package org.opends.server.core;

import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedSet;
import java.util.concurrent.atomic.AtomicBoolean;
import org.forgerock.i18n.LocalizableMessageBuilder;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.messages.ConfigMessages;
import org.opends.messages.CoreMessages;
import org.opends.server.admin.std.meta.PasswordPolicyCfgDefn;
import org.opends.server.admin.std.server.PasswordValidatorCfg;
import org.opends.server.api.AccountStatusNotificationHandler;
import org.opends.server.api.PasswordGenerator;
import org.opends.server.api.PasswordStorageScheme;
import org.opends.server.api.PasswordValidator;
import org.opends.server.loggers.DebugStackTraceFormatter;
import org.opends.server.schema.SchemaConstants;
import org.opends.server.types.Attribute;
import org.opends.server.types.AttributeType;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.InitializationException;
import org.opends.server.types.ObjectClass;
import org.opends.server.types.Operation;
import org.opends.server.types.SubEntry;

/* loaded from: input_file:org/opends/server/core/SubentryPasswordPolicy.class */
public final class SubentryPasswordPolicy extends PasswordPolicy {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private static final String PWD_OC_POLICY = "pwdpolicy";
    private static final String PWD_ATTR_ATTRIBUTE = "pwdattribute";
    private static final String PWD_ATTR_MINAGE = "pwdminage";
    private static final String PWD_ATTR_MAXAGE = "pwdmaxage";
    private static final String PWD_ATTR_INHISTORY = "pwdinhistory";
    private static final String PWD_ATTR_CHECKQUALITY = "pwdcheckquality";
    private static final String PWD_ATTR_MINLENGTH = "pwdminlength";
    private static final String PWD_ATTR_EXPIREWARNING = "pwdexpirewarning";
    private static final String PWD_ATTR_GRACEAUTHNLIMIT = "pwdgraceauthnlimit";
    private static final String PWD_ATTR_LOCKOUT = "pwdlockout";
    private static final String PWD_ATTR_LOCKOUTDURATION = "pwdlockoutduration";
    private static final String PWD_ATTR_MAXFAILURE = "pwdmaxfailure";
    private static final String PWD_ATTR_MUSTCHANGE = "pwdmustchange";
    private static final String PWD_ATTR_ALLOWUSERCHANGE = "pwdallowuserchange";
    private static final String PWD_ATTR_SAFEMODIFY = "pwdsafemodify";
    private static final String PWD_ATTR_FAILURECOUNTINTERVAL = "pwdfailurecountinterval";
    private static final String PWD_ATTR_VALIDATOR = "ds-cfg-password-validator";
    private static final String PWD_OC_VALIDATORPOLICY = "pwdvalidatorpolicy";
    private final DN passwordPolicySubentryDN;
    private final Boolean pAllowUserPasswordChanges;
    private final Boolean pForceChangeOnReset;
    private final Integer pGraceLoginCount;
    private final Long pLockoutDuration;
    private final Integer pLockoutFailureCount;
    private final Long pLockoutFailureExpirationInterval;
    private final Long pMaxPasswordAge;
    private final Long pMinPasswordAge;
    private final AttributeType pPasswordAttribute;
    private final Boolean pPasswordChangeRequiresCurrentPassword;
    private final Long pPasswordExpirationWarningInterval;
    private final Integer pPasswordHistoryCount;
    private final Boolean pAuthPasswordSyntax;
    private final Set<DN> pValidatorNames = new HashSet();
    private AtomicBoolean isAlreadyLogged = new AtomicBoolean();

    /* loaded from: input_file:org/opends/server/core/SubentryPasswordPolicy$RejectPasswordValidator.class */
    private final class RejectPasswordValidator extends PasswordValidator<PasswordValidatorCfg> {
        private final String validatorName;
        private final String pwPolicyName;

        public RejectPasswordValidator(String str, String str2) {
            this.validatorName = str;
            this.pwPolicyName = str2;
        }

        @Override // org.opends.server.api.PasswordValidator
        public void initializePasswordValidator(PasswordValidatorCfg passwordValidatorCfg) throws ConfigException, InitializationException {
        }

        @Override // org.opends.server.api.PasswordValidator
        public boolean passwordIsAcceptable(ByteString byteString, Set<ByteString> set, Operation operation, Entry entry, LocalizableMessageBuilder localizableMessageBuilder) {
            localizableMessageBuilder.append(CoreMessages.ERR_PWPOLICY_REJECT_DUE_TO_UNKNOWN_VALIDATOR_REASON.get());
            if (!SubentryPasswordPolicy.this.isAlreadyLogged.compareAndSet(false, true)) {
                return false;
            }
            SubentryPasswordPolicy.logger.error(CoreMessages.ERR_PWPOLICY_REJECT_DUE_TO_UNKNOWN_VALIDATOR_LOG, entry.getName(), this.pwPolicyName, this.validatorName);
            return false;
        }
    }

    private PasswordPolicy getDefaultPasswordPolicy() {
        return DirectoryServer.getDefaultPasswordPolicy();
    }

    public SubentryPasswordPolicy(SubEntry subEntry) throws DirectoryException {
        List<Attribute> attribute;
        ObjectClass objectClass = DirectoryServer.getObjectClass("pwdpolicy");
        Entry entry = subEntry.getEntry();
        Map<ObjectClass, String> objectClasses = entry.getObjectClasses();
        if (objectClass == null) {
            if (logger.isTraceEnabled()) {
                logger.trace("No %s objectclass is defined in the server schema.", "pwdpolicy");
            }
            Iterator<String> it = objectClasses.values().iterator();
            while (it.hasNext() && !"pwdpolicy".equalsIgnoreCase(it.next())) {
            }
            throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, CoreMessages.ERR_PWPOLICY_NO_PWDPOLICY_OC.get(subEntry.getDN()));
        }
        if (!objectClasses.containsKey(objectClass)) {
            throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, CoreMessages.ERR_PWPOLICY_NO_PWDPOLICY_OC.get(subEntry.getDN()));
        }
        this.passwordPolicySubentryDN = subEntry.getDN();
        String attrValue = getAttrValue(entry, PWD_ATTR_ATTRIBUTE);
        if (attrValue == null || attrValue.length() <= 0) {
            this.pPasswordAttribute = null;
            this.pAuthPasswordSyntax = null;
        } else {
            this.pPasswordAttribute = DirectoryServer.getAttributeType(attrValue.toLowerCase());
            if (this.pPasswordAttribute == null) {
                throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, CoreMessages.ERR_PWPOLICY_UNDEFINED_PASSWORD_ATTRIBUTE.get(this.passwordPolicySubentryDN, attrValue));
            }
            String oid = this.pPasswordAttribute.getSyntax().getOID();
            if (SchemaConstants.SYNTAX_AUTH_PASSWORD_OID.equals(oid)) {
                this.pAuthPasswordSyntax = true;
            } else {
                if (!SchemaConstants.SYNTAX_USER_PASSWORD_OID.equals(oid)) {
                    String name = this.pPasswordAttribute.getSyntax().getName();
                    throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, CoreMessages.ERR_PWPOLICY_INVALID_PASSWORD_ATTRIBUTE_SYNTAX.get(this.passwordPolicySubentryDN, this.pPasswordAttribute.getNameOrOID(), (name == null || name.length() == 0) ? oid : name));
                }
                this.pAuthPasswordSyntax = false;
            }
        }
        this.pMinPasswordAge = asLong(entry, PWD_ATTR_MINAGE);
        this.pMaxPasswordAge = asLong(entry, PWD_ATTR_MAXAGE);
        this.pPasswordHistoryCount = asInteger(entry, PWD_ATTR_INHISTORY, DebugStackTraceFormatter.COMPLETE_STACK);
        asInteger(entry, PWD_ATTR_CHECKQUALITY, 2);
        asInteger(entry, PWD_ATTR_MINLENGTH, DebugStackTraceFormatter.COMPLETE_STACK);
        asBoolean(entry, PWD_ATTR_LOCKOUT);
        this.pPasswordExpirationWarningInterval = asLong(entry, PWD_ATTR_EXPIREWARNING);
        this.pGraceLoginCount = asInteger(entry, PWD_ATTR_GRACEAUTHNLIMIT, DebugStackTraceFormatter.COMPLETE_STACK);
        this.pLockoutDuration = asLong(entry, PWD_ATTR_LOCKOUTDURATION);
        this.pLockoutFailureCount = asInteger(entry, PWD_ATTR_MAXFAILURE, DebugStackTraceFormatter.COMPLETE_STACK);
        this.pForceChangeOnReset = asBoolean(entry, PWD_ATTR_MUSTCHANGE);
        this.pAllowUserPasswordChanges = asBoolean(entry, PWD_ATTR_ALLOWUSERCHANGE);
        this.pPasswordChangeRequiresCurrentPassword = asBoolean(entry, PWD_ATTR_SAFEMODIFY);
        this.pLockoutFailureExpirationInterval = asLong(entry, PWD_ATTR_FAILURECOUNTINTERVAL);
        ObjectClass objectClass2 = DirectoryServer.getObjectClass(PWD_OC_VALIDATORPOLICY);
        if (objectClass2 == null || !objectClasses.containsKey(objectClass2) || (attribute = entry.getAttribute(DirectoryServer.getAttributeTypeOrDefault("ds-cfg-password-validator"))) == null || attribute.isEmpty()) {
            return;
        }
        Iterator<Attribute> it2 = attribute.iterator();
        while (it2.hasNext()) {
            Iterator<ByteString> it3 = it2.next().iterator();
            while (it3.hasNext()) {
                DN decode = DN.decode(it3.next());
                if (DirectoryServer.getPasswordValidator(decode) == null) {
                    throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, CoreMessages.ERR_PWPOLICY_UNKNOWN_VALIDATOR.get(this.passwordPolicySubentryDN, decode, "ds-cfg-password-validator"));
                }
                this.pValidatorNames.add(decode);
            }
        }
    }

    private Boolean asBoolean(Entry entry, String str) throws DirectoryException {
        String attrValue = getAttrValue(entry, str);
        if (attrValue == null || attrValue.length() <= 0) {
            return null;
        }
        if (attrValue.equalsIgnoreCase(Boolean.TRUE.toString()) || attrValue.equalsIgnoreCase(Boolean.FALSE.toString())) {
            return Boolean.valueOf(attrValue);
        }
        throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, ConfigMessages.ERR_CONFIG_ATTR_INVALID_BOOLEAN_VALUE.get(str, attrValue));
    }

    private Integer asInteger(Entry entry, String str, int i) throws DirectoryException {
        String attrValue = getAttrValue(entry, str);
        if (attrValue == null || attrValue.length() <= 0) {
            return null;
        }
        try {
            Integer valueOf = Integer.valueOf(attrValue);
            checkIntegerAttr(str, valueOf.intValue(), 0L, i);
            return valueOf;
        } catch (NumberFormatException e) {
            throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, ConfigMessages.ERR_CONFIG_ATTR_INVALID_INT_VALUE.get(str, attrValue, e.getLocalizedMessage()));
        }
    }

    private Long asLong(Entry entry, String str) throws DirectoryException {
        String attrValue = getAttrValue(entry, str);
        if (attrValue == null || attrValue.length() <= 0) {
            return null;
        }
        try {
            Long valueOf = Long.valueOf(attrValue);
            checkIntegerAttr(str, valueOf.longValue(), 0L, 2147483647L);
            return valueOf;
        } catch (NumberFormatException e) {
            throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, ConfigMessages.ERR_CONFIG_ATTR_INVALID_INT_VALUE.get(str, attrValue, e.getLocalizedMessage()));
        }
    }

    private void checkIntegerAttr(String str, long j, long j2, long j3) throws DirectoryException {
        if (j < j2) {
            throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, ConfigMessages.ERR_CONFIG_ATTR_INT_BELOW_LOWER_BOUND.get(str, Long.valueOf(j), Long.valueOf(j2)));
        }
        if (j > j3) {
            throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, ConfigMessages.ERR_CONFIG_ATTR_INT_ABOVE_UPPER_BOUND.get(str, Long.valueOf(j), Long.valueOf(j3)));
        }
    }

    private String getAttrValue(Entry entry, String str) {
        List<Attribute> attribute = entry.getAttribute(DirectoryServer.getAttributeTypeOrDefault(str));
        if (attribute == null || attribute.isEmpty()) {
            return null;
        }
        Iterator<Attribute> it = attribute.iterator();
        while (it.hasNext()) {
            Iterator<ByteString> it2 = it.next().iterator();
            if (it2.hasNext()) {
                return it2.next().toString();
            }
        }
        return null;
    }

    @Override // org.opends.server.core.PasswordPolicy
    public boolean isAllowExpiredPasswordChanges() {
        return getDefaultPasswordPolicy().isAllowExpiredPasswordChanges();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public boolean isAllowMultiplePasswordValues() {
        return getDefaultPasswordPolicy().isAllowMultiplePasswordValues();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public boolean isAllowPreEncodedPasswords() {
        return getDefaultPasswordPolicy().isAllowPreEncodedPasswords();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public boolean isAllowUserPasswordChanges() {
        return this.pAllowUserPasswordChanges != null ? this.pAllowUserPasswordChanges.booleanValue() : getDefaultPasswordPolicy().isAllowUserPasswordChanges();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public boolean isExpirePasswordsWithoutWarning() {
        return getDefaultPasswordPolicy().isExpirePasswordsWithoutWarning();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public boolean isForceChangeOnAdd() {
        return getDefaultPasswordPolicy().isForceChangeOnAdd();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public boolean isForceChangeOnReset() {
        return this.pForceChangeOnReset != null ? this.pForceChangeOnReset.booleanValue() : getDefaultPasswordPolicy().isForceChangeOnReset();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public int getGraceLoginCount() {
        return this.pGraceLoginCount != null ? this.pGraceLoginCount.intValue() : getDefaultPasswordPolicy().getGraceLoginCount();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public long getIdleLockoutInterval() {
        return getDefaultPasswordPolicy().getIdleLockoutInterval();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public AttributeType getLastLoginTimeAttribute() {
        return getDefaultPasswordPolicy().getLastLoginTimeAttribute();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public String getLastLoginTimeFormat() {
        return getDefaultPasswordPolicy().getLastLoginTimeFormat();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public long getLockoutDuration() {
        return this.pLockoutDuration != null ? this.pLockoutDuration.longValue() : getDefaultPasswordPolicy().getLockoutDuration();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public int getLockoutFailureCount() {
        return this.pLockoutFailureCount != null ? this.pLockoutFailureCount.intValue() : getDefaultPasswordPolicy().getLockoutFailureCount();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public long getLockoutFailureExpirationInterval() {
        return this.pLockoutFailureExpirationInterval != null ? this.pLockoutFailureExpirationInterval.longValue() : getDefaultPasswordPolicy().getLockoutFailureExpirationInterval();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public long getMaxPasswordAge() {
        return this.pMaxPasswordAge != null ? this.pMaxPasswordAge.longValue() : getDefaultPasswordPolicy().getMaxPasswordAge();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public long getMaxPasswordResetAge() {
        return getDefaultPasswordPolicy().getMaxPasswordResetAge();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public long getMinPasswordAge() {
        return this.pMinPasswordAge != null ? this.pMinPasswordAge.longValue() : getDefaultPasswordPolicy().getMinPasswordAge();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public AttributeType getPasswordAttribute() {
        return this.pPasswordAttribute != null ? this.pPasswordAttribute : getDefaultPasswordPolicy().getPasswordAttribute();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public boolean isPasswordChangeRequiresCurrentPassword() {
        return this.pPasswordChangeRequiresCurrentPassword != null ? this.pPasswordChangeRequiresCurrentPassword.booleanValue() : getDefaultPasswordPolicy().isPasswordChangeRequiresCurrentPassword();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public long getPasswordExpirationWarningInterval() {
        return this.pPasswordExpirationWarningInterval != null ? this.pPasswordExpirationWarningInterval.longValue() : getDefaultPasswordPolicy().getPasswordExpirationWarningInterval();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public int getPasswordHistoryCount() {
        return this.pPasswordHistoryCount != null ? this.pPasswordHistoryCount.intValue() : getDefaultPasswordPolicy().getPasswordHistoryCount();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public long getPasswordHistoryDuration() {
        return getDefaultPasswordPolicy().getPasswordHistoryDuration();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public SortedSet<String> getPreviousLastLoginTimeFormats() {
        return getDefaultPasswordPolicy().getPreviousLastLoginTimeFormats();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public long getRequireChangeByTime() {
        return getDefaultPasswordPolicy().getRequireChangeByTime();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public boolean isRequireSecureAuthentication() {
        return getDefaultPasswordPolicy().isRequireSecureAuthentication();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public boolean isRequireSecurePasswordChanges() {
        return getDefaultPasswordPolicy().isRequireSecurePasswordChanges();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public boolean isSkipValidationForAdministrators() {
        return getDefaultPasswordPolicy().isSkipValidationForAdministrators();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public PasswordPolicyCfgDefn.StateUpdateFailurePolicy getStateUpdateFailurePolicy() {
        return getDefaultPasswordPolicy().getStateUpdateFailurePolicy();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public boolean isAuthPasswordSyntax() {
        return this.pAuthPasswordSyntax != null ? this.pAuthPasswordSyntax.booleanValue() : getDefaultPasswordPolicy().isAuthPasswordSyntax();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public List<PasswordStorageScheme<?>> getDefaultPasswordStorageSchemes() {
        return getDefaultPasswordPolicy().getDefaultPasswordStorageSchemes();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public Set<String> getDeprecatedPasswordStorageSchemes() {
        return getDefaultPasswordPolicy().getDeprecatedPasswordStorageSchemes();
    }

    @Override // org.opends.server.core.PasswordPolicy, org.opends.server.api.AuthenticationPolicy
    public DN getDN() {
        return this.passwordPolicySubentryDN;
    }

    @Override // org.opends.server.core.PasswordPolicy
    public boolean isDefaultPasswordStorageScheme(String str) {
        return getDefaultPasswordPolicy().isDefaultPasswordStorageScheme(str);
    }

    @Override // org.opends.server.core.PasswordPolicy
    public boolean isDeprecatedPasswordStorageScheme(String str) {
        return getDefaultPasswordPolicy().isDeprecatedPasswordStorageScheme(str);
    }

    @Override // org.opends.server.core.PasswordPolicy
    public Collection<PasswordValidator<?>> getPasswordValidators() {
        if (this.pValidatorNames.isEmpty()) {
            return getDefaultPasswordPolicy().getPasswordValidators();
        }
        HashSet hashSet = new HashSet();
        for (DN dn : this.pValidatorNames) {
            PasswordValidator<? extends PasswordValidatorCfg> passwordValidator = DirectoryServer.getPasswordValidator(dn);
            if (passwordValidator == null) {
                RejectPasswordValidator rejectPasswordValidator = new RejectPasswordValidator(dn.toString(), this.passwordPolicySubentryDN.toString());
                hashSet.clear();
                hashSet.add(rejectPasswordValidator);
                return hashSet;
            }
            hashSet.add(passwordValidator);
        }
        this.isAlreadyLogged.set(false);
        return hashSet;
    }

    @Override // org.opends.server.core.PasswordPolicy
    public Collection<AccountStatusNotificationHandler<?>> getAccountStatusNotificationHandlers() {
        return getDefaultPasswordPolicy().getAccountStatusNotificationHandlers();
    }

    @Override // org.opends.server.core.PasswordPolicy
    public PasswordGenerator<?> getPasswordGenerator() {
        return getDefaultPasswordPolicy().getPasswordGenerator();
    }
}
