package org.opends.server.extensions;

import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.opends.messages.ExtensionMessages;
import org.opends.messages.Message;
import org.opends.server.admin.std.server.ExtendedOperationHandlerCfg;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.ExtendedOperationHandler;
import org.opends.server.config.ConfigException;
import org.opends.server.controls.ProxiedAuthV1Control;
import org.opends.server.controls.ProxiedAuthV2Control;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ExtendedOperation;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.protocols.asn1.ASN1OctetString;
import org.opends.server.types.Control;
import org.opends.server.types.DN;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.InitializationException;
import org.opends.server.types.LDAPException;
import org.opends.server.types.Privilege;
import org.opends.server.types.ResultCode;
import org.opends.server.util.ServerConstants;

/* loaded from: input_file:org/opends/server/extensions/WhoAmIExtendedOperation.class */
public class WhoAmIExtendedOperation extends ExtendedOperationHandler<ExtendedOperationHandlerCfg> {
    private static final DebugTracer TRACER = DebugLogger.getTracer();

    @Override // org.opends.server.api.ExtendedOperationHandler
    public void initializeExtendedOperationHandler(ExtendedOperationHandlerCfg extendedOperationHandlerCfg) throws ConfigException, InitializationException {
        DirectoryServer.registerSupportedExtension(ServerConstants.OID_WHO_AM_I_REQUEST, this);
        registerControlsAndFeatures();
    }

    @Override // org.opends.server.api.ExtendedOperationHandler
    public void finalizeExtendedOperationHandler() {
        DirectoryServer.deregisterSupportedExtension(ServerConstants.OID_WHO_AM_I_REQUEST);
        deregisterControlsAndFeatures();
    }

    @Override // org.opends.server.api.ExtendedOperationHandler
    public Set<String> getSupportedControls() {
        HashSet hashSet = new HashSet(2);
        hashSet.add(ServerConstants.OID_PROXIED_AUTH_V1);
        hashSet.add(ServerConstants.OID_PROXIED_AUTH_V2);
        return hashSet;
    }

    @Override // org.opends.server.api.ExtendedOperationHandler
    public void processExtendedOperation(ExtendedOperation extendedOperation) {
        ProxiedAuthV1Control decodeControl;
        ProxiedAuthV2Control decodeControl2;
        ClientConnection clientConnection = extendedOperation.getClientConnection();
        List<Control> requestControls = extendedOperation.getRequestControls();
        if (requestControls != null) {
            for (Control control : requestControls) {
                String oid = control.getOID();
                if (oid.equals(ServerConstants.OID_PROXIED_AUTH_V1)) {
                    if (!clientConnection.hasPrivilege(Privilege.PROXIED_AUTH, extendedOperation)) {
                        extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_WHOAMI_PROXYAUTH_INSUFFICIENT_PRIVILEGES.get());
                        extendedOperation.setResultCode(ResultCode.AUTHORIZATION_DENIED);
                        return;
                    }
                    if (control instanceof ProxiedAuthV1Control) {
                        decodeControl = (ProxiedAuthV1Control) control;
                    } else {
                        try {
                            decodeControl = ProxiedAuthV1Control.decodeControl(control);
                        } catch (LDAPException e) {
                            if (DebugLogger.debugEnabled()) {
                                TRACER.debugCaught(DebugLogLevel.ERROR, e);
                            }
                            extendedOperation.setResultCode(ResultCode.valueOf(e.getResultCode()));
                            extendedOperation.appendErrorMessage(e.getMessageObject());
                            return;
                        }
                    }
                    try {
                        extendedOperation.setAuthorizationEntry(decodeControl.getAuthorizationEntry());
                    } catch (DirectoryException e2) {
                        if (DebugLogger.debugEnabled()) {
                            TRACER.debugCaught(DebugLogLevel.ERROR, e2);
                        }
                        extendedOperation.setResultCode(e2.getResultCode());
                        extendedOperation.appendErrorMessage(e2.getMessageObject());
                        return;
                    }
                } else if (!oid.equals(ServerConstants.OID_PROXIED_AUTH_V2)) {
                    continue;
                } else {
                    if (!clientConnection.hasPrivilege(Privilege.PROXIED_AUTH, extendedOperation)) {
                        extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_WHOAMI_PROXYAUTH_INSUFFICIENT_PRIVILEGES.get());
                        extendedOperation.setResultCode(ResultCode.AUTHORIZATION_DENIED);
                        return;
                    }
                    if (control instanceof ProxiedAuthV2Control) {
                        decodeControl2 = (ProxiedAuthV2Control) control;
                    } else {
                        try {
                            decodeControl2 = ProxiedAuthV2Control.decodeControl(control);
                        } catch (LDAPException e3) {
                            if (DebugLogger.debugEnabled()) {
                                TRACER.debugCaught(DebugLogLevel.ERROR, e3);
                            }
                            extendedOperation.setResultCode(ResultCode.valueOf(e3.getResultCode()));
                            extendedOperation.appendErrorMessage(e3.getMessageObject());
                            return;
                        }
                    }
                    try {
                        extendedOperation.setAuthorizationEntry(decodeControl2.getAuthorizationEntry());
                    } catch (DirectoryException e4) {
                        if (DebugLogger.debugEnabled()) {
                            TRACER.debugCaught(DebugLogLevel.ERROR, e4);
                        }
                        extendedOperation.setResultCode(e4.getResultCode());
                        extendedOperation.appendErrorMessage(e4.getMessageObject());
                        return;
                    }
                }
            }
        }
        DN authorizationDN = extendedOperation.getAuthorizationDN();
        String str = authorizationDN == null ? "" : "dn:" + authorizationDN.toString();
        extendedOperation.setResponseValue(new ASN1OctetString(str));
        extendedOperation.appendAdditionalLogMessage(Message.raw("authzID=\"" + str + "\"", new Object[0]));
        extendedOperation.setResultCode(ResultCode.SUCCESS);
    }
}
