package org.opends.server.controls;

import java.util.ArrayList;
import java.util.concurrent.locks.Lock;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.PasswordPolicyState;
import org.opends.server.loggers.Debug;
import org.opends.server.messages.MessageHandler;
import org.opends.server.messages.ProtocolMessages;
import org.opends.server.protocols.asn1.ASN1Element;
import org.opends.server.protocols.asn1.ASN1OctetString;
import org.opends.server.protocols.asn1.ASN1Sequence;
import org.opends.server.protocols.ldap.LDAPException;
import org.opends.server.types.Control;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.LockManager;
import org.opends.server.types.ResultCode;
import org.opends.server.util.ServerConstants;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/controls/ProxiedAuthV1Control.class */
public class ProxiedAuthV1Control extends Control {
    private static final String CLASS_NAME = "org.opends.server.controls.ProxiedAuthV1Control";
    private ASN1OctetString rawAuthorizationDN;
    private DN authorizationDN;
    static final /* synthetic */ boolean $assertionsDisabled;

    public ProxiedAuthV1Control(ASN1OctetString aSN1OctetString) {
        super(ServerConstants.OID_PROXIED_AUTH_V1, true, encodeValue(aSN1OctetString));
        if (!$assertionsDisabled && !Debug.debugConstructor(CLASS_NAME, String.valueOf(aSN1OctetString))) {
            throw new AssertionError();
        }
        this.rawAuthorizationDN = aSN1OctetString;
        this.authorizationDN = null;
    }

    public ProxiedAuthV1Control(DN dn) {
        super(ServerConstants.OID_PROXIED_AUTH_V1, true, encodeValue(new ASN1OctetString(dn.toString())));
        if (!$assertionsDisabled && !Debug.debugConstructor(CLASS_NAME, String.valueOf(dn))) {
            throw new AssertionError();
        }
        this.authorizationDN = dn;
        this.rawAuthorizationDN = new ASN1OctetString(dn.toString());
    }

    private ProxiedAuthV1Control(String str, boolean z, ASN1OctetString aSN1OctetString, ASN1OctetString aSN1OctetString2) {
        super(str, z, aSN1OctetString);
        if (!$assertionsDisabled && !Debug.debugConstructor(CLASS_NAME, String.valueOf(str), String.valueOf(z), String.valueOf(aSN1OctetString), String.valueOf(aSN1OctetString2))) {
            throw new AssertionError();
        }
        this.rawAuthorizationDN = aSN1OctetString2;
        this.authorizationDN = null;
    }

    private static ASN1OctetString encodeValue(ASN1OctetString aSN1OctetString) {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "encodeValue", String.valueOf(aSN1OctetString))) {
            throw new AssertionError();
        }
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(aSN1OctetString);
        return new ASN1OctetString(new ASN1Sequence((ArrayList<ASN1Element>) arrayList).encode());
    }

    public static ProxiedAuthV1Control decodeControl(Control control) throws LDAPException {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "decodeControl", String.valueOf(control))) {
            throw new AssertionError();
        }
        if (!control.hasValue()) {
            throw new LDAPException(2, ProtocolMessages.MSGID_PROXYAUTH1_NO_CONTROL_VALUE, MessageHandler.getMessage(ProtocolMessages.MSGID_PROXYAUTH1_NO_CONTROL_VALUE));
        }
        try {
            ArrayList<ASN1Element> elements = ASN1Sequence.decodeAsSequence(control.getValue().value()).elements();
            if (elements.size() != 1) {
                throw new LDAPException(2, ProtocolMessages.MSGID_PROXYAUTH1_INVALID_ELEMENT_COUNT, MessageHandler.getMessage(ProtocolMessages.MSGID_PROXYAUTH1_INVALID_ELEMENT_COUNT, Integer.valueOf(elements.size())));
            }
            return new ProxiedAuthV1Control(control.getOID(), control.isCritical(), control.getValue(), elements.get(0).decodeAsOctetString());
        } catch (LDAPException e) {
            throw e;
        } catch (Exception e2) {
            if ($assertionsDisabled || Debug.debugException(CLASS_NAME, "decodeControl", e2)) {
                throw new LDAPException(2, ProtocolMessages.MSGID_PROXYAUTH1_CANNOT_DECODE_VALUE, MessageHandler.getMessage(ProtocolMessages.MSGID_PROXYAUTH1_CANNOT_DECODE_VALUE, StaticUtils.stackTraceToSingleLineString(e2)), e2);
            }
            throw new AssertionError();
        }
    }

    public ASN1OctetString getRawAuthorizationDN() {
        if ($assertionsDisabled || Debug.debugEnter(CLASS_NAME, "getRawAuthorizationDN", new String[0])) {
            return this.rawAuthorizationDN;
        }
        throw new AssertionError();
    }

    public void setRawAuthorizationDN(ASN1OctetString aSN1OctetString) {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "setRawAuthorizationDN", String.valueOf(aSN1OctetString))) {
            throw new AssertionError();
        }
        this.rawAuthorizationDN = aSN1OctetString;
        setValue(encodeValue(aSN1OctetString));
        this.authorizationDN = null;
    }

    public DN getAuthorizationDN() throws DirectoryException {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "getAuthorizationDN", new String[0])) {
            throw new AssertionError();
        }
        if (this.authorizationDN == null) {
            this.authorizationDN = DN.decode(this.rawAuthorizationDN);
        }
        return this.authorizationDN;
    }

    public void setAuthorizationDN(DN dn) {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "setAuthorizationDN", String.valueOf(dn))) {
            throw new AssertionError();
        }
        this.authorizationDN = dn;
        this.rawAuthorizationDN = new ASN1OctetString(dn.toString());
        setValue(encodeValue(this.rawAuthorizationDN));
    }

    public DN getValidatedAuthorizationDN() throws DirectoryException {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "getValidatedAuthorizationDN", new String[0])) {
            throw new AssertionError();
        }
        DN authorizationDN = getAuthorizationDN();
        if (authorizationDN.isNullDN()) {
            return authorizationDN;
        }
        Lock lock = null;
        for (int i = 0; i < 3; i++) {
            lock = LockManager.lockRead(authorizationDN);
            if (lock != null) {
                break;
            }
        }
        if (lock == null) {
            throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, MessageHandler.getMessage(ProtocolMessages.MSGID_PROXYAUTH1_CANNOT_LOCK_USER, String.valueOf(authorizationDN)), ProtocolMessages.MSGID_PROXYAUTH1_CANNOT_LOCK_USER);
        }
        try {
            Entry entry = DirectoryServer.getEntry(authorizationDN);
            if (entry == null) {
                throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, MessageHandler.getMessage(ProtocolMessages.MSGID_PROXYAUTH1_NO_SUCH_USER, String.valueOf(authorizationDN)), ProtocolMessages.MSGID_PROXYAUTH1_NO_SUCH_USER);
            }
            PasswordPolicyState passwordPolicyState = new PasswordPolicyState(entry, false, false);
            if (passwordPolicyState.isDisabled() || passwordPolicyState.isAccountExpired() || passwordPolicyState.lockedDueToFailures() || passwordPolicyState.lockedDueToIdleInterval() || passwordPolicyState.lockedDueToMaximumResetAge() || passwordPolicyState.isPasswordExpired()) {
                throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, MessageHandler.getMessage(ProtocolMessages.MSGID_PROXYAUTH1_UNUSABLE_ACCOUNT, String.valueOf(authorizationDN)), ProtocolMessages.MSGID_PROXYAUTH1_UNUSABLE_ACCOUNT);
            }
            return authorizationDN;
        } finally {
            LockManager.unlock(authorizationDN, lock);
        }
    }

    @Override // org.opends.server.types.Control
    public String toString() {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "toString", new String[0])) {
            throw new AssertionError();
        }
        StringBuilder sb = new StringBuilder();
        toString(sb);
        return sb.toString();
    }

    @Override // org.opends.server.types.Control
    public void toString(StringBuilder sb) {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "toString", "java.lang.StringBuilder")) {
            throw new AssertionError();
        }
        sb.append("ProxiedAuthorizationV1Control(authorizationDN=\"");
        this.rawAuthorizationDN.toString(sb);
        sb.append("\")");
    }

    static {
        $assertionsDisabled = !ProxiedAuthV1Control.class.desiredAssertionStatus();
    }
}
