package org.opends.server.extensions;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizableMessageBuilder;
import org.forgerock.i18n.LocalizableMessageDescriptor;
import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.config.server.ConfigurationChangeListener;
import org.forgerock.opendj.io.ASN1;
import org.forgerock.opendj.io.ASN1Reader;
import org.forgerock.opendj.io.ASN1Writer;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ByteStringBuilder;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.forgerock.opendj.server.config.server.ExtendedOperationHandlerCfg;
import org.forgerock.opendj.server.config.server.PasswordModifyExtendedOperationHandlerCfg;
import org.opends.messages.CoreMessages;
import org.opends.messages.ExtensionMessages;
import org.opends.server.api.AuthenticationPolicy;
import org.opends.server.api.ExtendedOperationHandler;
import org.opends.server.api.IdentityMapper;
import org.opends.server.api.PasswordStorageScheme;
import org.opends.server.controls.PasswordPolicyErrorType;
import org.opends.server.controls.PasswordPolicyResponseControl;
import org.opends.server.core.BackendConfigManager;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ExtendedOperation;
import org.opends.server.core.ModifyOperation;
import org.opends.server.core.PasswordPolicyState;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.schema.AuthPasswordSyntax;
import org.opends.server.schema.UserPasswordSyntax;
import org.opends.server.types.AccountStatusNotification;
import org.opends.server.types.AccountStatusNotificationProperty;
import org.opends.server.types.AccountStatusNotificationType;
import org.opends.server.types.AdditionalLogItem;
import org.opends.server.types.AttributeBuilder;
import org.opends.server.types.AuthenticationInfo;
import org.opends.server.types.Control;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.InitializationException;
import org.opends.server.types.LockManager;
import org.opends.server.types.Modification;
import org.opends.server.types.Privilege;
import org.opends.server.util.CollectionUtils;
import org.opends.server.util.ServerConstants;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/extensions/PasswordModifyExtendedOperation.class */
public class PasswordModifyExtendedOperation extends ExtendedOperationHandler<PasswordModifyExtendedOperationHandlerCfg> implements ConfigurationChangeListener<PasswordModifyExtendedOperationHandlerCfg> {
    public static final String AUTHZ_DN_ATTACHMENT;
    public static final String PWD_ATTRIBUTE_ATTACHMENT;
    public static final String CLEAR_PWD_ATTACHMENT;
    public static final String ENCODED_PWD_ATTACHMENT;
    private static final LocalizedLogger logger;
    private PasswordModifyExtendedOperationHandlerCfg currentConfig;
    private DN identityMapperDN;
    private IdentityMapper<?> identityMapper;

    public PasswordModifyExtendedOperation() {
        super(CollectionUtils.newHashSet(ServerConstants.OID_LDAP_NOOP_OPENLDAP_ASSIGNED, "1.3.6.1.4.1.42.2.27.8.5.1"));
    }

    @Override // org.opends.server.api.ExtendedOperationHandler
    public void initializeExtendedOperationHandler(PasswordModifyExtendedOperationHandlerCfg passwordModifyExtendedOperationHandlerCfg) throws ConfigException, InitializationException {
        try {
            this.identityMapperDN = passwordModifyExtendedOperationHandlerCfg.getIdentityMapperDN();
            this.identityMapper = DirectoryServer.getIdentityMapper(this.identityMapperDN);
            if (this.identityMapper == null) {
                throw new ConfigException(ExtensionMessages.ERR_EXTOP_PASSMOD_NO_SUCH_ID_MAPPER.get(this.identityMapperDN, passwordModifyExtendedOperationHandlerCfg.dn()));
            }
            this.currentConfig = passwordModifyExtendedOperationHandlerCfg;
            passwordModifyExtendedOperationHandlerCfg.addPasswordModifyChangeListener(this);
            super.initializeExtendedOperationHandler((PasswordModifyExtendedOperation) passwordModifyExtendedOperationHandlerCfg);
        } catch (Exception e) {
            logger.traceException(e);
            throw new InitializationException(ExtensionMessages.ERR_EXTOP_PASSMOD_CANNOT_DETERMINE_ID_MAPPER.get(passwordModifyExtendedOperationHandlerCfg.dn(), StaticUtils.getExceptionMessage(e)), e);
        }
    }

    @Override // org.opends.server.api.ExtendedOperationHandler
    public void finalizeExtendedOperationHandler() {
        this.currentConfig.removePasswordModifyChangeListener(this);
        super.finalizeExtendedOperationHandler();
    }

    @Override // org.opends.server.api.ExtendedOperationHandler
    public void processExtendedOperation(ExtendedOperation extendedOperation) {
        DN valueOf;
        List<ByteString> encodePassword;
        ByteString byteString = null;
        ByteString byteString2 = null;
        ByteString byteString3 = null;
        boolean z = false;
        boolean z2 = false;
        Iterator<Control> it = extendedOperation.getRequestControls().iterator();
        while (it.hasNext()) {
            String oid = it.next().getOID();
            if (ServerConstants.OID_LDAP_NOOP_OPENLDAP_ASSIGNED.equals(oid)) {
                z = true;
            } else if ("1.3.6.1.4.1.42.2.27.8.5.1".equals(oid)) {
                z2 = true;
            }
        }
        ByteString requestValue = extendedOperation.getRequestValue();
        if (requestValue != null) {
            try {
                ASN1Reader reader = ASN1.getReader(requestValue);
                reader.readStartSequence();
                if (reader.hasNextElement() && reader.peekType() == Byte.MIN_VALUE) {
                    byteString = reader.readOctetString();
                }
                if (reader.hasNextElement() && reader.peekType() == -127) {
                    byteString2 = reader.readOctetString();
                }
                if (reader.hasNextElement() && reader.peekType() == -126) {
                    byteString3 = reader.readOctetString();
                }
                reader.readEndSequence();
            } catch (Exception e) {
                logger.traceException(e);
                extendedOperation.setResultCode(ResultCode.PROTOCOL_ERROR);
                extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_CANNOT_DECODE_REQUEST.get(StaticUtils.getExceptionMessage(e)));
                return;
            }
        }
        Entry authorizationEntry = extendedOperation.getAuthorizationEntry();
        DN dn = null;
        Entry entry = null;
        LockManager.DNLock dNLock = null;
        try {
            if (byteString != null) {
                String byteString4 = byteString.toString();
                String lowerCase = StaticUtils.toLowerCase(byteString4);
                if (lowerCase.startsWith("dn:")) {
                    try {
                        valueOf = DN.valueOf(byteString4.substring(3));
                        DN actualRootBindDN = DirectoryServer.getActualRootBindDN(valueOf);
                        if (actualRootBindDN != null) {
                            valueOf = actualRootBindDN;
                        }
                        entry = getEntryByDN(extendedOperation, valueOf);
                        if (entry == null) {
                            if (0 != 0) {
                                dNLock.unlock();
                                return;
                            }
                            return;
                        }
                    } catch (LocalizedIllegalArgumentException e2) {
                        logger.traceException(e2);
                        extendedOperation.setResultCode(ResultCode.INVALID_DN_SYNTAX);
                        extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_CANNOT_DECODE_AUTHZ_DN.get(byteString4));
                        if (0 != 0) {
                            dNLock.unlock();
                            return;
                        }
                        return;
                    }
                } else if (lowerCase.startsWith("u:")) {
                    try {
                        entry = this.identityMapper.getEntryForID(byteString4.substring(2));
                        if (entry == null) {
                            extendedOperation.setResultCode(ResultCode.NO_SUCH_OBJECT);
                            extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_CANNOT_MAP_USER.get(byteString4));
                            if (0 != 0) {
                                dNLock.unlock();
                                return;
                            }
                            return;
                        }
                        valueOf = entry.getName();
                    } catch (DirectoryException e3) {
                        logger.traceException(e3);
                        extendedOperation.setResultCode(e3.getResultCode());
                        extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_ERROR_MAPPING_USER.get(byteString4, e3.getMessageObject()));
                        if (0 != 0) {
                            dNLock.unlock();
                            return;
                        }
                        return;
                    }
                } else {
                    try {
                        dn = DN.valueOf(byteString4);
                    } catch (LocalizedIllegalArgumentException e4) {
                        logger.traceException(e4);
                    }
                    if (dn == null || dn.isRootDN()) {
                        try {
                            entry = this.identityMapper.getEntryForID(byteString4);
                        } catch (DirectoryException e5) {
                            logger.traceException(e5);
                        }
                    } else {
                        DN actualRootBindDN2 = DirectoryServer.getActualRootBindDN(dn);
                        if (actualRootBindDN2 != null) {
                            dn = actualRootBindDN2;
                        }
                        entry = getEntryByDN(extendedOperation, dn);
                    }
                    if (entry == null) {
                        extendedOperation.setResultCode(ResultCode.PROTOCOL_ERROR);
                        extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_INVALID_AUTHZID_STRING.get(byteString4));
                        if (0 != 0) {
                            dNLock.unlock();
                            return;
                        }
                        return;
                    }
                    valueOf = entry.getName();
                }
            } else {
                if (!extendedOperation.getClientConnection().getAuthenticationInfo().isAuthenticated() || authorizationEntry == null) {
                    extendedOperation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
                    extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_NO_AUTH_OR_USERID.get());
                    if (0 != 0) {
                        dNLock.unlock();
                        return;
                    }
                    return;
                }
                valueOf = authorizationEntry.getName();
                entry = authorizationEntry;
            }
            dNLock = DirectoryServer.getLockManager().tryWriteLockEntry(valueOf);
            if (dNLock == null) {
                extendedOperation.setResultCode(ResultCode.BUSY);
                extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_CANNOT_LOCK_USER_ENTRY.get(valueOf));
                if (dNLock != null) {
                    dNLock.unlock();
                    return;
                }
                return;
            }
            try {
                AuthenticationPolicy forUser = AuthenticationPolicy.forUser(entry, false);
                if (!forUser.isPasswordPolicy()) {
                    extendedOperation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
                    extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_ACCOUNT_NOT_LOCAL.get(valueOf));
                    if (dNLock != null) {
                        dNLock.unlock();
                        return;
                    }
                    return;
                }
                PasswordPolicyState passwordPolicyState = (PasswordPolicyState) forUser.createAuthenticationPolicyState(entry);
                boolean isSelfChange = isSelfChange(byteString, authorizationEntry, valueOf, byteString2);
                if (!isSelfChange && !extendedOperation.getClientConnection().hasPrivilege(Privilege.PASSWORD_RESET, extendedOperation)) {
                    extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_INSUFFICIENT_PRIVILEGES.get());
                    extendedOperation.setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
                    if (dNLock != null) {
                        dNLock.unlock();
                        return;
                    }
                    return;
                }
                if (passwordPolicyState.isDisabled()) {
                    addPwPolicyErrorResponseControl(extendedOperation, z2, PasswordPolicyErrorType.ACCOUNT_LOCKED);
                    extendedOperation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
                    extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_ACCOUNT_DISABLED.get());
                    if (dNLock != null) {
                        dNLock.unlock();
                        return;
                    }
                    return;
                }
                if (isSelfChange && passwordPolicyState.isLocked()) {
                    addPwPolicyErrorResponseControl(extendedOperation, z2, PasswordPolicyErrorType.ACCOUNT_LOCKED);
                    extendedOperation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
                    extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_ACCOUNT_LOCKED.get());
                    if (dNLock != null) {
                        dNLock.unlock();
                        return;
                    }
                    return;
                }
                if (byteString2 != null) {
                    if (passwordPolicyState.getAuthenticationPolicy().isRequireSecureAuthentication() && !extendedOperation.getClientConnection().isSecure()) {
                        extendedOperation.setResultCode(ResultCode.CONFIDENTIALITY_REQUIRED);
                        extendedOperation.addAdditionalLogItem(AdditionalLogItem.quotedKeyValue(getClass(), "additionalInfo", ExtensionMessages.ERR_EXTOP_PASSMOD_SECURE_AUTH_REQUIRED.get()));
                        if (dNLock != null) {
                            dNLock.unlock();
                            return;
                        }
                        return;
                    }
                    if (!passwordPolicyState.passwordMatches(byteString2)) {
                        extendedOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
                        extendedOperation.addAdditionalLogItem(AdditionalLogItem.quotedKeyValue(getClass(), "additionalInfo", ExtensionMessages.ERR_EXTOP_PASSMOD_INVALID_OLD_PASSWORD.get()));
                        passwordPolicyState.updateAuthFailureTimes();
                        List<Modification> modifications = passwordPolicyState.getModifications();
                        if (!modifications.isEmpty()) {
                            InternalClientConnection.getRootConnection().processModify(valueOf, modifications);
                        }
                        if (dNLock != null) {
                            dNLock.unlock();
                            return;
                        }
                        return;
                    }
                    passwordPolicyState.setLastLoginTime();
                } else if (isSelfChange && passwordPolicyState.getAuthenticationPolicy().isPasswordChangeRequiresCurrentPassword()) {
                    addPwPolicyErrorResponseControl(extendedOperation, z2, PasswordPolicyErrorType.MUST_SUPPLY_OLD_PASSWORD);
                    extendedOperation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
                    extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_REQUIRE_CURRENT_PW.get());
                    if (dNLock != null) {
                        dNLock.unlock();
                        return;
                    }
                    return;
                }
                if (isSelfChange && !passwordPolicyState.getAuthenticationPolicy().isAllowUserPasswordChanges()) {
                    addPwPolicyErrorResponseControl(extendedOperation, z2, PasswordPolicyErrorType.PASSWORD_MOD_NOT_ALLOWED);
                    extendedOperation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
                    extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_USER_PW_CHANGES_NOT_ALLOWED.get());
                    if (dNLock != null) {
                        dNLock.unlock();
                        return;
                    }
                    return;
                }
                if (passwordPolicyState.getAuthenticationPolicy().isRequireSecurePasswordChanges() && !extendedOperation.getClientConnection().isSecure()) {
                    extendedOperation.setResultCode(ResultCode.CONFIDENTIALITY_REQUIRED);
                    extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_SECURE_CHANGES_REQUIRED.get());
                    if (dNLock != null) {
                        dNLock.unlock();
                        return;
                    }
                    return;
                }
                if (isSelfChange && passwordPolicyState.isWithinMinimumAge()) {
                    addPwPolicyErrorResponseControl(extendedOperation, z2, PasswordPolicyErrorType.PASSWORD_TOO_YOUNG);
                    extendedOperation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
                    extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_IN_MIN_AGE.get());
                    if (dNLock != null) {
                        dNLock.unlock();
                        return;
                    }
                    return;
                }
                if (isSelfChange && passwordPolicyState.isPasswordExpired() && !passwordPolicyState.getAuthenticationPolicy().isAllowExpiredPasswordChanges()) {
                    addPwPolicyErrorResponseControl(extendedOperation, z2, PasswordPolicyErrorType.PASSWORD_EXPIRED);
                    extendedOperation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
                    extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_PASSWORD_IS_EXPIRED.get());
                    if (dNLock != null) {
                        dNLock.unlock();
                        return;
                    }
                    return;
                }
                boolean z3 = false;
                boolean z4 = false;
                if (byteString3 == null) {
                    try {
                        byteString3 = passwordPolicyState.generatePassword();
                        if (byteString3 == null) {
                            extendedOperation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
                            extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_NO_PW_GENERATOR.get());
                            if (dNLock != null) {
                                dNLock.unlock();
                                return;
                            }
                            return;
                        }
                        z3 = true;
                        if (passwordPolicyState.maintainHistory()) {
                            if (passwordPolicyState.isPasswordInHistory(byteString3)) {
                                extendedOperation.setResultCode(ResultCode.CONSTRAINT_VIOLATION);
                                extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_PW_IN_HISTORY.get());
                                if (dNLock != null) {
                                    dNLock.unlock();
                                    return;
                                }
                                return;
                            }
                            passwordPolicyState.updatePasswordHistory();
                        }
                    } catch (DirectoryException e6) {
                        logger.traceException(e6);
                        extendedOperation.setResultCode(e6.getResultCode());
                        extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_CANNOT_GENERATE_PW.get(e6.getMessageObject()));
                        if (dNLock != null) {
                            dNLock.unlock();
                            return;
                        }
                        return;
                    }
                } else if (passwordPolicyState.passwordIsPreEncoded(byteString3)) {
                    z4 = true;
                    if (!passwordPolicyState.getAuthenticationPolicy().isAllowPreEncodedPasswords()) {
                        extendedOperation.setResultCode(ResultCode.CONSTRAINT_VIOLATION);
                        extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_PRE_ENCODED_NOT_ALLOWED.get());
                        if (dNLock != null) {
                            dNLock.unlock();
                            return;
                        }
                        return;
                    }
                } else {
                    if (isSelfChange || !passwordPolicyState.getAuthenticationPolicy().isSkipValidationForAdministrators()) {
                        Set<ByteString> hashSet = new HashSet<>(passwordPolicyState.getClearPasswords());
                        if (byteString2 != null) {
                            hashSet.add(byteString2);
                        }
                        LocalizableMessageBuilder localizableMessageBuilder = new LocalizableMessageBuilder();
                        if (!passwordPolicyState.passwordIsAcceptable(extendedOperation, entry, byteString3, hashSet, localizableMessageBuilder)) {
                            addPwPolicyErrorResponseControl(extendedOperation, z2, PasswordPolicyErrorType.INSUFFICIENT_PASSWORD_QUALITY);
                            extendedOperation.setResultCode(ResultCode.CONSTRAINT_VIOLATION);
                            extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_UNACCEPTABLE_PW.get(localizableMessageBuilder));
                            if (dNLock != null) {
                                dNLock.unlock();
                                return;
                            }
                            return;
                        }
                    }
                    if (passwordPolicyState.maintainHistory()) {
                        if (!passwordPolicyState.isPasswordInHistory(byteString3)) {
                            passwordPolicyState.updatePasswordHistory();
                        } else if (isSelfChange || !passwordPolicyState.getAuthenticationPolicy().isSkipValidationForAdministrators()) {
                            extendedOperation.setResultCode(ResultCode.CONSTRAINT_VIOLATION);
                            extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_PW_IN_HISTORY.get());
                            if (dNLock != null) {
                                dNLock.unlock();
                                return;
                            }
                            return;
                        }
                    }
                }
                if (z4) {
                    encodePassword = CollectionUtils.newArrayList(byteString3);
                } else {
                    try {
                        encodePassword = passwordPolicyState.encodePassword(byteString3);
                    } catch (DirectoryException e7) {
                        logger.traceException(e7);
                        extendedOperation.setResultCode(e7.getResultCode());
                        extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_CANNOT_ENCODE_PASSWORD.get(e7.getMessageObject()));
                        if (dNLock != null) {
                            dNLock.unlock();
                            return;
                        }
                        return;
                    }
                }
                AttributeType passwordAttribute = passwordPolicyState.getAuthenticationPolicy().getPasswordAttribute();
                ArrayList arrayList = new ArrayList();
                if (byteString2 != null) {
                    Set<ByteString> passwordValues = passwordPolicyState.getPasswordValues();
                    LinkedHashSet linkedHashSet = new LinkedHashSet(passwordValues.size());
                    for (ByteString byteString5 : passwordValues) {
                        try {
                            String[] decodePassword = decodePassword(passwordPolicyState, byteString5.toString());
                            PasswordStorageScheme<?> passwordStorageScheme = getPasswordStorageScheme(passwordPolicyState, decodePassword[0]);
                            if (passwordStorageScheme == null || passwordMatches(passwordPolicyState, passwordStorageScheme, byteString2, decodePassword)) {
                                linkedHashSet.add(byteString5);
                            }
                        } catch (DirectoryException e8) {
                            logger.traceException(e8);
                            linkedHashSet.add(byteString5);
                        }
                    }
                    arrayList.add(newModification(ModificationType.DELETE, passwordAttribute, linkedHashSet));
                    arrayList.add(newModification(ModificationType.ADD, passwordAttribute, encodePassword));
                } else {
                    arrayList.add(newModification(ModificationType.REPLACE, passwordAttribute, encodePassword));
                }
                passwordPolicyState.setPasswordChangedTime();
                passwordPolicyState.setMustChangePassword(!isSelfChange && passwordPolicyState.getAuthenticationPolicy().isForceChangeOnReset());
                passwordPolicyState.clearFailureLockout();
                passwordPolicyState.clearGraceLoginTimes();
                passwordPolicyState.clearWarnedTime();
                if (z) {
                    extendedOperation.appendErrorMessage(ExtensionMessages.WARN_EXTOP_PASSMOD_NOOP.get());
                    extendedOperation.setResultCode(ResultCode.NO_OPERATION);
                    if (dNLock != null) {
                        dNLock.unlock();
                        return;
                    }
                    return;
                }
                if (isSelfChange && authorizationEntry == null) {
                    authorizationEntry = entry;
                }
                AuthenticationInfo authenticationInfo = new AuthenticationInfo(authorizationEntry, DirectoryServer.isRootDN(authorizationEntry.getName()));
                ModifyOperation processModify = new InternalClientConnection(authenticationInfo).processModify(valueOf, arrayList);
                ResultCode resultCode = processModify.getResultCode();
                if (resultCode != ResultCode.SUCCESS) {
                    extendedOperation.setResultCode(resultCode);
                    extendedOperation.setErrorMessage(processModify.getErrorMessage());
                    extendedOperation.setReferralURLs(processModify.getReferralURLs());
                    if (dNLock != null) {
                        dNLock.unlock();
                        return;
                    }
                    return;
                }
                List<Modification> modifications2 = passwordPolicyState.getModifications();
                if (!modifications2.isEmpty()) {
                    ModifyOperation processModify2 = InternalClientConnection.getRootConnection().processModify(valueOf, modifications2);
                    if (processModify2.getResultCode() != ResultCode.SUCCESS) {
                        logger.warn((LocalizableMessageDescriptor.Arg3<LocalizableMessageDescriptor.Arg3<Object, Object, Object>, DN, ResultCode>) ExtensionMessages.WARN_EXTOP_PASSMOD_CANNOT_UPDATE_PWP_STATE, (LocalizableMessageDescriptor.Arg3<Object, Object, Object>) valueOf, (DN) processModify2.getResultCode(), (ResultCode) processModify2.getErrorMessage());
                    }
                }
                extendedOperation.setResultCode(ResultCode.SUCCESS);
                extendedOperation.setAttachment(AUTHZ_DN_ATTACHMENT, valueOf);
                extendedOperation.setAttachment(PWD_ATTRIBUTE_ATTACHMENT, passwordPolicyState.getAuthenticationPolicy().getPasswordAttribute());
                if (!z4) {
                    extendedOperation.setAttachment(CLEAR_PWD_ATTACHMENT, byteString3);
                }
                extendedOperation.setAttachment(ENCODED_PWD_ATTACHMENT, encodePassword);
                if (z3) {
                    ByteStringBuilder byteStringBuilder = new ByteStringBuilder();
                    ASN1Writer writer = ASN1.getWriter(byteStringBuilder);
                    try {
                        writer.writeStartSequence();
                        writer.writeOctetString(Byte.MIN_VALUE, byteString3);
                        writer.writeEndSequence();
                    } catch (IOException e9) {
                        logger.traceException(e9);
                    }
                    extendedOperation.setResponseValue(byteStringBuilder.toByteString());
                }
                if (isSelfChange && authenticationInfo.getAuthenticationDN() != null && authenticationInfo.getAuthenticationDN().equals(valueOf)) {
                    extendedOperation.getClientConnection().setMustChangePassword(false);
                }
                addPwPolicyErrorResponseControl(extendedOperation, z2, null);
                generateAccountStatusNotification(byteString2, byteString3, entry, passwordPolicyState, isSelfChange);
                if (dNLock != null) {
                    dNLock.unlock();
                }
            } catch (DirectoryException e10) {
                logger.traceException(e10);
                extendedOperation.setResultCode(DirectoryServer.getCoreConfigManager().getServerErrorResultCode());
                extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_CANNOT_GET_PW_POLICY.get(valueOf, e10.getMessageObject()));
                if (dNLock != null) {
                    dNLock.unlock();
                }
            }
        } catch (Throwable th) {
            if (dNLock != null) {
                dNLock.unlock();
            }
            throw th;
        }
    }

    private void addPwPolicyErrorResponseControl(ExtendedOperation extendedOperation, boolean z, PasswordPolicyErrorType passwordPolicyErrorType) {
        if (z) {
            extendedOperation.addResponseControl(new PasswordPolicyResponseControl(null, 0, passwordPolicyErrorType));
        }
    }

    private void generateAccountStatusNotification(ByteString byteString, ByteString byteString2, Entry entry, PasswordPolicyState passwordPolicyState, boolean z) {
        ArrayList arrayList = null;
        if (byteString != null) {
            arrayList = CollectionUtils.newArrayList(byteString);
        }
        Map<AccountStatusNotificationProperty, List<String>> createProperties = AccountStatusNotification.createProperties(passwordPolicyState, false, -1, arrayList, CollectionUtils.newArrayList(byteString2));
        if (z) {
            passwordPolicyState.generateAccountStatusNotification(AccountStatusNotificationType.PASSWORD_CHANGED, entry, CoreMessages.INFO_MODIFY_PASSWORD_CHANGED.get(), createProperties);
        } else {
            passwordPolicyState.generateAccountStatusNotification(AccountStatusNotificationType.PASSWORD_RESET, entry, CoreMessages.INFO_MODIFY_PASSWORD_RESET.get(), createProperties);
        }
    }

    private String[] decodePassword(PasswordPolicyState passwordPolicyState, String str) throws DirectoryException {
        return passwordPolicyState.getAuthenticationPolicy().isAuthPasswordSyntax() ? AuthPasswordSyntax.decodeAuthPassword(str) : UserPasswordSyntax.decodeUserPassword(str);
    }

    private PasswordStorageScheme<?> getPasswordStorageScheme(PasswordPolicyState passwordPolicyState, String str) {
        return passwordPolicyState.getAuthenticationPolicy().isAuthPasswordSyntax() ? DirectoryServer.getAuthPasswordStorageScheme(str) : DirectoryServer.getPasswordStorageScheme(StaticUtils.toLowerCase(str));
    }

    private boolean passwordMatches(PasswordPolicyState passwordPolicyState, PasswordStorageScheme<?> passwordStorageScheme, ByteString byteString, String[] strArr) {
        return passwordPolicyState.getAuthenticationPolicy().isAuthPasswordSyntax() ? passwordStorageScheme.authPasswordMatches(byteString, strArr[1], strArr[2]) : passwordStorageScheme.passwordMatches(byteString, ByteString.valueOfUtf8(strArr[1]));
    }

    private boolean isSelfChange(ByteString byteString, Entry entry, DN dn, ByteString byteString2) {
        if (byteString == null) {
            return true;
        }
        return entry != null ? dn.equals(entry.getName()) : byteString2 != null;
    }

    private Modification newModification(ModificationType modificationType, AttributeType attributeType, Collection<ByteString> collection) {
        AttributeBuilder attributeBuilder = new AttributeBuilder(attributeType);
        attributeBuilder.addAll(collection);
        return new Modification(modificationType, attributeBuilder.toAttribute());
    }

    private Entry getEntryByDN(ExtendedOperation extendedOperation, DN dn) {
        try {
            Entry entry = DirectoryServer.getEntry(dn);
            if (entry != null) {
                return entry;
            }
            extendedOperation.setResultCode(ResultCode.NO_SUCH_OBJECT);
            extendedOperation.appendErrorMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_NO_USER_ENTRY_BY_AUTHZID.get(dn));
            extendedOperation.setMatchedDN(findMatchedDN(dn));
            return null;
        } catch (DirectoryException e) {
            logger.traceException(e);
            extendedOperation.setResultCode(e.getResultCode());
            extendedOperation.appendErrorMessage(e.getMessageObject());
            extendedOperation.setMatchedDN(e.getMatchedDN());
            extendedOperation.setReferralURLs(e.getReferralURLs());
            return null;
        }
    }

    private DN findMatchedDN(DN dn) {
        try {
            BackendConfigManager backendConfigManager = DirectoryServer.getInstance().getServerContext().getBackendConfigManager();
            for (DN parentDNInSuffix = backendConfigManager.getParentDNInSuffix(dn); parentDNInSuffix != null; parentDNInSuffix = backendConfigManager.getParentDNInSuffix(parentDNInSuffix)) {
                if (DirectoryServer.entryExists(parentDNInSuffix)) {
                    return parentDNInSuffix;
                }
            }
            return null;
        } catch (Exception e) {
            logger.traceException(e);
            return null;
        }
    }

    @Override // org.opends.server.api.ExtendedOperationHandler
    public boolean isConfigurationAcceptable(ExtendedOperationHandlerCfg extendedOperationHandlerCfg, List<LocalizableMessage> list) {
        return isConfigurationChangeAcceptable2((PasswordModifyExtendedOperationHandlerCfg) extendedOperationHandlerCfg, list);
    }

    /* renamed from: isConfigurationChangeAcceptable, reason: avoid collision after fix types in other method */
    public boolean isConfigurationChangeAcceptable2(PasswordModifyExtendedOperationHandlerCfg passwordModifyExtendedOperationHandlerCfg, List<LocalizableMessage> list) {
        try {
            DN identityMapperDN = passwordModifyExtendedOperationHandlerCfg.getIdentityMapperDN();
            if (DirectoryServer.getIdentityMapper(identityMapperDN) != null) {
                return true;
            }
            list.add(ExtensionMessages.ERR_EXTOP_PASSMOD_NO_SUCH_ID_MAPPER.get(identityMapperDN, passwordModifyExtendedOperationHandlerCfg.dn()));
            return false;
        } catch (Exception e) {
            logger.traceException(e);
            list.add(ExtensionMessages.ERR_EXTOP_PASSMOD_CANNOT_DETERMINE_ID_MAPPER.get(passwordModifyExtendedOperationHandlerCfg.dn(), StaticUtils.getExceptionMessage(e)));
            return false;
        }
    }

    @Override // org.forgerock.opendj.config.server.ConfigurationChangeListener
    public ConfigChangeResult applyConfigurationChange(PasswordModifyExtendedOperationHandlerCfg passwordModifyExtendedOperationHandlerCfg) {
        ConfigChangeResult configChangeResult = new ConfigChangeResult();
        DN dn = null;
        IdentityMapper<?> identityMapper = null;
        try {
            dn = passwordModifyExtendedOperationHandlerCfg.getIdentityMapperDN();
            identityMapper = DirectoryServer.getIdentityMapper(dn);
            if (identityMapper == null) {
                configChangeResult.setResultCode(ResultCode.CONSTRAINT_VIOLATION);
                configChangeResult.addMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_NO_SUCH_ID_MAPPER.get(dn, passwordModifyExtendedOperationHandlerCfg.dn()));
            }
        } catch (Exception e) {
            logger.traceException(e);
            configChangeResult.setResultCode(DirectoryServer.getCoreConfigManager().getServerErrorResultCode());
            configChangeResult.addMessage(ExtensionMessages.ERR_EXTOP_PASSMOD_CANNOT_DETERMINE_ID_MAPPER.get(passwordModifyExtendedOperationHandlerCfg.dn(), StaticUtils.getExceptionMessage(e)));
        }
        if (configChangeResult.getResultCode() == ResultCode.SUCCESS && !this.identityMapperDN.equals(dn)) {
            this.identityMapper = identityMapper;
            this.identityMapperDN = dn;
        }
        this.currentConfig = passwordModifyExtendedOperationHandlerCfg;
        return configChangeResult;
    }

    @Override // org.opends.server.api.ExtendedOperationHandler
    public String getExtendedOperationOID() {
        return "1.3.6.1.4.1.4203.1.11.1";
    }

    @Override // org.opends.server.api.ExtendedOperationHandler
    public String getExtendedOperationName() {
        return "Password Modify";
    }

    @Override // org.forgerock.opendj.config.server.ConfigurationChangeListener
    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(PasswordModifyExtendedOperationHandlerCfg passwordModifyExtendedOperationHandlerCfg, List list) {
        return isConfigurationChangeAcceptable2(passwordModifyExtendedOperationHandlerCfg, (List<LocalizableMessage>) list);
    }

    static {
        String name = PasswordModifyExtendedOperation.class.getName();
        AUTHZ_DN_ATTACHMENT = name + ".AUTHZ_DN";
        PWD_ATTRIBUTE_ATTACHMENT = name + ".PWD_ATTRIBUTE";
        CLEAR_PWD_ATTACHMENT = name + ".CLEAR_PWD";
        ENCODED_PWD_ATTACHMENT = name + ".ENCODED_PWD";
        logger = LocalizedLogger.getLoggerForThisClass();
    }
}
