package org.opends.server.extensions;

import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.opends.messages.ExtensionMessages;
import org.opends.messages.Message;
import org.opends.server.admin.server.ConfigurationChangeListener;
import org.opends.server.admin.std.server.CertificateMapperCfg;
import org.opends.server.admin.std.server.SubjectDNToUserAttributeCertificateMapperCfg;
import org.opends.server.api.CertificateMapper;
import org.opends.server.config.ConfigException;
import org.opends.server.core.DirectoryServer;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.types.AttributeType;
import org.opends.server.types.AttributeValue;
import org.opends.server.types.ConfigChangeResult;
import org.opends.server.types.DN;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.InitializationException;
import org.opends.server.types.ResultCode;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.SearchResultEntry;
import org.opends.server.types.SearchScope;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/extensions/SubjectDNToUserAttributeCertificateMapper.class */
public class SubjectDNToUserAttributeCertificateMapper extends CertificateMapper<SubjectDNToUserAttributeCertificateMapperCfg> implements ConfigurationChangeListener<SubjectDNToUserAttributeCertificateMapperCfg> {
    private static final DebugTracer TRACER = DebugLogger.getTracer();
    private AttributeType subjectAttributeType;
    private DN configEntryDN;
    private SubjectDNToUserAttributeCertificateMapperCfg currentConfig;

    @Override // org.opends.server.api.CertificateMapper
    public void initializeCertificateMapper(SubjectDNToUserAttributeCertificateMapperCfg subjectDNToUserAttributeCertificateMapperCfg) throws ConfigException, InitializationException {
        subjectDNToUserAttributeCertificateMapperCfg.addSubjectDNToUserAttributeChangeListener(this);
        this.currentConfig = subjectDNToUserAttributeCertificateMapperCfg;
        this.configEntryDN = subjectDNToUserAttributeCertificateMapperCfg.dn();
        String subjectAttribute = subjectDNToUserAttributeCertificateMapperCfg.getSubjectAttribute();
        this.subjectAttributeType = DirectoryServer.getAttributeType(StaticUtils.toLowerCase(subjectAttribute), false);
        if (this.subjectAttributeType == null) {
            throw new ConfigException(ExtensionMessages.ERR_SDTUACM_NO_SUCH_ATTR.get(String.valueOf(this.configEntryDN), subjectAttribute));
        }
    }

    @Override // org.opends.server.api.CertificateMapper
    public void finalizeCertificateMapper() {
        this.currentConfig.removeSubjectDNToUserAttributeChangeListener(this);
    }

    @Override // org.opends.server.api.CertificateMapper
    public Entry mapCertificateToUser(Certificate[] certificateArr) throws DirectoryException {
        SubjectDNToUserAttributeCertificateMapperCfg subjectDNToUserAttributeCertificateMapperCfg = this.currentConfig;
        AttributeType attributeType = this.subjectAttributeType;
        if (certificateArr == null || certificateArr.length == 0) {
            throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_SDTUACM_NO_PEER_CERTIFICATE.get());
        }
        try {
            String name = ((X509Certificate) certificateArr[0]).getSubjectX500Principal().getName("RFC2253");
            SearchFilter createEqualityFilter = SearchFilter.createEqualityFilter(attributeType, new AttributeValue(attributeType, name));
            Collection userBaseDN = subjectDNToUserAttributeCertificateMapperCfg.getUserBaseDN();
            if (userBaseDN == null || userBaseDN.isEmpty()) {
                userBaseDN = DirectoryServer.getPublicNamingContexts().keySet();
            }
            SearchResultEntry searchResultEntry = null;
            InternalClientConnection rootConnection = InternalClientConnection.getRootConnection();
            Iterator<DN> it = userBaseDN.iterator();
            while (it.hasNext()) {
                Iterator<SearchResultEntry> it2 = rootConnection.processSearch(it.next(), SearchScope.WHOLE_SUBTREE, createEqualityFilter).getSearchEntries().iterator();
                while (it2.hasNext()) {
                    SearchResultEntry next = it2.next();
                    if (searchResultEntry != null) {
                        throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_SDTUACM_MULTIPLE_MATCHING_ENTRIES.get(name, String.valueOf(searchResultEntry.getDN()), String.valueOf(next.getDN())));
                    }
                    searchResultEntry = next;
                }
            }
            return searchResultEntry;
        } catch (Exception e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_SDTUACM_PEER_CERT_NOT_X509.get(String.valueOf(certificateArr[0].getType())));
        }
    }

    @Override // org.opends.server.api.CertificateMapper
    public boolean isConfigurationAcceptable(CertificateMapperCfg certificateMapperCfg, List<Message> list) {
        return isConfigurationChangeAcceptable2((SubjectDNToUserAttributeCertificateMapperCfg) certificateMapperCfg, list);
    }

    /* renamed from: isConfigurationChangeAcceptable, reason: avoid collision after fix types in other method */
    public boolean isConfigurationChangeAcceptable2(SubjectDNToUserAttributeCertificateMapperCfg subjectDNToUserAttributeCertificateMapperCfg, List<Message> list) {
        boolean z = true;
        DN dn = subjectDNToUserAttributeCertificateMapperCfg.dn();
        String subjectAttribute = subjectDNToUserAttributeCertificateMapperCfg.getSubjectAttribute();
        if (DirectoryServer.getAttributeType(StaticUtils.toLowerCase(subjectAttribute), false) == null) {
            list.add(ExtensionMessages.ERR_SDTUACM_NO_SUCH_ATTR.get(String.valueOf(dn), subjectAttribute));
            z = false;
        }
        return z;
    }

    @Override // org.opends.server.admin.server.ConfigurationChangeListener
    public ConfigChangeResult applyConfigurationChange(SubjectDNToUserAttributeCertificateMapperCfg subjectDNToUserAttributeCertificateMapperCfg) {
        ResultCode resultCode = ResultCode.SUCCESS;
        ArrayList arrayList = new ArrayList();
        String subjectAttribute = subjectDNToUserAttributeCertificateMapperCfg.getSubjectAttribute();
        AttributeType attributeType = DirectoryServer.getAttributeType(StaticUtils.toLowerCase(subjectAttribute), false);
        if (attributeType == null) {
            if (resultCode == ResultCode.SUCCESS) {
                resultCode = ResultCode.NO_SUCH_ATTRIBUTE;
            }
            arrayList.add(ExtensionMessages.ERR_SDTUACM_NO_SUCH_ATTR.get(String.valueOf(this.configEntryDN), subjectAttribute));
        }
        if (resultCode == ResultCode.SUCCESS) {
            this.subjectAttributeType = attributeType;
            this.currentConfig = subjectDNToUserAttributeCertificateMapperCfg;
        }
        return new ConfigChangeResult(resultCode, false, arrayList);
    }

    @Override // org.opends.server.admin.server.ConfigurationChangeListener
    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(SubjectDNToUserAttributeCertificateMapperCfg subjectDNToUserAttributeCertificateMapperCfg, List list) {
        return isConfigurationChangeAcceptable2(subjectDNToUserAttributeCertificateMapperCfg, (List<Message>) list);
    }
}
