package org.opends.server.authorization.dseecompat;

import java.util.EnumSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.opends.messages.AccessControlMessages;
import org.opends.server.api.AlertGenerator;
import org.opends.server.api.LocalBackend;
import org.opends.server.api.LocalBackendInitializationListener;
import org.opends.server.api.plugin.InternalDirectoryServerPlugin;
import org.opends.server.api.plugin.PluginResult;
import org.opends.server.api.plugin.PluginType;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ServerContext;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.protocols.internal.Requests;
import org.opends.server.protocols.ldap.LDAPControl;
import org.opends.server.types.Control;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.IndexType;
import org.opends.server.types.Modification;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.operation.PostOperationAddOperation;
import org.opends.server.types.operation.PostOperationDeleteOperation;
import org.opends.server.types.operation.PostOperationModifyDNOperation;
import org.opends.server.types.operation.PostOperationModifyOperation;
import org.opends.server.types.operation.PostSynchronizationAddOperation;
import org.opends.server.types.operation.PostSynchronizationDeleteOperation;
import org.opends.server.types.operation.PostSynchronizationModifyDNOperation;
import org.opends.server.types.operation.PostSynchronizationModifyOperation;
import org.opends.server.util.ServerConstants;
import org.opends.server.workflowelement.localbackend.LocalBackendSearchOperation;

/* loaded from: input_file:org/opends/server/authorization/dseecompat/AciListenerManager.class */
public class AciListenerManager implements LocalBackendInitializationListener, AlertGenerator {
    private static final String CLASS_NAME = "org.opends.server.authorization.dseecompat.AciListenerManager";
    private final DN configurationDN;
    private boolean inLockDownMode;
    private final AciList aciList;
    private final AciChangeListenerPlugin plugin = new AciChangeListenerPlugin();
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private static final SearchFilter aciFilter = buildAciFilter();

    /* loaded from: input_file:org/opends/server/authorization/dseecompat/AciListenerManager$AciChangeListenerPlugin.class */
    private final class AciChangeListenerPlugin extends InternalDirectoryServerPlugin {
        private AciChangeListenerPlugin() {
            super(AciListenerManager.this.configurationDN, EnumSet.of(PluginType.POST_SYNCHRONIZATION_ADD, PluginType.POST_SYNCHRONIZATION_DELETE, PluginType.POST_SYNCHRONIZATION_MODIFY, PluginType.POST_SYNCHRONIZATION_MODIFY_DN, PluginType.POST_OPERATION_ADD, PluginType.POST_OPERATION_DELETE, PluginType.POST_OPERATION_MODIFY, PluginType.POST_OPERATION_MODIFY_DN), true);
        }

        @Override // org.opends.server.api.plugin.DirectoryServerPlugin
        public void doPostSynchronization(PostSynchronizationAddOperation postSynchronizationAddOperation) {
            Entry entryToAdd = postSynchronizationAddOperation.getEntryToAdd();
            if (entryToAdd != null) {
                doPostAdd(entryToAdd);
            }
        }

        @Override // org.opends.server.api.plugin.DirectoryServerPlugin
        public void doPostSynchronization(PostSynchronizationDeleteOperation postSynchronizationDeleteOperation) {
            Entry entryToDelete = postSynchronizationDeleteOperation.getEntryToDelete();
            if (entryToDelete != null) {
                doPostDelete(entryToDelete);
            }
        }

        @Override // org.opends.server.api.plugin.DirectoryServerPlugin
        public void doPostSynchronization(PostSynchronizationModifyDNOperation postSynchronizationModifyDNOperation) {
            Entry updatedEntry = postSynchronizationModifyDNOperation.getUpdatedEntry();
            if (updatedEntry != null) {
                doPostModifyDN(updatedEntry.getName(), updatedEntry.getName());
            }
        }

        @Override // org.opends.server.api.plugin.DirectoryServerPlugin
        public void doPostSynchronization(PostSynchronizationModifyOperation postSynchronizationModifyOperation) {
            Entry currentEntry = postSynchronizationModifyOperation.getCurrentEntry();
            Entry modifiedEntry = postSynchronizationModifyOperation.getModifiedEntry();
            if (currentEntry == null || modifiedEntry == null) {
                return;
            }
            doPostModify(postSynchronizationModifyOperation.getModifications(), currentEntry, modifiedEntry);
        }

        @Override // org.opends.server.api.plugin.DirectoryServerPlugin
        public PluginResult.PostOperation doPostOperation(PostOperationAddOperation postOperationAddOperation) {
            if (postOperationAddOperation.getResultCode() == ResultCode.SUCCESS) {
                doPostAdd(postOperationAddOperation.getEntryToAdd());
            }
            return PluginResult.PostOperation.continueOperationProcessing();
        }

        @Override // org.opends.server.api.plugin.DirectoryServerPlugin
        public PluginResult.PostOperation doPostOperation(PostOperationDeleteOperation postOperationDeleteOperation) {
            if (postOperationDeleteOperation.getResultCode() == ResultCode.SUCCESS) {
                doPostDelete(postOperationDeleteOperation.getEntryToDelete());
            }
            return PluginResult.PostOperation.continueOperationProcessing();
        }

        @Override // org.opends.server.api.plugin.DirectoryServerPlugin
        public PluginResult.PostOperation doPostOperation(PostOperationModifyDNOperation postOperationModifyDNOperation) {
            if (postOperationModifyDNOperation.getResultCode() == ResultCode.SUCCESS) {
                doPostModifyDN(postOperationModifyDNOperation.getOriginalEntry().getName(), postOperationModifyDNOperation.getUpdatedEntry().getName());
            }
            return PluginResult.PostOperation.continueOperationProcessing();
        }

        @Override // org.opends.server.api.plugin.DirectoryServerPlugin
        public PluginResult.PostOperation doPostOperation(PostOperationModifyOperation postOperationModifyOperation) {
            if (postOperationModifyOperation.getResultCode() == ResultCode.SUCCESS) {
                doPostModify(postOperationModifyOperation.getModifications(), postOperationModifyOperation.getCurrentEntry(), postOperationModifyOperation.getModifiedEntry());
            }
            return PluginResult.PostOperation.continueOperationProcessing();
        }

        private void doPostAdd(Entry entry) {
            boolean hasOperationalAttribute = entry.hasOperationalAttribute(AciHandler.aciType);
            boolean hasAttribute = entry.hasAttribute(AciHandler.globalAciType);
            if (hasOperationalAttribute || hasAttribute) {
                AciListenerManager.this.aciList.addAci(entry, hasOperationalAttribute, hasAttribute, new LinkedList());
            }
        }

        private void doPostDelete(Entry entry) {
            AciListenerManager.this.aciList.removeAci(entry, entry.hasOperationalAttribute(AciHandler.aciType), entry.hasAttribute(AciHandler.globalAciType));
        }

        private void doPostModifyDN(DN dn, DN dn2) {
            AciListenerManager.this.aciList.renameAci(dn, dn2);
        }

        private void doPostModify(List<Modification> list, Entry entry, Entry entry2) {
            boolean z = false;
            boolean z2 = false;
            Iterator<Modification> it = list.iterator();
            while (it.hasNext()) {
                AttributeType attributeType = it.next().getAttribute().getAttributeDescription().getAttributeType();
                if (attributeType.equals(AciHandler.aciType)) {
                    z = true;
                } else if (attributeType.equals(AciHandler.globalAciType)) {
                    z2 = true;
                }
                if (z && z2) {
                    break;
                }
            }
            if (z || z2) {
                AciListenerManager.this.aciList.modAciOldNewEntry(entry, entry2, z, z2);
            }
        }
    }

    private static SearchFilter buildAciFilter() {
        try {
            return SearchFilter.createFilterFromString("(aci=*)");
        } catch (DirectoryException e) {
            return null;
        }
    }

    public AciListenerManager(AciList aciList, DN dn) {
        this.aciList = aciList;
        this.configurationDN = dn;
        ServerContext serverContext = DirectoryServer.getInstance().getServerContext();
        Iterator<LocalBackend<?>> it = serverContext.getBackendConfigManager().getLocalBackends().iterator();
        while (it.hasNext()) {
            performBackendPreInitializationProcessing(it.next());
        }
        DirectoryServer.registerInternalPlugin(this.plugin);
        serverContext.getBackendConfigManager().registerLocalBackendInitializationListener(this);
        DirectoryServer.registerAlertGenerator(this);
    }

    public void finalizeListenerManager() {
        DirectoryServer.deregisterInternalPlugin(this.plugin);
        DirectoryServer.getInstance().getServerContext().getBackendConfigManager().deregisterLocalBackendInitializationListener(this);
        DirectoryServer.deregisterAlertGenerator(this);
    }

    @Override // org.opends.server.api.LocalBackendInitializationListener
    public void performBackendPreInitializationProcessing(LocalBackend<?> localBackend) {
        AttributeType attributeType = DirectoryServer.getInstance().getServerContext().getSchema().getAttributeType("aci");
        if (localBackend.getEntryCount() > 0 && !localBackend.isIndexed(attributeType, IndexType.PRESENCE)) {
            logger.warn(AccessControlMessages.WARN_ACI_ATTRIBUTE_NOT_INDEXED, localBackend.getBackendID(), "aci");
        }
        LinkedList<LocalizableMessage> linkedList = new LinkedList<>();
        LDAPControl lDAPControl = new LDAPControl(ServerConstants.OID_MANAGE_DSAIT_CONTROL, true);
        LDAPControl lDAPControl2 = new LDAPControl(ServerConstants.OID_INTERNAL_GROUP_MEMBERSHIP_UPDATE, false);
        for (DN dn : localBackend.getBaseDNs()) {
            try {
                if (localBackend.entryExists(dn)) {
                    InternalSearchOperation internalSearchOperation = new InternalSearchOperation(InternalClientConnection.getRootConnection(), InternalClientConnection.nextOperationID(), InternalClientConnection.nextMessageID(), Requests.newSearchRequest(dn, SearchScope.WHOLE_SUBTREE, aciFilter, new String[0]).addControl((Control) lDAPControl).addControl((Control) lDAPControl2).addAttribute("aci"));
                    try {
                        localBackend.search(new LocalBackendSearchOperation(internalSearchOperation));
                        if (!internalSearchOperation.getSearchEntries().isEmpty()) {
                            int addAci = this.aciList.addAci(internalSearchOperation.getSearchEntries(), linkedList);
                            if (!linkedList.isEmpty()) {
                                logMsgsSetLockDownMode(linkedList);
                            }
                            logger.debug(AccessControlMessages.INFO_ACI_ADD_LIST_ACIS, Integer.valueOf(addAci), dn);
                        }
                    } catch (Exception e) {
                        logger.trace(AccessControlMessages.INFO_ACI_HANDLER_FAIL_PROCESS_ACI, e);
                    }
                }
            } catch (Exception e2) {
                logger.traceException(e2);
            }
        }
    }

    @Override // org.opends.server.api.LocalBackendInitializationListener
    public void performBackendPostFinalizationProcessing(LocalBackend<?> localBackend) {
        this.aciList.removeAci(localBackend);
    }

    @Override // org.opends.server.api.LocalBackendInitializationListener
    public void performBackendPostInitializationProcessing(LocalBackend<?> localBackend) {
    }

    @Override // org.opends.server.api.LocalBackendInitializationListener
    public void performBackendPreFinalizationProcessing(LocalBackend<?> localBackend) {
    }

    @Override // org.opends.server.api.AlertGenerator
    public String getClassName() {
        return CLASS_NAME;
    }

    @Override // org.opends.server.api.AlertGenerator
    public DN getComponentEntryDN() {
        return this.configurationDN;
    }

    @Override // org.opends.server.api.AlertGenerator
    public LinkedHashMap<String, String> getAlerts() {
        LinkedHashMap<String, String> linkedHashMap = new LinkedHashMap<>();
        linkedHashMap.put(ServerConstants.ALERT_TYPE_ACCESS_CONTROL_PARSE_FAILED, ServerConstants.ALERT_DESCRIPTION_ACCESS_CONTROL_PARSE_FAILED);
        return linkedHashMap;
    }

    private void logMsgsSetLockDownMode(LinkedList<LocalizableMessage> linkedList) {
        Iterator<LocalizableMessage> it = linkedList.iterator();
        while (it.hasNext()) {
            logger.warn(AccessControlMessages.WARN_ACI_SERVER_DECODE_FAILED, it.next());
        }
        if (this.inLockDownMode) {
            return;
        }
        setLockDownMode();
    }

    private void setLockDownMode() {
        if (this.inLockDownMode) {
            return;
        }
        this.inLockDownMode = true;
        DirectoryServer.sendAlertNotification(this, ServerConstants.ALERT_TYPE_ACCESS_CONTROL_PARSE_FAILED, AccessControlMessages.WARN_ACI_ENTER_LOCKDOWN_MODE.get());
        DirectoryServer.setLockdownMode(true);
    }
}
