package org.opends.server.api;

import java.util.Iterator;
import java.util.List;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ConditionResult;
import org.forgerock.opendj.ldap.GeneralizedTime;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.messages.CoreMessages;
import org.opends.server.config.ConfigConstants;
import org.opends.server.core.DirectoryServer;
import org.opends.server.types.Attribute;
import org.opends.server.types.AttributeType;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.util.ServerConstants;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/api/AuthenticationPolicyState.class */
public abstract class AuthenticationPolicyState {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    protected ConditionResult isDisabled = ConditionResult.UNDEFINED;
    protected final Entry userEntry;

    public static AuthenticationPolicyState forUser(Entry entry, boolean z) throws DirectoryException {
        return AuthenticationPolicy.forUser(entry, z).createAuthenticationPolicyState(entry);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ConditionResult getBoolean(Entry entry, AttributeType attributeType) throws DirectoryException {
        List<Attribute> attribute = entry.getAttribute(attributeType);
        if (attribute != null) {
            for (Attribute attribute2 : attribute) {
                if (!attribute2.isEmpty()) {
                    String lowerCase = StaticUtils.toLowerCase(attribute2.iterator().next().toString());
                    if (lowerCase.equals(ServerConstants.CONFIG_VALUE_TRUE) || lowerCase.equals("yes") || lowerCase.equals("on") || lowerCase.equals("1")) {
                        if (logger.isTraceEnabled()) {
                            logger.trace("Attribute %s resolves to true for user entry %s", attributeType.getNameOrOID(), entry.getName());
                        }
                        return ConditionResult.TRUE;
                    }
                    if (lowerCase.equals(ServerConstants.CONFIG_VALUE_FALSE) || lowerCase.equals("no") || lowerCase.equals("off") || lowerCase.equals("0")) {
                        if (logger.isTraceEnabled()) {
                            logger.trace("Attribute %s resolves to false for user entry %s", attributeType.getNameOrOID(), entry.getName());
                        }
                        return ConditionResult.FALSE;
                    }
                    if (logger.isTraceEnabled()) {
                        logger.trace("Unable to resolve value %s for attribute %s in user entry %s as a Boolean.", lowerCase, attributeType.getNameOrOID(), entry.getName());
                    }
                    throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, CoreMessages.ERR_PWPSTATE_CANNOT_DECODE_BOOLEAN.get(lowerCase, attributeType.getNameOrOID(), entry.getName()));
                }
            }
        }
        if (logger.isTraceEnabled()) {
            logger.trace("Returning %s because attribute %s does not exist in user entry %s", ConditionResult.UNDEFINED, attributeType.getNameOrOID(), entry.getName());
        }
        return ConditionResult.UNDEFINED;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static long getGeneralizedTime(Entry entry, AttributeType attributeType) throws DirectoryException {
        long j = -1;
        List<Attribute> attribute = entry.getAttribute(attributeType);
        if (attribute != null) {
            Iterator<Attribute> it = attribute.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Attribute next = it.next();
                if (!next.isEmpty()) {
                    ByteString next2 = next.iterator().next();
                    try {
                        j = GeneralizedTime.valueOf(next2.toString()).getTimeInMillis();
                        break;
                    } catch (Exception e) {
                        logger.traceException(e, "Unable to decode value %s for attribute %s in user entry %s", next2, attributeType.getNameOrOID(), entry.getName());
                        throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, CoreMessages.ERR_PWPSTATE_CANNOT_DECODE_GENERALIZED_TIME.get(next2, attributeType.getNameOrOID(), entry.getName(), e), e);
                    }
                }
            }
        }
        if (j == -1 && logger.isTraceEnabled()) {
            logger.trace("Returning -1 because attribute %s does not exist in user entry %s", attributeType.getNameOrOID(), entry.getName());
        }
        return j;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationPolicyState(Entry entry) {
        this.userEntry = entry;
    }

    public void finalizeStateAfterBind() throws DirectoryException {
    }

    public abstract AuthenticationPolicy getAuthenticationPolicy();

    public boolean isDisabled() {
        try {
            this.isDisabled = getBoolean(this.userEntry, DirectoryServer.getAttributeTypeOrDefault(ConfigConstants.OP_ATTR_ACCOUNT_DISABLED));
            if (this.isDisabled != ConditionResult.UNDEFINED) {
                boolean z = this.isDisabled == ConditionResult.TRUE;
                if (logger.isTraceEnabled()) {
                    logger.trace("User %s is%s administratively disabled.", this.userEntry.getName(), z ? "" : " not");
                }
                return z;
            }
            this.isDisabled = ConditionResult.FALSE;
            if (!logger.isTraceEnabled()) {
                return false;
            }
            logger.trace("User %s is not administratively disabled since the attribute \"%s\" is not present in the entry.", this.userEntry.getName(), ConfigConstants.OP_ATTR_ACCOUNT_DISABLED);
            return false;
        } catch (Exception e) {
            logger.traceException(e, "User %s is considered administratively disabled because an error occurred while attempting to make the determination.", this.userEntry.getName());
            this.isDisabled = ConditionResult.TRUE;
            return true;
        }
    }

    public boolean isPasswordPolicy() {
        return getAuthenticationPolicy().isPasswordPolicy();
    }

    public abstract boolean passwordMatches(ByteString byteString) throws DirectoryException;
}
