package org.apache.directory.server.core.authz.support;

import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import org.apache.directory.server.core.jndi.JavaLdapSupport;
import org.apache.directory.server.core.partition.PartitionNexusProxy;
import org.apache.directory.shared.ldap.aci.ACITuple;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
import org.apache.directory.shared.ldap.aci.ProtectedItem;
import org.apache.directory.shared.ldap.filter.ExprNode;
import org.apache.directory.shared.ldap.filter.PresenceNode;
import org.apache.directory.shared.ldap.name.LdapDN;

/* loaded from: input_file:WEB-INF/lib/apacheds-core-1.0.2.jar:org/apache/directory/server/core/authz/support/MaxImmSubFilter.class */
public class MaxImmSubFilter implements ACITupleFilter {
    private final ExprNode childrenFilter = new PresenceNode(JavaLdapSupport.OBJECTCLASS_ATTR);
    private final SearchControls childrenSearchControls = new SearchControls();
    public static final Collection SEARCH_BYPASS;

    public MaxImmSubFilter() {
        this.childrenSearchControls.setSearchScope(1);
    }

    @Override // org.apache.directory.server.core.authz.support.ACITupleFilter
    public Collection filter(Collection collection, OperationScope operationScope, PartitionNexusProxy partitionNexusProxy, Collection collection2, LdapDN ldapDN, Attributes attributes, AuthenticationLevel authenticationLevel, LdapDN ldapDN2, String str, Object obj, Attributes attributes2, Collection collection3) throws NamingException {
        if (ldapDN2.size() != 0 && collection.size() != 0 && operationScope == OperationScope.ENTRY) {
            int i = -1;
            Iterator it2 = collection.iterator();
            while (it2.hasNext()) {
                ACITuple aCITuple = (ACITuple) it2.next();
                if (aCITuple.isGrant()) {
                    Iterator it3 = aCITuple.getProtectedItems().iterator();
                    while (true) {
                        if (it3.hasNext()) {
                            ProtectedItem protectedItem = (ProtectedItem) it3.next();
                            if (protectedItem instanceof ProtectedItem.MaxImmSub) {
                                if (i < 0) {
                                    i = getImmSubCount(partitionNexusProxy, ldapDN2);
                                }
                                if (i >= ((ProtectedItem.MaxImmSub) protectedItem).getValue()) {
                                    it2.remove();
                                    break;
                                }
                            }
                        }
                    }
                }
            }
            return collection;
        }
        return collection;
    }

    private int getImmSubCount(PartitionNexusProxy partitionNexusProxy, LdapDN ldapDN) throws NamingException {
        int i = 0;
        NamingEnumeration namingEnumeration = null;
        try {
            namingEnumeration = partitionNexusProxy.search((LdapDN) ldapDN.getPrefix(1), new HashMap(), this.childrenFilter, this.childrenSearchControls, SEARCH_BYPASS);
            while (namingEnumeration.hasMore()) {
                namingEnumeration.next();
                i++;
            }
            if (namingEnumeration != null) {
                namingEnumeration.close();
            }
            return i;
        } catch (Throwable th) {
            if (namingEnumeration != null) {
                namingEnumeration.close();
            }
            throw th;
        }
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add("normalizationService");
        hashSet.add("authenticationService");
        hashSet.add("authorizationService");
        hashSet.add("defaultAuthorizationService");
        hashSet.add("schemaService");
        hashSet.add("subentryService");
        hashSet.add("operationalAttributeService");
        hashSet.add("eventService");
        SEARCH_BYPASS = Collections.unmodifiableCollection(hashSet);
    }
}
