package org.apache.directory.server.core.subtree;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.directory.server.core.DirectoryServiceConfiguration;
import org.apache.directory.server.core.configuration.InterceptorConfiguration;
import org.apache.directory.server.core.enumeration.SearchResultFilter;
import org.apache.directory.server.core.enumeration.SearchResultFilteringEnumeration;
import org.apache.directory.server.core.interceptor.BaseInterceptor;
import org.apache.directory.server.core.interceptor.NextInterceptor;
import org.apache.directory.server.core.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.interceptor.context.DeleteOperationContext;
import org.apache.directory.server.core.interceptor.context.ListOperationContext;
import org.apache.directory.server.core.interceptor.context.LookupOperationContext;
import org.apache.directory.server.core.interceptor.context.ModifyOperationContext;
import org.apache.directory.server.core.interceptor.context.MoveAndRenameOperationContext;
import org.apache.directory.server.core.interceptor.context.MoveOperationContext;
import org.apache.directory.server.core.interceptor.context.RenameOperationContext;
import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.invocation.Invocation;
import org.apache.directory.server.core.invocation.InvocationStack;
import org.apache.directory.server.core.partition.PartitionNexus;
import org.apache.directory.server.core.partition.PartitionNexusProxy;
import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
import org.apache.directory.server.schema.registries.OidRegistry;
import org.apache.directory.shared.ldap.exception.LdapInvalidAttributeValueException;
import org.apache.directory.shared.ldap.exception.LdapNoSuchAttributeException;
import org.apache.directory.shared.ldap.exception.LdapSchemaViolationException;
import org.apache.directory.shared.ldap.filter.AssertionEnum;
import org.apache.directory.shared.ldap.filter.PresenceNode;
import org.apache.directory.shared.ldap.filter.SimpleNode;
import org.apache.directory.shared.ldap.message.AttributeImpl;
import org.apache.directory.shared.ldap.message.AttributesImpl;
import org.apache.directory.shared.ldap.message.ModificationItemImpl;
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.message.SubentriesControl;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.schema.AttributeType;
import org.apache.directory.shared.ldap.schema.NormalizerMappingResolver;
import org.apache.directory.shared.ldap.subtree.SubtreeSpecification;
import org.apache.directory.shared.ldap.subtree.SubtreeSpecificationParser;
import org.apache.directory.shared.ldap.util.AttributeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/core/subtree/SubentryService.class */
public class SubentryService extends BaseInterceptor {
    private static final String SUBENTRY_CONTROL = "1.3.6.1.4.1.4203.1.10.1";
    public static final String AC_AREA = "accessControlSpecificArea";
    public static final String AC_INNERAREA = "accessControlInnerArea";
    public static final String SCHEMA_AREA = "subschemaAdminSpecificArea";
    public static final String COLLECTIVE_AREA = "collectiveAttributeSpecificArea";
    public static final String COLLECTIVE_INNERAREA = "collectiveAttributeInnerArea";
    public static final String TRIGGER_AREA = "triggerExecutionSpecificArea";
    public static final String TRIGGER_INNERAREA = "triggerExecutionInnerArea";
    public static final String[] SUBENTRY_OPATTRS = {"accessControlSubentries", "subschemaSubentry", "collectiveAttributeSubentries", "triggerExecutionSubentries"};
    private static final Logger log = LoggerFactory.getLogger(SubentryService.class);
    private final SubentryCache subentryCache = new SubentryCache();
    private DirectoryServiceConfiguration factoryCfg;
    private SubtreeSpecificationParser ssParser;
    private SubtreeEvaluator evaluator;
    private PartitionNexus nexus;
    private AttributeTypeRegistry attrRegistry;
    private OidRegistry oidRegistry;
    private AttributeType objectClassType;

    /* loaded from: input_file:org/apache/directory/server/core/subtree/SubentryService$HideEntriesFilter.class */
    public class HideEntriesFilter implements SearchResultFilter {
        public HideEntriesFilter() {
        }

        @Override // org.apache.directory.server.core.enumeration.SearchResultFilter
        public boolean accept(Invocation invocation, SearchResult searchResult, SearchControls searchControls) throws NamingException {
            String name = searchResult.getName();
            if (SubentryService.this.subentryCache.hasSubentry(name)) {
                return true;
            }
            Attribute attribute = searchResult.getAttributes().get("objectClass");
            if (attribute != null) {
                if (AttributeUtils.containsValueCaseIgnore(attribute, "subentry") || AttributeUtils.containsValueCaseIgnore(attribute, "2.5.17.0")) {
                    return true;
                }
                for (int i = 0; i < attribute.size(); i++) {
                    if (((String) attribute.get(i)).equalsIgnoreCase("subentry")) {
                        return true;
                    }
                }
                return false;
            }
            if (!searchResult.isRelative()) {
                LdapDN ldapDN = new LdapDN(name);
                ldapDN.normalize(SubentryService.this.attrRegistry.getNormalizerMapping());
                return SubentryService.this.subentryCache.hasSubentry(ldapDN.toNormName());
            }
            LdapDN ldapDN2 = new LdapDN(invocation.getCaller().getNameInNamespace());
            ldapDN2.normalize(SubentryService.this.attrRegistry.getNormalizerMapping());
            LdapDN ldapDN3 = new LdapDN(searchResult.getName());
            ldapDN3.normalize(SubentryService.this.attrRegistry.getNormalizerMapping());
            ldapDN2.addAll(ldapDN3);
            return SubentryService.this.subentryCache.hasSubentry(ldapDN2.toNormName());
        }
    }

    /* loaded from: input_file:org/apache/directory/server/core/subtree/SubentryService$HideSubentriesFilter.class */
    public class HideSubentriesFilter implements SearchResultFilter {
        public HideSubentriesFilter() {
        }

        @Override // org.apache.directory.server.core.enumeration.SearchResultFilter
        public boolean accept(Invocation invocation, SearchResult searchResult, SearchControls searchControls) throws NamingException {
            String name = searchResult.getName();
            if (SubentryService.this.subentryCache.hasSubentry(name)) {
                return false;
            }
            Attribute attribute = searchResult.getAttributes().get("objectClass");
            if (attribute != null) {
                if (AttributeUtils.containsValueCaseIgnore(attribute, "subentry") || AttributeUtils.containsValueCaseIgnore(attribute, "2.5.17.0")) {
                    return false;
                }
                for (int i = 0; i < attribute.size(); i++) {
                    if (((String) attribute.get(i)).equalsIgnoreCase("subentry")) {
                        return false;
                    }
                }
                return true;
            }
            if (!searchResult.isRelative()) {
                LdapDN ldapDN = new LdapDN(name);
                ldapDN.normalize(SubentryService.this.attrRegistry.getNormalizerMapping());
                return !SubentryService.this.subentryCache.hasSubentry(ldapDN.toString());
            }
            LdapDN ldapDN2 = new LdapDN(invocation.getCaller().getNameInNamespace());
            ldapDN2.normalize(SubentryService.this.attrRegistry.getNormalizerMapping());
            LdapDN ldapDN3 = new LdapDN(searchResult.getName());
            ldapDN3.normalize(SubentryService.this.attrRegistry.getNormalizerMapping());
            ldapDN2.addAll(ldapDN3);
            return !SubentryService.this.subentryCache.hasSubentry(ldapDN2.toString());
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void init(DirectoryServiceConfiguration directoryServiceConfiguration, InterceptorConfiguration interceptorConfiguration) throws NamingException {
        super.init(directoryServiceConfiguration, interceptorConfiguration);
        this.nexus = directoryServiceConfiguration.getPartitionNexus();
        this.factoryCfg = directoryServiceConfiguration;
        this.attrRegistry = directoryServiceConfiguration.getRegistries().getAttributeTypeRegistry();
        this.oidRegistry = directoryServiceConfiguration.getRegistries().getOidRegistry();
        this.objectClassType = this.attrRegistry.lookup(this.oidRegistry.getOid("objectClass"));
        this.ssParser = new SubtreeSpecificationParser(new NormalizerMappingResolver() { // from class: org.apache.directory.server.core.subtree.SubentryService.1
            public Map getNormalizerMapping() throws NamingException {
                return SubentryService.this.attrRegistry.getNormalizerMapping();
            }
        }, this.attrRegistry.getNormalizerMapping());
        this.evaluator = new SubtreeEvaluator(directoryServiceConfiguration.getRegistries().getOidRegistry(), directoryServiceConfiguration.getRegistries().getAttributeTypeRegistry());
        Iterator<String> listSuffixes = this.nexus.listSuffixes(null);
        SimpleNode simpleNode = new SimpleNode("objectClass", "subentry", AssertionEnum.EQUALITY);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"subtreeSpecification", "objectClass"});
        while (listSuffixes.hasNext()) {
            LdapDN ldapDN = new LdapDN(listSuffixes.next());
            ldapDN.normalize(this.attrRegistry.getNormalizerMapping());
            NamingEnumeration<SearchResult> search = this.nexus.search(new SearchOperationContext(ldapDN, directoryServiceConfiguration.getEnvironment(), simpleNode, searchControls));
            while (search.hasMore()) {
                SearchResult searchResult = (SearchResult) search.next();
                Attributes attributes = searchResult.getAttributes();
                String name = searchResult.getName();
                try {
                    SubtreeSpecification parse = this.ssParser.parse((String) attributes.get("subtreeSpecification").get());
                    LdapDN ldapDN2 = new LdapDN(name);
                    ldapDN2.normalize(this.attrRegistry.getNormalizerMapping());
                    this.subentryCache.setSubentry(ldapDN2.toString(), parse, getSubentryTypes(attributes));
                } catch (Exception e) {
                    log.warn("Failed while parsing subtreeSpecification for " + name);
                }
            }
        }
    }

    private int getSubentryTypes(Attributes attributes) throws NamingException {
        int i = 0;
        Attribute attribute = attributes.get("objectClass");
        if (attribute == null) {
            throw new LdapSchemaViolationException("A subentry must have an objectClass attribute", ResultCodeEnum.OBJECT_CLASS_VIOLATION);
        }
        if (AttributeUtils.containsValueCaseIgnore(attribute, "accessControlSubentry")) {
            i = 0 | 4;
        }
        if (AttributeUtils.containsValueCaseIgnore(attribute, "subschema")) {
            i |= 2;
        }
        if (AttributeUtils.containsValueCaseIgnore(attribute, "collectiveAttributeSubentry")) {
            i |= 1;
        }
        if (AttributeUtils.containsValueCaseIgnore(attribute, "triggerExecutionSubentry")) {
            i |= 8;
        }
        return i;
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public NamingEnumeration list(NextInterceptor nextInterceptor, ListOperationContext listOperationContext) throws NamingException {
        NamingEnumeration<SearchResult> list = nextInterceptor.list(listOperationContext);
        Invocation peek = InvocationStack.getInstance().peek();
        return !isSubentryVisible(peek) ? new SearchResultFilteringEnumeration(list, new SearchControls(), peek, new HideSubentriesFilter(), "List Subentry filter") : list;
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public NamingEnumeration<SearchResult> search(NextInterceptor nextInterceptor, SearchOperationContext searchOperationContext) throws NamingException {
        NamingEnumeration<SearchResult> search = nextInterceptor.search(searchOperationContext);
        Invocation peek = InvocationStack.getInstance().peek();
        SearchControls searchControls = searchOperationContext.getSearchControls();
        return searchControls.getSearchScope() == 0 ? search : !isSubentryVisible(peek) ? new SearchResultFilteringEnumeration(search, searchControls, peek, new HideSubentriesFilter(), "Search Subentry filter hide subentries") : new SearchResultFilteringEnumeration(search, searchControls, peek, new HideEntriesFilter(), "Search Subentry filter hide entries");
    }

    private boolean isSubentryVisible(Invocation invocation) throws NamingException {
        SubentriesControl[] requestControls = invocation.getCaller().getRequestControls();
        if (requestControls == null || requestControls.length <= 0) {
            return false;
        }
        for (int i = 0; i < requestControls.length; i++) {
            if (requestControls[i].getID().equals(SUBENTRY_CONTROL)) {
                return requestControls[i].isVisible();
            }
        }
        return false;
    }

    public Attributes getSubentryAttributes(Name name, Attributes attributes) throws NamingException {
        AttributesImpl attributesImpl = new AttributesImpl();
        Iterator nameIterator = this.subentryCache.nameIterator();
        while (nameIterator.hasNext()) {
            String str = (String) nameIterator.next();
            LdapDN ldapDN = new LdapDN(str);
            Name name2 = (LdapDN) ldapDN.clone();
            name2.remove(name2.size() - 1);
            Subentry subentry = this.subentryCache.getSubentry(str);
            if (this.evaluator.evaluate(subentry.getSubtreeSpecification(), name2, name, attributes)) {
                if (subentry.isAccessControlSubentry()) {
                    Attribute attribute = attributesImpl.get("accessControlSubentries");
                    if (attribute == null) {
                        attribute = new AttributeImpl("accessControlSubentries");
                        attributesImpl.put(attribute);
                    }
                    attribute.add(ldapDN.toString());
                }
                if (subentry.isSchemaSubentry()) {
                    Attribute attribute2 = attributesImpl.get("subschemaSubentry");
                    if (attribute2 == null) {
                        attribute2 = new AttributeImpl("subschemaSubentry");
                        attributesImpl.put(attribute2);
                    }
                    attribute2.add(ldapDN.toString());
                }
                if (subentry.isCollectiveSubentry()) {
                    Attribute attribute3 = attributesImpl.get("collectiveAttributeSubentries");
                    if (attribute3 == null) {
                        attribute3 = new AttributeImpl("collectiveAttributeSubentries");
                        attributesImpl.put(attribute3);
                    }
                    attribute3.add(ldapDN.toString());
                }
                if (subentry.isTriggerSubentry()) {
                    Attribute attribute4 = attributesImpl.get("triggerExecutionSubentries");
                    if (attribute4 == null) {
                        attribute4 = new AttributeImpl("triggerExecutionSubentries");
                        attributesImpl.put(attribute4);
                    }
                    attribute4.add(ldapDN.toString());
                }
            }
        }
        return attributesImpl;
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void add(NextInterceptor nextInterceptor, AddOperationContext addOperationContext) throws NamingException {
        Name dn = addOperationContext.getDn();
        Attributes entry = addOperationContext.getEntry();
        if (AttributeUtils.containsValueCaseIgnore(entry.get("objectClass"), "subentry")) {
            Name name = (LdapDN) dn.clone();
            name.remove(dn.size() - 1);
            Attribute attribute = this.nexus.lookup(new LookupOperationContext((LdapDN) name)).get("administrativeRole");
            if (attribute == null || attribute.size() <= 0) {
                throw new LdapNoSuchAttributeException("Administration point " + name + " does not contain an administrativeRole attribute! An administrativeRole attribute in the administrative point is required to add a subordinate subentry.");
            }
            Subentry subentry = new Subentry();
            subentry.setTypes(getSubentryTypes(entry));
            Attributes subentryOperatationalAttributes = getSubentryOperatationalAttributes(dn, subentry);
            try {
                SubtreeSpecification parse = this.ssParser.parse((String) entry.get("subtreeSpecification").get());
                this.subentryCache.setSubentry(dn.getNormName(), parse, getSubentryTypes(entry));
                nextInterceptor.add(addOperationContext);
                LdapDN ldapDN = (LdapDN) name.clone();
                ldapDN.addAll(parse.getBase());
                PresenceNode presenceNode = new PresenceNode("2.5.4.0");
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                searchControls.setReturningAttributes(new String[]{"+", PartitionNexusProxy.BYPASS_ALL});
                NamingEnumeration<SearchResult> search = this.nexus.search(new SearchOperationContext(ldapDN, this.factoryCfg.getEnvironment(), presenceNode, searchControls));
                while (search.hasMore()) {
                    SearchResult searchResult = (SearchResult) search.next();
                    Attributes attributes = searchResult.getAttributes();
                    Name ldapDN2 = new LdapDN(searchResult.getName());
                    ldapDN2.normalize(this.attrRegistry.getNormalizerMapping());
                    if (this.evaluator.evaluate(parse, name, ldapDN2, attributes)) {
                        this.nexus.modify(new ModifyOperationContext(ldapDN2, getOperationalModsForAdd(attributes, subentryOperatationalAttributes)));
                    }
                }
                return;
            } catch (Exception e) {
                String str = "Failed while parsing subtreeSpecification for " + dn.getUpName();
                log.warn(str);
                throw new LdapInvalidAttributeValueException(str, ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX);
            }
        }
        Iterator nameIterator = this.subentryCache.nameIterator();
        while (nameIterator.hasNext()) {
            String str2 = (String) nameIterator.next();
            LdapDN ldapDN3 = new LdapDN(str2);
            Name name2 = (LdapDN) ldapDN3.clone();
            name2.remove(name2.size() - 1);
            Subentry subentry2 = this.subentryCache.getSubentry(str2);
            if (this.evaluator.evaluate(subentry2.getSubtreeSpecification(), name2, dn, entry)) {
                if (subentry2.isAccessControlSubentry()) {
                    Attribute attribute2 = entry.get("accessControlSubentries");
                    if (attribute2 == null) {
                        attribute2 = new AttributeImpl("accessControlSubentries");
                        entry.put(attribute2);
                    }
                    attribute2.add(ldapDN3.toString());
                }
                if (subentry2.isSchemaSubentry()) {
                    Attribute attribute3 = entry.get("subschemaSubentry");
                    if (attribute3 == null) {
                        attribute3 = new AttributeImpl("subschemaSubentry");
                        entry.put(attribute3);
                    }
                    attribute3.add(ldapDN3.toString());
                }
                if (subentry2.isCollectiveSubentry()) {
                    Attribute attribute4 = entry.get("collectiveAttributeSubentries");
                    if (attribute4 == null) {
                        attribute4 = new AttributeImpl("collectiveAttributeSubentries");
                        entry.put(attribute4);
                    }
                    attribute4.add(ldapDN3.toString());
                }
                if (subentry2.isTriggerSubentry()) {
                    Attribute attribute5 = entry.get("triggerExecutionSubentries");
                    if (attribute5 == null) {
                        attribute5 = new AttributeImpl("triggerExecutionSubentries");
                        entry.put(attribute5);
                    }
                    attribute5.add(ldapDN3.toString());
                }
            }
        }
        nextInterceptor.add(addOperationContext);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void delete(NextInterceptor nextInterceptor, DeleteOperationContext deleteOperationContext) throws NamingException {
        LdapDN dn = deleteOperationContext.getDn();
        if (!AttributeUtils.containsValueCaseIgnore(AttributeUtils.getAttribute(this.nexus.lookup(new LookupOperationContext(dn)), this.objectClassType), "subentry")) {
            nextInterceptor.delete(deleteOperationContext);
            return;
        }
        SubtreeSpecification subtreeSpecification = this.subentryCache.removeSubentry(dn.toNormName()).getSubtreeSpecification();
        nextInterceptor.delete(deleteOperationContext);
        Name name = (LdapDN) dn.clone();
        name.remove(dn.size() - 1);
        LdapDN ldapDN = (LdapDN) name.clone();
        ldapDN.addAll(subtreeSpecification.getBase());
        PresenceNode presenceNode = new PresenceNode(this.oidRegistry.getOid("objectClass"));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"+", PartitionNexusProxy.BYPASS_ALL});
        NamingEnumeration<SearchResult> search = this.nexus.search(new SearchOperationContext(ldapDN, this.factoryCfg.getEnvironment(), presenceNode, searchControls));
        while (search.hasMore()) {
            SearchResult searchResult = (SearchResult) search.next();
            Attributes attributes = searchResult.getAttributes();
            Name ldapDN2 = new LdapDN(searchResult.getName());
            ldapDN2.normalize(this.attrRegistry.getNormalizerMapping());
            if (this.evaluator.evaluate(subtreeSpecification, name, ldapDN2, attributes)) {
                this.nexus.modify(new ModifyOperationContext(ldapDN2, getOperationalModsForRemove(dn, attributes)));
            }
        }
    }

    private boolean hasAdministrativeDescendant(LdapDN ldapDN) throws NamingException {
        PresenceNode presenceNode = new PresenceNode("administrativeRole");
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration<SearchResult> search = this.nexus.search(new SearchOperationContext(ldapDN, this.factoryCfg.getEnvironment(), presenceNode, searchControls));
        if (!search.hasMore()) {
            return false;
        }
        search.close();
        return true;
    }

    private ModificationItemImpl[] getModsOnEntryRdnChange(Name name, Name name2, Attributes attributes) throws NamingException {
        ArrayList arrayList = new ArrayList();
        Iterator nameIterator = this.subentryCache.nameIterator();
        while (nameIterator.hasNext()) {
            String str = (String) nameIterator.next();
            Name ldapDN = new LdapDN(str);
            ldapDN.remove(ldapDN.size() - 1);
            SubtreeSpecification subtreeSpecification = this.subentryCache.getSubentry(str).getSubtreeSpecification();
            boolean evaluate = this.evaluator.evaluate(subtreeSpecification, ldapDN, name, attributes);
            boolean evaluate2 = this.evaluator.evaluate(subtreeSpecification, ldapDN, name2, attributes);
            if (evaluate != evaluate2) {
                if (evaluate && !evaluate2) {
                    for (int i = 0; i < SUBENTRY_OPATTRS.length; i++) {
                        Attribute attribute = attributes.get(SUBENTRY_OPATTRS[i]);
                        if (attribute != null) {
                            Attribute attribute2 = (Attribute) attribute.clone();
                            attribute2.remove(str);
                            arrayList.add(new ModificationItemImpl(attribute2.size() < 1 ? 3 : 2, attribute2));
                        }
                    }
                } else if (evaluate2 && !evaluate) {
                    for (int i2 = 0; i2 < SUBENTRY_OPATTRS.length; i2++) {
                        AttributeImpl attributeImpl = new AttributeImpl(SUBENTRY_OPATTRS[i2]);
                        attributeImpl.add(str);
                        arrayList.add(new ModificationItemImpl(1, attributeImpl));
                    }
                }
            }
        }
        return (ModificationItemImpl[]) arrayList.toArray(new ModificationItemImpl[arrayList.size()]);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void rename(NextInterceptor nextInterceptor, RenameOperationContext renameOperationContext) throws NamingException {
        LdapDN dn = renameOperationContext.getDn();
        String newRdn = renameOperationContext.getNewRdn();
        Attributes lookup = this.nexus.lookup(new LookupOperationContext(dn));
        if (!AttributeUtils.containsValueCaseIgnore(AttributeUtils.getAttribute(lookup, this.objectClassType), "subentry")) {
            if (hasAdministrativeDescendant(dn)) {
                log.warn("Will not allow rename operation on entries with administrative descendants.");
                throw new LdapSchemaViolationException("Will not allow rename operation on entries with administrative descendants.", ResultCodeEnum.NOT_ALLOWED_ON_RDN);
            }
            nextInterceptor.rename(renameOperationContext);
            LdapDN ldapDN = (LdapDN) dn.clone();
            ldapDN.remove(ldapDN.size() - 1);
            ldapDN.add(newRdn);
            ldapDN.normalize(this.attrRegistry.getNormalizerMapping());
            ModificationItemImpl[] modsOnEntryRdnChange = getModsOnEntryRdnChange(dn, ldapDN, lookup);
            if (modsOnEntryRdnChange.length > 0) {
                this.nexus.modify(new ModifyOperationContext(ldapDN, modsOnEntryRdnChange));
                return;
            }
            return;
        }
        Subentry subentry = this.subentryCache.getSubentry(dn.toNormName());
        SubtreeSpecification subtreeSpecification = subentry.getSubtreeSpecification();
        Name name = (LdapDN) dn.clone();
        name.remove(name.size() - 1);
        LdapDN ldapDN2 = (LdapDN) name.clone();
        ldapDN2.addAll(subtreeSpecification.getBase());
        LdapDN ldapDN3 = (LdapDN) dn.clone();
        ldapDN3.remove(ldapDN3.size() - 1);
        LdapDN ldapDN4 = new LdapDN(newRdn);
        ldapDN3.addAll(ldapDN4);
        ldapDN4.normalize(this.attrRegistry.getNormalizerMapping());
        ldapDN3.normalize(this.attrRegistry.getNormalizerMapping());
        String normName = ldapDN3.toNormName();
        this.subentryCache.setSubentry(normName, subtreeSpecification, subentry.getTypes());
        nextInterceptor.rename(renameOperationContext);
        Subentry subentry2 = this.subentryCache.getSubentry(normName);
        PresenceNode presenceNode = new PresenceNode(this.oidRegistry.getOid("objectClass"));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"+", PartitionNexusProxy.BYPASS_ALL});
        NamingEnumeration<SearchResult> search = this.nexus.search(new SearchOperationContext(ldapDN2, this.factoryCfg.getEnvironment(), presenceNode, searchControls));
        while (search.hasMore()) {
            SearchResult searchResult = (SearchResult) search.next();
            Attributes attributes = searchResult.getAttributes();
            Name ldapDN5 = new LdapDN(searchResult.getName());
            ldapDN5.normalize(this.attrRegistry.getNormalizerMapping());
            if (this.evaluator.evaluate(subtreeSpecification, name, ldapDN5, attributes)) {
                this.nexus.modify(new ModifyOperationContext(ldapDN5, getOperationalModsForReplace(dn, ldapDN3, subentry2, attributes)));
            }
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void moveAndRename(NextInterceptor nextInterceptor, MoveAndRenameOperationContext moveAndRenameOperationContext) throws NamingException {
        LdapDN dn = moveAndRenameOperationContext.getDn();
        LdapDN parent = moveAndRenameOperationContext.getParent();
        String newRdn = moveAndRenameOperationContext.getNewRdn();
        Attributes lookup = this.nexus.lookup(new LookupOperationContext(dn));
        if (!AttributeUtils.containsValueCaseIgnore(AttributeUtils.getAttribute(lookup, this.objectClassType), "subentry")) {
            if (hasAdministrativeDescendant(dn)) {
                log.warn("Will not allow rename operation on entries with administrative descendants.");
                throw new LdapSchemaViolationException("Will not allow rename operation on entries with administrative descendants.", ResultCodeEnum.NOT_ALLOWED_ON_RDN);
            }
            nextInterceptor.moveAndRename(moveAndRenameOperationContext);
            LdapDN ldapDN = (LdapDN) parent.clone();
            ldapDN.add(newRdn);
            ldapDN.normalize(this.attrRegistry.getNormalizerMapping());
            ModificationItemImpl[] modsOnEntryRdnChange = getModsOnEntryRdnChange(dn, ldapDN, lookup);
            if (modsOnEntryRdnChange.length > 0) {
                this.nexus.modify(new ModifyOperationContext(ldapDN, modsOnEntryRdnChange));
                return;
            }
            return;
        }
        Subentry subentry = this.subentryCache.getSubentry(dn.toNormName());
        SubtreeSpecification subtreeSpecification = subentry.getSubtreeSpecification();
        Name name = (LdapDN) dn.clone();
        name.remove(name.size() - 1);
        LdapDN ldapDN2 = (LdapDN) name.clone();
        ldapDN2.addAll(subtreeSpecification.getBase());
        LdapDN ldapDN3 = (LdapDN) parent.clone();
        ldapDN3.remove(ldapDN3.size() - 1);
        LdapDN ldapDN4 = new LdapDN(newRdn);
        ldapDN3.addAll(ldapDN4);
        ldapDN4.normalize(this.attrRegistry.getNormalizerMapping());
        ldapDN3.normalize(this.attrRegistry.getNormalizerMapping());
        String normName = ldapDN3.toNormName();
        this.subentryCache.setSubentry(normName, subtreeSpecification, subentry.getTypes());
        nextInterceptor.moveAndRename(moveAndRenameOperationContext);
        Subentry subentry2 = this.subentryCache.getSubentry(normName);
        PresenceNode presenceNode = new PresenceNode(this.oidRegistry.getOid("objectClass"));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"+", PartitionNexusProxy.BYPASS_ALL});
        NamingEnumeration<SearchResult> search = this.nexus.search(new SearchOperationContext(ldapDN2, this.factoryCfg.getEnvironment(), presenceNode, searchControls));
        while (search.hasMore()) {
            SearchResult searchResult = (SearchResult) search.next();
            Attributes attributes = searchResult.getAttributes();
            Name ldapDN5 = new LdapDN(searchResult.getName());
            ldapDN5.normalize(this.attrRegistry.getNormalizerMapping());
            if (this.evaluator.evaluate(subtreeSpecification, name, ldapDN5, attributes)) {
                this.nexus.modify(new ModifyOperationContext(ldapDN5, getOperationalModsForReplace(dn, ldapDN3, subentry2, attributes)));
            }
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void move(NextInterceptor nextInterceptor, MoveOperationContext moveOperationContext) throws NamingException {
        LdapDN dn = moveOperationContext.getDn();
        LdapDN parent = moveOperationContext.getParent();
        Attributes lookup = this.nexus.lookup(new LookupOperationContext(dn));
        if (!AttributeUtils.containsValueCaseIgnore(lookup.get("objectClass"), "subentry")) {
            if (hasAdministrativeDescendant(dn)) {
                log.warn("Will not allow rename operation on entries with administrative descendants.");
                throw new LdapSchemaViolationException("Will not allow rename operation on entries with administrative descendants.", ResultCodeEnum.NOT_ALLOWED_ON_RDN);
            }
            nextInterceptor.move(moveOperationContext);
            LdapDN ldapDN = (LdapDN) parent.clone();
            ldapDN.add(dn.get(dn.size() - 1));
            ModificationItemImpl[] modsOnEntryRdnChange = getModsOnEntryRdnChange(dn, ldapDN, lookup);
            if (modsOnEntryRdnChange.length > 0) {
                this.nexus.modify(new ModifyOperationContext(ldapDN, modsOnEntryRdnChange));
                return;
            }
            return;
        }
        Subentry subentry = this.subentryCache.getSubentry(dn.toString());
        SubtreeSpecification subtreeSpecification = subentry.getSubtreeSpecification();
        Name name = (LdapDN) dn.clone();
        name.remove(name.size() - 1);
        LdapDN ldapDN2 = (LdapDN) name.clone();
        ldapDN2.addAll(subtreeSpecification.getBase());
        LdapDN ldapDN3 = (LdapDN) parent.clone();
        ldapDN3.remove(ldapDN3.size() - 1);
        ldapDN3.add(parent.get(parent.size() - 1));
        String normName = ldapDN3.toNormName();
        this.subentryCache.setSubentry(normName, subtreeSpecification, subentry.getTypes());
        nextInterceptor.move(moveOperationContext);
        Subentry subentry2 = this.subentryCache.getSubentry(normName);
        PresenceNode presenceNode = new PresenceNode("objectClass");
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"+", PartitionNexusProxy.BYPASS_ALL});
        NamingEnumeration<SearchResult> search = this.nexus.search(new SearchOperationContext(ldapDN2, this.factoryCfg.getEnvironment(), presenceNode, searchControls));
        while (search.hasMore()) {
            SearchResult searchResult = (SearchResult) search.next();
            Attributes attributes = searchResult.getAttributes();
            Name ldapDN4 = new LdapDN(searchResult.getName());
            ldapDN4.normalize(this.attrRegistry.getNormalizerMapping());
            if (this.evaluator.evaluate(subtreeSpecification, name, ldapDN4, attributes)) {
                this.nexus.modify(new ModifyOperationContext(ldapDN4, getOperationalModsForReplace(dn, ldapDN3, subentry2, attributes)));
            }
        }
    }

    private int getSubentryTypes(Attributes attributes, int i, Attributes attributes2) throws NamingException {
        if (attributes2.get("objectClass") == null) {
            return getSubentryTypes(attributes);
        }
        if (i == 2) {
            return getSubentryTypes(attributes2);
        }
        Attribute attribute = attributes2.get("objectClass");
        Attribute attribute2 = (Attribute) attributes.get("objectClass").clone();
        if (i == 1) {
            for (int i2 = 0; i2 < attribute.size(); i2++) {
                attribute2.add(attribute.get(i2));
            }
        } else {
            for (int i3 = 0; i3 < attribute.size(); i3++) {
                attribute2.remove(attribute.get(i3));
            }
        }
        AttributesImpl attributesImpl = new AttributesImpl();
        attributesImpl.put(attribute2);
        return getSubentryTypes(attributesImpl);
    }

    private int getSubentryTypes(Attributes attributes, ModificationItemImpl[] modificationItemImplArr) throws NamingException {
        Attribute attribute = (Attribute) attributes.get("objectClass").clone();
        for (int i = 0; i < modificationItemImplArr.length; i++) {
            if (modificationItemImplArr[i].getAttribute().getID().equalsIgnoreCase("objectClass")) {
                switch (modificationItemImplArr[i].getModificationOp()) {
                    case 1:
                        for (int i2 = 0; i2 < modificationItemImplArr[i].getAttribute().size(); i2++) {
                            attribute.add(modificationItemImplArr[i].getAttribute().get(i2));
                        }
                        break;
                    case 2:
                        attribute = modificationItemImplArr[i].getAttribute();
                        break;
                    case 3:
                        for (int i3 = 0; i3 < modificationItemImplArr[i].getAttribute().size(); i3++) {
                            attribute.remove(modificationItemImplArr[i].getAttribute().get(i3));
                        }
                        break;
                }
            }
        }
        AttributesImpl attributesImpl = new AttributesImpl();
        attributesImpl.put(attribute);
        return getSubentryTypes(attributesImpl);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void modify(NextInterceptor nextInterceptor, ModifyOperationContext modifyOperationContext) throws NamingException {
        LdapDN dn = modifyOperationContext.getDn();
        ModificationItemImpl[] modItems = modifyOperationContext.getModItems();
        Attributes lookup = this.nexus.lookup(new LookupOperationContext(dn));
        Attributes attributes = (Attributes) lookup.clone();
        Attribute attribute = AttributeUtils.getAttribute(lookup, this.objectClassType);
        boolean z = false;
        ModificationItemImpl modificationItemImpl = null;
        for (int i = 0; i < modItems.length; i++) {
            if ("subtreeSpecification".equalsIgnoreCase(modItems[i].getAttribute().getID())) {
                z = true;
                modificationItemImpl = modItems[i];
            }
        }
        if (!AttributeUtils.containsValueCaseIgnore(attribute, "subentry") || !z) {
            nextInterceptor.modify(modifyOperationContext);
            if (AttributeUtils.containsValueCaseIgnore(attribute, "subentry")) {
                return;
            }
            ModificationItemImpl[] modsOnEntryModification = getModsOnEntryModification(dn, attributes, this.nexus.lookup(new LookupOperationContext(dn)));
            if (modsOnEntryModification.length > 0) {
                this.nexus.modify(new ModifyOperationContext(dn, modsOnEntryModification));
                return;
            }
            return;
        }
        SubtreeSpecification subtreeSpecification = this.subentryCache.removeSubentry(dn.toString()).getSubtreeSpecification();
        try {
            SubtreeSpecification parse = this.ssParser.parse((String) modificationItemImpl.getAttribute().get());
            this.subentryCache.setSubentry(dn.toNormName(), parse, getSubentryTypes(lookup, modItems));
            nextInterceptor.modify(modifyOperationContext);
            Name name = (LdapDN) dn.clone();
            name.remove(name.size() - 1);
            LdapDN ldapDN = (LdapDN) name.clone();
            ldapDN.addAll(subtreeSpecification.getBase());
            PresenceNode presenceNode = new PresenceNode(this.oidRegistry.getOid("objectClass"));
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[]{"+", PartitionNexusProxy.BYPASS_ALL});
            NamingEnumeration<SearchResult> search = this.nexus.search(new SearchOperationContext(ldapDN, this.factoryCfg.getEnvironment(), presenceNode, searchControls));
            while (search.hasMore()) {
                SearchResult searchResult = (SearchResult) search.next();
                Attributes attributes2 = searchResult.getAttributes();
                Name ldapDN2 = new LdapDN(searchResult.getName());
                ldapDN2.normalize(this.attrRegistry.getNormalizerMapping());
                if (this.evaluator.evaluate(subtreeSpecification, name, ldapDN2, attributes2)) {
                    this.nexus.modify(new ModifyOperationContext(ldapDN2, getOperationalModsForRemove(dn, attributes2)));
                }
            }
            Attributes subentryOperatationalAttributes = getSubentryOperatationalAttributes(dn, this.subentryCache.getSubentry(dn.toNormName()));
            LdapDN ldapDN3 = (LdapDN) name.clone();
            ldapDN3.addAll(parse.getBase());
            NamingEnumeration<SearchResult> search2 = this.nexus.search(new SearchOperationContext(ldapDN3, this.factoryCfg.getEnvironment(), presenceNode, searchControls));
            while (search2.hasMore()) {
                SearchResult searchResult2 = (SearchResult) search2.next();
                Attributes attributes3 = searchResult2.getAttributes();
                Name ldapDN4 = new LdapDN(searchResult2.getName());
                ldapDN4.normalize(this.attrRegistry.getNormalizerMapping());
                if (this.evaluator.evaluate(parse, name, ldapDN4, attributes3)) {
                    this.nexus.modify(new ModifyOperationContext(ldapDN4, getOperationalModsForAdd(attributes3, subentryOperatationalAttributes)));
                }
            }
        } catch (Exception e) {
            log.error("failed to parse the new subtreeSpecification", e);
            throw new LdapInvalidAttributeValueException("failed to parse the new subtreeSpecification", ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX);
        }
    }

    private ModificationItemImpl[] getOperationalModsForReplace(Name name, Name name2, Subentry subentry, Attributes attributes) throws NamingException {
        ArrayList arrayList = new ArrayList();
        if (subentry.isAccessControlSubentry()) {
            Attribute attribute = (Attribute) attributes.get("accessControlSubentries").clone();
            if (attribute == null) {
                attribute = new AttributeImpl("accessControlSubentries");
                attribute.add(name2.toString());
            } else {
                attribute.remove(name.toString());
                attribute.add(name2.toString());
            }
            arrayList.add(new ModificationItemImpl(2, attribute));
        }
        if (subentry.isSchemaSubentry()) {
            Attribute attribute2 = (Attribute) attributes.get("subschemaSubentry").clone();
            if (attribute2 == null) {
                attribute2 = new AttributeImpl("subschemaSubentry");
                attribute2.add(name2.toString());
            } else {
                attribute2.remove(name.toString());
                attribute2.add(name2.toString());
            }
            arrayList.add(new ModificationItemImpl(2, attribute2));
        }
        if (subentry.isCollectiveSubentry()) {
            Attribute attribute3 = (Attribute) attributes.get("collectiveAttributeSubentries").clone();
            if (attribute3 == null) {
                attribute3 = new AttributeImpl("collectiveAttributeSubentries");
                attribute3.add(name2.toString());
            } else {
                attribute3.remove(name.toString());
                attribute3.add(name2.toString());
            }
            arrayList.add(new ModificationItemImpl(2, attribute3));
        }
        if (subentry.isTriggerSubentry()) {
            Attribute attribute4 = (Attribute) attributes.get("triggerExecutionSubentries").clone();
            if (attribute4 == null) {
                attribute4 = new AttributeImpl("triggerExecutionSubentries");
                attribute4.add(name2.toString());
            } else {
                attribute4.remove(name.toString());
                attribute4.add(name2.toString());
            }
            arrayList.add(new ModificationItemImpl(2, attribute4));
        }
        return (ModificationItemImpl[]) arrayList.toArray(new ModificationItemImpl[arrayList.size()]);
    }

    private Attributes getSubentryOperatationalAttributes(Name name, Subentry subentry) throws NamingException {
        AttributesImpl attributesImpl = new AttributesImpl();
        if (subentry.isAccessControlSubentry()) {
            if (attributesImpl.get("accessControlSubentries") == null) {
                attributesImpl.put("accessControlSubentries", name.toString());
            } else {
                attributesImpl.get("accessControlSubentries").add(name.toString());
            }
        }
        if (subentry.isSchemaSubentry()) {
            if (attributesImpl.get("subschemaSubentry") == null) {
                attributesImpl.put("subschemaSubentry", name.toString());
            } else {
                attributesImpl.get("subschemaSubentry").add(name.toString());
            }
        }
        if (subentry.isCollectiveSubentry()) {
            if (attributesImpl.get("collectiveAttributeSubentries") == null) {
                attributesImpl.put("collectiveAttributeSubentries", name.toString());
            } else {
                attributesImpl.get("collectiveAttributeSubentries").add(name.toString());
            }
        }
        if (subentry.isTriggerSubentry()) {
            if (attributesImpl.get("triggerExecutionSubentries") == null) {
                attributesImpl.put("triggerExecutionSubentries", name.toString());
            } else {
                attributesImpl.get("triggerExecutionSubentries").add(name.toString());
            }
        }
        return attributesImpl;
    }

    private ModificationItemImpl[] getOperationalModsForRemove(LdapDN ldapDN, Attributes attributes) {
        ArrayList arrayList = new ArrayList();
        String normName = ldapDN.toNormName();
        for (int i = 0; i < SUBENTRY_OPATTRS.length; i++) {
            Attribute attribute = attributes.get(SUBENTRY_OPATTRS[i]);
            if (attribute != null && attribute.contains(normName)) {
                AttributeImpl attributeImpl = new AttributeImpl(SUBENTRY_OPATTRS[i]);
                attributeImpl.add(normName);
                arrayList.add(new ModificationItemImpl(3, attributeImpl));
            }
        }
        return (ModificationItemImpl[]) arrayList.toArray(new ModificationItemImpl[arrayList.size()]);
    }

    public ModificationItemImpl[] getOperationalModsForAdd(Attributes attributes, Attributes attributes2) throws NamingException {
        ArrayList arrayList = new ArrayList();
        NamingEnumeration iDs = attributes2.getIDs();
        while (iDs.hasMore()) {
            int i = 2;
            String str = (String) iDs.next();
            AttributeImpl attributeImpl = new AttributeImpl(str);
            Attribute attribute = attributes2.get(str);
            Attribute attribute2 = attributes.get(str);
            for (int i2 = 0; i2 < attribute.size(); i2++) {
                attributeImpl.add(attribute.get(i2));
            }
            if (attribute2 == null || attribute2.size() <= 0) {
                i = 1;
            } else {
                for (int i3 = 0; i3 < attribute2.size(); i3++) {
                    attributeImpl.add(attribute2.get(i3));
                }
            }
            arrayList.add(new ModificationItemImpl(i, attributeImpl));
        }
        return (ModificationItemImpl[]) arrayList.toArray(new ModificationItemImpl[arrayList.size()]);
    }

    private ModificationItemImpl[] getModsOnEntryModification(LdapDN ldapDN, Attributes attributes, Attributes attributes2) throws NamingException {
        ArrayList arrayList = new ArrayList();
        Iterator nameIterator = this.subentryCache.nameIterator();
        while (nameIterator.hasNext()) {
            String str = (String) nameIterator.next();
            Name ldapDN2 = new LdapDN(str);
            ldapDN2.remove(ldapDN2.size() - 1);
            SubtreeSpecification subtreeSpecification = this.subentryCache.getSubentry(str).getSubtreeSpecification();
            boolean evaluate = this.evaluator.evaluate(subtreeSpecification, ldapDN2, ldapDN, attributes);
            boolean evaluate2 = this.evaluator.evaluate(subtreeSpecification, ldapDN2, ldapDN, attributes2);
            if (evaluate != evaluate2) {
                if (evaluate && !evaluate2) {
                    for (int i = 0; i < SUBENTRY_OPATTRS.length; i++) {
                        Attribute attribute = attributes.get(SUBENTRY_OPATTRS[i]);
                        if (attribute != null) {
                            Attribute attribute2 = (Attribute) attribute.clone();
                            attribute2.remove(str);
                            arrayList.add(new ModificationItemImpl(attribute2.size() < 1 ? 3 : 2, attribute2));
                        }
                    }
                } else if (evaluate2 && !evaluate) {
                    for (int i2 = 0; i2 < SUBENTRY_OPATTRS.length; i2++) {
                        AttributeImpl attributeImpl = new AttributeImpl(SUBENTRY_OPATTRS[i2]);
                        attributeImpl.add(str);
                        arrayList.add(new ModificationItemImpl(1, attributeImpl));
                    }
                }
            }
        }
        return (ModificationItemImpl[]) arrayList.toArray(new ModificationItemImpl[arrayList.size()]);
    }
}
