                    try {
                        backend.search(new LocalBackendSearchOperation(internalSearchOperation));
                        if (!internalSearchOperation.getSearchEntries().isEmpty()) {
                            int addAci = this.aciList.addAci(internalSearchOperation.getSearchEntries(), linkedList);
                            if (!linkedList.isEmpty()) {
                                logMsgsSetLockDownMode(linkedList);
                            }
                            ErrorLogger.logError(AccessControlMessages.INFO_ACI_ADD_LIST_ACIS.get(Integer.toString(addAci), String.valueOf(dn)));
                        }
                    } catch (Exception e) {
                        if (DebugLogger.debugEnabled()) {
                            TRACER.debugCaught(DebugLogLevel.ERROR, e);
                        }
                    }
                }
            } catch (Exception e2) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e2);
                }
            }
        }
    }

    @Override // org.opends.server.api.BackendInitializationListener
    public void performBackendFinalizationProcessing(Backend backend) {
        this.aciList.removeAci(backend);
    }

    @Override // org.opends.server.api.AlertGenerator
    public String getClassName() {
        return CLASS_NAME;
    }

    @Override // org.opends.server.api.AlertGenerator
    public DN getComponentEntryDN() {
        return this.configurationDN;
    }

    @Override // org.opends.server.api.AlertGenerator
    public LinkedHashMap<String, String> getAlerts() {
        LinkedHashMap<String, String> linkedHashMap = new LinkedHashMap<>();
        linkedHashMap.put(ServerConstants.ALERT_TYPE_ACCESS_CONTROL_PARSE_FAILED, ServerConstants.ALERT_DESCRIPTION_ACCESS_CONTROL_PARSE_FAILED);
        return linkedHashMap;
    }

    public void logMsgsSetLockDownMode(LinkedList<Message> linkedList) {
        Iterator<Message> it = linkedList.iterator();
        while (it.hasNext()) {
            ErrorLogger.logError(AccessControlMessages.WARN_ACI_SERVER_DECODE_FAILED.get(it.next()));
        }
        if (this.inLockDownMode) {
            return;
        }
        setLockDownMode();
    }

    private void setLockDownMode() {
        if (this.inLockDownMode) {
            return;
        }
        this.inLockDownMode = true;
        DirectoryServer.sendAlertNotification(this, ServerConstants.ALERT_TYPE_ACCESS_CONTROL_PARSE_FAILED, AccessControlMessages.WARN_ACI_ENTER_LOCKDOWN_MODE.get());
        DirectoryServer.setLockdownMode(true);
    }

    static {
        try {
            aciFilter = SearchFilter.createFilterFromString("(aci=*)");
        } catch (DirectoryException e) {
        }
        attrs.add("aci");
    }
}
