package org.opends.server.workflowelement.localbackend;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizableMessageBuilder;
import org.forgerock.i18n.LocalizableMessageDescriptor;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.opends.messages.CoreMessages;
import org.opends.messages.ProtocolMessages;
import org.opends.server.api.AccessControlHandler;
import org.opends.server.api.LocalBackend;
import org.opends.server.controls.LDAPPostReadRequestControl;
import org.opends.server.controls.LDAPPostReadResponseControl;
import org.opends.server.controls.LDAPPreReadRequestControl;
import org.opends.server.controls.LDAPPreReadResponseControl;
import org.opends.server.controls.ProxiedAuthV1Control;
import org.opends.server.controls.ProxiedAuthV2Control;
import org.opends.server.core.AccessControlConfigManager;
import org.opends.server.core.AddOperation;
import org.opends.server.core.BackendConfigManager;
import org.opends.server.core.BindOperation;
import org.opends.server.core.CompareOperation;
import org.opends.server.core.DeleteOperation;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ModifyDNOperation;
import org.opends.server.core.ModifyOperation;
import org.opends.server.core.SearchOperation;
import org.opends.server.types.AbstractOperation;
import org.opends.server.types.AdditionalLogItem;
import org.opends.server.types.CanceledOperationException;
import org.opends.server.types.Control;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.Operation;
import org.opends.server.types.OperationType;
import org.opends.server.types.Privilege;
import org.opends.server.types.SearchResultEntry;
import org.opends.server.types.WritabilityMode;
import org.opends.server.util.ServerConstants;

/* loaded from: input_file:org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.class */
public class LocalBackendWorkflowElement {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.opends.server.workflowelement.localbackend.LocalBackendWorkflowElement$1, reason: invalid class name */
    /* loaded from: input_file:org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum;
        static final /* synthetic */ int[] $SwitchMap$org$forgerock$opendj$ldap$SearchScope$Enum = new int[SearchScope.Enum.values().length];

        static {
            try {
                $SwitchMap$org$forgerock$opendj$ldap$SearchScope$Enum[SearchScope.Enum.BASE_OBJECT.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$SearchScope$Enum[SearchScope.Enum.SINGLE_LEVEL.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$SearchScope$Enum[SearchScope.Enum.SUBORDINATES.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$SearchScope$Enum[SearchScope.Enum.WHOLE_SUBTREE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$org$opends$server$types$WritabilityMode = new int[WritabilityMode.values().length];
            try {
                $SwitchMap$org$opends$server$types$WritabilityMode[WritabilityMode.DISABLED.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$opends$server$types$WritabilityMode[WritabilityMode.INTERNAL_ONLY.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            $SwitchMap$org$opends$server$types$OperationType = new int[OperationType.values().length];
            try {
                $SwitchMap$org$opends$server$types$OperationType[OperationType.BIND.ordinal()] = 1;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$opends$server$types$OperationType[OperationType.SEARCH.ordinal()] = 2;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$opends$server$types$OperationType[OperationType.ADD.ordinal()] = 3;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$opends$server$types$OperationType[OperationType.DELETE.ordinal()] = 4;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$opends$server$types$OperationType[OperationType.MODIFY.ordinal()] = 5;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$opends$server$types$OperationType[OperationType.MODIFY_DN.ordinal()] = 6;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$opends$server$types$OperationType[OperationType.COMPARE.ordinal()] = 7;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$org$opends$server$types$OperationType[OperationType.ABANDON.ordinal()] = 8;
            } catch (NoSuchFieldError e14) {
            }
            $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum = new int[ResultCode.Enum.values().length];
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.NO_SUCH_OBJECT.ordinal()] = 1;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.REFERRAL.ordinal()] = 2;
            } catch (NoSuchFieldError e16) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.SUCCESS.ordinal()] = 3;
            } catch (NoSuchFieldError e17) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement$SearchResultCode.class */
    public static class SearchResultCode {
        private ResultCode resultCode;
        private LocalizableMessageBuilder errorMessage;

        SearchResultCode(ResultCode resultCode, LocalizableMessageBuilder localizableMessageBuilder) {
            this.resultCode = ResultCode.UNDEFINED;
            this.errorMessage = new LocalizableMessageBuilder(LocalizableMessage.EMPTY);
            this.resultCode = resultCode;
            this.errorMessage = localizableMessageBuilder;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean elaborateGlobalResultCode(ResultCode resultCode, LocalizableMessageBuilder localizableMessageBuilder) {
            if (this.resultCode == ResultCode.UNDEFINED) {
                this.resultCode = resultCode;
                this.errorMessage = new LocalizableMessageBuilder(localizableMessageBuilder);
                return false;
            }
            switch (AnonymousClass1.$SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[resultCode.asEnum().ordinal()]) {
                case 1:
                    return false;
                case 2:
                    switch (AnonymousClass1.$SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[this.resultCode.asEnum().ordinal()]) {
                        case 1:
                            this.resultCode = ResultCode.REFERRAL;
                            this.errorMessage = new LocalizableMessageBuilder(LocalizableMessage.EMPTY);
                            return false;
                        case 2:
                            this.resultCode = ResultCode.SUCCESS;
                            this.errorMessage = new LocalizableMessageBuilder(LocalizableMessage.EMPTY);
                            return true;
                        default:
                            return true;
                    }
                case 3:
                    switch (AnonymousClass1.$SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[this.resultCode.asEnum().ordinal()]) {
                        case 1:
                            this.resultCode = ResultCode.SUCCESS;
                            this.errorMessage = new LocalizableMessageBuilder(LocalizableMessage.EMPTY);
                            return false;
                        case 2:
                            this.resultCode = ResultCode.SUCCESS;
                            this.errorMessage = new LocalizableMessageBuilder(LocalizableMessage.EMPTY);
                            return true;
                        default:
                            return false;
                    }
                default:
                    switch (AnonymousClass1.$SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[this.resultCode.asEnum().ordinal()]) {
                        case 1:
                        case 3:
                            this.resultCode = resultCode;
                            this.errorMessage = new LocalizableMessageBuilder(localizableMessageBuilder);
                            return false;
                        case 2:
                            this.resultCode = resultCode;
                            this.errorMessage = new LocalizableMessageBuilder(localizableMessageBuilder);
                            return true;
                        default:
                            return false;
                    }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isProxyAuthzControl(String str) {
        return ServerConstants.OID_PROXIED_AUTH_V1.equals(str) || ServerConstants.OID_PROXIED_AUTH_V2.equals(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void removeAllDisallowedControls(DN dn, Operation operation) throws DirectoryException {
        Iterator<Control> it = operation.getRequestControls().iterator();
        while (it.hasNext()) {
            Control next = it.next();
            if (!isProxyAuthzControl(next.getOID()) && !getAccessControlHandler().isAllowed(dn, operation, next)) {
                if (next.isCritical()) {
                    throw new DirectoryException(ResultCode.UNAVAILABLE_CRITICAL_EXTENSION, CoreMessages.ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(next.getOID()));
                }
                it.remove();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void evaluateProxyAuthControls(Operation operation) throws DirectoryException {
        for (Control control : operation.getRequestControls()) {
            String oid = control.getOID();
            if (isProxyAuthzControl(oid)) {
                if (getAccessControlHandler().isAllowed(operation.getClientConnection().getAuthenticationInfo().getAuthenticationDN(), operation, control)) {
                    processProxyAuthControls(operation, oid);
                } else if (control.isCritical()) {
                    throw new DirectoryException(ResultCode.UNAVAILABLE_CRITICAL_EXTENSION, CoreMessages.ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(control.getOID()));
                }
            }
        }
    }

    private static void checkPrivilegeForProxyAuthControl(Operation operation) throws DirectoryException {
        if (!operation.getClientConnection().hasPrivilege(Privilege.PROXIED_AUTH, operation)) {
            throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, CoreMessages.ERR_PROXYAUTH_INSUFFICIENT_PRIVILEGES.get());
        }
    }

    private static void checkAciForProxyAuthControl(Operation operation, Entry entry) throws DirectoryException {
        if (!AccessControlConfigManager.getInstance().getAccessControlHandler().mayProxy(operation.getClientConnection().getAuthenticationInfo().getAuthenticationEntry(), entry, operation)) {
            throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, ProtocolMessages.ERR_PROXYAUTH_AUTHZ_NOT_PERMITTED.get(entry.getName()));
        }
    }

    private static void processProxyAuthControls(Operation operation, String str) throws DirectoryException {
        Entry authorizationEntry;
        if (ServerConstants.OID_PROXIED_AUTH_V1.equals(str)) {
            ProxiedAuthV1Control proxiedAuthV1Control = (ProxiedAuthV1Control) operation.getRequestControl(ProxiedAuthV1Control.DECODER);
            operation.addAdditionalLogItem(AdditionalLogItem.keyOnly(operation.getClass(), "obsoleteProxiedAuthzV1Control"));
            checkPrivilegeForProxyAuthControl(operation);
            authorizationEntry = proxiedAuthV1Control.getAuthorizationEntry();
        } else {
            if (!ServerConstants.OID_PROXIED_AUTH_V2.equals(str)) {
                return;
            }
            ProxiedAuthV2Control proxiedAuthV2Control = (ProxiedAuthV2Control) operation.getRequestControl(ProxiedAuthV2Control.DECODER);
            checkPrivilegeForProxyAuthControl(operation);
            authorizationEntry = proxiedAuthV2Control.getAuthorizationEntry();
        }
        checkAciForProxyAuthControl(operation, authorizationEntry);
        operation.setAuthorizationEntry(authorizationEntry);
        operation.setProxiedAuthorizationDN(authorizationEntry != null ? authorizationEntry.getName() : DN.rootDN());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DirectoryException newDirectoryException(Operation operation, Entry entry, DN dn, ResultCode resultCode, LocalizableMessage localizableMessage, ResultCode resultCode2, LocalizableMessage localizableMessage2) throws DirectoryException {
        if (getAccessControlHandler().canDiscloseInformation(entry, dn, operation)) {
            return new DirectoryException(resultCode, localizableMessage);
        }
        DirectoryException directoryException = new DirectoryException(resultCode2, localizableMessage2);
        directoryException.setMaskedResultCode(resultCode);
        directoryException.setMaskedMessage(localizableMessage);
        return directoryException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setResultCodeAndMessageNoInfoDisclosure(Operation operation, Entry entry, DN dn, ResultCode resultCode, LocalizableMessage localizableMessage, ResultCode resultCode2, LocalizableMessage localizableMessage2) throws DirectoryException {
        if (getAccessControlHandler().canDiscloseInformation(entry, dn, operation)) {
            operation.setResultCode(resultCode);
            operation.appendErrorMessage(localizableMessage);
        } else {
            operation.setResultCode(resultCode2);
            operation.appendErrorMessage(localizableMessage2);
            operation.setMaskedResultCode(resultCode);
            operation.appendMaskedErrorMessage(localizableMessage);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void filterNonDisclosableMatchedDN(Operation operation) {
        if (operation.getMatchedDN() == null) {
            return;
        }
        try {
            if (!getAccessControlHandler().canDiscloseInformation(null, operation.getMatchedDN(), operation)) {
                operation.setMatchedDN(null);
            }
        } catch (DirectoryException e) {
            logger.traceException(e);
            operation.setResponseData(e);
            operation.setMatchedDN(null);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void addPostReadResponse(Operation operation, LDAPPostReadRequestControl lDAPPostReadRequestControl, Entry entry) {
        if (lDAPPostReadRequestControl == null) {
            return;
        }
        Entry duplicate = entry.duplicate(true);
        SearchResultEntry searchResultEntry = new SearchResultEntry(duplicate, null);
        if (getAccessControlHandler().maySend(operation, searchResultEntry)) {
            SearchResultEntry searchResultEntry2 = new SearchResultEntry(duplicate.filterEntry(lDAPPostReadRequestControl.getRequestedAttributes(), false, false, false), null);
            getAccessControlHandler().filterEntry(operation, searchResultEntry, searchResultEntry2);
            operation.addResponseControl(new LDAPPostReadResponseControl(searchResultEntry2));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void addPreReadResponse(Operation operation, LDAPPreReadRequestControl lDAPPreReadRequestControl, Entry entry) {
        if (lDAPPreReadRequestControl == null) {
            return;
        }
        SearchResultEntry searchResultEntry = new SearchResultEntry(entry, null);
        if (getAccessControlHandler().maySend(operation, searchResultEntry)) {
            SearchResultEntry searchResultEntry2 = new SearchResultEntry(entry.filterEntry(lDAPPreReadRequestControl.getRequestedAttributes(), false, false, false), null);
            getAccessControlHandler().filterEntry(operation, searchResultEntry, searchResultEntry2);
            operation.addResponseControl(new LDAPPreReadResponseControl(searchResultEntry2));
        }
    }

    private static AccessControlHandler<?> getAccessControlHandler() {
        return AccessControlConfigManager.getInstance().getAccessControlHandler();
    }

    private static void executeOperation(Operation operation, LocalBackend<?> localBackend) throws CanceledOperationException {
        switch (operation.getOperationType()) {
            case BIND:
                new LocalBackendBindOperation((BindOperation) operation).processLocalBind(localBackend);
                return;
            case SEARCH:
                new LocalBackendSearchOperation((SearchOperation) operation).processLocalSearch(localBackend);
                return;
            case ADD:
                new LocalBackendAddOperation((AddOperation) operation).processLocalAdd(localBackend);
                return;
            case DELETE:
                new LocalBackendDeleteOperation((DeleteOperation) operation).processLocalDelete(localBackend);
                return;
            case MODIFY:
                new LocalBackendModifyOperation((ModifyOperation) operation).processLocalModify(localBackend);
                return;
            case MODIFY_DN:
                new LocalBackendModifyDNOperation((ModifyDNOperation) operation).processLocalModifyDN(localBackend);
                return;
            case COMPARE:
                new LocalBackendCompareOperation((CompareOperation) operation).processLocalCompare(localBackend);
                return;
            case ABANDON:
                return;
            default:
                throw new AssertionError("Attempted to execute an invalid operation type: " + operation.getOperationType() + " (" + operation + ")");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static <O extends Operation, L> void attachLocalOperation(O o, L l) {
        List list = (List) o.getAttachment(Operation.LOCALBACKENDOPERATIONS);
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            arrayList.addAll(list);
        }
        arrayList.add(l);
        o.setAttachment(Operation.LOCALBACKENDOPERATIONS, arrayList);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void checkIfBackendIsWritable(LocalBackend<?> localBackend, Operation operation, DN dn, LocalizableMessageDescriptor.Arg1<Object> arg1, LocalizableMessageDescriptor.Arg1<Object> arg12) throws DirectoryException {
        if (localBackend.isPrivateBackend()) {
            return;
        }
        checkIfWritable(DirectoryServer.getCoreConfigManager().getWritabilityMode(), operation, arg1, dn);
        checkIfWritable(localBackend.getWritabilityMode(), operation, arg12, dn);
    }

    private static void checkIfWritable(WritabilityMode writabilityMode, Operation operation, LocalizableMessageDescriptor.Arg1<Object> arg1, DN dn) throws DirectoryException {
        switch (writabilityMode) {
            case DISABLED:
                throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, arg1.get(dn));
            case INTERNAL_ONLY:
                if (!operation.isInternalOperation() && !operation.isSynchronizationOperation()) {
                    throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, arg1.get(dn));
                }
                return;
            default:
                return;
        }
    }

    public static boolean execute(Operation operation, DN dn) throws CanceledOperationException {
        LocalBackend<?> findLocalBackendForEntry = getBackendManager().findLocalBackendForEntry(dn);
        if (findLocalBackendForEntry == null) {
            if (!(operation instanceof AbstractOperation)) {
                return false;
            }
            ((AbstractOperation) operation).updateOperationErrMsgAndResCode();
            return false;
        }
        executeOperation(operation, findLocalBackendForEntry);
        if (operation.getOperationType() != OperationType.SEARCH) {
            return true;
        }
        executeSearchOnSubordinates((SearchOperation) operation);
        return true;
    }

    private static BackendConfigManager getBackendManager() {
        return DirectoryServer.getInstance().getServerContext().getBackendConfigManager();
    }

    private static void executeSearchOnSubordinates(SearchOperation searchOperation) throws CanceledOperationException {
        SearchScope scope = searchOperation.getScope();
        if (scope == SearchScope.BASE_OBJECT) {
            return;
        }
        SearchScope elaborateScopeForSearchInSubordinates = elaborateScopeForSearchInSubordinates(scope);
        searchOperation.setScope(elaborateScopeForSearchInSubordinates);
        SearchResultCode searchResultCode = new SearchResultCode(searchOperation.getResultCode(), searchOperation.getErrorMessage());
        DN baseDN = searchOperation.getBaseDN();
        for (DN dn : getBackendManager().findSubordinateLocalNamingContextsToSearchForEntry(baseDN)) {
            if (elaborateScopeForSearchInSubordinates != SearchScope.BASE_OBJECT || dn.parent().equals(baseDN)) {
                if (baseDN.isSuperiorOrEqualTo(dn)) {
                    searchOperation.setBaseDN(dn);
                    execute(searchOperation, dn);
                    if (searchResultCode.elaborateGlobalResultCode(searchOperation.getResultCode(), searchOperation.getErrorMessage())) {
                    }
                }
            }
        }
        searchOperation.setBaseDN(baseDN);
        searchOperation.setScope(scope);
        searchOperation.setResultCode(searchResultCode.resultCode);
        searchOperation.setErrorMessage(searchResultCode.errorMessage);
    }

    private static SearchScope elaborateScopeForSearchInSubordinates(SearchScope searchScope) {
        switch (AnonymousClass1.$SwitchMap$org$forgerock$opendj$ldap$SearchScope$Enum[searchScope.asEnum().ordinal()]) {
            case 1:
                return null;
            case 2:
                return SearchScope.BASE_OBJECT;
            case 3:
            case 4:
                return SearchScope.WHOLE_SUBTREE;
            default:
                return searchScope;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DN findMatchedDN(DN dn) {
        try {
            BackendConfigManager backendManager = getBackendManager();
            for (DN parentDNInSuffix = backendManager.getParentDNInSuffix(dn); parentDNInSuffix != null; parentDNInSuffix = backendManager.getParentDNInSuffix(parentDNInSuffix)) {
                if (DirectoryServer.entryExists(parentDNInSuffix)) {
                    return parentDNInSuffix;
                }
            }
            return null;
        } catch (Exception e) {
            logger.traceException(e);
            return null;
        }
    }
}
