package org.opends.server.extensions;

import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.concurrent.locks.Lock;
import javax.security.auth.x500.X500Principal;
import org.opends.messages.ExtensionMessages;
import org.opends.server.admin.std.server.SubjectEqualsDNCertificateMapperCfg;
import org.opends.server.api.CertificateMapper;
import org.opends.server.config.ConfigException;
import org.opends.server.core.DirectoryServer;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.types.DN;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.InitializationException;
import org.opends.server.types.LockManager;
import org.opends.server.types.ResultCode;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/extensions/SubjectEqualsDNCertificateMapper.class */
public class SubjectEqualsDNCertificateMapper extends CertificateMapper<SubjectEqualsDNCertificateMapperCfg> {
    private static final DebugTracer TRACER = DebugLogger.getTracer();

    @Override // org.opends.server.api.CertificateMapper
    public void initializeCertificateMapper(SubjectEqualsDNCertificateMapperCfg subjectEqualsDNCertificateMapperCfg) throws ConfigException, InitializationException {
    }

    @Override // org.opends.server.api.CertificateMapper
    public Entry mapCertificateToUser(Certificate[] certificateArr) throws DirectoryException {
        if (certificateArr == null || certificateArr.length == 0) {
            throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_SEDCM_NO_PEER_CERTIFICATE.get());
        }
        try {
            X500Principal subjectX500Principal = ((X509Certificate) certificateArr[0]).getSubjectX500Principal();
            try {
                DN decode = DN.decode(subjectX500Principal.getName("RFC2253"));
                Lock lock = null;
                for (int i = 0; i < 3; i++) {
                    lock = LockManager.lockRead(decode);
                    if (lock != null) {
                        break;
                    }
                }
                try {
                    if (lock == null) {
                        throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_SEDCM_CANNOT_LOCK_ENTRY.get(String.valueOf(decode)));
                    }
                    try {
                        try {
                            Entry entry = DirectoryServer.getEntry(decode);
                            LockManager.unlock(decode, lock);
                            if (entry != null) {
                                return entry;
                            }
                            throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_SEDCM_NO_USER_FOR_DN.get(String.valueOf(decode)));
                        } catch (Exception e) {
                            if (DebugLogger.debugEnabled()) {
                                TRACER.debugCaught(DebugLogLevel.ERROR, e);
                            }
                            throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_SEDCM_CANNOT_GET_ENTRY.get(String.valueOf(decode), StaticUtils.getExceptionMessage(e)), e);
                        }
                    } catch (DirectoryException e2) {
                        if (DebugLogger.debugEnabled()) {
                            TRACER.debugCaught(DebugLogLevel.ERROR, e2);
                        }
                        throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_SEDCM_CANNOT_GET_ENTRY.get(String.valueOf(decode), e2.getMessageObject()), e2);
                    }
                } catch (Throwable th) {
                    LockManager.unlock(decode, lock);
                    throw th;
                }
            } catch (Exception e3) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e3);
                }
                throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_SEDCM_CANNOT_DECODE_SUBJECT_AS_DN.get(String.valueOf(subjectX500Principal), StaticUtils.getExceptionMessage(e3)));
            }
        } catch (Exception e4) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e4);
            }
            throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_SEDCM_PEER_CERT_NOT_X509.get(String.valueOf(certificateArr[0].getType())));
        }
    }
}
