package org.opends.server.controls;

import java.util.ArrayList;
import java.util.concurrent.locks.Lock;
import org.opends.messages.ProtocolMessages;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.PasswordPolicyState;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.protocols.asn1.ASN1Element;
import org.opends.server.protocols.asn1.ASN1OctetString;
import org.opends.server.protocols.asn1.ASN1Sequence;
import org.opends.server.types.Control;
import org.opends.server.types.DN;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.LDAPException;
import org.opends.server.types.LockManager;
import org.opends.server.types.ResultCode;
import org.opends.server.util.ServerConstants;
import org.opends.server.util.StaticUtils;
import org.opends.server.util.Validator;

/* loaded from: input_file:org/opends/server/controls/ProxiedAuthV1Control.class */
public class ProxiedAuthV1Control extends Control {
    private static final DebugTracer TRACER = DebugLogger.getTracer();
    private ASN1OctetString rawAuthorizationDN;
    private DN authorizationDN;

    public ProxiedAuthV1Control(ASN1OctetString aSN1OctetString) {
        super(ServerConstants.OID_PROXIED_AUTH_V1, true, encodeValue(aSN1OctetString));
        this.rawAuthorizationDN = aSN1OctetString;
        this.authorizationDN = null;
    }

    public ProxiedAuthV1Control(DN dn) {
        super(ServerConstants.OID_PROXIED_AUTH_V1, true, encodeValue(new ASN1OctetString(dn.toString())));
        this.authorizationDN = dn;
        this.rawAuthorizationDN = new ASN1OctetString(dn.toString());
    }

    private ProxiedAuthV1Control(String str, boolean z, ASN1OctetString aSN1OctetString, ASN1OctetString aSN1OctetString2) {
        super(str, z, aSN1OctetString);
        this.rawAuthorizationDN = aSN1OctetString2;
        this.authorizationDN = null;
    }

    private static ASN1OctetString encodeValue(ASN1OctetString aSN1OctetString) {
        Validator.ensureNotNull(aSN1OctetString);
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(aSN1OctetString);
        return new ASN1OctetString(new ASN1Sequence((ArrayList<ASN1Element>) arrayList).encode());
    }

    public static ProxiedAuthV1Control decodeControl(Control control) throws LDAPException {
        Validator.ensureNotNull(control);
        if (!control.isCritical()) {
            throw new LDAPException(2, ProtocolMessages.ERR_PROXYAUTH1_CONTROL_NOT_CRITICAL.get());
        }
        if (!control.hasValue()) {
            throw new LDAPException(2, ProtocolMessages.ERR_PROXYAUTH1_NO_CONTROL_VALUE.get());
        }
        try {
            ArrayList<ASN1Element> elements = ASN1Sequence.decodeAsSequence(control.getValue().value()).elements();
            if (elements.size() != 1) {
                throw new LDAPException(2, ProtocolMessages.ERR_PROXYAUTH1_INVALID_ELEMENT_COUNT.get(Integer.valueOf(elements.size())));
            }
            return new ProxiedAuthV1Control(control.getOID(), control.isCritical(), control.getValue(), elements.get(0).decodeAsOctetString());
        } catch (LDAPException e) {
            throw e;
        } catch (Exception e2) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e2);
            }
            throw new LDAPException(2, ProtocolMessages.ERR_PROXYAUTH1_CANNOT_DECODE_VALUE.get(StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    public ASN1OctetString getRawAuthorizationDN() {
        return this.rawAuthorizationDN;
    }

    public void setRawAuthorizationDN(ASN1OctetString aSN1OctetString) {
        this.rawAuthorizationDN = aSN1OctetString;
        setValue(encodeValue(aSN1OctetString));
        this.authorizationDN = null;
    }

    public DN getAuthorizationDN() throws DirectoryException {
        if (this.authorizationDN == null) {
            this.authorizationDN = DN.decode(this.rawAuthorizationDN);
        }
        return this.authorizationDN;
    }

    public void setAuthorizationDN(DN dn) {
        Validator.ensureNotNull(dn);
        this.authorizationDN = dn;
        this.rawAuthorizationDN = new ASN1OctetString(dn.toString());
        setValue(encodeValue(this.rawAuthorizationDN));
    }

    /* JADX WARN: Finally extract failed */
    public Entry getAuthorizationEntry() throws DirectoryException {
        DN authorizationDN = getAuthorizationDN();
        if (authorizationDN.isNullDN()) {
            return null;
        }
        DN actualRootBindDN = DirectoryServer.getActualRootBindDN(authorizationDN);
        if (actualRootBindDN != null) {
            authorizationDN = actualRootBindDN;
        }
        Lock lock = null;
        for (int i = 0; i < 3; i++) {
            lock = LockManager.lockRead(authorizationDN);
            if (lock != null) {
                break;
            }
        }
        if (lock == null) {
            throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, ProtocolMessages.ERR_PROXYAUTH1_CANNOT_LOCK_USER.get(String.valueOf(authorizationDN)));
        }
        try {
            Entry entry = DirectoryServer.getEntry(authorizationDN);
            if (entry == null) {
                throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, ProtocolMessages.ERR_PROXYAUTH1_NO_SUCH_USER.get(String.valueOf(authorizationDN)));
            }
            PasswordPolicyState passwordPolicyState = new PasswordPolicyState(entry, false);
            if (passwordPolicyState.isDisabled() || passwordPolicyState.isAccountExpired() || passwordPolicyState.lockedDueToFailures() || passwordPolicyState.lockedDueToIdleInterval() || passwordPolicyState.lockedDueToMaximumResetAge() || passwordPolicyState.isPasswordExpired()) {
                throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, ProtocolMessages.ERR_PROXYAUTH1_UNUSABLE_ACCOUNT.get(String.valueOf(authorizationDN)));
            }
            LockManager.unlock(authorizationDN, lock);
            return entry;
        } catch (Throwable th) {
            LockManager.unlock(authorizationDN, lock);
            throw th;
        }
    }

    @Override // org.opends.server.types.Control
    public String toString() {
        StringBuilder sb = new StringBuilder();
        toString(sb);
        return sb.toString();
    }

    @Override // org.opends.server.types.Control
    public void toString(StringBuilder sb) {
        sb.append("ProxiedAuthorizationV1Control(authorizationDN=\"");
        this.rawAuthorizationDN.toString(sb);
        sb.append("\")");
    }
}
