package org.opends.server.controls;

import java.io.IOException;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.io.ASN1;
import org.forgerock.opendj.io.ASN1Reader;
import org.forgerock.opendj.io.ASN1Writer;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.messages.ProtocolMessages;
import org.opends.server.api.AuthenticationPolicyState;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.PasswordPolicyState;
import org.opends.server.types.Control;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/controls/ProxiedAuthV1Control.class */
public class ProxiedAuthV1Control extends Control {
    public static final ControlDecoder<ProxiedAuthV1Control> DECODER = new Decoder();
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private ByteString rawAuthorizationDN;
    private DN authorizationDN;

    /* loaded from: input_file:org/opends/server/controls/ProxiedAuthV1Control$Decoder.class */
    private static final class Decoder implements ControlDecoder<ProxiedAuthV1Control> {
        private Decoder() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.opends.server.controls.ControlDecoder
        public ProxiedAuthV1Control decode(boolean z, ByteString byteString) throws DirectoryException {
            if (!z) {
                throw new DirectoryException(ResultCode.PROTOCOL_ERROR, ProtocolMessages.ERR_PROXYAUTH1_CONTROL_NOT_CRITICAL.get());
            }
            if (byteString == null) {
                throw new DirectoryException(ResultCode.PROTOCOL_ERROR, ProtocolMessages.ERR_PROXYAUTH1_NO_CONTROL_VALUE.get());
            }
            ASN1Reader reader = ASN1.getReader(byteString);
            try {
                reader.readStartSequence();
                DN valueOf = DN.valueOf(reader.readOctetString());
                reader.readEndSequence();
                return new ProxiedAuthV1Control(z, valueOf);
            } catch (Exception e) {
                ProxiedAuthV1Control.logger.traceException(e);
                throw new DirectoryException(ResultCode.PROTOCOL_ERROR, ProtocolMessages.ERR_PROXYAUTH1_CANNOT_DECODE_VALUE.get(StaticUtils.getExceptionMessage(e)), e);
            }
        }

        @Override // org.opends.server.controls.ControlDecoder
        public String getOID() {
            return "2.16.840.1.113730.3.4.12";
        }
    }

    public ProxiedAuthV1Control(ByteString byteString) {
        this(true, byteString);
    }

    public ProxiedAuthV1Control(DN dn) {
        this(true, dn);
    }

    public ProxiedAuthV1Control(boolean z, ByteString byteString) {
        super("2.16.840.1.113730.3.4.12", z);
        this.rawAuthorizationDN = byteString;
        this.authorizationDN = null;
    }

    public ProxiedAuthV1Control(boolean z, DN dn) {
        super("2.16.840.1.113730.3.4.12", z);
        this.authorizationDN = dn;
        this.rawAuthorizationDN = ByteString.valueOfUtf8(dn.toString());
    }

    @Override // org.opends.server.types.Control
    protected void writeValue(ASN1Writer aSN1Writer) throws IOException {
        aSN1Writer.writeStartSequence((byte) 4);
        aSN1Writer.writeStartSequence();
        aSN1Writer.writeOctetString(this.rawAuthorizationDN);
        aSN1Writer.writeEndSequence();
        aSN1Writer.writeEndSequence();
    }

    public ByteString getRawAuthorizationDN() {
        return this.rawAuthorizationDN;
    }

    public DN getAuthorizationDN() throws DirectoryException {
        if (this.authorizationDN == null) {
            this.authorizationDN = DN.valueOf(this.rawAuthorizationDN);
        }
        return this.authorizationDN;
    }

    public Entry getAuthorizationEntry() throws DirectoryException {
        DN authorizationDN = getAuthorizationDN();
        if (authorizationDN.isRootDN()) {
            return null;
        }
        DN actualRootBindDN = DirectoryServer.getActualRootBindDN(authorizationDN);
        if (actualRootBindDN != null) {
            authorizationDN = actualRootBindDN;
        }
        Entry entry = DirectoryServer.getEntry(authorizationDN);
        if (entry == null) {
            throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, ProtocolMessages.ERR_PROXYAUTH1_NO_SUCH_USER.get(authorizationDN));
        }
        AuthenticationPolicyState forUser = AuthenticationPolicyState.forUser(entry, false);
        if (forUser.isDisabled()) {
            throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, ProtocolMessages.ERR_PROXYAUTH1_UNUSABLE_ACCOUNT.get(entry.getName()));
        }
        if (forUser.isPasswordPolicy()) {
            PasswordPolicyState passwordPolicyState = (PasswordPolicyState) forUser;
            if (passwordPolicyState.isAccountExpired() || passwordPolicyState.isLocked() || passwordPolicyState.isPasswordExpired()) {
                throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, ProtocolMessages.ERR_PROXYAUTH1_UNUSABLE_ACCOUNT.get(authorizationDN));
            }
        }
        return entry;
    }

    @Override // org.opends.server.types.Control
    public void toString(StringBuilder sb) {
        sb.append("ProxiedAuthorizationV1Control(authorizationDN=\"");
        sb.append(this.rawAuthorizationDN);
        sb.append("\")");
    }
}
