package org.opends.server.api;

import com.fasterxml.jackson.annotation.JsonProperty;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.AttributeDescription;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ConditionResult;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.opends.messages.CoreMessages;
import org.opends.server.config.ConfigConstants;
import org.opends.server.types.Attribute;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/api/AuthenticationPolicyState.class */
public abstract class AuthenticationPolicyState {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    protected ConditionResult isDisabled = ConditionResult.UNDEFINED;
    protected final Entry userEntry;

    public static AuthenticationPolicyState forUser(Entry entry, boolean z) throws DirectoryException {
        return AuthenticationPolicy.forUser(entry, z).createAuthenticationPolicyState(entry);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ConditionResult getBoolean(Entry entry, String str) throws DirectoryException {
        AttributeDescription valueOf = AttributeDescription.valueOf(str);
        AttributeType attributeType = valueOf.getAttributeType();
        for (Attribute attribute : entry.getAllAttributes(valueOf)) {
            if (!attribute.isEmpty()) {
                String lowerCase = StaticUtils.toLowerCase(attribute.iterator().next().toString());
                if (lowerCase.equals("true") || lowerCase.equals("yes") || lowerCase.equals("on") || lowerCase.equals("1")) {
                    if (logger.isTraceEnabled()) {
                        logger.trace("Attribute %s resolves to true for user entry %s", attributeType.getNameOrOID(), entry.getName());
                    }
                    return ConditionResult.TRUE;
                }
                if (lowerCase.equals("false") || lowerCase.equals("no") || lowerCase.equals("off") || lowerCase.equals("0")) {
                    if (logger.isTraceEnabled()) {
                        logger.trace("Attribute %s resolves to false for user entry %s", attributeType.getNameOrOID(), entry.getName());
                    }
                    return ConditionResult.FALSE;
                }
                if (logger.isTraceEnabled()) {
                    logger.trace("Unable to resolve value %s for attribute %s in user entry %s as a Boolean.", lowerCase, attributeType.getNameOrOID(), entry.getName());
                }
                throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, CoreMessages.ERR_PWPSTATE_CANNOT_DECODE_BOOLEAN.get(lowerCase, attributeType.getNameOrOID(), entry.getName()));
            }
        }
        if (logger.isTraceEnabled()) {
            logger.trace("Returning %s because attribute %s does not exist in user entry %s", ConditionResult.UNDEFINED, attributeType.getNameOrOID(), entry.getName());
        }
        return ConditionResult.UNDEFINED;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Code restructure failed: missing block: B:11:0x0091, code lost:
    
        if (r9 != (-1)) goto L18;
     */
    /* JADX WARN: Code restructure failed: missing block: B:13:0x009a, code lost:
    
        if (org.opends.server.api.AuthenticationPolicyState.logger.isTraceEnabled() == false) goto L18;
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x009d, code lost:
    
        org.opends.server.api.AuthenticationPolicyState.logger.trace("Returning -1 because attribute %s does not exist in user entry %s", r8.getNameOrOID(), r7.getName());
     */
    /* JADX WARN: Code restructure failed: missing block: B:16:0x00ae, code lost:
    
        return r9;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static long getGeneralizedTime(org.opends.server.types.Entry r7, org.forgerock.opendj.ldap.schema.AttributeType r8) throws org.opends.server.types.DirectoryException {
        /*
            r0 = -1
            r9 = r0
            r0 = r7
            r1 = r8
            java.util.List r0 = r0.getAllAttributes(r1)
            java.util.Iterator r0 = r0.iterator()
            r11 = r0
        L10:
            r0 = r11
            boolean r0 = r0.hasNext()
            if (r0 == 0) goto L8c
            r0 = r11
            java.lang.Object r0 = r0.next()
            org.opends.server.types.Attribute r0 = (org.opends.server.types.Attribute) r0
            r12 = r0
            r0 = r12
            boolean r0 = r0.isEmpty()
            if (r0 == 0) goto L33
            goto L10
        L33:
            r0 = r12
            java.util.Iterator r0 = r0.iterator()
            java.lang.Object r0 = r0.next()
            org.forgerock.opendj.ldap.ByteString r0 = (org.forgerock.opendj.ldap.ByteString) r0
            r13 = r0
            r0 = r13
            java.lang.String r0 = r0.toString()     // Catch: java.lang.Exception -> L53
            org.forgerock.opendj.ldap.GeneralizedTime r0 = org.forgerock.opendj.ldap.GeneralizedTime.valueOf(r0)     // Catch: java.lang.Exception -> L53
            long r0 = r0.getTimeInMillis()     // Catch: java.lang.Exception -> L53
            r9 = r0
            goto L8c
        L53:
            r14 = move-exception
            org.forgerock.i18n.slf4j.LocalizedLogger r0 = org.opends.server.api.AuthenticationPolicyState.logger
            r1 = r14
            java.lang.String r2 = "Unable to decode value %s for attribute %s in user entry %s"
            r3 = r13
            r4 = r8
            java.lang.String r4 = r4.getNameOrOID()
            r5 = r7
            org.forgerock.opendj.ldap.DN r5 = r5.getName()
            r0.traceException(r1, r2, r3, r4, r5)
            org.forgerock.i18n.LocalizableMessageDescriptor$Arg4<java.lang.Object, java.lang.Object, java.lang.Object, java.lang.Object> r0 = org.opends.messages.CoreMessages.ERR_PWPSTATE_CANNOT_DECODE_GENERALIZED_TIME
            r1 = r13
            r2 = r8
            java.lang.String r2 = r2.getNameOrOID()
            r3 = r7
            org.forgerock.opendj.ldap.DN r3 = r3.getName()
            r4 = r14
            org.forgerock.i18n.LocalizableMessage r0 = r0.get(r1, r2, r3, r4)
            r15 = r0
            org.opends.server.types.DirectoryException r0 = new org.opends.server.types.DirectoryException
            r1 = r0
            org.forgerock.opendj.ldap.ResultCode r2 = org.forgerock.opendj.ldap.ResultCode.INVALID_ATTRIBUTE_SYNTAX
            r3 = r15
            r4 = r14
            r1.<init>(r2, r3, r4)
            throw r0
        L8c:
            r0 = r9
            r1 = -1
            int r0 = (r0 > r1 ? 1 : (r0 == r1 ? 0 : -1))
            if (r0 != 0) goto Lad
            org.forgerock.i18n.slf4j.LocalizedLogger r0 = org.opends.server.api.AuthenticationPolicyState.logger
            boolean r0 = r0.isTraceEnabled()
            if (r0 == 0) goto Lad
            org.forgerock.i18n.slf4j.LocalizedLogger r0 = org.opends.server.api.AuthenticationPolicyState.logger
            java.lang.String r1 = "Returning -1 because attribute %s does not exist in user entry %s"
            r2 = r8
            java.lang.String r2 = r2.getNameOrOID()
            r3 = r7
            org.forgerock.opendj.ldap.DN r3 = r3.getName()
            r0.trace(r1, r2, r3)
        Lad:
            r0 = r9
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.opends.server.api.AuthenticationPolicyState.getGeneralizedTime(org.opends.server.types.Entry, org.forgerock.opendj.ldap.schema.AttributeType):long");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationPolicyState(Entry entry) {
        this.userEntry = entry;
    }

    public void finalizeStateAfterBind() throws DirectoryException {
    }

    public abstract AuthenticationPolicy getAuthenticationPolicy();

    public boolean isDisabled() {
        try {
            this.isDisabled = getBoolean(this.userEntry, ConfigConstants.OP_ATTR_ACCOUNT_DISABLED);
            if (this.isDisabled != ConditionResult.UNDEFINED) {
                boolean z = this.isDisabled == ConditionResult.TRUE;
                if (logger.isTraceEnabled()) {
                    logger.trace("User %s is%s administratively disabled.", this.userEntry.getName(), z ? JsonProperty.USE_DEFAULT_NAME : " not");
                }
                return z;
            }
            this.isDisabled = ConditionResult.FALSE;
            if (!logger.isTraceEnabled()) {
                return false;
            }
            logger.trace("User %s is not administratively disabled since the attribute \"%s\" is not present in the entry.", this.userEntry.getName(), ConfigConstants.OP_ATTR_ACCOUNT_DISABLED);
            return false;
        } catch (Exception e) {
            logger.traceException(e, "User %s is considered administratively disabled because an error occurred while attempting to make the determination.", this.userEntry.getName());
            this.isDisabled = ConditionResult.TRUE;
            return true;
        }
    }

    public boolean isPasswordPolicy() {
        return getAuthenticationPolicy().isPasswordPolicy();
    }

    public abstract boolean passwordMatches(ByteString byteString) throws DirectoryException;
}
