package org.opends.server.authorization.dseecompat;

import java.net.InetAddress;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.forgerock.opendj.reactive.LDAPClientConnection2;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.Group;
import org.opends.server.controls.GetEffectiveRightsRequestControl;
import org.opends.server.core.AddOperation;
import org.opends.server.core.SearchOperation;
import org.opends.server.types.AuthenticationInfo;
import org.opends.server.types.AuthenticationType;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.Operation;
import org.opends.server.util.ServerConstants;

/* loaded from: input_file:org/opends/server/authorization/dseecompat/AciContainer.class */
abstract class AciContainer implements AciTargetMatchContext, AciEvalContext {
    private List<Aci> denyList;
    private List<Aci> allowList;
    private AttributeType attributeType;
    private ByteString attributeValue;
    private boolean isFirst;
    private boolean isEntryTestRule;
    private int rightsMask;
    private final Entry resourceEntry;
    private final ClientConnection clientConnection;
    private final Operation operation;
    private boolean targAttrFiltersMatch;
    private final Entry authorizationEntry;
    private final boolean proxiedAuthorization;
    private boolean seenEntry;
    private boolean isGetEffectiveRightsEval;
    private final boolean hasGetEffectiveRightsControl;
    private final DN authzid;
    private boolean useAuthzid;
    private final List<AttributeType> specificAttrs;
    private final HashMap<Aci, Aci> targAttrFilterAcis;
    private String targAttrFiltersAciName;
    private int targAttrMatch;
    private Aci decidingAci;
    private EnumEvalReason evalReason;
    private String summaryString;
    private int evalAllAttributes;
    private String controlOID;
    private String extOpOID;
    private final AuthenticationInfo authInfo;

    /* JADX INFO: Access modifiers changed from: protected */
    public AciContainer(Operation operation, int i, Entry entry) {
        this.targAttrFilterAcis = new HashMap<>();
        this.resourceEntry = entry;
        this.operation = operation;
        this.clientConnection = operation.getClientConnection();
        this.authInfo = this.clientConnection.getAuthenticationInfo();
        this.proxiedAuthorization = ((Entry) operation.getAttachment("origAuthorizationEntry")) != null;
        this.authorizationEntry = operation.getAuthorizationEntry();
        if (i == 4) {
            GetEffectiveRightsRequestControl getEffectiveRightsRequestControl = (GetEffectiveRightsRequestControl) operation.getAttachment(ServerConstants.OID_GET_EFFECTIVE_RIGHTS);
            if (getEffectiveRightsRequestControl == null || !(operation instanceof SearchOperation)) {
                this.hasGetEffectiveRightsControl = false;
                this.authzid = null;
                this.specificAttrs = null;
            } else {
                this.hasGetEffectiveRightsControl = true;
                DN authzDN = getEffectiveRightsRequestControl.getAuthzDN();
                this.authzid = authzDN != null ? authzDN : getClientDN();
                this.specificAttrs = getEffectiveRightsRequestControl.getAttributes();
            }
            if (((String) operation.getAttachment("allUserAttrsMatched")) != null) {
                this.evalAllAttributes |= 8;
            }
            if (((String) operation.getAttachment("allOpAttrsMatched")) != null) {
                this.evalAllAttributes |= 4;
            }
        } else {
            this.hasGetEffectiveRightsControl = false;
            this.authzid = null;
            this.specificAttrs = null;
        }
        this.rightsMask = i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AciContainer(Operation operation, Entry entry, AuthenticationInfo authenticationInfo, int i) {
        this.targAttrFilterAcis = new HashMap<>();
        this.resourceEntry = entry;
        this.operation = operation;
        this.clientConnection = operation.getClientConnection();
        this.authInfo = authenticationInfo;
        this.authorizationEntry = authenticationInfo.getAuthorizationEntry();
        this.rightsMask = i;
        this.proxiedAuthorization = false;
        this.hasGetEffectiveRightsControl = false;
        this.authzid = null;
        this.specificAttrs = null;
    }

    public boolean hasSeenEntry() {
        return this.seenEntry;
    }

    public void setSeenEntry(boolean z) {
        this.seenEntry = z;
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public boolean isProxiedAuthorization() {
        return this.proxiedAuthorization;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext, org.opends.server.authorization.dseecompat.AciEvalContext
    public boolean isGetEffectiveRightsEval() {
        return this.isGetEffectiveRightsEval;
    }

    public void setGetEffectiveRightsEval() {
        this.isGetEffectiveRightsEval = true;
    }

    public boolean hasGetEffectiveRightsControl() {
        return this.hasGetEffectiveRightsControl;
    }

    public void useAuthzid(boolean z) {
        this.useAuthzid = z;
    }

    public List<AttributeType> getSpecificAttributes() {
        return this.specificAttrs;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public void addTargAttrFiltersMatchAci(Aci aci) {
        this.targAttrFilterAcis.put(aci, aci);
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public boolean hasTargAttrFiltersMatchAci(Aci aci) {
        return this.targAttrFilterAcis.containsKey(aci);
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public boolean isTargAttrFilterMatchAciEmpty() {
        return this.targAttrFilterAcis.isEmpty();
    }

    public void resetEffectiveRightsParams() {
        this.targAttrFilterAcis.clear();
        this.decidingAci = null;
        this.evalReason = null;
        this.targAttrFiltersMatch = false;
        this.summaryString = null;
        this.targAttrMatch = 0;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext, org.opends.server.authorization.dseecompat.AciEvalContext
    public void setTargAttrFiltersAciName(String str) {
        this.targAttrFiltersAciName = str;
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public String getTargAttrFiltersAciName() {
        return this.targAttrFiltersAciName;
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public void setTargAttrFiltersMatchOp(int i) {
        this.targAttrMatch |= i;
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public boolean hasTargAttrFiltersMatchOp(int i) {
        return (this.targAttrMatch & i) != 0;
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public String getDecidingAciName() {
        if (this.decidingAci != null) {
            return this.decidingAci.getName();
        }
        return null;
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public void setEvaluationResult(EnumEvalReason enumEvalReason, Aci aci) {
        this.evalReason = enumEvalReason;
        this.decidingAci = aci;
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public EnumEvalReason getEvalReason() {
        return this.evalReason;
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public void setEvalSummary(String str) {
        this.summaryString = str;
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public String getEvalSummary() {
        return this.summaryString;
    }

    public boolean isAuthzidAuthorizationDN() {
        return this.authzid.equals(this.authorizationEntry.getName());
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public void setDenyList(List<Aci> list) {
        this.denyList = list;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public void setAllowList(List<Aci> list) {
        this.allowList = list;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext, org.opends.server.authorization.dseecompat.AciEvalContext
    public AttributeType getCurrentAttributeType() {
        return this.attributeType;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public ByteString getCurrentAttributeValue() {
        return this.attributeValue;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public void setCurrentAttributeType(AttributeType attributeType) {
        this.attributeType = attributeType;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public void setCurrentAttributeValue(ByteString byteString) {
        this.attributeValue = byteString;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public boolean isFirstAttribute() {
        return this.isFirst;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public void setIsFirstAttribute(boolean z) {
        this.isFirst = z;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public boolean hasEntryTestRule() {
        return this.isEntryTestRule;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public void setEntryTestRule(boolean z) {
        this.isEntryTestRule = z;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext, org.opends.server.authorization.dseecompat.AciEvalContext
    public Entry getResourceEntry() {
        return this.resourceEntry;
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public Entry getClientEntry() {
        return this.authorizationEntry;
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public List<Aci> getDenyList() {
        return this.denyList;
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public List<Aci> getAllowList() {
        return this.allowList;
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public boolean isDenyEval() {
        return EnumEvalReason.NO_ALLOW_ACIS.equals(this.evalReason) || EnumEvalReason.EVALUATED_DENY_ACI.equals(this.evalReason);
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public boolean isAnonymousUser() {
        return !this.authInfo.isAuthenticated();
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public DN getClientDN() {
        return this.useAuthzid ? this.authzid : this.authorizationEntry != null ? this.authorizationEntry.getName() : DN.rootDN();
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public DN getResourceDN() {
        return this.resourceEntry.getName();
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext, org.opends.server.authorization.dseecompat.AciEvalContext
    public boolean hasRights(int i) {
        return (this.rightsMask & i) != 0;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext, org.opends.server.authorization.dseecompat.AciEvalContext
    public int getRights() {
        return this.rightsMask;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public void setRights(int i) {
        this.rightsMask = i;
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public String getHostName() {
        return this.clientConnection.getRemoteAddress().getCanonicalHostName();
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public InetAddress getRemoteAddress() {
        return this.clientConnection.getRemoteAddress();
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public boolean isAddOperation() {
        return this.operation instanceof AddOperation;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public void setTargAttrFiltersMatch(boolean z) {
        this.targAttrFiltersMatch = z;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public boolean getTargAttrFiltersMatch() {
        return this.targAttrFiltersMatch;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public String getControlOID() {
        return this.controlOID;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public String getExtOpOID() {
        return this.extOpOID;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setControlOID(String str) {
        this.controlOID = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setExtOpOID(String str) {
        this.extOpOID = str;
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public EnumEvalResult hasAuthenticationMethod(EnumAuthMethod enumAuthMethod, String str) {
        EnumEvalResult enumEvalResult = EnumEvalResult.FALSE;
        if (enumAuthMethod == EnumAuthMethod.AUTHMETHOD_NONE) {
            enumEvalResult = EnumEvalResult.TRUE;
        } else if (this.authInfo.isAuthenticated()) {
            if (enumAuthMethod == EnumAuthMethod.AUTHMETHOD_SIMPLE) {
                if (this.authInfo.hasAuthenticationType(AuthenticationType.SIMPLE)) {
                    enumEvalResult = EnumEvalResult.TRUE;
                }
            } else if (enumAuthMethod == EnumAuthMethod.AUTHMETHOD_SSL) {
                if (this.authInfo.hasAuthenticationType(AuthenticationType.SASL) && this.authInfo.hasSASLMechanism(str) && (this.clientConnection instanceof LDAPClientConnection2) && ((LDAPClientConnection2) this.clientConnection).getClientCertificateChain().length != 0) {
                    enumEvalResult = EnumEvalResult.TRUE;
                }
            } else if (this.authInfo.hasAuthenticationType(AuthenticationType.SASL) && this.authInfo.hasSASLMechanism(str)) {
                enumEvalResult = EnumEvalResult.TRUE;
            }
        }
        return enumEvalResult;
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public boolean isMemberOf(Group<?> group) {
        try {
            if (this.useAuthzid) {
                return group.isMember(this.authzid);
            }
            Entry clientEntry = getClientEntry();
            return clientEntry != null ? group.isMember(clientEntry) : group.isMember(getClientDN());
        } catch (DirectoryException e) {
            return false;
        }
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public String rightToString() {
        if (hasRights(2)) {
            return "search";
        }
        if (hasRights(1)) {
            return "compare";
        }
        if (hasRights(4)) {
            return "read";
        }
        if (hasRights(16)) {
            return "delete";
        }
        if (hasRights(32)) {
            return "add";
        }
        if (hasRights(8)) {
            return "write";
        }
        if (hasRights(128)) {
            return "proxy";
        }
        if (hasRights(256)) {
            return "import";
        }
        if (hasRights(512)) {
            return "export";
        }
        if (hasRights(8) && hasRights(64)) {
            return "selfwrite";
        }
        return null;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public void setEvalUserAttributes(int i) {
        if (this.rightsMask == 4) {
            if (i != 16) {
                this.evalAllAttributes |= 8;
            } else {
                this.evalAllAttributes |= 16;
                this.evalAllAttributes &= -9;
            }
        }
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public void setEvalOpAttributes(int i) {
        if (this.rightsMask == 4) {
            if (i != 32) {
                this.evalAllAttributes |= 4;
            } else {
                this.evalAllAttributes |= 32;
                this.evalAllAttributes &= -5;
            }
        }
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public boolean hasEvalUserAttributes() {
        return hasAttribute(16);
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public boolean hasEvalOpAttributes() {
        return hasAttribute(32);
    }

    public boolean hasAllUserAttributes() {
        return hasAttribute(8);
    }

    public boolean hasAllOpAttributes() {
        return hasAttribute(4);
    }

    private boolean hasAttribute(int i) {
        return (this.evalAllAttributes & i) == i;
    }

    @Override // org.opends.server.authorization.dseecompat.AciTargetMatchContext
    public void clearEvalAttributes(int i) {
        if (i == 0) {
            this.evalAllAttributes = 0;
        } else {
            this.evalAllAttributes &= i ^ (-1);
        }
    }

    @Override // org.opends.server.authorization.dseecompat.AciEvalContext
    public int getCurrentSSF() {
        return this.clientConnection.getSSF();
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        if (this.attributeType != null) {
            appendSeparatorIfNeeded(sb);
            sb.append("attributeType: ").append(this.attributeType.getNameOrOID());
            if (this.attributeValue != null) {
                sb.append(":").append(this.attributeValue);
            }
        }
        appendSeparatorIfNeeded(sb);
        sb.append(size(this.allowList)).append(" allow ACIs");
        appendSeparatorIfNeeded(sb);
        sb.append(size(this.denyList)).append(" deny ACIs");
        if (this.evalReason != null) {
            appendSeparatorIfNeeded(sb);
            sb.append("evaluationResult: ").append(this.evalReason);
            if (this.decidingAci != null) {
                sb.append(",").append(this.decidingAci);
            }
        }
        return sb.toString();
    }

    private void appendSeparatorIfNeeded(StringBuilder sb) {
        if (sb.length() > 0) {
            sb.append(", ");
        }
    }

    private int size(Collection<?> collection) {
        if (collection != null) {
            return collection.size();
        }
        return 0;
    }
}
