package org.opends.server.authorization.dseecompat;

import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.opends.messages.AccessControlMessages;
import org.opends.server.core.DirectoryServer;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.LDAPURL;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.SearchScope;

/* loaded from: input_file:org/opends/server/authorization/dseecompat/UserDN.class */
public class UserDN implements KeywordBindRule {
    private static String urlStr = Aci.NULL_LDAP_URL;
    private List<UserDNTypeURL> urlList;
    private EnumBindRuleType type;

    private UserDN(EnumBindRuleType enumBindRuleType, List<UserDNTypeURL> list) {
        this.urlList = null;
        this.type = null;
        this.type = enumBindRuleType;
        this.urlList = list;
    }

    public static KeywordBindRule decode(String str, EnumBindRuleType enumBindRuleType) throws AciException {
        String[] split = str.split("[|][|]");
        LinkedList linkedList = new LinkedList();
        for (String str2 : split) {
            StringBuilder sb = new StringBuilder(str2.trim());
            try {
                linkedList.add(new UserDNTypeURL(getType(sb), LDAPURL.decode(sb.toString(), true)));
            } catch (DirectoryException e) {
                throw new AciException(AccessControlMessages.WARN_ACI_SYNTAX_INVALID_USERDN_URL.get(e.getMessageObject()));
            }
        }
        return new UserDN(enumBindRuleType, linkedList);
    }

    private static EnumUserDNType getType(StringBuilder sb) {
        EnumUserDNType enumUserDNType;
        String sb2 = sb.toString();
        if (sb2.indexOf("?") != -1) {
            enumUserDNType = EnumUserDNType.URL;
        } else if (sb2.equalsIgnoreCase("ldap:///self")) {
            enumUserDNType = EnumUserDNType.SELF;
            sb.replace(0, sb.length(), urlStr);
        } else if (sb2.equalsIgnoreCase("ldap:///anyone")) {
            enumUserDNType = EnumUserDNType.ANYONE;
            sb.replace(0, sb.length(), urlStr);
        } else if (sb2.equalsIgnoreCase("ldap:///parent")) {
            enumUserDNType = EnumUserDNType.PARENT;
            sb.replace(0, sb.length(), urlStr);
        } else if (sb2.equalsIgnoreCase("ldap:///all")) {
            enumUserDNType = EnumUserDNType.ALL;
            sb.replace(0, sb.length(), urlStr);
        } else {
            enumUserDNType = sb2.indexOf("*") != -1 ? EnumUserDNType.DNPATTERN : EnumUserDNType.DN;
        }
        return enumUserDNType;
    }

    @Override // org.opends.server.authorization.dseecompat.KeywordBindRule
    public EnumEvalResult evaluate(AciEvalContext aciEvalContext) {
        EnumEvalResult enumEvalResult = EnumEvalResult.FALSE;
        boolean isAnonymousUser = aciEvalContext.isAnonymousUser();
        Iterator<UserDNTypeURL> it = this.urlList.iterator();
        while (it.hasNext() && enumEvalResult != EnumEvalResult.TRUE && enumEvalResult != EnumEvalResult.ERR) {
            UserDNTypeURL next = it.next();
            if (!isAnonymousUser) {
                enumEvalResult = evalNonAnonymous(aciEvalContext, next);
            } else if (next.getUserDNType() == EnumUserDNType.ANYONE) {
                enumEvalResult = EnumEvalResult.TRUE;
            }
        }
        return enumEvalResult.getRet(this.type, false);
    }

    private EnumEvalResult evalNonAnonymous(AciEvalContext aciEvalContext, UserDNTypeURL userDNTypeURL) {
        DN clientDN = aciEvalContext.getClientDN();
        DN resourceDN = aciEvalContext.getResourceDN();
        EnumEvalResult enumEvalResult = EnumEvalResult.FALSE;
        EnumUserDNType userDNType = userDNTypeURL.getUserDNType();
        LDAPURL url = userDNTypeURL.getURL();
        switch (userDNType) {
            case URL:
                enumEvalResult = evalURL(aciEvalContext, url);
                break;
            case ANYONE:
                enumEvalResult = EnumEvalResult.TRUE;
                break;
            case SELF:
                if (clientDN.equals(resourceDN)) {
                    enumEvalResult = EnumEvalResult.TRUE;
                    break;
                }
                break;
            case PARENT:
                DN parent = resourceDN.getParent();
                if (parent != null && parent.equals(clientDN)) {
                    enumEvalResult = EnumEvalResult.TRUE;
                    break;
                }
                break;
            case ALL:
                enumEvalResult = EnumEvalResult.TRUE;
                break;
            case DNPATTERN:
                enumEvalResult = evalDNPattern(aciEvalContext, url);
                break;
            case DN:
                try {
                    DN baseDN = url.getBaseDN();
                    if (clientDN.equals(baseDN)) {
                        enumEvalResult = EnumEvalResult.TRUE;
                    } else {
                        DN actualRootBindDN = DirectoryServer.getActualRootBindDN(baseDN);
                        DN actualRootBindDN2 = DirectoryServer.getActualRootBindDN(clientDN);
                        if (actualRootBindDN != null) {
                            baseDN = actualRootBindDN;
                        }
                        if (actualRootBindDN2 != null) {
                            clientDN = actualRootBindDN2;
                        }
                        if (clientDN.equals(baseDN)) {
                            enumEvalResult = EnumEvalResult.TRUE;
                        }
                    }
                    break;
                } catch (DirectoryException e) {
                    break;
                }
        }
        return enumEvalResult;
    }

    private EnumEvalResult evalDNPattern(AciEvalContext aciEvalContext, LDAPURL ldapurl) {
        try {
            return PatternDN.decode(ldapurl.getRawBaseDN()).matchesDN(aciEvalContext.getClientDN()) ? EnumEvalResult.TRUE : EnumEvalResult.FALSE;
        } catch (DirectoryException e) {
            return EnumEvalResult.FALSE;
        }
    }

    public static EnumEvalResult evalURL(AciEvalContext aciEvalContext, LDAPURL ldapurl) {
        EnumEvalResult enumEvalResult = EnumEvalResult.FALSE;
        try {
            DN baseDN = ldapurl.getBaseDN();
            SearchFilter filter = ldapurl.getFilter();
            SearchScope scope = ldapurl.getScope();
            if (scope == SearchScope.WHOLE_SUBTREE) {
                if (!aciEvalContext.getClientDN().isDescendantOf(baseDN)) {
                    return EnumEvalResult.FALSE;
                }
            } else if (scope == SearchScope.SINGLE_LEVEL) {
                DN parent = aciEvalContext.getClientDN().getParent();
                if (parent != null && !parent.equals(baseDN)) {
                    return EnumEvalResult.FALSE;
                }
            } else if (scope == SearchScope.SUBORDINATE_SUBTREE) {
                DN clientDN = aciEvalContext.getClientDN();
                if (clientDN.getNumComponents() <= baseDN.getNumComponents() || !clientDN.isDescendantOf(baseDN)) {
                    return EnumEvalResult.FALSE;
                }
            } else if (!aciEvalContext.getClientDN().equals(baseDN)) {
                return EnumEvalResult.FALSE;
            }
            try {
                if (filter.matchesEntry(aciEvalContext.getClientEntry())) {
                    enumEvalResult = EnumEvalResult.TRUE;
                }
                return enumEvalResult;
            } catch (DirectoryException e) {
                return EnumEvalResult.FALSE;
            }
        } catch (DirectoryException e2) {
            return EnumEvalResult.FALSE;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:9:0x004b, code lost:
    
        r6 = org.opends.server.authorization.dseecompat.EnumEvalResult.TRUE;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static org.opends.server.authorization.dseecompat.EnumEvalResult evaluate(org.opends.server.types.Entry r3, org.opends.server.types.DN r4, org.opends.server.types.AttributeType r5) {
        /*
            org.opends.server.authorization.dseecompat.EnumEvalResult r0 = org.opends.server.authorization.dseecompat.EnumEvalResult.FALSE
            r6 = r0
            r0 = r3
            r1 = r5
            java.util.List r0 = r0.getAttribute(r1)
            r7 = r0
            r0 = r7
            r1 = 0
            java.lang.Object r0 = r0.get(r1)
            org.opends.server.types.Attribute r0 = (org.opends.server.types.Attribute) r0
            java.util.Iterator r0 = r0.iterator()
            r8 = r0
        L1d:
            r0 = r8
            boolean r0 = r0.hasNext()
            if (r0 == 0) goto L5d
            r0 = r8
            java.lang.Object r0 = r0.next()
            org.opends.server.types.AttributeValue r0 = (org.opends.server.types.AttributeValue) r0
            r9 = r0
            r0 = r9
            org.opends.server.types.ByteString r0 = r0.getValue()     // Catch: org.opends.server.types.DirectoryException -> L55
            java.lang.String r0 = r0.toString()     // Catch: org.opends.server.types.DirectoryException -> L55
            org.opends.server.types.DN r0 = org.opends.server.types.DN.decode(r0)     // Catch: org.opends.server.types.DirectoryException -> L55
            r10 = r0
            r0 = r10
            r1 = r4
            boolean r0 = r0.equals(r1)     // Catch: org.opends.server.types.DirectoryException -> L55
            if (r0 == 0) goto L52
            org.opends.server.authorization.dseecompat.EnumEvalResult r0 = org.opends.server.authorization.dseecompat.EnumEvalResult.TRUE     // Catch: org.opends.server.types.DirectoryException -> L55
            r6 = r0
            goto L5d
        L52:
            goto L5a
        L55:
            r10 = move-exception
            goto L5d
        L5a:
            goto L1d
        L5d:
            r0 = r6
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.opends.server.authorization.dseecompat.UserDN.evaluate(org.opends.server.types.Entry, org.opends.server.types.DN, org.opends.server.types.AttributeType):org.opends.server.authorization.dseecompat.EnumEvalResult");
    }
}
