package org.opends.server.workflowelement.localbackend;

import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.messages.CoreMessages;
import org.opends.server.api.AccessControlHandler;
import org.opends.server.api.Backend;
import org.opends.server.api.ClientConnection;
import org.opends.server.controls.LDAPAssertionRequestControl;
import org.opends.server.controls.MatchedValuesControl;
import org.opends.server.controls.PersistentSearchControl;
import org.opends.server.controls.SubentriesControl;
import org.opends.server.core.AccessControlConfigManager;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.PersistentSearch;
import org.opends.server.core.SearchOperation;
import org.opends.server.core.SearchOperationWrapper;
import org.opends.server.types.AbstractOperation;
import org.opends.server.types.AdditionalLogItem;
import org.opends.server.types.CanceledOperationException;
import org.opends.server.types.Control;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.operation.PostOperationSearchOperation;
import org.opends.server.types.operation.PreOperationSearchOperation;
import org.opends.server.types.operation.SearchEntrySearchOperation;
import org.opends.server.types.operation.SearchReferenceSearchOperation;
import org.opends.server.util.ServerConstants;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.class */
public class LocalBackendSearchOperation extends SearchOperationWrapper implements PreOperationSearchOperation, PostOperationSearchOperation, SearchEntrySearchOperation, SearchReferenceSearchOperation {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private Backend<?> backend;
    private ClientConnection clientConnection;
    private DN baseDN;
    private PersistentSearch persistentSearch;
    private SearchFilter filter;

    public LocalBackendSearchOperation(SearchOperation searchOperation) {
        super(searchOperation);
        LocalBackendWorkflowElement.attachLocalOperation(searchOperation, this);
    }

    public void processLocalSearch(LocalBackendWorkflowElement localBackendWorkflowElement) throws CanceledOperationException {
        this.backend = localBackendWorkflowElement.getBackend();
        this.clientConnection = getClientConnection();
        checkIfCanceled(false);
        try {
            AtomicBoolean atomicBoolean = new AtomicBoolean(false);
            processSearch(atomicBoolean);
            checkIfCanceled(false);
            if (atomicBoolean.get()) {
                AbstractOperation.processOperationResult(this, DirectoryServer.getPluginConfigManager().invokePostOperationSearchPlugins(this));
            }
        } finally {
            LocalBackendWorkflowElement.filterNonDisclosableMatchedDN(this);
        }
    }

    private void processSearch(AtomicBoolean atomicBoolean) throws CanceledOperationException {
        this.baseDN = getBaseDN();
        this.filter = getFilter();
        if (this.baseDN == null || this.filter == null) {
            return;
        }
        try {
            handleRequestControls();
            try {
                if (!getAccessControlHandler().isAllowed(this)) {
                    setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
                    appendErrorMessage(CoreMessages.ERR_SEARCH_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS.get(this.baseDN));
                    return;
                }
                checkIfCanceled(false);
                atomicBoolean.set(true);
                if (AbstractOperation.processOperationResult(this, DirectoryServer.getPluginConfigManager().invokePreOperationSearchPlugins(this))) {
                    checkIfCanceled(false);
                    if (this.backend == null) {
                        setResultCode(ResultCode.NO_SUCH_OBJECT);
                        appendErrorMessage(CoreMessages.ERR_SEARCH_BASE_DOESNT_EXIST.get(this.baseDN));
                        return;
                    }
                    setResultCode(ResultCode.SUCCESS);
                    try {
                        boolean z = true;
                        if (this.persistentSearch != null) {
                            z = !this.persistentSearch.isChangesOnly();
                            if (!DirectoryServer.allowNewPersistentSearch()) {
                                setResultCode(ResultCode.ADMIN_LIMIT_EXCEEDED);
                                appendErrorMessage(CoreMessages.ERR_MAX_PSEARCH_LIMIT_EXCEEDED.get());
                                return;
                            } else {
                                this.backend.registerPersistentSearch(this.persistentSearch);
                                this.persistentSearch.enable();
                            }
                        }
                        if (z) {
                            this.backend.search(this);
                        }
                    } catch (CanceledOperationException e) {
                        if (this.persistentSearch != null) {
                            this.persistentSearch.cancel();
                            setSendResponse(true);
                        }
                        throw e;
                    } catch (DirectoryException e2) {
                        logger.traceException(e2);
                        setResponseData(e2);
                        if (this.persistentSearch != null) {
                            this.persistentSearch.cancel();
                            setSendResponse(true);
                        }
                    } catch (Exception e3) {
                        logger.traceException(e3);
                        setResultCode(DirectoryServer.getServerErrorResultCode());
                        appendErrorMessage(CoreMessages.ERR_SEARCH_BACKEND_EXCEPTION.get(StaticUtils.getExceptionMessage(e3)));
                        if (this.persistentSearch != null) {
                            this.persistentSearch.cancel();
                            setSendResponse(true);
                        }
                    }
                }
            } catch (DirectoryException e4) {
                setResultCode(e4.getResultCode());
                appendErrorMessage(e4.getMessageObject());
            }
        } catch (DirectoryException e5) {
            logger.traceException(e5);
            setResponseData(e5);
        }
    }

    private void handleRequestControls() throws DirectoryException {
        LocalBackendWorkflowElement.evaluateProxyAuthControls(this);
        LocalBackendWorkflowElement.removeAllDisallowedControls(this.baseDN, this);
        List<Control> requestControls = getRequestControls();
        if (requestControls == null || requestControls.isEmpty()) {
            return;
        }
        for (Control control : requestControls) {
            String oid = control.getOID();
            if (ServerConstants.OID_LDAP_ASSERTION.equals(oid)) {
                try {
                    SearchFilter searchFilter = ((LDAPAssertionRequestControl) getRequestControl(LDAPAssertionRequestControl.DECODER)).getSearchFilter();
                    try {
                        Entry entry = DirectoryServer.getEntry(this.baseDN);
                        if (entry == null) {
                            throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, CoreMessages.ERR_SEARCH_NO_SUCH_ENTRY_FOR_ASSERTION.get());
                        }
                        if (!getAccessControlHandler().isAllowed(this, entry, searchFilter)) {
                            throw new DirectoryException(ResultCode.INSUFFICIENT_ACCESS_RIGHTS, CoreMessages.ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
                        }
                        try {
                            if (!searchFilter.matchesEntry(entry)) {
                                throw new DirectoryException(ResultCode.ASSERTION_FAILED, CoreMessages.ERR_SEARCH_ASSERTION_FAILED.get());
                            }
                        } catch (DirectoryException e) {
                            if (e.getResultCode() == ResultCode.ASSERTION_FAILED) {
                                throw e;
                            }
                            logger.traceException(e);
                            throw new DirectoryException(e.getResultCode(), CoreMessages.ERR_SEARCH_CANNOT_PROCESS_ASSERTION_FILTER.get(e.getMessageObject()), e);
                        }
                    } catch (DirectoryException e2) {
                        logger.traceException(e2);
                        throw new DirectoryException(e2.getResultCode(), CoreMessages.ERR_SEARCH_CANNOT_GET_ENTRY_FOR_ASSERTION.get(e2.getMessageObject()));
                    }
                } catch (DirectoryException e3) {
                    logger.traceException(e3);
                    throw new DirectoryException(e3.getResultCode(), CoreMessages.ERR_SEARCH_CANNOT_PROCESS_ASSERTION_FILTER.get(e3.getMessageObject()), e3);
                }
            } else if (LocalBackendWorkflowElement.isProxyAuthzControl(oid)) {
                continue;
            } else if (ServerConstants.OID_PERSISTENT_SEARCH.equals(oid)) {
                PersistentSearchControl persistentSearchControl = (PersistentSearchControl) getRequestControl(PersistentSearchControl.DECODER);
                this.persistentSearch = new PersistentSearch(this, persistentSearchControl.getChangeTypes(), persistentSearchControl.getChangesOnly(), persistentSearchControl.getReturnECs());
            } else if (ServerConstants.OID_LDAP_SUBENTRIES.equals(oid)) {
                setReturnSubentriesOnly(((SubentriesControl) getRequestControl(SubentriesControl.DECODER)).getVisibility());
            } else if (ServerConstants.OID_LDUP_SUBENTRIES.equals(oid)) {
                addAdditionalLogItem(AdditionalLogItem.keyOnly(getClass(), "obsoleteSubentryControl"));
                setReturnSubentriesOnly(true);
            } else if (ServerConstants.OID_MATCHED_VALUES.equals(oid)) {
                setMatchedValuesControl((MatchedValuesControl) getRequestControl(MatchedValuesControl.DECODER));
            } else if (ServerConstants.OID_ACCOUNT_USABLE_CONTROL.equals(oid)) {
                setIncludeUsableControl(true);
            } else if (ServerConstants.OID_REAL_ATTRS_ONLY.equals(oid)) {
                setRealAttributesOnly(true);
            } else if (ServerConstants.OID_VIRTUAL_ATTRS_ONLY.equals(oid)) {
                setVirtualAttributesOnly(true);
            } else if (!ServerConstants.OID_GET_EFFECTIVE_RIGHTS.equals(oid) || !DirectoryServer.isSupportedControl(ServerConstants.OID_GET_EFFECTIVE_RIGHTS)) {
                if (control.isCritical() && !backendSupportsControl(oid)) {
                    throw new DirectoryException(ResultCode.UNAVAILABLE_CRITICAL_EXTENSION, CoreMessages.ERR_SEARCH_UNSUPPORTED_CRITICAL_CONTROL.get(oid));
                }
            }
        }
    }

    private AccessControlHandler<?> getAccessControlHandler() {
        return AccessControlConfigManager.getInstance().getAccessControlHandler();
    }

    private boolean backendSupportsControl(String str) {
        return this.backend != null && this.backend.supportsControl(str);
    }
}
