package org.opends.server.core;

import java.util.ArrayList;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.Configuration;
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.config.server.ConfigurationAddListener;
import org.forgerock.opendj.config.server.ConfigurationChangeListener;
import org.forgerock.opendj.config.server.ConfigurationDeleteListener;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.server.config.meta.GroupImplementationCfgDefn;
import org.forgerock.opendj.server.config.server.GroupImplementationCfg;
import org.forgerock.opendj.server.config.server.RootCfg;
import org.forgerock.util.Utils;
import org.opends.messages.ConfigMessages;
import org.opends.messages.CoreMessages;
import org.opends.server.api.DITCacheMap;
import org.opends.server.api.Group;
import org.opends.server.api.LocalBackend;
import org.opends.server.api.LocalBackendInitializationListener;
import org.opends.server.api.plugin.InternalDirectoryServerPlugin;
import org.opends.server.api.plugin.PluginResult;
import org.opends.server.api.plugin.PluginType;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.protocols.internal.Requests;
import org.opends.server.protocols.ldap.LDAPControl;
import org.opends.server.types.Control;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.InitializationException;
import org.opends.server.types.Modification;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.SearchResultEntry;
import org.opends.server.types.operation.PluginOperation;
import org.opends.server.types.operation.PostOperationAddOperation;
import org.opends.server.types.operation.PostOperationDeleteOperation;
import org.opends.server.types.operation.PostOperationModifyDNOperation;
import org.opends.server.types.operation.PostOperationModifyOperation;
import org.opends.server.types.operation.PostSynchronizationAddOperation;
import org.opends.server.types.operation.PostSynchronizationDeleteOperation;
import org.opends.server.types.operation.PostSynchronizationModifyDNOperation;
import org.opends.server.types.operation.PostSynchronizationModifyOperation;
import org.opends.server.util.ServerConstants;
import org.opends.server.util.StaticUtils;
import org.opends.server.workflowelement.localbackend.LocalBackendSearchOperation;

/* loaded from: input_file:org/opends/server/core/GroupManager.class */
public class GroupManager extends InternalDirectoryServerPlugin implements ConfigurationChangeListener<GroupImplementationCfg>, ConfigurationAddListener<GroupImplementationCfg>, ConfigurationDeleteListener<GroupImplementationCfg>, LocalBackendInitializationListener {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private volatile long refreshToken;
    private ConcurrentMap<DN, Group<?>> groupImplementations;
    private DITCacheMap<Group<?>> groupInstances;
    private final ReadWriteLock lock;
    private static final String CONFIG_DN = "cn=Group Manager,cn=config";
    private final ServerContext serverContext;

    public GroupManager(ServerContext serverContext) throws DirectoryException {
        super(DN.valueOf(CONFIG_DN), EnumSet.of(PluginType.POST_OPERATION_ADD, PluginType.POST_OPERATION_DELETE, PluginType.POST_OPERATION_MODIFY, PluginType.POST_OPERATION_MODIFY_DN, PluginType.POST_SYNCHRONIZATION_ADD, PluginType.POST_SYNCHRONIZATION_DELETE, PluginType.POST_SYNCHRONIZATION_MODIFY, PluginType.POST_SYNCHRONIZATION_MODIFY_DN), true);
        this.serverContext = serverContext;
        this.groupImplementations = new ConcurrentHashMap();
        this.groupInstances = new DITCacheMap<>();
        this.lock = new ReentrantReadWriteLock();
        DirectoryServer.registerInternalPlugin(this);
        serverContext.getBackendConfigManager().registerLocalBackendInitializationListener(this);
    }

    public void initializeGroupImplementations() throws ConfigException, InitializationException {
        RootCfg rootConfig = this.serverContext.getRootConfig();
        rootConfig.addGroupImplementationAddListener(this);
        rootConfig.addGroupImplementationDeleteListener(this);
        for (String str : rootConfig.listGroupImplementations()) {
            GroupImplementationCfg groupImplementation = rootConfig.getGroupImplementation(str);
            groupImplementation.addChangeListener(this);
            if (groupImplementation.isEnabled()) {
                try {
                    this.groupImplementations.put(groupImplementation.dn(), loadGroup(groupImplementation.getJavaClass(), groupImplementation, true));
                } catch (InitializationException e) {
                    logger.error(e.getMessageObject());
                }
            }
        }
    }

    public boolean isConfigurationAddAcceptable(GroupImplementationCfg groupImplementationCfg, List<LocalizableMessage> list) {
        if (!groupImplementationCfg.isEnabled()) {
            return true;
        }
        try {
            loadGroup(groupImplementationCfg.getJavaClass(), groupImplementationCfg, false);
            return true;
        } catch (InitializationException e) {
            list.add(e.getMessageObject());
            return false;
        }
    }

    public ConfigChangeResult applyConfigurationAdd(GroupImplementationCfg groupImplementationCfg) {
        ConfigChangeResult configChangeResult = new ConfigChangeResult();
        groupImplementationCfg.addChangeListener(this);
        if (!groupImplementationCfg.isEnabled()) {
            return configChangeResult;
        }
        Group<?> group = null;
        try {
            group = loadGroup(groupImplementationCfg.getJavaClass(), groupImplementationCfg, true);
        } catch (InitializationException e) {
            configChangeResult.setResultCode(DirectoryServer.getCoreConfigManager().getServerErrorResultCode());
            configChangeResult.addMessage(e.getMessageObject());
        }
        if (configChangeResult.getResultCode() == ResultCode.SUCCESS) {
            this.groupImplementations.put(groupImplementationCfg.dn(), group);
        }
        return configChangeResult;
    }

    public boolean isConfigurationDeleteAcceptable(GroupImplementationCfg groupImplementationCfg, List<LocalizableMessage> list) {
        return true;
    }

    public ConfigChangeResult applyConfigurationDelete(GroupImplementationCfg groupImplementationCfg) {
        ConfigChangeResult configChangeResult = new ConfigChangeResult();
        Group<?> remove = this.groupImplementations.remove(groupImplementationCfg.dn());
        if (remove != null) {
            this.lock.writeLock().lock();
            try {
                Iterator<Group<?>> it = this.groupInstances.values().iterator();
                while (it.hasNext()) {
                    if (it.next().getClass().getName().equals(remove.getClass().getName())) {
                        it.remove();
                    }
                }
                remove.finalizeGroupImplementation();
            } finally {
                this.lock.writeLock().unlock();
            }
        }
        return configChangeResult;
    }

    public boolean isConfigurationChangeAcceptable(GroupImplementationCfg groupImplementationCfg, List<LocalizableMessage> list) {
        if (!groupImplementationCfg.isEnabled()) {
            return true;
        }
        try {
            loadGroup(groupImplementationCfg.getJavaClass(), groupImplementationCfg, false);
            return true;
        } catch (InitializationException e) {
            list.add(e.getMessageObject());
            return false;
        }
    }

    public ConfigChangeResult applyConfigurationChange(GroupImplementationCfg groupImplementationCfg) {
        Group<?> remove;
        ConfigChangeResult configChangeResult = new ConfigChangeResult();
        Group<?> group = this.groupImplementations.get(groupImplementationCfg.dn());
        if (!groupImplementationCfg.isEnabled()) {
            if (group != null && (remove = this.groupImplementations.remove(groupImplementationCfg.dn())) != null) {
                this.lock.writeLock().lock();
                try {
                    Iterator<Group<?>> it = this.groupInstances.values().iterator();
                    while (it.hasNext()) {
                        if (it.next().getClass().getName().equals(remove.getClass().getName())) {
                            it.remove();
                        }
                    }
                    remove.finalizeGroupImplementation();
                } finally {
                    this.lock.writeLock().unlock();
                }
            }
            return configChangeResult;
        }
        String javaClass = groupImplementationCfg.getJavaClass();
        if (group != null) {
            if (!javaClass.equals(group.getClass().getName())) {
                configChangeResult.setAdminActionRequired(true);
            }
            return configChangeResult;
        }
        Group<?> group2 = null;
        try {
            group2 = loadGroup(javaClass, groupImplementationCfg, true);
        } catch (InitializationException e) {
            configChangeResult.setResultCode(DirectoryServer.getCoreConfigManager().getServerErrorResultCode());
            configChangeResult.addMessage(e.getMessageObject());
        }
        if (configChangeResult.getResultCode() == ResultCode.SUCCESS) {
            this.groupImplementations.put(groupImplementationCfg.dn(), group2);
        }
        return configChangeResult;
    }

    private static Group<?> loadGroup(String str, GroupImplementationCfg groupImplementationCfg, boolean z) throws InitializationException {
        try {
            Group<?> group = (Group) GroupImplementationCfgDefn.getInstance().getJavaClassPropertyDefinition().loadClass(str, Group.class).newInstance();
            if (z) {
                group.initializeGroupImplementation(groupImplementationCfg);
            } else {
                ArrayList arrayList = new ArrayList();
                if (!group.isConfigurationAcceptable(groupImplementationCfg, arrayList)) {
                    throw new InitializationException(ConfigMessages.ERR_CONFIG_GROUP_CONFIG_NOT_ACCEPTABLE.get(groupImplementationCfg.dn(), Utils.joinAsString(".  ", arrayList)));
                }
            }
            return group;
        } catch (Exception e) {
            throw new InitializationException(ConfigMessages.ERR_CONFIG_GROUP_INITIALIZATION_FAILED.get(str, groupImplementationCfg.dn(), StaticUtils.stackTraceToSingleLineString(e)), e);
        }
    }

    public void finalizeGroupManager() {
        DirectoryServer.deregisterInternalPlugin(this);
        this.serverContext.getBackendConfigManager().deregisterLocalBackendInitializationListener(this);
        deregisterAllGroups();
        Iterator<Group<?>> it = this.groupImplementations.values().iterator();
        while (it.hasNext()) {
            it.next().finalizeGroupImplementation();
        }
        this.groupImplementations.clear();
    }

    public Iterable<Group<?>> getGroupImplementations() {
        return this.groupImplementations.values();
    }

    public Iterable<Group<?>> getGroupInstances() {
        this.lock.readLock().lock();
        try {
            return new ArrayList(this.groupInstances.values());
        } finally {
            this.lock.readLock().unlock();
        }
    }

    public Group<?> getGroupInstance(DN dn) {
        this.lock.readLock().lock();
        try {
            return this.groupInstances.get(dn);
        } finally {
            this.lock.readLock().unlock();
        }
    }

    @Override // org.opends.server.api.LocalBackendInitializationListener
    public void performBackendPreInitializationProcessing(LocalBackend<?> localBackend) {
        InternalClientConnection rootConnection = InternalClientConnection.getRootConnection();
        LDAPControl lDAPControl = new LDAPControl(ServerConstants.OID_INTERNAL_GROUP_MEMBERSHIP_UPDATE, false);
        for (DN dn : this.groupImplementations.keySet()) {
            Group<?> group = this.groupImplementations.get(dn);
            try {
                SearchFilter groupDefinitionFilter = group.getGroupDefinitionFilter();
                if (localBackend.getEntryCount() > 0 && !localBackend.isIndexed(groupDefinitionFilter)) {
                    logger.warn(CoreMessages.WARN_GROUP_FILTER_NOT_INDEXED, groupDefinitionFilter, dn, localBackend.getBackendID());
                }
                for (DN dn2 : localBackend.getBaseDNs()) {
                    try {
                        if (localBackend.entryExists(dn2)) {
                            InternalSearchOperation internalSearchOperation = new InternalSearchOperation(rootConnection, InternalClientConnection.nextOperationID(), InternalClientConnection.nextMessageID(), Requests.newSearchRequest(dn2, SearchScope.WHOLE_SUBTREE, groupDefinitionFilter, new String[0]).addControl((Control) lDAPControl));
                            try {
                                localBackend.search(new LocalBackendSearchOperation(internalSearchOperation));
                                this.lock.writeLock().lock();
                                try {
                                    Iterator<SearchResultEntry> it = internalSearchOperation.getSearchEntries().iterator();
                                    while (it.hasNext()) {
                                        SearchResultEntry next = it.next();
                                        try {
                                            this.groupInstances.put(next.getName(), (DN) group.newInstance2(this.serverContext, next));
                                            this.refreshToken++;
                                        } catch (DirectoryException e) {
                                            logger.traceException(e);
                                        }
                                    }
                                } finally {
                                    this.lock.writeLock().unlock();
                                }
                            } catch (Exception e2) {
                                logger.traceException(e2);
                            }
                        }
                    } catch (Exception e3) {
                        logger.traceException(e3);
                    }
                }
            } catch (Exception e4) {
                logger.traceException(e4);
            }
        }
    }

    @Override // org.opends.server.api.LocalBackendInitializationListener
    public void performBackendPostFinalizationProcessing(LocalBackend<?> localBackend) {
        this.lock.writeLock().lock();
        try {
            Iterator<Map.Entry<DN, Group<?>>> it = this.groupInstances.entrySet().iterator();
            while (it.hasNext()) {
                if (localBackend.handlesEntry(it.next().getKey())) {
                    it.remove();
                }
            }
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    @Override // org.opends.server.api.LocalBackendInitializationListener
    public void performBackendPostInitializationProcessing(LocalBackend<?> localBackend) {
    }

    @Override // org.opends.server.api.LocalBackendInitializationListener
    public void performBackendPreFinalizationProcessing(LocalBackend<?> localBackend) {
    }

    private void doPostAdd(PluginOperation pluginOperation, Entry entry) {
        if (hasGroupMembershipUpdateControl(pluginOperation)) {
            return;
        }
        createAndRegisterGroup(entry);
    }

    private static boolean hasGroupMembershipUpdateControl(PluginOperation pluginOperation) {
        List<Control> requestControls = pluginOperation.getRequestControls();
        if (requestControls == null) {
            return false;
        }
        Iterator<Control> it = requestControls.iterator();
        while (it.hasNext()) {
            if (ServerConstants.OID_INTERNAL_GROUP_MEMBERSHIP_UPDATE.equals(it.next().getOID())) {
                return true;
            }
        }
        return false;
    }

    private void doPostDelete(PluginOperation pluginOperation, Entry entry) {
        if (hasGroupMembershipUpdateControl(pluginOperation)) {
            return;
        }
        this.lock.writeLock().lock();
        try {
            if (this.groupInstances.removeSubtree(entry.getName(), null)) {
                this.refreshToken++;
            }
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    private boolean updatesObjectClass(List<Modification> list) {
        Iterator<Modification> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().getAttribute().getAttributeDescription().getAttributeType().isObjectClass()) {
                return true;
            }
        }
        return false;
    }

    private void doPostModify(PluginOperation pluginOperation, Entry entry, Entry entry2, List<Modification> list) {
        if (hasGroupMembershipUpdateControl(pluginOperation)) {
            return;
        }
        this.lock.readLock().lock();
        try {
            if (this.groupInstances.containsKey(entry.getName())) {
                this.lock.readLock().unlock();
                this.lock.writeLock().lock();
                try {
                    try {
                        Group<?> group = this.groupInstances.get(entry.getName());
                        if (group != null) {
                            if (entry.getName().equals(entry2.getName()) && group.mayAlterMemberList() && !updatesObjectClass(list)) {
                                group.updateMembers(list);
                            } else {
                                this.groupInstances.remove(entry.getName());
                                createAndRegisterGroup(entry2);
                            }
                        }
                        this.lock.writeLock().unlock();
                    } catch (UnsupportedOperationException | DirectoryException e) {
                        logger.traceException(e);
                        this.lock.writeLock().unlock();
                    }
                } catch (Throwable th) {
                    this.lock.writeLock().unlock();
                    throw th;
                }
            }
        } finally {
            this.lock.readLock().unlock();
        }
    }

    private void doPostModifyDN(PluginOperation pluginOperation, Entry entry, Entry entry2) {
        if (hasGroupMembershipUpdateControl(pluginOperation)) {
            return;
        }
        this.lock.writeLock().lock();
        try {
            HashSet<Group<?>> hashSet = new HashSet();
            DN name = entry.getName();
            DN name2 = entry2.getName();
            this.groupInstances.removeSubtree(name, hashSet);
            for (Group<?> group : hashSet) {
                DN rename = group.getGroupDN().rename(name, name2);
                group.setGroupDN(rename);
                this.groupInstances.put(rename, (DN) group);
            }
            if (!hashSet.isEmpty()) {
                this.refreshToken++;
            }
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    @Override // org.opends.server.api.plugin.DirectoryServerPlugin
    public PluginResult.PostOperation doPostOperation(PostOperationAddOperation postOperationAddOperation) {
        if (postOperationAddOperation.getResultCode() == ResultCode.SUCCESS) {
            doPostAdd(postOperationAddOperation, postOperationAddOperation.getEntryToAdd());
        }
        return PluginResult.PostOperation.continueOperationProcessing();
    }

    @Override // org.opends.server.api.plugin.DirectoryServerPlugin
    public PluginResult.PostOperation doPostOperation(PostOperationDeleteOperation postOperationDeleteOperation) {
        if (postOperationDeleteOperation.getResultCode() == ResultCode.SUCCESS) {
            doPostDelete(postOperationDeleteOperation, postOperationDeleteOperation.getEntryToDelete());
        }
        return PluginResult.PostOperation.continueOperationProcessing();
    }

    @Override // org.opends.server.api.plugin.DirectoryServerPlugin
    public PluginResult.PostOperation doPostOperation(PostOperationModifyOperation postOperationModifyOperation) {
        if (postOperationModifyOperation.getResultCode() == ResultCode.SUCCESS) {
            doPostModify(postOperationModifyOperation, postOperationModifyOperation.getCurrentEntry(), postOperationModifyOperation.getModifiedEntry(), postOperationModifyOperation.getModifications());
        }
        return PluginResult.PostOperation.continueOperationProcessing();
    }

    @Override // org.opends.server.api.plugin.DirectoryServerPlugin
    public PluginResult.PostOperation doPostOperation(PostOperationModifyDNOperation postOperationModifyDNOperation) {
        if (postOperationModifyDNOperation.getResultCode() == ResultCode.SUCCESS) {
            doPostModifyDN(postOperationModifyDNOperation, postOperationModifyDNOperation.getOriginalEntry(), postOperationModifyDNOperation.getUpdatedEntry());
        }
        return PluginResult.PostOperation.continueOperationProcessing();
    }

    @Override // org.opends.server.api.plugin.DirectoryServerPlugin
    public void doPostSynchronization(PostSynchronizationAddOperation postSynchronizationAddOperation) {
        Entry entryToAdd = postSynchronizationAddOperation.getEntryToAdd();
        if (entryToAdd != null) {
            doPostAdd(postSynchronizationAddOperation, entryToAdd);
        }
    }

    @Override // org.opends.server.api.plugin.DirectoryServerPlugin
    public void doPostSynchronization(PostSynchronizationDeleteOperation postSynchronizationDeleteOperation) {
        Entry entryToDelete = postSynchronizationDeleteOperation.getEntryToDelete();
        if (entryToDelete != null) {
            doPostDelete(postSynchronizationDeleteOperation, entryToDelete);
        }
    }

    @Override // org.opends.server.api.plugin.DirectoryServerPlugin
    public void doPostSynchronization(PostSynchronizationModifyOperation postSynchronizationModifyOperation) {
        Entry currentEntry = postSynchronizationModifyOperation.getCurrentEntry();
        Entry modifiedEntry = postSynchronizationModifyOperation.getModifiedEntry();
        if (currentEntry == null || modifiedEntry == null) {
            return;
        }
        doPostModify(postSynchronizationModifyOperation, currentEntry, modifiedEntry, postSynchronizationModifyOperation.getModifications());
    }

    @Override // org.opends.server.api.plugin.DirectoryServerPlugin
    public void doPostSynchronization(PostSynchronizationModifyDNOperation postSynchronizationModifyDNOperation) {
        Entry originalEntry = postSynchronizationModifyDNOperation.getOriginalEntry();
        Entry updatedEntry = postSynchronizationModifyDNOperation.getUpdatedEntry();
        if (originalEntry == null || updatedEntry == null) {
            return;
        }
        doPostModifyDN(postSynchronizationModifyDNOperation, originalEntry, updatedEntry);
    }

    private void createAndRegisterGroup(Entry entry) {
        for (Group<?> group : this.groupImplementations.values()) {
            try {
                if (group.isGroupDefinition(entry)) {
                    Group<?> newInstance2 = group.newInstance2(this.serverContext, entry);
                    this.lock.writeLock().lock();
                    try {
                        this.groupInstances.put(entry.getName(), (DN) newInstance2);
                        this.refreshToken++;
                        this.lock.writeLock().unlock();
                    } catch (Throwable th) {
                        this.lock.writeLock().unlock();
                        throw th;
                        break;
                    }
                }
            } catch (DirectoryException e) {
                logger.traceException(e);
            }
        }
    }

    void deregisterAllGroups() {
        this.lock.writeLock().lock();
        try {
            this.groupInstances.clear();
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    public boolean hasInstancesChanged(long j) {
        return j != this.refreshToken;
    }

    public long refreshToken() {
        return this.refreshToken;
    }

    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(Configuration configuration, List list) {
        return isConfigurationChangeAcceptable((GroupImplementationCfg) configuration, (List<LocalizableMessage>) list);
    }

    public /* bridge */ /* synthetic */ boolean isConfigurationAddAcceptable(Configuration configuration, List list) {
        return isConfigurationAddAcceptable((GroupImplementationCfg) configuration, (List<LocalizableMessage>) list);
    }

    public /* bridge */ /* synthetic */ boolean isConfigurationDeleteAcceptable(Configuration configuration, List list) {
        return isConfigurationDeleteAcceptable((GroupImplementationCfg) configuration, (List<LocalizableMessage>) list);
    }
}
