package org.apache.directory.server.core.authz.support;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import javax.naming.NamingException;
import org.apache.directory.server.core.authn.AuthenticationInterceptor;
import org.apache.directory.server.core.authz.AciAuthorizationInterceptor;
import org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor;
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.event.EventInterceptor;
import org.apache.directory.server.core.event.ExpressionEvaluator;
import org.apache.directory.server.core.interceptor.context.OperationContext;
import org.apache.directory.server.core.normalization.NormalizationInterceptor;
import org.apache.directory.server.core.operational.OperationalAttributeInterceptor;
import org.apache.directory.server.core.schema.SchemaInterceptor;
import org.apache.directory.server.core.subtree.RefinementEvaluator;
import org.apache.directory.server.core.subtree.RefinementLeafEvaluator;
import org.apache.directory.server.core.subtree.SubentryInterceptor;
import org.apache.directory.server.core.subtree.SubtreeEvaluator;
import org.apache.directory.server.core.trigger.TriggerInterceptor;
import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
import org.apache.directory.server.schema.registries.OidRegistry;
import org.apache.directory.server.schema.registries.Registries;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.MicroOperation;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
import org.apache.directory.shared.ldap.name.LdapDN;

/* loaded from: input_file:org/apache/directory/server/core/authz/support/ACDFEngine.class */
public class ACDFEngine {
    private final ACITupleFilter[] filters;
    public static final Collection<String> USER_LOOKUP_BYPASS;

    public ACDFEngine(OidRegistry oidRegistry, AttributeTypeRegistry attributeTypeRegistry) throws NamingException {
        this.filters = new ACITupleFilter[]{new RelatedUserClassFilter(new SubtreeEvaluator(oidRegistry, attributeTypeRegistry)), new RelatedProtectedItemFilter(new RefinementEvaluator(new RefinementLeafEvaluator(oidRegistry)), new ExpressionEvaluator(oidRegistry, attributeTypeRegistry), oidRegistry, attributeTypeRegistry), new MaxValueCountFilter(), new MaxImmSubFilter(), new RestrictedByFilter(), new MicroOperationFilter(), new HighestPrecedenceFilter(), new MostSpecificUserClassFilter(), new MostSpecificProtectedItemFilter()};
    }

    public void checkPermission(Registries registries, OperationContext operationContext, Collection<LdapDN> collection, LdapDN ldapDN, AuthenticationLevel authenticationLevel, LdapDN ldapDN2, String str, Value<?> value, Collection<MicroOperation> collection2, Collection<ACITuple> collection3, ServerEntry serverEntry, ServerEntry serverEntry2) throws Exception {
        if (!hasPermission(registries, operationContext, collection, ldapDN, authenticationLevel, ldapDN2, str, value, collection2, collection3, serverEntry, serverEntry2)) {
            throw new LdapNoPermissionException();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public boolean hasPermission(Registries registries, OperationContext operationContext, Collection<LdapDN> collection, LdapDN ldapDN, AuthenticationLevel authenticationLevel, LdapDN ldapDN2, String str, Value<?> value, Collection<MicroOperation> collection2, Collection<ACITuple> collection3, ServerEntry serverEntry, ServerEntry serverEntry2) throws Exception {
        if (ldapDN2 == null) {
            throw new NullPointerException("entryName");
        }
        ServerEntry lookup = operationContext.lookup(ldapDN, USER_LOOKUP_BYPASS);
        OperationScope operationScope = str == null ? OperationScope.ENTRY : value == null ? OperationScope.ATTRIBUTE_TYPE : OperationScope.ATTRIBUTE_TYPE_AND_VALUE;
        Collection arrayList = new ArrayList(collection3);
        for (ACITupleFilter aCITupleFilter : this.filters) {
            arrayList = aCITupleFilter.filter(registries, arrayList, operationScope, operationContext, collection, ldapDN, lookup, authenticationLevel, ldapDN2, str, value, serverEntry, collection2, serverEntry2);
        }
        if (arrayList.size() == 0) {
            return false;
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            if (!((ACITuple) it.next()).isGrant()) {
                return false;
            }
        }
        return true;
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add(NormalizationInterceptor.class.getName());
        hashSet.add(AuthenticationInterceptor.class.getName());
        hashSet.add(AciAuthorizationInterceptor.class.getName());
        hashSet.add(DefaultAuthorizationInterceptor.class.getName());
        hashSet.add(OperationalAttributeInterceptor.class.getName());
        hashSet.add(SchemaInterceptor.class.getName());
        hashSet.add(SubentryInterceptor.class.getName());
        hashSet.add(EventInterceptor.class.getName());
        hashSet.add(TriggerInterceptor.class.getName());
        USER_LOOKUP_BYPASS = Collections.unmodifiableCollection(hashSet);
    }
}
