package opendj;

import java.util.Iterator;
import java.util.List;
import java.util.Set;
import opendj.server.MsadPluginCfg;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.Configuration;
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.config.server.ConfigurationChangeListener;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.forgerock.opendj.ldap.schema.CoreSchema;
import org.forgerock.opendj.ldap.schema.ObjectClass;
import org.forgerock.opendj.ldap.schema.Schema;
import org.forgerock.opendj.server.config.server.PluginCfg;
import org.opends.messages.CoreMessages;
import org.opends.messages.PluginMessages;
import org.opends.server.api.AuthenticationPolicy;
import org.opends.server.api.LocalBackend;
import org.opends.server.api.plugin.DirectoryServerPlugin;
import org.opends.server.api.plugin.PluginResult;
import org.opends.server.api.plugin.PluginType;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.PasswordPolicy;
import org.opends.server.types.Attribute;
import org.opends.server.types.AttributeParser;
import org.opends.server.types.Attributes;
import org.opends.server.types.AuthenticationType;
import org.opends.server.types.CanceledOperationException;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.InitializationException;
import org.opends.server.types.Modification;
import org.opends.server.types.operation.PreOperationAddOperation;
import org.opends.server.types.operation.PreOperationBindOperation;
import org.opends.server.types.operation.PreOperationModifyOperation;

/* loaded from: input_file:opendj/MsadPlugin.class */
public class MsadPlugin extends DirectoryServerPlugin<MsadPluginCfg> implements ConfigurationChangeListener<MsadPluginCfg> {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private static final String USER_ACCOUNT_CONTROL_OID = "1.2.840.113556.1.4.8";
    private static final String MS_DS_USER_ACCOUNT_DISABLED_OID = "1.2.840.113556.1.4.1853";
    private static final String PWD_LAST_SET_OID = "1.2.840.113556.1.4.96";
    private static final String USER_OID = "1.2.840.113556.1.5.9";
    private static final String MS_DS_BINDABLE_OBJECT_OID = "1.2.840.113556.1.5.244";
    private AttributeType userAccountControlAT;
    private AttributeType msDSUserAccountDisabledAT;
    private AttributeType pwdLastSetAT;
    private ObjectClass userOC;
    private ObjectClass msDSBindableObjectOC;
    private MsadPluginCfg config;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: opendj.MsadPlugin$1, reason: invalid class name */
    /* loaded from: input_file:opendj/MsadPlugin$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$opends$server$api$plugin$PluginType = new int[PluginType.values().length];

        static {
            try {
                $SwitchMap$org$opends$server$api$plugin$PluginType[PluginType.PRE_OPERATION_BIND.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$opends$server$api$plugin$PluginType[PluginType.PRE_OPERATION_ADD.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$opends$server$api$plugin$PluginType[PluginType.PRE_OPERATION_MODIFY.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public MsadPlugin() {
        logger.info(LocalizableMessage.raw("created MSAD plugin", new Object[0]));
    }

    public void initializePlugin(Set<PluginType> set, MsadPluginCfg msadPluginCfg) throws ConfigException, InitializationException {
        this.config = msadPluginCfg;
        msadPluginCfg.addMsadChangeListener(this);
        Schema schema = getServerContext().getSchema();
        this.userAccountControlAT = schema.getAttributeType(USER_ACCOUNT_CONTROL_OID);
        this.msDSUserAccountDisabledAT = schema.getAttributeType(MS_DS_USER_ACCOUNT_DISABLED_OID);
        this.pwdLastSetAT = schema.getAttributeType(PWD_LAST_SET_OID);
        this.userOC = schema.getObjectClass(USER_OID);
        this.msDSBindableObjectOC = schema.getObjectClass(MS_DS_BINDABLE_OBJECT_OID);
        for (PluginType pluginType : set) {
            switch (AnonymousClass1.$SwitchMap$org$opends$server$api$plugin$PluginType[pluginType.ordinal()]) {
                case 1:
                case 2:
                case 3:
                default:
                    throw new InitializationException(PluginMessages.ERR_PLUGIN_TYPE_NOT_SUPPORTED.get(getPluginEntryDN(), pluginType));
            }
        }
        logger.info(LocalizableMessage.raw("initialized MSAD plugin", new Object[0]));
    }

    public PluginResult.PreOperation doPreOperation(PreOperationBindOperation preOperationBindOperation) {
        DN actualRootBindDN;
        DN bindDN = preOperationBindOperation.getBindDN();
        try {
            if (preOperationBindOperation.getAuthenticationType().equals(AuthenticationType.SIMPLE) && (actualRootBindDN = DirectoryServer.getActualRootBindDN(bindDN)) != null) {
                bindDN = actualRootBindDN;
            }
            Entry userEntry = getUserEntry(bindDN);
            return userEntry == null ? PluginResult.PreOperation.stopProcessing(ResultCode.INVALID_CREDENTIALS, CoreMessages.ERR_BIND_OPERATION_UNKNOWN_USER.get()) : (parseAttribute(userEntry, this.msDSUserAccountDisabledAT).asBoolean(false) || (parseAttribute(userEntry, this.userAccountControlAT).asLong(0L) & 2) != 0) ? PluginResult.PreOperation.stopProcessing(ResultCode.INVALID_CREDENTIALS, CoreMessages.ERR_BIND_OPERATION_ACCOUNT_DISABLED.get()) : PluginResult.PreOperation.continueOperationProcessing();
        } catch (DirectoryException e) {
            logger.traceException(e);
            return PluginResult.PreOperation.stopProcessing(e.getResultCode(), e.getMessageObject());
        }
    }

    public PluginResult.PreOperation doPreOperation(PreOperationAddOperation preOperationAddOperation) throws CanceledOperationException {
        if (preOperationAddOperation.isSynchronizationOperation()) {
            return PluginResult.PreOperation.continueOperationProcessing();
        }
        Entry entryToAdd = preOperationAddOperation.getEntryToAdd();
        if (!isActiveDirectoryUser(entryToAdd)) {
            return PluginResult.PreOperation.continueOperationProcessing();
        }
        if (parseAttribute(entryToAdd, this.pwdLastSetAT).asLong(-1L) != 0) {
            entryToAdd.replaceAttribute(Attributes.create(this.pwdLastSetAT, currentTimeInActiveDirectory()));
        }
        return PluginResult.PreOperation.continueOperationProcessing();
    }

    public PluginResult.PreOperation doPreOperation(PreOperationModifyOperation preOperationModifyOperation) throws CanceledOperationException {
        if (preOperationModifyOperation.isSynchronizationOperation()) {
            return PluginResult.PreOperation.continueOperationProcessing();
        }
        Entry modifiedEntry = preOperationModifyOperation.getModifiedEntry();
        if (!isActiveDirectoryUser(modifiedEntry)) {
            return PluginResult.PreOperation.continueOperationProcessing();
        }
        try {
            AttributeType userPasswordAttributeType = CoreSchema.getUserPasswordAttributeType();
            PasswordPolicy forUser = AuthenticationPolicy.forUser(modifiedEntry, true);
            if (forUser.isPasswordPolicy()) {
                userPasswordAttributeType = forUser.getPasswordAttribute();
            }
            boolean z = false;
            boolean z2 = true;
            Iterator it = preOperationModifyOperation.getModifications().iterator();
            while (it.hasNext()) {
                Attribute attribute = ((Modification) it.next()).getAttribute();
                AttributeType attributeType = attribute.getAttributeDescription().getAttributeType();
                if (z2 && userPasswordAttributeType.equals(attributeType)) {
                    z = true;
                } else if (this.pwdLastSetAT.equals(attributeType)) {
                    z2 = AttributeParser.parseAttribute(attribute).asLong(-1L) != 0;
                    z = z2;
                }
            }
            if (z) {
                preOperationModifyOperation.addModification(new Modification(ModificationType.REPLACE, Attributes.create(this.pwdLastSetAT, currentTimeInActiveDirectory())));
            }
            return PluginResult.PreOperation.continueOperationProcessing();
        } catch (DirectoryException e) {
            logger.traceException(e);
            return PluginResult.PreOperation.stopProcessing(e.getResultCode(), e.getMessageObject());
        }
    }

    public ConfigChangeResult applyConfigurationChange(MsadPluginCfg msadPluginCfg) {
        logger.info(LocalizableMessage.raw("changed MSAD plugin configuration", new Object[0]));
        this.config = msadPluginCfg;
        return new ConfigChangeResult();
    }

    public boolean isConfigurationChangeAcceptable(MsadPluginCfg msadPluginCfg, List<LocalizableMessage> list) {
        return true;
    }

    private Entry getUserEntry(DN dn) throws DirectoryException {
        LocalBackend findLocalBackendForEntry = getServerContext().getBackendConfigManager().findLocalBackendForEntry(dn);
        if (findLocalBackendForEntry != null) {
            return findLocalBackendForEntry.getEntry(dn);
        }
        return null;
    }

    private AttributeParser parseAttribute(Entry entry, AttributeType attributeType) {
        List allAttributes = entry.getAllAttributes(attributeType);
        return AttributeParser.parseAttribute((allAttributes == null || allAttributes.isEmpty()) ? null : (Attribute) allAttributes.get(0));
    }

    private boolean isActiveDirectoryUser(Entry entry) {
        return (this.userOC != null && entry.hasObjectClass(this.userOC)) || (this.msDSBindableObjectOC != null && entry.hasObjectClass(this.msDSBindableObjectOC));
    }

    private static String currentTimeInActiveDirectory() {
        return Long.toUnsignedString((System.currentTimeMillis() * 10000) + 116444736000000000L);
    }

    public /* bridge */ /* synthetic */ void initializePlugin(Set set, PluginCfg pluginCfg) throws ConfigException, InitializationException {
        initializePlugin((Set<PluginType>) set, (MsadPluginCfg) pluginCfg);
    }

    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(Configuration configuration, List list) {
        return isConfigurationChangeAcceptable((MsadPluginCfg) configuration, (List<LocalizableMessage>) list);
    }
}
