package org.opends.server.extensions;

import java.io.BufferedReader;
import java.io.Closeable;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.net.ConnectException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketTimeoutException;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Queue;
import java.util.SortedSet;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.Semaphore;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DecodeException;
import org.forgerock.opendj.ldap.GeneralizedTime;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.opends.messages.ExtensionMessages;
import org.opends.server.admin.server.ConfigurationChangeListener;
import org.opends.server.admin.std.meta.LDAPPassThroughAuthenticationPolicyCfgDefn;
import org.opends.server.admin.std.server.LDAPPassThroughAuthenticationPolicyCfg;
import org.opends.server.api.AuthenticationPolicy;
import org.opends.server.api.AuthenticationPolicyFactory;
import org.opends.server.api.AuthenticationPolicyState;
import org.opends.server.api.DirectoryThread;
import org.opends.server.api.PasswordStorageScheme;
import org.opends.server.api.TrustManagerProvider;
import org.opends.server.config.ConfigConstants;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ModifyOperation;
import org.opends.server.core.ServerContext;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.ldap.BindRequestProtocolOp;
import org.opends.server.protocols.ldap.BindResponseProtocolOp;
import org.opends.server.protocols.ldap.ExtendedResponseProtocolOp;
import org.opends.server.protocols.ldap.LDAPConstants;
import org.opends.server.protocols.ldap.LDAPMessage;
import org.opends.server.protocols.ldap.ProtocolOp;
import org.opends.server.protocols.ldap.UnbindRequestProtocolOp;
import org.opends.server.schema.SchemaConstants;
import org.opends.server.schema.UserPasswordSyntax;
import org.opends.server.tools.LDAPReader;
import org.opends.server.tools.LDAPWriter;
import org.opends.server.types.Attribute;
import org.opends.server.types.AttributeType;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.HostPort;
import org.opends.server.types.InitializationException;
import org.opends.server.types.LDAPException;
import org.opends.server.types.RawModification;
import org.opends.server.types.SearchFilter;
import org.opends.server.util.StaticUtils;
import org.opends.server.util.TimeThread;

/* loaded from: input_file:org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.class */
public final class LDAPPassThroughAuthenticationPolicyFactory implements AuthenticationPolicyFactory<LDAPPassThroughAuthenticationPolicyCfg> {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    static final LinkedHashSet<String> NO_ATTRIBUTES = new LinkedHashSet<>(1);
    private final Provider provider;
    private ServerContext serverContext;
    private static final Provider DEFAULT_PROVIDER;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory$2, reason: invalid class name */
    /* loaded from: input_file:org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum;

        static {
            try {
                $SwitchMap$org$opends$server$admin$std$meta$LDAPPassThroughAuthenticationPolicyCfgDefn$MappingPolicy[LDAPPassThroughAuthenticationPolicyCfgDefn.MappingPolicy.UNMAPPED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$opends$server$admin$std$meta$LDAPPassThroughAuthenticationPolicyCfgDefn$MappingPolicy[LDAPPassThroughAuthenticationPolicyCfgDefn.MappingPolicy.MAPPED_BIND.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$opends$server$admin$std$meta$LDAPPassThroughAuthenticationPolicyCfgDefn$MappingPolicy[LDAPPassThroughAuthenticationPolicyCfgDefn.MappingPolicy.MAPPED_SEARCH.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum = new int[ResultCode.Enum.values().length];
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.SUCCESS.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.SIZE_LIMIT_EXCEEDED.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.NO_SUCH_OBJECT.ordinal()] = 3;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.CLIENT_SIDE_NO_RESULTS_RETURNED.ordinal()] = 4;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.CLIENT_SIDE_UNEXPECTED_RESULTS_RETURNED.ordinal()] = 5;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.INVALID_CREDENTIALS.ordinal()] = 6;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.OPERATIONS_ERROR.ordinal()] = 7;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.PROTOCOL_ERROR.ordinal()] = 8;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.TIME_LIMIT_EXCEEDED.ordinal()] = 9;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.ADMIN_LIMIT_EXCEEDED.ordinal()] = 10;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.UNAVAILABLE_CRITICAL_EXTENSION.ordinal()] = 11;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.BUSY.ordinal()] = 12;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.UNAVAILABLE.ordinal()] = 13;
            } catch (NoSuchFieldError e16) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.UNWILLING_TO_PERFORM.ordinal()] = 14;
            } catch (NoSuchFieldError e17) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.LOOP_DETECT.ordinal()] = 15;
            } catch (NoSuchFieldError e18) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.OTHER.ordinal()] = 16;
            } catch (NoSuchFieldError e19) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.CLIENT_SIDE_CONNECT_ERROR.ordinal()] = 17;
            } catch (NoSuchFieldError e20) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.CLIENT_SIDE_DECODING_ERROR.ordinal()] = 18;
            } catch (NoSuchFieldError e21) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.CLIENT_SIDE_ENCODING_ERROR.ordinal()] = 19;
            } catch (NoSuchFieldError e22) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.CLIENT_SIDE_LOCAL_ERROR.ordinal()] = 20;
            } catch (NoSuchFieldError e23) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.CLIENT_SIDE_SERVER_DOWN.ordinal()] = 21;
            } catch (NoSuchFieldError e24) {
            }
            try {
                $SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[ResultCode.Enum.CLIENT_SIDE_TIMEOUT.ordinal()] = 22;
            } catch (NoSuchFieldError e25) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory$AbstractLoadBalancer.class */
    public static abstract class AbstractLoadBalancer implements ConnectionFactory, Runnable {
        private final MonitoredConnectionFactory[] factories;
        private final int maxIndex;
        private final ScheduledFuture<?> monitorFuture;

        /* loaded from: input_file:org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory$AbstractLoadBalancer$FailoverConnection.class */
        private final class FailoverConnection implements Connection {
            private Connection connection;
            private MonitoredConnectionFactory factory;
            private final int startIndex;
            private int nextIndex;

            private FailoverConnection(int i) throws DirectoryException {
                DirectoryException directoryException;
                this.nextIndex = i;
                this.startIndex = i;
                do {
                    this.factory = AbstractLoadBalancer.this.factories[this.nextIndex];
                    if (this.factory.isAvailable) {
                        try {
                            this.connection = this.factory.getConnection();
                            incrementNextIndex();
                            return;
                        } catch (DirectoryException e) {
                            LDAPPassThroughAuthenticationPolicyFactory.logger.traceException(e);
                            directoryException = e;
                        }
                    } else {
                        directoryException = this.factory.lastException;
                    }
                    incrementNextIndex();
                } while (this.nextIndex != i);
                throw directoryException;
            }

            @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.Connection, java.io.Closeable, java.lang.AutoCloseable
            public void close() {
                this.connection.close();
            }

            @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.Connection
            public ByteString search(DN dn, SearchScope searchScope, SearchFilter searchFilter) throws DirectoryException {
                while (true) {
                    try {
                        return this.connection.search(dn, searchScope, searchFilter);
                    } catch (DirectoryException e) {
                        LDAPPassThroughAuthenticationPolicyFactory.logger.traceException(e);
                        handleDirectoryException(e);
                    }
                }
            }

            @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.Connection
            public void simpleBind(ByteString byteString, ByteString byteString2) throws DirectoryException {
                while (true) {
                    try {
                        this.connection.simpleBind(byteString, byteString2);
                        return;
                    } catch (DirectoryException e) {
                        LDAPPassThroughAuthenticationPolicyFactory.logger.traceException(e);
                        handleDirectoryException(e);
                    }
                }
            }

            private void handleDirectoryException(DirectoryException directoryException) throws DirectoryException {
                if (!LDAPPassThroughAuthenticationPolicyFactory.isServiceError(directoryException.getResultCode())) {
                    throw directoryException;
                }
                this.connection.close();
                this.factory.lastException = directoryException;
                this.factory.isAvailable = false;
                while (this.nextIndex != this.startIndex) {
                    this.factory = AbstractLoadBalancer.this.factories[this.nextIndex];
                    if (this.factory.isAvailable) {
                        try {
                            this.connection = this.factory.getConnection();
                            incrementNextIndex();
                            return;
                        } catch (DirectoryException e) {
                            LDAPPassThroughAuthenticationPolicyFactory.logger.traceException(e);
                        }
                    }
                    incrementNextIndex();
                }
                throw directoryException;
            }

            private void incrementNextIndex() {
                int i = this.nextIndex + 1;
                this.nextIndex = i;
                if (i == AbstractLoadBalancer.this.maxIndex) {
                    this.nextIndex = 0;
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory$AbstractLoadBalancer$MonitoredConnectionFactory.class */
        public final class MonitoredConnectionFactory implements ConnectionFactory {
            private final ConnectionFactory factory;
            private volatile boolean isAvailable;
            private DirectoryException lastException;

            private MonitoredConnectionFactory(ConnectionFactory connectionFactory) {
                this.isAvailable = true;
                this.factory = connectionFactory;
            }

            @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.ConnectionFactory, java.io.Closeable, java.lang.AutoCloseable
            public void close() {
                this.factory.close();
            }

            @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.ConnectionFactory
            public Connection getConnection() throws DirectoryException {
                try {
                    Connection connection = this.factory.getConnection();
                    this.isAvailable = true;
                    return connection;
                } catch (DirectoryException e) {
                    LDAPPassThroughAuthenticationPolicyFactory.logger.traceException(e);
                    this.lastException = e;
                    this.isAvailable = false;
                    throw e;
                }
            }
        }

        AbstractLoadBalancer(ConnectionFactory[] connectionFactoryArr, ScheduledExecutorService scheduledExecutorService) {
            this.factories = new MonitoredConnectionFactory[connectionFactoryArr.length];
            this.maxIndex = connectionFactoryArr.length;
            for (int i = 0; i < this.maxIndex; i++) {
                this.factories[i] = new MonitoredConnectionFactory(connectionFactoryArr[i]);
            }
            this.monitorFuture = scheduledExecutorService.scheduleWithFixedDelay(this, 5L, 5L, TimeUnit.SECONDS);
        }

        @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.ConnectionFactory, java.io.Closeable, java.lang.AutoCloseable
        public final void close() {
            this.monitorFuture.cancel(true);
            for (MonitoredConnectionFactory monitoredConnectionFactory : this.factories) {
                monitoredConnectionFactory.close();
            }
        }

        @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.ConnectionFactory
        public final Connection getConnection() throws DirectoryException {
            return new FailoverConnection(getStartIndex());
        }

        @Override // java.lang.Runnable
        public void run() {
            for (MonitoredConnectionFactory monitoredConnectionFactory : this.factories) {
                if (!monitoredConnectionFactory.isAvailable) {
                    try {
                        monitoredConnectionFactory.getConnection().close();
                    } catch (DirectoryException e) {
                        LDAPPassThroughAuthenticationPolicyFactory.logger.traceException(e);
                    }
                }
            }
        }

        abstract int getStartIndex();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory$AuthenticatedConnectionFactory.class */
    public static final class AuthenticatedConnectionFactory implements ConnectionFactory {
        private final ConnectionFactory factory;
        private final DN username;
        private final String password;

        AuthenticatedConnectionFactory(ConnectionFactory connectionFactory, DN dn, String str) {
            this.factory = connectionFactory;
            this.username = dn;
            this.password = str;
        }

        @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.ConnectionFactory, java.io.Closeable, java.lang.AutoCloseable
        public void close() {
            this.factory.close();
        }

        @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.ConnectionFactory
        public Connection getConnection() throws DirectoryException {
            Connection connection = this.factory.getConnection();
            if (this.username != null && !this.username.isRootDN() && this.password != null && this.password.length() > 0) {
                try {
                    connection.simpleBind(ByteString.valueOf(this.username.toString()), ByteString.valueOf(this.password));
                } catch (DirectoryException e) {
                    connection.close();
                    throw e;
                }
            }
            return connection;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory$Connection.class */
    public interface Connection extends Closeable {
        @Override // java.io.Closeable, java.lang.AutoCloseable
        void close();

        ByteString search(DN dn, SearchScope searchScope, SearchFilter searchFilter) throws DirectoryException;

        void simpleBind(ByteString byteString, ByteString byteString2) throws DirectoryException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory$ConnectionFactory.class */
    public interface ConnectionFactory extends Closeable {
        @Override // java.io.Closeable, java.lang.AutoCloseable
        void close();

        Connection getConnection() throws DirectoryException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory$ConnectionPool.class */
    public static final class ConnectionPool implements ConnectionFactory {
        private boolean poolIsClosed;
        private final ConnectionFactory factory;
        private final int poolSize = Runtime.getRuntime().availableProcessors() * 2;
        private final Semaphore availableConnections = new Semaphore(this.poolSize);
        private final Queue<Connection> connectionPool = new ConcurrentLinkedQueue();

        /* loaded from: input_file:org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory$ConnectionPool$PooledConnection.class */
        private final class PooledConnection implements Connection {
            private Connection connection;
            private boolean connectionIsClosed;

            private PooledConnection(Connection connection) {
                this.connection = connection;
            }

            @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.Connection, java.io.Closeable, java.lang.AutoCloseable
            public void close() {
                if (this.connectionIsClosed) {
                    return;
                }
                this.connectionIsClosed = true;
                if (ConnectionPool.this.poolIsClosed) {
                    this.connection.close();
                } else {
                    ConnectionPool.this.connectionPool.offer(this.connection);
                }
                this.connection = null;
                ConnectionPool.this.availableConnections.release();
            }

            @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.Connection
            public ByteString search(DN dn, SearchScope searchScope, SearchFilter searchFilter) throws DirectoryException {
                try {
                    return this.connection.search(dn, searchScope, searchFilter);
                } catch (DirectoryException e) {
                    reconnectIfConnectionFailure(e);
                    try {
                        return this.connection.search(dn, searchScope, searchFilter);
                    } catch (DirectoryException e2) {
                        closeIfConnectionFailure(e2);
                        throw e2;
                    }
                }
            }

            @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.Connection
            public void simpleBind(ByteString byteString, ByteString byteString2) throws DirectoryException {
                try {
                    this.connection.simpleBind(byteString, byteString2);
                } catch (DirectoryException e) {
                    reconnectIfConnectionFailure(e);
                    try {
                        this.connection.simpleBind(byteString, byteString2);
                    } catch (DirectoryException e2) {
                        closeIfConnectionFailure(e2);
                        throw e2;
                    }
                }
            }

            private void closeIfConnectionFailure(DirectoryException directoryException) throws DirectoryException {
                if (LDAPPassThroughAuthenticationPolicyFactory.isServiceError(directoryException.getResultCode())) {
                    this.connectionIsClosed = true;
                    this.connection.close();
                    this.connection = null;
                    ConnectionPool.this.availableConnections.release();
                }
            }

            private void reconnectIfConnectionFailure(DirectoryException directoryException) throws DirectoryException {
                if (!LDAPPassThroughAuthenticationPolicyFactory.isServiceError(directoryException.getResultCode())) {
                    throw directoryException;
                }
                this.connection.close();
                try {
                    this.connection = ConnectionPool.this.factory.getConnection();
                } catch (DirectoryException e) {
                    this.connectionIsClosed = true;
                    this.connection = null;
                    ConnectionPool.this.availableConnections.release();
                    throw e;
                }
            }
        }

        ConnectionPool(ConnectionFactory connectionFactory) {
            this.factory = connectionFactory;
        }

        @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.ConnectionFactory, java.io.Closeable, java.lang.AutoCloseable
        public void close() {
            this.poolIsClosed = true;
            while (true) {
                Connection poll = this.connectionPool.poll();
                if (poll == null) {
                    break;
                } else {
                    poll.close();
                }
            }
            this.factory.close();
            if (this.availableConnections.availablePermits() != this.poolSize) {
                throw new IllegalStateException("Pool has remaining connections open after close");
            }
        }

        @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.ConnectionFactory
        public Connection getConnection() throws DirectoryException {
            if (this.poolIsClosed) {
                throw new IllegalStateException("pool is closed");
            }
            this.availableConnections.acquireUninterruptibly();
            Connection poll = this.connectionPool.poll();
            if (poll == null) {
                try {
                    poll = this.factory.getConnection();
                } catch (DirectoryException e) {
                    this.availableConnections.release();
                    throw e;
                }
            }
            return new PooledConnection(poll);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory$FailoverLoadBalancer.class */
    public static final class FailoverLoadBalancer extends AbstractLoadBalancer {
        FailoverLoadBalancer(ConnectionFactory connectionFactory, ConnectionFactory connectionFactory2, ScheduledExecutorService scheduledExecutorService) {
            super(new ConnectionFactory[]{connectionFactory, connectionFactory2}, scheduledExecutorService);
        }

        @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.AbstractLoadBalancer
        int getStartIndex() {
            return 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory$LDAPConnectionFactory.class */
    public static final class LDAPConnectionFactory implements ConnectionFactory {
        private final String host;
        private final int port;
        private final LDAPPassThroughAuthenticationPolicyCfg cfg;
        private final int timeoutMS;

        /* loaded from: input_file:org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory$LDAPConnectionFactory$LDAPConnection.class */
        private final class LDAPConnection implements Connection {
            private final Socket plainSocket;
            private final Socket ldapSocket;
            private final LDAPWriter writer;
            private final LDAPReader reader;
            private int nextMessageID;
            private boolean isClosed;

            private LDAPConnection(Socket socket, Socket socket2, LDAPReader lDAPReader, LDAPWriter lDAPWriter) {
                this.nextMessageID = 1;
                this.plainSocket = socket;
                this.ldapSocket = socket2;
                this.reader = lDAPReader;
                this.writer = lDAPWriter;
            }

            @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.Connection, java.io.Closeable, java.lang.AutoCloseable
            public void close() {
                if (this.isClosed) {
                    return;
                }
                this.isClosed = true;
                int i = this.nextMessageID;
                this.nextMessageID = i + 1;
                try {
                    this.writer.writeMessage(new LDAPMessage(i, new UnbindRequestProtocolOp()));
                } catch (IOException e) {
                    LDAPPassThroughAuthenticationPolicyFactory.logger.traceException(e);
                }
                StaticUtils.close(this.writer, this.reader);
                StaticUtils.close(this.ldapSocket, this.plainSocket);
            }

            /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
            /* JADX WARN: Failed to find 'out' block for switch in B:3:0x0043. Please report as an issue. */
            /* JADX WARN: Removed duplicated region for block: B:18:0x0136 A[PHI: r19 r20
              0x0136: PHI (r19v2 org.forgerock.opendj.ldap.ByteString) = 
              (r19v1 org.forgerock.opendj.ldap.ByteString)
              (r19v1 org.forgerock.opendj.ldap.ByteString)
              (r19v1 org.forgerock.opendj.ldap.ByteString)
              (r19v3 org.forgerock.opendj.ldap.ByteString)
             binds: [B:3:0x0043, B:17:0x0130, B:9:0x00a3, B:7:0x007d] A[DONT_GENERATE, DONT_INLINE]
              0x0136: PHI (r20v2 int) = (r20v1 int), (r20v1 int), (r20v1 int), (r20v3 int) binds: [B:3:0x0043, B:17:0x0130, B:9:0x00a3, B:7:0x007d] A[DONT_GENERATE, DONT_INLINE]] */
            @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.Connection
            /*
                Code decompiled incorrectly, please refer to instructions dump.
                To view partially-correct add '--show-bad-code' argument
            */
            public org.forgerock.opendj.ldap.ByteString search(org.opends.server.types.DN r14, org.forgerock.opendj.ldap.SearchScope r15, org.opends.server.types.SearchFilter r16) throws org.opends.server.types.DirectoryException {
                /*
                    Method dump skipped, instructions count: 427
                    To view this dump add '--comments-level debug' option
                */
                throw new UnsupportedOperationException("Method not decompiled: org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.LDAPConnectionFactory.LDAPConnection.search(org.opends.server.types.DN, org.forgerock.opendj.ldap.SearchScope, org.opends.server.types.SearchFilter):org.forgerock.opendj.ldap.ByteString");
            }

            @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.Connection
            public void simpleBind(ByteString byteString, ByteString byteString2) throws DirectoryException {
                sendRequest(new BindRequestProtocolOp(byteString, 3, byteString2));
                LDAPMessage readResponse = readResponse();
                switch (readResponse.getProtocolOpType()) {
                    case 97:
                        BindResponseProtocolOp bindResponseProtocolOp = readResponse.getBindResponseProtocolOp();
                        ResultCode valueOf = ResultCode.valueOf(bindResponseProtocolOp.getResultCode());
                        if (valueOf != ResultCode.SUCCESS) {
                            throw new DirectoryException(valueOf, ExtensionMessages.ERR_LDAP_PTA_CONNECTION_BIND_FAILED.get(LDAPConnectionFactory.this.host, Integer.valueOf(LDAPConnectionFactory.this.port), LDAPConnectionFactory.this.cfg.dn(), byteString, Integer.valueOf(valueOf.intValue()), valueOf.getName(), bindResponseProtocolOp.getErrorMessage()));
                        }
                        return;
                    default:
                        handleUnexpectedResponse(readResponse);
                        return;
                }
            }

            protected void finalize() {
                close();
            }

            private void handleUnexpectedResponse(LDAPMessage lDAPMessage) throws DirectoryException {
                if (lDAPMessage.getProtocolOpType() == 120) {
                    ExtendedResponseProtocolOp extendedResponseProtocolOp = lDAPMessage.getExtendedResponseProtocolOp();
                    if (LDAPConstants.OID_NOTICE_OF_DISCONNECTION.equals(extendedResponseProtocolOp.getOID())) {
                        ResultCode valueOf = ResultCode.valueOf(extendedResponseProtocolOp.getResultCode());
                        throw new DirectoryException(LDAPPassThroughAuthenticationPolicyFactory.isServiceError(valueOf) ? valueOf : ResultCode.UNAVAILABLE, ExtensionMessages.ERR_LDAP_PTA_CONNECTION_DISCONNECTING.get(LDAPConnectionFactory.this.host, Integer.valueOf(LDAPConnectionFactory.this.port), LDAPConnectionFactory.this.cfg.dn(), Integer.valueOf(valueOf.intValue()), valueOf.getName(), extendedResponseProtocolOp.getErrorMessage()));
                    }
                }
                throw new DirectoryException(ResultCode.CLIENT_SIDE_DECODING_ERROR, ExtensionMessages.ERR_LDAP_PTA_CONNECTION_WRONG_RESPONSE.get(LDAPConnectionFactory.this.host, Integer.valueOf(LDAPConnectionFactory.this.port), LDAPConnectionFactory.this.cfg.dn(), lDAPMessage.getProtocolOp()));
            }

            private LDAPMessage readResponse() throws DirectoryException {
                try {
                    LDAPMessage readMessage = this.reader.readMessage();
                    if (readMessage == null) {
                        throw new DirectoryException(ResultCode.CLIENT_SIDE_SERVER_DOWN, ExtensionMessages.ERR_LDAP_PTA_CONNECTION_CLOSED.get(LDAPConnectionFactory.this.host, Integer.valueOf(LDAPConnectionFactory.this.port), LDAPConnectionFactory.this.cfg.dn()));
                    }
                    return readMessage;
                } catch (IOException e) {
                    throw new DirectoryException(ResultCode.CLIENT_SIDE_SERVER_DOWN, ExtensionMessages.ERR_LDAP_PTA_CONNECTION_OTHER_ERROR.get(LDAPConnectionFactory.this.host, Integer.valueOf(LDAPConnectionFactory.this.port), LDAPConnectionFactory.this.cfg.dn(), e.getMessage()), e);
                } catch (DecodeException e2) {
                    if (e2.getCause() instanceof SocketTimeoutException) {
                        throw new DirectoryException(ResultCode.CLIENT_SIDE_TIMEOUT, ExtensionMessages.ERR_LDAP_PTA_CONNECTION_TIMEOUT.get(LDAPConnectionFactory.this.host, Integer.valueOf(LDAPConnectionFactory.this.port), LDAPConnectionFactory.this.cfg.dn()), e2);
                    }
                    if (e2.getCause() instanceof IOException) {
                        throw new DirectoryException(ResultCode.CLIENT_SIDE_SERVER_DOWN, ExtensionMessages.ERR_LDAP_PTA_CONNECTION_OTHER_ERROR.get(LDAPConnectionFactory.this.host, Integer.valueOf(LDAPConnectionFactory.this.port), LDAPConnectionFactory.this.cfg.dn(), e2.getMessage()), e2);
                    }
                    throw new DirectoryException(ResultCode.CLIENT_SIDE_DECODING_ERROR, ExtensionMessages.ERR_LDAP_PTA_CONNECTION_DECODE_ERROR.get(LDAPConnectionFactory.this.host, Integer.valueOf(LDAPConnectionFactory.this.port), LDAPConnectionFactory.this.cfg.dn(), e2.getMessage()), e2);
                } catch (SocketTimeoutException e3) {
                    throw new DirectoryException(ResultCode.CLIENT_SIDE_TIMEOUT, ExtensionMessages.ERR_LDAP_PTA_CONNECTION_TIMEOUT.get(LDAPConnectionFactory.this.host, Integer.valueOf(LDAPConnectionFactory.this.port), LDAPConnectionFactory.this.cfg.dn()), e3);
                } catch (LDAPException e4) {
                    throw new DirectoryException(ResultCode.CLIENT_SIDE_DECODING_ERROR, ExtensionMessages.ERR_LDAP_PTA_CONNECTION_DECODE_ERROR.get(LDAPConnectionFactory.this.host, Integer.valueOf(LDAPConnectionFactory.this.port), LDAPConnectionFactory.this.cfg.dn(), e4.getMessage()), e4);
                }
            }

            private void sendRequest(ProtocolOp protocolOp) throws DirectoryException {
                int i = this.nextMessageID;
                this.nextMessageID = i + 1;
                try {
                    this.writer.writeMessage(new LDAPMessage(i, protocolOp));
                } catch (IOException e) {
                    throw new DirectoryException(ResultCode.CLIENT_SIDE_SERVER_DOWN, ExtensionMessages.ERR_LDAP_PTA_CONNECTION_OTHER_ERROR.get(LDAPConnectionFactory.this.host, Integer.valueOf(LDAPConnectionFactory.this.port), LDAPConnectionFactory.this.cfg.dn(), e.getMessage()), e);
                }
            }
        }

        LDAPConnectionFactory(String str, int i, LDAPPassThroughAuthenticationPolicyCfg lDAPPassThroughAuthenticationPolicyCfg) {
            this.host = str;
            this.port = i;
            this.cfg = lDAPPassThroughAuthenticationPolicyCfg;
            this.timeoutMS = (int) Math.min(lDAPPassThroughAuthenticationPolicyCfg.getConnectionTimeout(), 2147483647L);
        }

        @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.ConnectionFactory, java.io.Closeable, java.lang.AutoCloseable
        public void close() {
        }

        @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.ConnectionFactory
        public Connection getConnection() throws DirectoryException {
            TrustManagerProvider trustManagerProvider;
            try {
                InetSocketAddress inetSocketAddress = new InetSocketAddress(InetAddress.getByName(this.host), this.port);
                Socket socket = new Socket();
                Socket socket2 = null;
                LDAPReader lDAPReader = null;
                LDAPWriter lDAPWriter = null;
                LDAPConnection lDAPConnection = null;
                try {
                    socket.setTcpNoDelay(this.cfg.isUseTCPNoDelay());
                    socket.setKeepAlive(this.cfg.isUseTCPKeepAlive());
                    socket.setSoTimeout(this.timeoutMS);
                    if (this.cfg.getSourceAddress() != null) {
                        socket.bind(new InetSocketAddress(this.cfg.getSourceAddress(), 0));
                    }
                    socket.connect(inetSocketAddress, this.timeoutMS);
                    if (this.cfg.isUseSSL()) {
                        TrustManager[] trustManagerArr = null;
                        DN trustManagerProviderDN = this.cfg.getTrustManagerProviderDN();
                        if (trustManagerProviderDN != null && (trustManagerProvider = DirectoryServer.getTrustManagerProvider(trustManagerProviderDN)) != null) {
                            trustManagerArr = trustManagerProvider.getTrustManagers();
                        }
                        SSLContext sSLContext = SSLContext.getInstance("TLS");
                        sSLContext.init(null, trustManagerArr, null);
                        SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(socket, this.host, this.port, true);
                        socket2 = sSLSocket;
                        sSLSocket.setUseClientMode(true);
                        if (!this.cfg.getSSLProtocol().isEmpty()) {
                            sSLSocket.setEnabledProtocols((String[]) this.cfg.getSSLProtocol().toArray(new String[0]));
                        }
                        if (!this.cfg.getSSLCipherSuite().isEmpty()) {
                            sSLSocket.setEnabledCipherSuites((String[]) this.cfg.getSSLCipherSuite().toArray(new String[0]));
                        }
                        sSLSocket.startHandshake();
                    } else {
                        socket2 = socket;
                    }
                    lDAPReader = new LDAPReader(socket2);
                    lDAPWriter = new LDAPWriter(socket2);
                    lDAPConnection = new LDAPConnection(socket, socket2, lDAPReader, lDAPWriter);
                    if (lDAPConnection == null) {
                        StaticUtils.close(lDAPReader, lDAPWriter);
                        StaticUtils.close(socket2);
                        if (socket2 != socket) {
                            StaticUtils.close(socket);
                        }
                    }
                    return lDAPConnection;
                } catch (Throwable th) {
                    if (lDAPConnection == null) {
                        StaticUtils.close(lDAPReader, lDAPWriter);
                        StaticUtils.close(socket2);
                        if (socket2 != socket) {
                            StaticUtils.close(socket);
                        }
                    }
                    throw th;
                }
            } catch (ConnectException e) {
                LDAPPassThroughAuthenticationPolicyFactory.logger.traceException(e);
                throw new DirectoryException(ResultCode.CLIENT_SIDE_CONNECT_ERROR, ExtensionMessages.ERR_LDAP_PTA_CONNECT_ERROR.get(this.host, Integer.valueOf(this.port), this.cfg.dn(), Integer.valueOf(this.port)), e);
            } catch (SocketTimeoutException e2) {
                LDAPPassThroughAuthenticationPolicyFactory.logger.traceException(e2);
                throw new DirectoryException(ResultCode.CLIENT_SIDE_TIMEOUT, ExtensionMessages.ERR_LDAP_PTA_CONNECT_TIMEOUT.get(this.host, Integer.valueOf(this.port), this.cfg.dn()), e2);
            } catch (UnknownHostException e3) {
                LDAPPassThroughAuthenticationPolicyFactory.logger.traceException(e3);
                throw new DirectoryException(ResultCode.CLIENT_SIDE_CONNECT_ERROR, ExtensionMessages.ERR_LDAP_PTA_CONNECT_UNKNOWN_HOST.get(this.host, Integer.valueOf(this.port), this.cfg.dn(), this.host), e3);
            } catch (SSLException e4) {
                LDAPPassThroughAuthenticationPolicyFactory.logger.traceException(e4);
                throw new DirectoryException(ResultCode.CLIENT_SIDE_CONNECT_ERROR, ExtensionMessages.ERR_LDAP_PTA_CONNECT_SSL_ERROR.get(this.host, Integer.valueOf(this.port), this.cfg.dn(), e4.getMessage()), e4);
            } catch (Exception e5) {
                LDAPPassThroughAuthenticationPolicyFactory.logger.traceException(e5);
                throw new DirectoryException(ResultCode.CLIENT_SIDE_CONNECT_ERROR, ExtensionMessages.ERR_LDAP_PTA_CONNECT_OTHER_ERROR.get(this.host, Integer.valueOf(this.port), this.cfg.dn(), e5.getMessage()), e5);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory$PolicyImpl.class */
    public final class PolicyImpl extends AuthenticationPolicy implements ConfigurationChangeListener<LDAPPassThroughAuthenticationPolicyCfg> {
        private final ReentrantReadWriteLock lock;
        private final ReentrantReadWriteLock.ReadLock sharedLock;
        private final ReentrantReadWriteLock.WriteLock exclusiveLock;
        private LDAPPassThroughAuthenticationPolicyCfg cfg;
        private ConnectionFactory searchFactory;
        private ConnectionFactory bindFactory;
        private PasswordStorageScheme<?> pwdStorageScheme;

        /* loaded from: input_file:org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory$PolicyImpl$StateImpl.class */
        private final class StateImpl extends AuthenticationPolicyState {
            private final AttributeType cachedPasswordAttribute;
            private final AttributeType cachedPasswordTimeAttribute;
            private ByteString newCachedPassword;

            private StateImpl(Entry entry) {
                super(entry);
                this.cachedPasswordAttribute = DirectoryServer.getAttributeTypeOrDefault(ConfigConstants.OP_ATTR_PTAPOLICY_CACHED_PASSWORD);
                this.cachedPasswordTimeAttribute = DirectoryServer.getAttributeTypeOrDefault(ConfigConstants.OP_ATTR_PTAPOLICY_CACHED_PASSWORD_TIME);
            }

            @Override // org.opends.server.api.AuthenticationPolicyState
            public void finalizeStateAfterBind() throws DirectoryException {
                PolicyImpl.this.sharedLock.lock();
                try {
                    if (PolicyImpl.this.cfg.isUsePasswordCaching() && this.newCachedPassword != null) {
                        ByteString encodePasswordWithScheme = PolicyImpl.this.pwdStorageScheme.encodePasswordWithScheme(this.newCachedPassword);
                        ArrayList arrayList = new ArrayList(2);
                        arrayList.add(RawModification.create(ModificationType.REPLACE, ConfigConstants.OP_ATTR_PTAPOLICY_CACHED_PASSWORD, encodePasswordWithScheme));
                        arrayList.add(RawModification.create(ModificationType.REPLACE, ConfigConstants.OP_ATTR_PTAPOLICY_CACHED_PASSWORD_TIME, LDAPPassThroughAuthenticationPolicyFactory.this.provider.getCurrentTime()));
                        ModifyOperation processModify = InternalClientConnection.getRootConnection().processModify(this.userEntry.getName().toString(), arrayList);
                        if (processModify.getResultCode() != ResultCode.SUCCESS && LDAPPassThroughAuthenticationPolicyFactory.logger.isTraceEnabled()) {
                            LDAPPassThroughAuthenticationPolicyFactory.logger.trace("An error occurred while trying to update the LDAP PTA cached password for user %s: %s", this.userEntry.getName(), processModify.getErrorMessage());
                        }
                        this.newCachedPassword = null;
                    }
                } finally {
                    PolicyImpl.this.sharedLock.unlock();
                }
            }

            @Override // org.opends.server.api.AuthenticationPolicyState
            public AuthenticationPolicy getAuthenticationPolicy() {
                return PolicyImpl.this;
            }

            /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
            /* JADX WARN: Failed to find 'out' block for switch in B:106:0x037b. Please report as an issue. */
            /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0035. Please report as an issue. */
            @Override // org.opends.server.api.AuthenticationPolicyState
            public boolean passwordMatches(ByteString byteString) throws DirectoryException {
                Connection connection;
                PolicyImpl.this.sharedLock.lock();
                try {
                    if (passwordMatchesCachedPassword(byteString)) {
                        PolicyImpl.this.sharedLock.unlock();
                        return true;
                    }
                    ByteString byteString2 = null;
                    switch (PolicyImpl.this.cfg.getMappingPolicy()) {
                        case UNMAPPED:
                            byteString2 = ByteString.valueOf(this.userEntry.getName().toString());
                            connection = null;
                            try {
                                try {
                                    connection = PolicyImpl.this.bindFactory.getConnection();
                                    connection.simpleBind(byteString2, byteString);
                                    this.newCachedPassword = byteString;
                                    StaticUtils.close(connection);
                                    PolicyImpl.this.sharedLock.unlock();
                                    return true;
                                } catch (DirectoryException e) {
                                    switch (AnonymousClass2.$SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[e.getResultCode().asEnum().ordinal()]) {
                                        case 3:
                                        case 6:
                                            StaticUtils.close(connection);
                                            PolicyImpl.this.sharedLock.unlock();
                                            return false;
                                        default:
                                            throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_LDAP_PTA_MAPPED_BIND_FAILED.get(this.userEntry.getName(), PolicyImpl.this.cfg.dn(), e.getMessageObject()), e);
                                    }
                                }
                            } finally {
                                StaticUtils.close(connection);
                            }
                        case MAPPED_BIND:
                            Iterator<AttributeType> it = PolicyImpl.this.cfg.getMappedAttribute().iterator();
                            while (true) {
                                if (it.hasNext()) {
                                    List<Attribute> attribute = this.userEntry.getAttribute(it.next());
                                    if (attribute != null && !attribute.isEmpty()) {
                                        for (Attribute attribute2 : attribute) {
                                            if (!attribute2.isEmpty()) {
                                                byteString2 = attribute2.iterator().next();
                                            }
                                        }
                                    }
                                }
                            }
                            if (byteString2 == null) {
                                throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_LDAP_PTA_MAPPING_ATTRIBUTE_NOT_FOUND.get(this.userEntry.getName(), PolicyImpl.this.cfg.dn(), LDAPPassThroughAuthenticationPolicyFactory.mappedAttributesAsString(PolicyImpl.this.cfg.getMappedAttribute())));
                            }
                            connection = null;
                            connection = PolicyImpl.this.bindFactory.getConnection();
                            connection.simpleBind(byteString2, byteString);
                            this.newCachedPassword = byteString;
                            StaticUtils.close(connection);
                            PolicyImpl.this.sharedLock.unlock();
                            return true;
                        case MAPPED_SEARCH:
                            LinkedList linkedList = new LinkedList();
                            for (AttributeType attributeType : PolicyImpl.this.cfg.getMappedAttribute()) {
                                List<Attribute> attribute3 = this.userEntry.getAttribute(attributeType);
                                if (attribute3 != null && !attribute3.isEmpty()) {
                                    Iterator<Attribute> it2 = attribute3.iterator();
                                    while (it2.hasNext()) {
                                        Iterator<ByteString> it3 = it2.next().iterator();
                                        while (it3.hasNext()) {
                                            linkedList.add(SearchFilter.createEqualityFilter(attributeType, it3.next()));
                                        }
                                    }
                                }
                            }
                            if (linkedList.isEmpty()) {
                                throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_LDAP_PTA_MAPPING_ATTRIBUTE_NOT_FOUND.get(this.userEntry.getName(), PolicyImpl.this.cfg.dn(), LDAPPassThroughAuthenticationPolicyFactory.mappedAttributesAsString(PolicyImpl.this.cfg.getMappedAttribute())));
                            }
                            SearchFilter createORFilter = linkedList.size() == 1 ? (SearchFilter) linkedList.getFirst() : SearchFilter.createORFilter(linkedList);
                            for (DN dn : PolicyImpl.this.cfg.getMappedSearchBaseDN()) {
                                Connection connection2 = null;
                                try {
                                    try {
                                        connection2 = PolicyImpl.this.searchFactory.getConnection();
                                        byteString2 = connection2.search(dn, SearchScope.WHOLE_SUBTREE, createORFilter);
                                        StaticUtils.close(connection2);
                                    } finally {
                                        StaticUtils.close(null);
                                    }
                                } catch (DirectoryException e2) {
                                    switch (AnonymousClass2.$SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[e2.getResultCode().asEnum().ordinal()]) {
                                        case 3:
                                        case 4:
                                            StaticUtils.close(connection2);
                                            break;
                                        case 5:
                                            throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_LDAP_PTA_MAPPED_SEARCH_TOO_MANY_CANDIDATES.get(this.userEntry.getName(), PolicyImpl.this.cfg.dn(), dn, createORFilter));
                                        default:
                                            throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_LDAP_PTA_MAPPED_SEARCH_FAILED.get(this.userEntry.getName(), PolicyImpl.this.cfg.dn(), e2.getMessageObject()), e2);
                                    }
                                }
                            }
                            if (byteString2 == null) {
                                throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_LDAP_PTA_MAPPED_SEARCH_NO_CANDIDATES.get(this.userEntry.getName(), PolicyImpl.this.cfg.dn(), createORFilter));
                            }
                            connection = null;
                            connection = PolicyImpl.this.bindFactory.getConnection();
                            connection.simpleBind(byteString2, byteString);
                            this.newCachedPassword = byteString;
                            StaticUtils.close(connection);
                            PolicyImpl.this.sharedLock.unlock();
                            return true;
                        default:
                            connection = null;
                            connection = PolicyImpl.this.bindFactory.getConnection();
                            connection.simpleBind(byteString2, byteString);
                            this.newCachedPassword = byteString;
                            StaticUtils.close(connection);
                            PolicyImpl.this.sharedLock.unlock();
                            return true;
                    }
                } catch (Throwable th) {
                    PolicyImpl.this.sharedLock.unlock();
                    throw th;
                }
            }

            private boolean passwordMatchesCachedPassword(ByteString byteString) {
                if (!PolicyImpl.this.cfg.isUsePasswordCaching()) {
                    return false;
                }
                boolean z = false;
                List<Attribute> attribute = this.userEntry.getAttribute(this.cachedPasswordTimeAttribute);
                if (attribute != null && !attribute.isEmpty()) {
                    Iterator<Attribute> it = attribute.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Attribute next = it.next();
                        if (!next.hasOptions()) {
                            Iterator<ByteString> it2 = next.iterator();
                            if (it2.hasNext()) {
                                try {
                                    z = GeneralizedTime.valueOf(it2.next().toString()).getTimeInMillis() + (PolicyImpl.this.cfg.getCachedPasswordTTL() * 1000) > LDAPPassThroughAuthenticationPolicyFactory.this.provider.getCurrentTimeMS();
                                } catch (LocalizedIllegalArgumentException e) {
                                    LDAPPassThroughAuthenticationPolicyFactory.logger.traceException(e);
                                }
                            }
                        }
                    }
                }
                if (!z) {
                    return false;
                }
                ByteString byteString2 = null;
                List<Attribute> attribute2 = this.userEntry.getAttribute(this.cachedPasswordAttribute);
                if (attribute2 != null && !attribute2.isEmpty()) {
                    Iterator<Attribute> it3 = attribute2.iterator();
                    while (true) {
                        if (!it3.hasNext()) {
                            break;
                        }
                        Attribute next2 = it3.next();
                        if (!next2.hasOptions()) {
                            Iterator<ByteString> it4 = next2.iterator();
                            if (it4.hasNext()) {
                                byteString2 = it4.next();
                                break;
                            }
                        }
                    }
                }
                if (byteString2 == null) {
                    return false;
                }
                try {
                    String[] decodeUserPassword = UserPasswordSyntax.decodeUserPassword(byteString2.toString());
                    PasswordStorageScheme passwordStorageScheme = DirectoryServer.getPasswordStorageScheme(decodeUserPassword[0]);
                    if (passwordStorageScheme != null) {
                        return passwordStorageScheme.passwordMatches(byteString, ByteString.valueOf(decodeUserPassword[1]));
                    }
                    return false;
                } catch (DirectoryException e2) {
                    LDAPPassThroughAuthenticationPolicyFactory.logger.traceException(e2);
                    return false;
                }
            }
        }

        private PolicyImpl(LDAPPassThroughAuthenticationPolicyCfg lDAPPassThroughAuthenticationPolicyCfg) {
            this.lock = new ReentrantReadWriteLock();
            this.sharedLock = this.lock.readLock();
            this.exclusiveLock = this.lock.writeLock();
            initializeConfiguration(lDAPPassThroughAuthenticationPolicyCfg);
        }

        @Override // org.opends.server.admin.server.ConfigurationChangeListener
        public ConfigChangeResult applyConfigurationChange(LDAPPassThroughAuthenticationPolicyCfg lDAPPassThroughAuthenticationPolicyCfg) {
            this.exclusiveLock.lock();
            try {
                closeConnections();
                initializeConfiguration(lDAPPassThroughAuthenticationPolicyCfg);
                this.exclusiveLock.unlock();
                return new ConfigChangeResult();
            } catch (Throwable th) {
                this.exclusiveLock.unlock();
                throw th;
            }
        }

        @Override // org.opends.server.api.AuthenticationPolicy
        public AuthenticationPolicyState createAuthenticationPolicyState(Entry entry, long j) throws DirectoryException {
            return new StateImpl(entry);
        }

        @Override // org.opends.server.api.AuthenticationPolicy
        public void finalizeAuthenticationPolicy() {
            this.exclusiveLock.lock();
            try {
                this.cfg.removeLDAPPassThroughChangeListener(this);
                closeConnections();
                this.exclusiveLock.unlock();
            } catch (Throwable th) {
                this.exclusiveLock.unlock();
                throw th;
            }
        }

        @Override // org.opends.server.api.AuthenticationPolicy
        public DN getDN() {
            return this.cfg.dn();
        }

        /* renamed from: isConfigurationChangeAcceptable, reason: avoid collision after fix types in other method */
        public boolean isConfigurationChangeAcceptable2(LDAPPassThroughAuthenticationPolicyCfg lDAPPassThroughAuthenticationPolicyCfg, List<LocalizableMessage> list) {
            return LDAPPassThroughAuthenticationPolicyFactory.this.isConfigurationAcceptable2(lDAPPassThroughAuthenticationPolicyCfg, list);
        }

        private void closeConnections() {
            this.exclusiveLock.lock();
            try {
                if (this.searchFactory != null) {
                    this.searchFactory.close();
                    this.searchFactory = null;
                }
                if (this.bindFactory != null) {
                    this.bindFactory.close();
                    this.bindFactory = null;
                }
            } finally {
                this.exclusiveLock.unlock();
            }
        }

        private void initializeConfiguration(LDAPPassThroughAuthenticationPolicyCfg lDAPPassThroughAuthenticationPolicyCfg) {
            this.cfg = lDAPPassThroughAuthenticationPolicyCfg;
            String mappedSearchBindPassword = (lDAPPassThroughAuthenticationPolicyCfg.getMappingPolicy() != LDAPPassThroughAuthenticationPolicyCfgDefn.MappingPolicy.MAPPED_SEARCH || lDAPPassThroughAuthenticationPolicyCfg.getMappedSearchBindDN() == null || lDAPPassThroughAuthenticationPolicyCfg.getMappedSearchBindDN().isRootDN()) ? null : LDAPPassThroughAuthenticationPolicyFactory.getMappedSearchBindPassword(lDAPPassThroughAuthenticationPolicyCfg, new LinkedList());
            ScheduledExecutorService scheduledExecutorService = LDAPPassThroughAuthenticationPolicyFactory.this.provider.getScheduledExecutorService();
            SortedSet<String> primaryRemoteLDAPServer = lDAPPassThroughAuthenticationPolicyCfg.getPrimaryRemoteLDAPServer();
            ConnectionPool[] connectionPoolArr = new ConnectionPool[primaryRemoteLDAPServer.size()];
            ConnectionPool[] connectionPoolArr2 = new ConnectionPool[primaryRemoteLDAPServer.size()];
            int i = 0;
            Iterator<String> it = primaryRemoteLDAPServer.iterator();
            while (it.hasNext()) {
                ConnectionFactory newLDAPConnectionFactory = newLDAPConnectionFactory(it.next());
                connectionPoolArr[i] = new ConnectionPool(new AuthenticatedConnectionFactory(newLDAPConnectionFactory, lDAPPassThroughAuthenticationPolicyCfg.getMappedSearchBindDN(), mappedSearchBindPassword));
                int i2 = i;
                i++;
                connectionPoolArr2[i2] = new ConnectionPool(newLDAPConnectionFactory);
            }
            RoundRobinLoadBalancer roundRobinLoadBalancer = new RoundRobinLoadBalancer(connectionPoolArr, scheduledExecutorService);
            RoundRobinLoadBalancer roundRobinLoadBalancer2 = new RoundRobinLoadBalancer(connectionPoolArr2, scheduledExecutorService);
            SortedSet<String> secondaryRemoteLDAPServer = lDAPPassThroughAuthenticationPolicyCfg.getSecondaryRemoteLDAPServer();
            if (secondaryRemoteLDAPServer.isEmpty()) {
                this.searchFactory = roundRobinLoadBalancer;
                this.bindFactory = roundRobinLoadBalancer2;
            } else {
                ConnectionPool[] connectionPoolArr3 = new ConnectionPool[secondaryRemoteLDAPServer.size()];
                ConnectionPool[] connectionPoolArr4 = new ConnectionPool[secondaryRemoteLDAPServer.size()];
                int i3 = 0;
                Iterator<String> it2 = secondaryRemoteLDAPServer.iterator();
                while (it2.hasNext()) {
                    ConnectionFactory newLDAPConnectionFactory2 = newLDAPConnectionFactory(it2.next());
                    connectionPoolArr3[i3] = new ConnectionPool(new AuthenticatedConnectionFactory(newLDAPConnectionFactory2, lDAPPassThroughAuthenticationPolicyCfg.getMappedSearchBindDN(), mappedSearchBindPassword));
                    int i4 = i3;
                    i3++;
                    connectionPoolArr4[i4] = new ConnectionPool(newLDAPConnectionFactory2);
                }
                RoundRobinLoadBalancer roundRobinLoadBalancer3 = new RoundRobinLoadBalancer(connectionPoolArr3, scheduledExecutorService);
                RoundRobinLoadBalancer roundRobinLoadBalancer4 = new RoundRobinLoadBalancer(connectionPoolArr4, scheduledExecutorService);
                this.searchFactory = new FailoverLoadBalancer(roundRobinLoadBalancer, roundRobinLoadBalancer3, scheduledExecutorService);
                this.bindFactory = new FailoverLoadBalancer(roundRobinLoadBalancer2, roundRobinLoadBalancer4, scheduledExecutorService);
            }
            if (lDAPPassThroughAuthenticationPolicyCfg.isUsePasswordCaching()) {
                this.pwdStorageScheme = DirectoryServer.getPasswordStorageScheme(lDAPPassThroughAuthenticationPolicyCfg.getCachedPasswordStorageSchemeDN());
            }
        }

        private ConnectionFactory newLDAPConnectionFactory(String str) {
            HostPort valueOf = HostPort.valueOf(str);
            return LDAPPassThroughAuthenticationPolicyFactory.this.provider.getLDAPConnectionFactory(valueOf.getHost(), valueOf.getPort(), this.cfg);
        }

        @Override // org.opends.server.admin.server.ConfigurationChangeListener
        public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(LDAPPassThroughAuthenticationPolicyCfg lDAPPassThroughAuthenticationPolicyCfg, List list) {
            return isConfigurationChangeAcceptable2(lDAPPassThroughAuthenticationPolicyCfg, (List<LocalizableMessage>) list);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory$Provider.class */
    public interface Provider {
        ConnectionFactory getLDAPConnectionFactory(String str, int i, LDAPPassThroughAuthenticationPolicyCfg lDAPPassThroughAuthenticationPolicyCfg);

        ScheduledExecutorService getScheduledExecutorService();

        String getCurrentTime();

        long getCurrentTimeMS();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory$RoundRobinLoadBalancer.class */
    public static final class RoundRobinLoadBalancer extends AbstractLoadBalancer {
        private final AtomicInteger nextIndex;
        private final int maxIndex;

        RoundRobinLoadBalancer(ConnectionFactory[] connectionFactoryArr, ScheduledExecutorService scheduledExecutorService) {
            super(connectionFactoryArr, scheduledExecutorService);
            this.nextIndex = new AtomicInteger();
            this.maxIndex = connectionFactoryArr.length;
        }

        @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.AbstractLoadBalancer
        int getStartIndex() {
            int i;
            int i2;
            if (this.maxIndex == 1) {
                return 0;
            }
            do {
                i = this.nextIndex.get();
                i2 = i + 1;
                if (i2 == this.maxIndex) {
                    i2 = 0;
                }
            } while (!this.nextIndex.compareAndSet(i, i2));
            return i;
        }
    }

    static boolean isServiceError(ResultCode resultCode) {
        switch (AnonymousClass2.$SwitchMap$org$forgerock$opendj$ldap$ResultCode$Enum[resultCode.asEnum().ordinal()]) {
            case 7:
            case 8:
            case PasswordPolicyStateExtendedOperation.OP_SET_PASSWORD_CHANGED_TIME /* 9 */:
            case 10:
            case 11:
            case 12:
            case 13:
            case 14:
            case 15:
            case 16:
            case 17:
            case 18:
            case 19:
            case 20:
            case 21:
            case PasswordPolicyStateExtendedOperation.OP_GET_LAST_LOGIN_TIME /* 22 */:
                return true;
            default:
                return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getMappedSearchBindPassword(LDAPPassThroughAuthenticationPolicyCfg lDAPPassThroughAuthenticationPolicyCfg, List<LocalizableMessage> list) {
        String str = null;
        if (lDAPPassThroughAuthenticationPolicyCfg.getMappedSearchBindPasswordProperty() != null) {
            String mappedSearchBindPasswordProperty = lDAPPassThroughAuthenticationPolicyCfg.getMappedSearchBindPasswordProperty();
            str = System.getProperty(mappedSearchBindPasswordProperty);
            if (str == null) {
                list.add(ExtensionMessages.ERR_LDAP_PTA_PWD_PROPERTY_NOT_SET.get(lDAPPassThroughAuthenticationPolicyCfg.dn(), mappedSearchBindPasswordProperty));
            }
        } else if (lDAPPassThroughAuthenticationPolicyCfg.getMappedSearchBindPasswordEnvironmentVariable() != null) {
            String mappedSearchBindPasswordEnvironmentVariable = lDAPPassThroughAuthenticationPolicyCfg.getMappedSearchBindPasswordEnvironmentVariable();
            str = System.getenv(mappedSearchBindPasswordEnvironmentVariable);
            if (str == null) {
                list.add(ExtensionMessages.ERR_LDAP_PTA_PWD_ENVAR_NOT_SET.get(lDAPPassThroughAuthenticationPolicyCfg.dn(), mappedSearchBindPasswordEnvironmentVariable));
            }
        } else if (lDAPPassThroughAuthenticationPolicyCfg.getMappedSearchBindPasswordFile() != null) {
            String mappedSearchBindPasswordFile = lDAPPassThroughAuthenticationPolicyCfg.getMappedSearchBindPasswordFile();
            File fileForPath = StaticUtils.getFileForPath(mappedSearchBindPasswordFile);
            if (fileForPath.exists()) {
                BufferedReader bufferedReader = null;
                try {
                    try {
                        bufferedReader = new BufferedReader(new FileReader(fileForPath));
                        str = bufferedReader.readLine();
                        if (str == null) {
                            list.add(ExtensionMessages.ERR_LDAP_PTA_PWD_FILE_EMPTY.get(lDAPPassThroughAuthenticationPolicyCfg.dn(), mappedSearchBindPasswordFile));
                        }
                        StaticUtils.close(bufferedReader);
                    } catch (IOException e) {
                        list.add(ExtensionMessages.ERR_LDAP_PTA_PWD_FILE_CANNOT_READ.get(lDAPPassThroughAuthenticationPolicyCfg.dn(), mappedSearchBindPasswordFile, StaticUtils.getExceptionMessage(e)));
                        StaticUtils.close(bufferedReader);
                    }
                } catch (Throwable th) {
                    StaticUtils.close(bufferedReader);
                    throw th;
                }
            } else {
                list.add(ExtensionMessages.ERR_LDAP_PTA_PWD_NO_SUCH_FILE.get(lDAPPassThroughAuthenticationPolicyCfg.dn(), mappedSearchBindPasswordFile));
            }
        } else if (lDAPPassThroughAuthenticationPolicyCfg.getMappedSearchBindPassword() != null) {
            str = lDAPPassThroughAuthenticationPolicyCfg.getMappedSearchBindPassword();
        } else {
            list.add(ExtensionMessages.ERR_LDAP_PTA_NO_PWD.get(lDAPPassThroughAuthenticationPolicyCfg.dn()));
        }
        return str;
    }

    private static boolean isServerAddressValid(LDAPPassThroughAuthenticationPolicyCfg lDAPPassThroughAuthenticationPolicyCfg, List<LocalizableMessage> list, String str) {
        try {
            HostPort.valueOf(str);
            return true;
        } catch (RuntimeException e) {
            if (list == null) {
                return false;
            }
            list.add(ExtensionMessages.ERR_LDAP_PTA_INVALID_PORT_NUMBER.get(lDAPPassThroughAuthenticationPolicyCfg.dn(), str));
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String mappedAttributesAsString(Collection<AttributeType> collection) {
        switch (collection.size()) {
            case 0:
                return "";
            case 1:
                return collection.iterator().next().getNameOrOID();
            default:
                StringBuilder sb = new StringBuilder();
                Iterator<AttributeType> it = collection.iterator();
                sb.append(it.next().getNameOrOID());
                while (it.hasNext()) {
                    sb.append(", ");
                    sb.append(it.next().getNameOrOID());
                }
                return sb.toString();
        }
    }

    public LDAPPassThroughAuthenticationPolicyFactory() {
        this(DEFAULT_PROVIDER);
    }

    @Override // org.opends.server.api.AuthenticationPolicyFactory
    public void setServerContext(ServerContext serverContext) {
        this.serverContext = serverContext;
    }

    LDAPPassThroughAuthenticationPolicyFactory(Provider provider) {
        this.provider = provider;
    }

    @Override // org.opends.server.api.AuthenticationPolicyFactory
    public AuthenticationPolicy createAuthenticationPolicy(LDAPPassThroughAuthenticationPolicyCfg lDAPPassThroughAuthenticationPolicyCfg) throws ConfigException, InitializationException {
        PolicyImpl policyImpl = new PolicyImpl(lDAPPassThroughAuthenticationPolicyCfg);
        lDAPPassThroughAuthenticationPolicyCfg.addLDAPPassThroughChangeListener(policyImpl);
        return policyImpl;
    }

    /* renamed from: isConfigurationAcceptable, reason: avoid collision after fix types in other method */
    public boolean isConfigurationAcceptable2(LDAPPassThroughAuthenticationPolicyCfg lDAPPassThroughAuthenticationPolicyCfg, List<LocalizableMessage> list) {
        boolean z = true;
        Iterator<String> it = lDAPPassThroughAuthenticationPolicyCfg.getPrimaryRemoteLDAPServer().iterator();
        while (it.hasNext()) {
            z &= isServerAddressValid(lDAPPassThroughAuthenticationPolicyCfg, list, it.next());
        }
        Iterator<String> it2 = lDAPPassThroughAuthenticationPolicyCfg.getSecondaryRemoteLDAPServer().iterator();
        while (it2.hasNext()) {
            z &= isServerAddressValid(lDAPPassThroughAuthenticationPolicyCfg, list, it2.next());
        }
        if (lDAPPassThroughAuthenticationPolicyCfg.getMappingPolicy() == LDAPPassThroughAuthenticationPolicyCfgDefn.MappingPolicy.MAPPED_SEARCH && lDAPPassThroughAuthenticationPolicyCfg.getMappedSearchBindDN() != null && !lDAPPassThroughAuthenticationPolicyCfg.getMappedSearchBindDN().isRootDN() && getMappedSearchBindPassword(lDAPPassThroughAuthenticationPolicyCfg, list) == null) {
            z = false;
        }
        return z;
    }

    @Override // org.opends.server.api.AuthenticationPolicyFactory
    public /* bridge */ /* synthetic */ boolean isConfigurationAcceptable(LDAPPassThroughAuthenticationPolicyCfg lDAPPassThroughAuthenticationPolicyCfg, List list) {
        return isConfigurationAcceptable2(lDAPPassThroughAuthenticationPolicyCfg, (List<LocalizableMessage>) list);
    }

    static {
        NO_ATTRIBUTES.add(SchemaConstants.NO_ATTRIBUTES);
        DEFAULT_PROVIDER = new Provider() { // from class: org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.1
            private final ScheduledExecutorService scheduler = Executors.newScheduledThreadPool(2, new ThreadFactory() { // from class: org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.1.1
                @Override // java.util.concurrent.ThreadFactory
                public Thread newThread(Runnable runnable) {
                    DirectoryThread directoryThread = new DirectoryThread(runnable, "LDAP PTA connection monitor thread");
                    directoryThread.setDaemon(true);
                    return directoryThread;
                }
            });

            @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.Provider
            public ConnectionFactory getLDAPConnectionFactory(String str, int i, LDAPPassThroughAuthenticationPolicyCfg lDAPPassThroughAuthenticationPolicyCfg) {
                return new LDAPConnectionFactory(str, i, lDAPPassThroughAuthenticationPolicyCfg);
            }

            @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.Provider
            public ScheduledExecutorService getScheduledExecutorService() {
                return this.scheduler;
            }

            @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.Provider
            public String getCurrentTime() {
                return TimeThread.getGMTTime();
            }

            @Override // org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory.Provider
            public long getCurrentTimeMS() {
                return TimeThread.getTime();
            }
        };
    }
}
