package org.opends.server.extensions;

import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;
import java.util.concurrent.locks.Lock;
import org.opends.server.api.ConfigurableComponent;
import org.opends.server.api.IdentityMapper;
import org.opends.server.api.SASLMechanismHandler;
import org.opends.server.config.ConfigAttribute;
import org.opends.server.config.ConfigConstants;
import org.opends.server.config.ConfigEntry;
import org.opends.server.config.ConfigException;
import org.opends.server.config.DNConfigAttribute;
import org.opends.server.core.BindOperation;
import org.opends.server.core.DirectoryException;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.InitializationException;
import org.opends.server.core.LockManager;
import org.opends.server.core.PasswordPolicyState;
import org.opends.server.loggers.Debug;
import org.opends.server.messages.ExtensionsMessages;
import org.opends.server.messages.MessageHandler;
import org.opends.server.protocols.asn1.ASN1OctetString;
import org.opends.server.types.AuthenticationInfo;
import org.opends.server.types.ConfigChangeResult;
import org.opends.server.types.DN;
import org.opends.server.types.Entry;
import org.opends.server.types.ResultCode;
import org.opends.server.util.ServerConstants;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/extensions/PlainSASLMechanismHandler.class */
public class PlainSASLMechanismHandler extends SASLMechanismHandler implements ConfigurableComponent {
    private static final String CLASS_NAME = "org.opends.server.extensions.PlainSASLMechanismHandler";
    private DN configEntryDN;
    private DN identityMapperDN;
    private IdentityMapper identityMapper;
    static final /* synthetic */ boolean $assertionsDisabled;

    public PlainSASLMechanismHandler() {
        if (!$assertionsDisabled && !Debug.debugConstructor(CLASS_NAME, new String[0])) {
            throw new AssertionError();
        }
    }

    @Override // org.opends.server.api.SASLMechanismHandler
    public void initializeSASLMechanismHandler(ConfigEntry configEntry) throws ConfigException, InitializationException {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "initializeSASLMechanismHandler", String.valueOf(configEntry))) {
            throw new AssertionError();
        }
        this.configEntryDN = configEntry.getDN();
        try {
            DNConfigAttribute dNConfigAttribute = (DNConfigAttribute) configEntry.getConfigAttribute(new DNConfigAttribute(ConfigConstants.ATTR_IDMAPPER_DN, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_DESCRIPTION_IDENTITY_MAPPER_DN), true, false, false));
            if (dNConfigAttribute == null) {
                throw new ConfigException(ExtensionsMessages.MSGID_SASLPLAIN_NO_IDENTITY_MAPPER_ATTR, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_NO_IDENTITY_MAPPER_ATTR, String.valueOf(this.configEntryDN)));
            }
            this.identityMapperDN = dNConfigAttribute.activeValue();
            this.identityMapper = DirectoryServer.getIdentityMapper(this.identityMapperDN);
            if (this.identityMapper == null) {
                throw new ConfigException(ExtensionsMessages.MSGID_SASLPLAIN_NO_SUCH_IDENTITY_MAPPER, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_NO_SUCH_IDENTITY_MAPPER, String.valueOf(this.identityMapperDN), String.valueOf(this.configEntryDN)));
            }
            DirectoryServer.registerSASLMechanismHandler(ServerConstants.SASL_MECHANISM_PLAIN, this);
            DirectoryServer.registerConfigurableComponent(this);
        } catch (ConfigException e) {
            throw e;
        } catch (Exception e2) {
            if (!$assertionsDisabled && !Debug.debugException(CLASS_NAME, "initializeSASLMechanismHandler", e2)) {
                throw new AssertionError();
            }
            throw new InitializationException(ExtensionsMessages.MSGID_SASLPLAIN_CANNOT_GET_IDENTITY_MAPPER, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_CANNOT_GET_IDENTITY_MAPPER, String.valueOf(this.configEntryDN), StaticUtils.stackTraceToSingleLineString(e2)), e2);
        }
    }

    @Override // org.opends.server.api.SASLMechanismHandler
    public void finalizeSASLMechanismHandler() {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "finalizeSASLMechanismHandler", new String[0])) {
            throw new AssertionError();
        }
        DirectoryServer.deregisterConfigurableComponent(this);
        DirectoryServer.deregisterSASLMechanismHandler(ServerConstants.SASL_MECHANISM_PLAIN);
    }

    @Override // org.opends.server.api.SASLMechanismHandler
    public void processSASLBind(BindOperation bindOperation) {
        Entry entry;
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "processSASLBind", String.valueOf(bindOperation))) {
            throw new AssertionError();
        }
        ASN1OctetString sASLCredentials = bindOperation.getSASLCredentials();
        if (sASLCredentials == null) {
            bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
            bindOperation.setAuthFailureReason(ExtensionsMessages.MSGID_SASLPLAIN_NO_SASL_CREDENTIALS, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_NO_SASL_CREDENTIALS));
            return;
        }
        String stringValue = sASLCredentials.stringValue();
        int length = stringValue.length();
        int indexOf = stringValue.indexOf(0);
        if (indexOf < 0) {
            bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
            bindOperation.setAuthFailureReason(ExtensionsMessages.MSGID_SASLPLAIN_NO_NULLS_IN_CREDENTIALS, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_NO_NULLS_IN_CREDENTIALS));
            return;
        }
        if (indexOf > 0) {
            stringValue.substring(0, indexOf);
        }
        int indexOf2 = stringValue.indexOf(0, indexOf + 1);
        if (indexOf2 < 0) {
            bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
            bindOperation.setAuthFailureReason(ExtensionsMessages.MSGID_SASLPLAIN_NO_SECOND_NULL, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_NO_SECOND_NULL));
            return;
        }
        if (indexOf2 == indexOf + 1) {
            bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
            bindOperation.setAuthFailureReason(ExtensionsMessages.MSGID_SASLPLAIN_ZERO_LENGTH_AUTHCID, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_ZERO_LENGTH_AUTHCID));
            return;
        }
        if (indexOf2 == length - 1) {
            bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
            bindOperation.setAuthFailureReason(ExtensionsMessages.MSGID_SASLPLAIN_ZERO_LENGTH_PASSWORD, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_ZERO_LENGTH_PASSWORD));
            return;
        }
        String substring = stringValue.substring(indexOf + 1, indexOf2);
        String substring2 = stringValue.substring(indexOf2 + 1);
        String lowerCase = StaticUtils.toLowerCase(substring);
        if (lowerCase.startsWith("dn:")) {
            try {
                DN decode = DN.decode(substring.substring(3));
                if (decode.isNullDN()) {
                    bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
                    bindOperation.setAuthFailureReason(ExtensionsMessages.MSGID_SASLPLAIN_AUTHCID_IS_NULL_DN, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_AUTHCID_IS_NULL_DN));
                    return;
                }
                DN actualRootBindDN = DirectoryServer.getActualRootBindDN(decode);
                if (actualRootBindDN != null) {
                    decode = actualRootBindDN;
                }
                Lock lock = null;
                for (int i = 0; i < 3; i++) {
                    lock = LockManager.lockRead(decode);
                    if (lock != null) {
                        break;
                    }
                }
                try {
                    if (lock == null) {
                        bindOperation.setResultCode(DirectoryServer.getServerErrorResultCode());
                        bindOperation.setAuthFailureReason(ExtensionsMessages.MSGID_SASLPLAIN_CANNOT_LOCK_ENTRY, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_CANNOT_LOCK_ENTRY, String.valueOf(decode)));
                        return;
                    }
                    try {
                        entry = DirectoryServer.getEntry(decode);
                        LockManager.unlock(decode, lock);
                    } catch (DirectoryException e) {
                        if (!$assertionsDisabled && !Debug.debugException(CLASS_NAME, "processSASLBind", e)) {
                            throw new AssertionError();
                        }
                        bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
                        bindOperation.setAuthFailureReason(ExtensionsMessages.MSGID_SASLPLAIN_CANNOT_GET_ENTRY_BY_DN, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_CANNOT_GET_ENTRY_BY_DN, String.valueOf(decode), e.getErrorMessage()));
                        LockManager.unlock(decode, lock);
                        return;
                    }
                } catch (Throwable th) {
                    LockManager.unlock(decode, lock);
                    throw th;
                }
            } catch (DirectoryException e2) {
                if (!$assertionsDisabled && !Debug.debugException(CLASS_NAME, "processSASLBind", e2)) {
                    throw new AssertionError();
                }
                bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
                bindOperation.setAuthFailureReason(ExtensionsMessages.MSGID_SASLPLAIN_CANNOT_DECODE_AUTHCID_AS_DN, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_CANNOT_DECODE_AUTHCID_AS_DN, substring, e2.getErrorMessage()));
                return;
            }
        } else {
            if (lowerCase.startsWith("u:")) {
                substring = substring.substring(2);
            }
            try {
                entry = this.identityMapper.getEntryForID(substring);
            } catch (DirectoryException e3) {
                if (!$assertionsDisabled && !Debug.debugException(CLASS_NAME, "processSASLBind", e3)) {
                    throw new AssertionError();
                }
                bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
                bindOperation.setAuthFailureReason(ExtensionsMessages.MSGID_SASLPLAIN_CANNOT_MAP_USERNAME, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_CANNOT_MAP_USERNAME, String.valueOf(substring), e3.getErrorMessage()));
                return;
            }
        }
        if (entry == null) {
            bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
            bindOperation.setAuthFailureReason(ExtensionsMessages.MSGID_SASLPLAIN_NO_MATCHING_ENTRIES, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_NO_MATCHING_ENTRIES, substring));
            return;
        }
        bindOperation.setSASLAuthUserEntry(entry);
        try {
            if (new PasswordPolicyState(entry, false, false).passwordMatches(new ASN1OctetString(substring2))) {
                bindOperation.setResultCode(ResultCode.SUCCESS);
                bindOperation.getClientConnection().setAuthenticationInfo(new AuthenticationInfo(entry.getDN(), ServerConstants.SASL_MECHANISM_PLAIN, DirectoryServer.isRootDN(entry.getDN())));
            } else {
                bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
                bindOperation.setAuthFailureReason(ExtensionsMessages.MSGID_SASLPLAIN_INVALID_PASSWORD, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_INVALID_PASSWORD));
            }
        } catch (Exception e4) {
            if (!$assertionsDisabled && !Debug.debugException(CLASS_NAME, "processSASLBind", e4)) {
                throw new AssertionError();
            }
            bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
            bindOperation.setAuthFailureReason(ExtensionsMessages.MSGID_SASLPLAIN_CANNOT_CHECK_PASSWORD_VALIDITY, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_CANNOT_CHECK_PASSWORD_VALIDITY, String.valueOf(entry.getDN()), String.valueOf(e4)));
        }
    }

    @Override // org.opends.server.api.ConfigurableComponent
    public DN getConfigurableComponentEntryDN() {
        if ($assertionsDisabled || Debug.debugEnter(CLASS_NAME, "getConfigurableComponentEntryDN", new String[0])) {
            return this.configEntryDN;
        }
        throw new AssertionError();
    }

    @Override // org.opends.server.api.ConfigurableComponent
    public List<ConfigAttribute> getConfigurationAttributes() {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "getConfigurationAttributes", new String[0])) {
            throw new AssertionError();
        }
        LinkedList linkedList = new LinkedList();
        linkedList.add(new DNConfigAttribute(ConfigConstants.ATTR_IDMAPPER_DN, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_DESCRIPTION_IDENTITY_MAPPER_DN), true, false, false, this.identityMapperDN));
        return linkedList;
    }

    @Override // org.opends.server.api.ConfigurableComponent
    public boolean hasAcceptableConfiguration(ConfigEntry configEntry, List<String> list) {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "hasAcceptableConfiguration", String.valueOf(configEntry), "java.util.List<String>")) {
            throw new AssertionError();
        }
        try {
            DNConfigAttribute dNConfigAttribute = (DNConfigAttribute) configEntry.getConfigAttribute(new DNConfigAttribute(ConfigConstants.ATTR_IDMAPPER_DN, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_DESCRIPTION_IDENTITY_MAPPER_DN), true, false, false));
            if (dNConfigAttribute == null) {
                list.add(MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_NO_IDENTITY_MAPPER_ATTR, String.valueOf(this.configEntryDN)));
                return false;
            }
            DN pendingValue = dNConfigAttribute.pendingValue();
            if (pendingValue.equals(this.identityMapperDN) || DirectoryServer.getIdentityMapper(pendingValue) != null) {
                return true;
            }
            list.add(MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_NO_SUCH_IDENTITY_MAPPER, String.valueOf(pendingValue), String.valueOf(this.configEntryDN)));
            return false;
        } catch (Exception e) {
            if (!$assertionsDisabled && !Debug.debugException(CLASS_NAME, "hasAcceptableConfiguration", e)) {
                throw new AssertionError();
            }
            list.add(MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_CANNOT_GET_IDENTITY_MAPPER, String.valueOf(this.configEntryDN), StaticUtils.stackTraceToSingleLineString(e)));
            return false;
        }
    }

    @Override // org.opends.server.api.ConfigurableComponent
    public ConfigChangeResult applyNewConfiguration(ConfigEntry configEntry, boolean z) {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "applyNewConfiguration", String.valueOf(configEntry), String.valueOf(z))) {
            throw new AssertionError();
        }
        ResultCode resultCode = ResultCode.SUCCESS;
        ArrayList arrayList = new ArrayList();
        DN dn = null;
        IdentityMapper identityMapper = null;
        try {
            DNConfigAttribute dNConfigAttribute = (DNConfigAttribute) configEntry.getConfigAttribute(new DNConfigAttribute(ConfigConstants.ATTR_IDMAPPER_DN, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_DESCRIPTION_IDENTITY_MAPPER_DN), true, false, false));
            if (dNConfigAttribute == null) {
                arrayList.add(MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_NO_IDENTITY_MAPPER_ATTR, String.valueOf(this.configEntryDN)));
                resultCode = ResultCode.CONSTRAINT_VIOLATION;
            } else {
                dn = dNConfigAttribute.pendingValue();
                if (!dn.equals(this.identityMapperDN)) {
                    identityMapper = DirectoryServer.getIdentityMapper(dn);
                    if (identityMapper == null) {
                        arrayList.add(MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_NO_SUCH_IDENTITY_MAPPER, String.valueOf(dn), String.valueOf(this.configEntryDN)));
                        resultCode = ResultCode.CONSTRAINT_VIOLATION;
                    }
                }
            }
        } catch (Exception e) {
            if (!$assertionsDisabled && !Debug.debugException(CLASS_NAME, "applyNewConfiguration", e)) {
                throw new AssertionError();
            }
            arrayList.add(MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_CANNOT_GET_IDENTITY_MAPPER, String.valueOf(this.configEntryDN), StaticUtils.stackTraceToSingleLineString(e)));
            resultCode = DirectoryServer.getServerErrorResultCode();
        }
        if (resultCode == ResultCode.SUCCESS && dn != null && this.identityMapper != null) {
            this.identityMapperDN = dn;
            this.identityMapper = identityMapper;
            if (z) {
                arrayList.add(MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLPLAIN_UPDATED_IDENTITY_MAPPER, String.valueOf(this.configEntryDN), String.valueOf(this.identityMapperDN)));
            }
        }
        return new ConfigChangeResult(resultCode, false, arrayList);
    }

    @Override // org.opends.server.api.SASLMechanismHandler
    public boolean isPasswordBased(String str) {
        if ($assertionsDisabled || Debug.debugEnter(CLASS_NAME, "isPasswordBased", String.valueOf(str))) {
            return true;
        }
        throw new AssertionError();
    }

    @Override // org.opends.server.api.SASLMechanismHandler
    public boolean isSecure(String str) {
        if ($assertionsDisabled || Debug.debugEnter(CLASS_NAME, "isSecure", String.valueOf(str))) {
            return false;
        }
        throw new AssertionError();
    }

    static {
        $assertionsDisabled = !PlainSASLMechanismHandler.class.desiredAssertionStatus();
    }
}
