package org.opends.server.authorization.dseecompat;

import org.opends.server.core.DirectoryServer;
import org.opends.server.loggers.ErrorLogger;
import org.opends.server.messages.AciMessages;
import org.opends.server.messages.MessageHandler;
import org.opends.server.plugins.profiler.ProfilerPlugin;
import org.opends.server.types.ErrorLogCategory;
import org.opends.server.types.ErrorLogSeverity;
import org.opends.server.util.ServerConstants;

/* loaded from: input_file:org/opends/server/authorization/dseecompat/AuthMethod.class */
public class AuthMethod implements KeywordBindRule {
    private EnumAuthMethod authMethod;
    private String saslMech;
    private EnumBindRuleType type;

    private AuthMethod(EnumAuthMethod enumAuthMethod, String str, EnumBindRuleType enumBindRuleType) {
        this.authMethod = null;
        this.saslMech = null;
        this.type = null;
        this.authMethod = enumAuthMethod;
        this.saslMech = str;
        this.type = enumBindRuleType;
    }

    public static KeywordBindRule decode(String str, EnumBindRuleType enumBindRuleType) throws AciException {
        String lowerCase = str.toLowerCase();
        if (lowerCase.equals(ProfilerPlugin.PROFILE_ACTION_NONE)) {
            return new AuthMethod(EnumAuthMethod.AUTHMETHOD_NONE, null, enumBindRuleType);
        }
        if (lowerCase.equals("simple")) {
            return new AuthMethod(EnumAuthMethod.AUTHMETHOD_SIMPLE, null, enumBindRuleType);
        }
        if (lowerCase.equals("ssl")) {
            return new AuthMethod(EnumAuthMethod.AUTHMETHOD_SSL, ServerConstants.SASL_MECHANISM_EXTERNAL, enumBindRuleType);
        }
        if (str.length() <= 5 || !lowerCase.startsWith("sasl ")) {
            throw new AciException(AciMessages.MSGID_ACI_SYNTAX_INVALID_AUTHMETHOD_EXPRESSION, MessageHandler.getMessage(AciMessages.MSGID_ACI_SYNTAX_INVALID_AUTHMETHOD_EXPRESSION, str));
        }
        String substring = str.substring(5);
        if (DirectoryServer.getSASLMechanismHandler(substring) == null) {
            ErrorLogger.logError(ErrorLogCategory.ACCESS_CONTROL, ErrorLogSeverity.NOTICE, AciMessages.MSGID_ACI_SYNTAX_DUBIOUS_AUTHMETHOD_SASL_MECHANISM, substring);
        }
        return new AuthMethod(EnumAuthMethod.AUTHMETHOD_SASL, substring, enumBindRuleType);
    }

    @Override // org.opends.server.authorization.dseecompat.KeywordBindRule
    public EnumEvalResult evaluate(AciEvalContext aciEvalContext) {
        return aciEvalContext.hasAuthenticationMethod(this.authMethod, this.saslMech).getRet(this.type, false);
    }
}
