package org.apache.directory.server.core.authn;

import java.util.Collections;
import java.util.Date;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum;
import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.DefaultModification;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.ModificationOperation;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.password.PasswordUtil;
import org.apache.directory.api.util.DateUtils;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.InterceptorEnum;
import org.apache.directory.server.core.api.authn.ppolicy.PasswordPolicyConfiguration;
import org.apache.directory.server.core.api.authn.ppolicy.PasswordPolicyException;
import org.apache.directory.server.core.api.interceptor.context.ModifyOperationContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/core/authn/AbstractAuthenticator.class */
public abstract class AbstractAuthenticator implements Authenticator {
    protected static final Logger LOG = LoggerFactory.getLogger(AbstractAuthenticator.class);
    private DirectoryService directoryService;
    private final AuthenticationLevel authenticatorType;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAuthenticator(AuthenticationLevel authenticationLevel) {
        this.authenticatorType = authenticationLevel;
    }

    public DirectoryService getDirectoryService() {
        return this.directoryService;
    }

    @Override // org.apache.directory.server.core.authn.Authenticator
    public AuthenticationLevel getAuthenticatorType() {
        return this.authenticatorType;
    }

    @Override // org.apache.directory.server.core.authn.Authenticator
    public final void init(DirectoryService directoryService) throws LdapException {
        this.directoryService = directoryService;
        doInit();
    }

    protected void doInit() {
    }

    @Override // org.apache.directory.server.core.authn.Authenticator
    public final void destroy() {
        try {
            doDestroy();
            this.directoryService = null;
        } catch (Throwable th) {
            this.directoryService = null;
            throw th;
        }
    }

    protected void doDestroy() {
    }

    @Override // org.apache.directory.server.core.authn.Authenticator
    public void invalidateCache(Dn dn) {
    }

    @Override // org.apache.directory.server.core.authn.Authenticator
    public void checkPwdPolicy(Entry entry) throws LdapException {
        Attribute attribute;
        if (this.directoryService.isPwdPolicyEnabled()) {
            PasswordPolicyConfiguration pwdPolicy = this.directoryService.getInterceptor(InterceptorEnum.AUTHENTICATION_INTERCEPTOR.getName()).getPwdPolicy(entry);
            if (pwdPolicy.isPwdLockout()) {
                LOG.debug("checking if account with the Dn {} is locked", entry.getDn());
                Attribute attribute2 = entry.get("pwdAccountLockedTime");
                if (attribute2 != null) {
                    String string = attribute2.getString();
                    if (string.equals("000001010000Z")) {
                        throw new PasswordPolicyException("account was permanently locked", PasswordPolicyErrorEnum.ACCOUNT_LOCKED.getValue());
                    }
                    Date date = new Date((pwdPolicy.getPwdLockoutDuration() * 1000) + DateUtils.getDate(string).getTime());
                    if (date.after(DateUtils.getDate(DateUtils.getGeneralizedTime()))) {
                        throw new PasswordPolicyException("account will remain locked till " + date, PasswordPolicyErrorEnum.ACCOUNT_LOCKED.getValue());
                    }
                    DefaultModification defaultModification = new DefaultModification(ModificationOperation.REMOVE_ATTRIBUTE, attribute2);
                    ModifyOperationContext modifyOperationContext = new ModifyOperationContext(this.directoryService.getAdminSession());
                    modifyOperationContext.setDn(entry.getDn());
                    modifyOperationContext.setModItems(Collections.singletonList(defaultModification));
                    this.directoryService.getPartitionNexus().modify(modifyOperationContext);
                }
            }
            Attribute attribute3 = entry.get("pwdStartTime");
            if (attribute3 != null) {
                Date date2 = DateUtils.getDate(attribute3.getString());
                if (System.currentTimeMillis() < date2.getTime()) {
                    throw new PasswordPolicyException("account is locked, will be activated after " + date2, PasswordPolicyErrorEnum.ACCOUNT_LOCKED.getValue());
                }
            }
            Attribute attribute4 = entry.get("pwdEndTime");
            if (attribute4 != null) {
                if (System.currentTimeMillis() >= DateUtils.getDate(attribute4.getString()).getTime()) {
                    throw new PasswordPolicyException("password end time reached, will be locked till administrator activates it", PasswordPolicyErrorEnum.ACCOUNT_LOCKED.getValue());
                }
            }
            if (pwdPolicy.getPwdMaxIdle() > 0 && (attribute = entry.get("pwdLastSuccess")) != null) {
                if (System.currentTimeMillis() >= (pwdPolicy.getPwdMaxIdle() * 1000) + DateUtils.getDate(attribute.getString()).getTime()) {
                    throw new PasswordPolicyException("account locked due to the max idle time of the password was exceeded", PasswordPolicyErrorEnum.ACCOUNT_LOCKED.getValue());
                }
            }
            if (pwdPolicy.getPwdMaxAge() > 0) {
                if (pwdPolicy.getPwdGraceAuthNLimit() > 0) {
                    Attribute attribute5 = entry.get("pwdGraceUseTime");
                    if (attribute5 != null && attribute5.size() >= pwdPolicy.getPwdGraceAuthNLimit()) {
                        throw new PasswordPolicyException("paasword expired and max grace logins were used", PasswordPolicyErrorEnum.PASSWORD_EXPIRED.getValue());
                    }
                    return;
                }
                Attribute attribute6 = entry.get("pwdChangedTime");
                if (attribute6 != null && PasswordUtil.isPwdExpired(attribute6.getString(), pwdPolicy.getPwdMaxAge())) {
                    throw new PasswordPolicyException("paasword expired", PasswordPolicyErrorEnum.PASSWORD_EXPIRED.getValue());
                }
            }
        }
    }
}
