package org.linid.dm.authorization.lql;

import java.util.Collection;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.naming.InvalidNameException;
import javax.naming.NamingException;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.linid.dm.authorization.AuthorizationType;
import org.linid.dm.authorization.lql.dnlist.IDnList;
import org.linid.dm.utils.CaseInsensitiveSet;

/* loaded from: input_file:WEB-INF/lib/authorization-2.0.1.jar:org/linid/dm/authorization/lql/LqlRulesEngine.class */
public class LqlRulesEngine {
    private Map<String, LqlRule> rules = new HashMap();

    private LqlRulesEngine(LqlRulesReader lqlRulesReader) {
        for (LqlRule lqlRule : lqlRulesReader.getRules()) {
            this.rules.put(lqlRule.getName(), lqlRule);
        }
    }

    public boolean isAuthorized(LdapContext ldapContext, IDnList iDnList, String str, String str2, EnumSet<AuthorizationType> enumSet) throws InvalidNameException, NamingException {
        List<String> evaluate;
        LqlRequestCtx lqlContext = getLqlContext(ldapContext, str, str2);
        for (LqlRule lqlRule : this.rules.values()) {
            EnumSet<AuthorizationType> clone = lqlRule.getRights().clone();
            clone.retainAll(enumSet);
            if (!clone.isEmpty() && dnInTree(lqlRule.getTargetDn(), str2) && (evaluate = lqlRule.evaluate(lqlContext, iDnList)) != null && evaluate.size() > 0 && lqlRule.getAttributes().contains("entry")) {
                return true;
            }
        }
        return false;
    }

    public Collection<String> isAuthorized(LdapContext ldapContext, IDnList iDnList, String str, String str2, EnumSet<AuthorizationType> enumSet, Collection<String> collection) throws InvalidNameException, NamingException {
        List<String> evaluate;
        CaseInsensitiveSet caseInsensitiveSet = new CaseInsensitiveSet();
        if (null == collection || collection.size() < 1) {
            return caseInsensitiveSet;
        }
        LqlRequestCtx lqlContext = getLqlContext(ldapContext, str, str2);
        CaseInsensitiveSet caseInsensitiveSet2 = new CaseInsensitiveSet();
        caseInsensitiveSet2.addAll(collection);
        Iterator<LqlRule> it = this.rules.values().iterator();
        loop0: while (true) {
            if (!it.hasNext()) {
                break;
            }
            LqlRule next = it.next();
            EnumSet<AuthorizationType> clone = next.getRights().clone();
            clone.retainAll(enumSet);
            if (!clone.isEmpty() && dnInTree(next.getTargetDn(), str2) && (evaluate = next.evaluate(lqlContext, iDnList)) != null && evaluate.size() > 0) {
                if (next.getAttributes().contains("*")) {
                    caseInsensitiveSet = new CaseInsensitiveSet();
                    caseInsensitiveSet.addAll(collection);
                    break;
                }
                Iterator<String> it2 = next.getAttributes().iterator();
                while (true) {
                    if (it2.hasNext()) {
                        String next2 = it2.next();
                        if (caseInsensitiveSet2.contains(next2)) {
                            caseInsensitiveSet2.remove(next2);
                            caseInsensitiveSet.add((CaseInsensitiveSet) next2);
                            if (caseInsensitiveSet2.size() < 1) {
                                break loop0;
                            }
                        }
                    } else {
                        for (String str3 : next.getAttributes()) {
                            if (caseInsensitiveSet2.contains(str3)) {
                                caseInsensitiveSet2.remove(str3);
                                caseInsensitiveSet.add((CaseInsensitiveSet) str3);
                                if (caseInsensitiveSet2.size() < 1) {
                                    break loop0;
                                }
                            }
                        }
                    }
                }
            }
        }
        return caseInsensitiveSet;
    }

    public LqlRequestCtx getLqlContext(LdapContext ldapContext, String str, String str2) throws InvalidNameException {
        HashMap hashMap = new HashMap();
        hashMap.put(LqlRequestCtx.CONTEXT_PARAM_PRINCIPALDN, str);
        hashMap.put("targetDN", str2);
        if (str == null || "".equals(str)) {
            hashMap.put(LqlRequestCtx.CONTEXT_PARAM_PRINCIPALRDN, null);
        } else {
            List rdns = new LdapName(str).getRdns();
            hashMap.put(LqlRequestCtx.CONTEXT_PARAM_PRINCIPALRDN, ((Rdn) rdns.get(rdns.size() - 1)).getValue().toString());
        }
        if (str2 == null || "".equals(str2)) {
            hashMap.put(LqlRequestCtx.CONTEXT_PARAM_TARGETRDN, null);
        } else {
            List rdns2 = new LdapName(str2).getRdns();
            hashMap.put(LqlRequestCtx.CONTEXT_PARAM_TARGETRDN, ((Rdn) rdns2.get(rdns2.size() - 1)).getValue().toString());
        }
        return new LqlRequestCtx(ldapContext, hashMap, false);
    }

    private boolean dnInTree(LdapName ldapName, String str) throws InvalidNameException {
        LdapName ldapName2 = new LdapName(str);
        while (ldapName2.size() > 0 && ldapName2.compareTo(ldapName) != 0) {
            ldapName2.remove(ldapName2.size() - 1);
        }
        return ldapName2.size() > 0;
    }
}
