package org.opends.server.authorization.dseecompat;

import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.opends.messages.AccessControlMessages;
import org.opends.server.api.Group;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.GroupManager;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.LDAPURL;

/* loaded from: input_file:org/opends/server/authorization/dseecompat/GroupDN.class */
class GroupDN implements KeywordBindRule {
    private final List<DN> groupDNs;
    private final EnumBindRuleType type;
    private static final String LDAP_URLS = "\\s*(ldap:///[^\\|]+)\\s*(\\|\\|\\s*\\s*(ldap:///[^\\|]+))*";

    private GroupDN(EnumBindRuleType enumBindRuleType, List<DN> list) {
        this.groupDNs = list;
        this.type = enumBindRuleType;
    }

    public static KeywordBindRule decode(String str, EnumBindRuleType enumBindRuleType) throws AciException {
        if (!Pattern.matches(LDAP_URLS, str)) {
            throw new AciException(AccessControlMessages.WARN_ACI_SYNTAX_INVALID_GROUPDN_EXPRESSION.get(str));
        }
        LinkedList linkedList = new LinkedList();
        Matcher matcher = Pattern.compile(Aci.LDAP_URL).matcher(str);
        while (matcher.find()) {
            try {
                linkedList.add(LDAPURL.decode(matcher.group(1).trim(), true).getBaseDN());
            } catch (LocalizedIllegalArgumentException | DirectoryException e) {
                throw new AciException(AccessControlMessages.WARN_ACI_SYNTAX_INVALID_GROUPDN_URL.get(e.getMessageObject()));
            }
        }
        return new GroupDN(enumBindRuleType, linkedList);
    }

    @Override // org.opends.server.authorization.dseecompat.KeywordBindRule
    public EnumEvalResult evaluate(AciEvalContext aciEvalContext) {
        EnumEvalResult enumEvalResult = EnumEvalResult.FALSE;
        Iterator<DN> it = this.groupDNs.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Group<?> groupInstance = getGroupManager().getGroupInstance(it.next());
            if (groupInstance != null && aciEvalContext.isMemberOf(groupInstance)) {
                enumEvalResult = EnumEvalResult.TRUE;
                break;
            }
        }
        return enumEvalResult.getRet(this.type, false);
    }

    public static boolean evaluate(Entry entry, AciEvalContext aciEvalContext, AttributeType attributeType, DN dn) {
        Iterator<ByteString> it = entry.getAllAttributes(attributeType).get(0).iterator();
        while (it.hasNext()) {
            try {
                DN valueOf = DN.valueOf(it.next().toString());
                if (dn == null || valueOf.isSubordinateOrEqualTo(dn)) {
                    Group<?> groupInstance = getGroupManager().getGroupInstance(valueOf);
                    if (groupInstance != null && aciEvalContext.isMemberOf(groupInstance)) {
                        return true;
                    }
                }
            } catch (LocalizedIllegalArgumentException e) {
                return false;
            }
        }
        return false;
    }

    private static GroupManager getGroupManager() {
        return DirectoryServer.getGroupManager();
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        toString(sb);
        return sb.toString();
    }

    @Override // org.opends.server.authorization.dseecompat.KeywordBindRule
    public final void toString(StringBuilder sb) {
        sb.append(super.toString());
    }
}
