package org.opends.server.api;

import java.util.List;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.messages.CoreMessages;
import org.opends.server.config.ConfigConstants;
import org.opends.server.core.DirectoryServer;
import org.opends.server.types.Attribute;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.SubEntry;
import org.opends.server.util.TimeThread;

/* loaded from: input_file:org/opends/server/api/AuthenticationPolicy.class */
public abstract class AuthenticationPolicy {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();

    public static AuthenticationPolicy forUser(Entry entry, boolean z) throws DirectoryException {
        String dn = entry.getName().toString();
        for (Attribute attribute : entry.getAllAttributes(ConfigConstants.OP_ATTR_PWPOLICY_POLICY_DN)) {
            if (!attribute.isEmpty()) {
                ByteString next = attribute.iterator().next();
                try {
                    DN valueOf = DN.valueOf(next);
                    AuthenticationPolicy authenticationPolicy = DirectoryServer.getAuthenticationPolicy(valueOf);
                    if (authenticationPolicy != null) {
                        logger.trace("Using password policy subentry %s for user %s.", valueOf, dn);
                        return authenticationPolicy;
                    }
                    logger.trace("Password policy subentry %s for user %s is not defined in the Directory Server.", valueOf, dn);
                    LocalizableMessage localizableMessage = CoreMessages.ERR_PWPSTATE_NO_SUCH_POLICY.get(dn, valueOf);
                    if (!z) {
                        throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), localizableMessage);
                    }
                    logger.error(localizableMessage);
                    return DirectoryServer.getDefaultPasswordPolicy();
                } catch (LocalizedIllegalArgumentException e) {
                    logger.traceException(e);
                    logger.trace("Could not parse password policy subentry DN %s for user %s", next, dn, e);
                    if (z) {
                        logger.error(CoreMessages.ERR_PWPSTATE_CANNOT_DECODE_SUBENTRY_VALUE_AS_DN, next, dn, e.getMessage());
                        return DirectoryServer.getDefaultPasswordPolicy();
                    }
                    throw new DirectoryException(ResultCode.INVALID_DN_SYNTAX, CoreMessages.ERR_PWPSTATE_CANNOT_DECODE_SUBENTRY_VALUE_AS_DN.get(next, dn, e.getMessage()), e);
                }
            }
        }
        List<SubEntry> subentries = DirectoryServer.getSubentryManager().getSubentries(entry);
        if (subentries != null && !subentries.isEmpty()) {
            for (SubEntry subEntry : subentries) {
                try {
                } catch (Exception e2) {
                    logger.traceException(e2, "Could not parse password policy subentry DN %s for user %s", subEntry.getDN(), dn);
                }
                if (subEntry.getEntry().isPasswordPolicySubentry()) {
                    AuthenticationPolicy authenticationPolicy2 = DirectoryServer.getAuthenticationPolicy(subEntry.getDN());
                    if (authenticationPolicy2 != null) {
                        return authenticationPolicy2;
                    }
                    logger.trace("Found unknown password policy subentry DN %s for user %s", subEntry.getDN(), dn);
                    break;
                }
                continue;
            }
        }
        logger.trace("Using the default password policy for user %s", dn);
        return DirectoryServer.getDefaultPasswordPolicy();
    }

    public abstract DN getDN();

    public boolean isPasswordPolicy() {
        return false;
    }

    public AuthenticationPolicyState createAuthenticationPolicyState(Entry entry) throws DirectoryException {
        return createAuthenticationPolicyState(entry, TimeThread.getTime());
    }

    public abstract AuthenticationPolicyState createAuthenticationPolicyState(Entry entry, long j) throws DirectoryException;

    public void finalizeAuthenticationPolicy() {
    }
}
