/*

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.  Sun designates this

 * particular file as subject to the "Classpath" exception as provided

 * by Sun in the LICENSE file that accompanied this code.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,

 * CA 95054 USA or visit www.sun.com if you need additional information or

 * have any questions.

 */

package com.sun.jndi.ldap;

import javax.naming.NamingException;

import javax.naming.directory.InvalidSearchFilterException;

import java.io.IOException;

/**

 * LDAP (RFC-1960) and LDAPv3 (RFC-2254) search filters.

 *

 * @author Vincent Ryan

 * @author Jagane Sundar

 * @author Rosanna Lee

 */

final class Filter {

    /**

     * First convert filter string into byte[].

     * For LDAP v3, the conversion uses Unicode -> UTF8

     * For LDAP v2, the conversion uses Unicode -> ISO 8859 (Latin-1)

     *

     * Then parse the byte[] as a filter, converting \hh to

     * a single byte, and encoding the resulting filter

     * into the supplied BER buffer

     */

    static void encodeFilterString(BerEncoder ber, String filterStr,

        boolean isLdapv3) throws IOException, NamingException {

        if ((filterStr == null) || (filterStr.equals(""))) {

            throw new InvalidSearchFilterException("Empty filter");

        }

        byte[] filter;

        int filterLen;

        if (isLdapv3) {

            filter = filterStr.getBytes("UTF8");

        } else {

            filter = filterStr.getBytes("8859_1");

        }

        filterLen = filter.length;

        if (dbg) {

            dbgIndent = 0;

            System.err.println("String filter: " + filterStr);

            System.err.println("size: " + filterLen);

            dprint("original: ", filter, 0, filterLen);

        }

        encodeFilter(ber, filter, 0, filterLen);

    }

    private static void encodeFilter(BerEncoder ber, byte[] filter,

        int filterStart, int filterEnd) throws IOException, NamingException {

        if (dbg) {

            dprint("encFilter: ",  filter, filterStart, filterEnd);

            dbgIndent++;

        }

        if ((filterEnd - filterStart) <= 0) {

            throw new InvalidSearchFilterException("Empty filter");

        }

        int nextOffset;

        int parens, balance;

        boolean escape;

        parens = 0;

        int filtOffset[] = new int[1];

        for (filtOffset[0] = filterStart; filtOffset[0] < filterEnd;) {

            switch (filter[filtOffset[0]]) {

            case '(':

                filtOffset[0]++;

                parens++;

                switch (filter[filtOffset[0]]) {

                case '&':

                    encodeComplexFilter(ber, filter,

                        LDAP_FILTER_AND, filtOffset, filterEnd);

                    // filtOffset[0] has pointed to char after right paren

                    parens--;

                    break;

                case '|':

                    encodeComplexFilter(ber, filter,

                        LDAP_FILTER_OR, filtOffset, filterEnd);

                    // filtOffset[0] has pointed to char after right paren

                    parens--;

                    break;

                case '!':

                    encodeComplexFilter(ber, filter,

                        LDAP_FILTER_NOT, filtOffset, filterEnd);

                    // filtOffset[0] has pointed to char after right paren

                    parens--;

                    break;

                default:

                    balance = 1;

                    escape = false;

                    nextOffset = filtOffset[0];

                    while (nextOffset < filterEnd && balance > 0) {

                        if (!escape) {

                            if (filter[nextOffset] == '(')

                                balance++;

                            else if (filter[nextOffset] == ')')

                                balance--;

                        }

                        if (filter[nextOffset] == '\\' && !escape)

                            escape = true;

                        else

                            escape = false;

                        if (balance > 0)

                            nextOffset++;

                    }

                    if (balance != 0)

                        throw new InvalidSearchFilterException(

                                  "Unbalanced parenthesis");

                    encodeSimpleFilter(ber, filter, filtOffset[0], nextOffset);

                    // points to the char after right paren.

                    filtOffset[0] = nextOffset + 1;

                    parens--;

                    break;

                }

                break;

            case ')':

                //

                // End of sequence

                //

                ber.endSeq();

                filtOffset[0]++;

                parens--;

                break;

            case ' ':

                filtOffset[0]++;

                break;

            default:    // assume simple type=value filter

                encodeSimpleFilter(ber, filter, filtOffset[0], filterEnd);

                filtOffset[0] = filterEnd; // force break from outer

                break;

            }

            if (parens < 0) {

                throw new InvalidSearchFilterException(

                                                "Unbalanced parenthesis");

            }

        }

        if (parens != 0) {

            throw new InvalidSearchFilterException("Unbalanced parenthesis");

        }

        if (dbg) {

            dbgIndent--;

        }

    }

    /**

     * convert character 'c' that represents a hexadecimal digit to an integer.

     * if 'c' is not a hexidecimal digit [0-9A-Fa-f], -1 is returned.

     * otherwise the converted value is returned.

     */

    private static int hexchar2int( byte c ) {

        if ( c >= '0' && c <= '9' ) {

            return( c - '0' );

        }

        if ( c >= 'A' && c <= 'F' ) {

            return( c - 'A' + 10 );

        }

        if ( c >= 'a' && c <= 'f' ) {

            return( c - 'a' + 10 );

        }

        return( -1 );

    }

    // called by the LdapClient.compare method

    static byte[] unescapeFilterValue(byte[] orig, int start, int end)

        throws NamingException {

        boolean escape = false, escStart = false;

        int ival;

        byte ch;

        if (dbg) {

            dprint("unescape: " , orig, start, end);

        }

        int len = end - start;

        byte tbuf[] = new byte[len];

        int j = 0;

        for (int i = start; i < end; i++) {

            ch = orig[i];

            if (escape) {

                // Try LDAP V3 escape (\xx)

                if ((ival = hexchar2int(ch)) < 0) {

                    /**

                     * If there is no hex char following a '\' when

                     * parsing a LDAP v3 filter (illegal by v3 way)

                     * we fallback to the way we unescape in v2.

                     */

                    if (escStart) {

                        // V2: \* \( \)

                        escape = false;

                        tbuf[j++] = ch;

                    } else {

                        // escaping already started but we can't find 2nd hex

                        throw new InvalidSearchFilterException("invalid escape sequence: " + orig);

                    }

                } else {

                    if (escStart) {

                        tbuf[j] = (byte)(ival<<4);

                        escStart = false;

                    } else {

                        tbuf[j++] |= (byte)ival;

                        escape = false;

                    }

                }

            } else if (ch != '\\') {

                tbuf[j++] = ch;

                escape = false;

            } else {

                escStart = escape = true;

            }

        }

        byte[] answer = new byte[j];

        System.arraycopy(tbuf, 0, answer, 0, j);

        if (dbg) {

        }

        return answer;

    }

    private static int indexOf(byte[] str, char ch, int start, int end) {

        for (int i = start; i < end; i++) {

            if (str[i] == ch)

                return i;

        }

        return -1;

    }

    private static int indexOf(byte[] str, String target, int start, int end) {

        int where = indexOf(str, target.charAt(0), start, end);

        if (where >= 0) {

            for (int i = 1; i < target.length(); i++) {

                if (str[where+i] != target.charAt(i)) {

                    return -1;

                }

            }

        }

        return where;

    }

    private static int findUnescaped(byte[] str, char ch, int start, int end) {

        while (start < end) {

            int where = indexOf(str, ch, start, end);

            /*

             * Count the immediate preceding '\' to find out if

             * this is an escaped '*'. This is a made-up way for

             * parsing an escaped '*' in v2. This is how the other leading

             * SDK vendors interpret v2.

             * For v3 we fallback to the way we parse "\*" in v2.

             * It's not legal in v3 to use "\*" to escape '*'; the right

             * way is to use "\2a" instead.

             */

            int backSlashPos;

            int backSlashCnt = 0;

            for (backSlashPos = where - 1;

                    ((backSlashPos >= start) && (str[backSlashPos] == '\\'));

                    backSlashPos--, backSlashCnt++);

            // if at start of string, or not there at all, or if not escaped

            if (where == start || where == -1 || ((backSlashCnt % 2) == 0))

                return where;

            // start search after escaped star

            start = where + 1;

        }

        return -1;

    }

    private static void encodeSimpleFilter(BerEncoder ber, byte[] filter,

        int filtStart, int filtEnd) throws IOException, NamingException {

        if (dbg) {

            dprint("encSimpleFilter: ", filter, filtStart, filtEnd);

            dbgIndent++;

        }

        String type, value;

        int valueStart, valueEnd, typeStart, typeEnd;

        int eq;

        if ((eq = indexOf(filter, '=', filtStart, filtEnd)) == -1) {

            throw new InvalidSearchFilterException("Missing 'equals'");

        }

        valueEnd = filtEnd;

        typeStart = filtStart;      // beginning of string

        int ftype;

        switch (filter[eq - 1]) {

        case '<':

            ftype = LDAP_FILTER_LE;

            typeEnd = eq - 1;

            break;

        case '>':

            ftype = LDAP_FILTER_GE;

            typeEnd = eq - 1;

            break;

        case '~':

            ftype = LDAP_FILTER_APPROX;

            typeEnd = eq - 1;

            break;

        case ':':

            ftype = LDAP_FILTER_EXT;

            typeEnd = eq - 1;

            break;

        default:

            typeEnd = eq;