package org.apache.directory.server.core.ppolicy;

import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyResponseImpl;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapNoPermissionException;
import org.apache.directory.api.ldap.model.message.MessageTypeEnum;
import org.apache.directory.api.ldap.model.schema.AttributeType;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.InterceptorEnum;
import org.apache.directory.server.core.api.authn.ppolicy.PasswordPolicyConfiguration;
import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
import org.apache.directory.server.core.api.interceptor.context.CompareOperationContext;
import org.apache.directory.server.core.api.interceptor.context.DeleteOperationContext;
import org.apache.directory.server.core.api.interceptor.context.GetRootDseOperationContext;
import org.apache.directory.server.core.api.interceptor.context.HasEntryOperationContext;
import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
import org.apache.directory.server.core.api.interceptor.context.ModifyOperationContext;
import org.apache.directory.server.core.api.interceptor.context.MoveAndRenameOperationContext;
import org.apache.directory.server.core.api.interceptor.context.MoveOperationContext;
import org.apache.directory.server.core.api.interceptor.context.OperationContext;
import org.apache.directory.server.core.api.interceptor.context.RenameOperationContext;
import org.apache.directory.server.core.api.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.api.interceptor.context.UnbindOperationContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/core/ppolicy/PPolicyInterceptor.class */
public class PPolicyInterceptor extends BaseInterceptor {
    private static final Logger LOG = LoggerFactory.getLogger(PPolicyInterceptor.class);
    private static final boolean IS_DEBUG = LOG.isDebugEnabled();
    private AttributeType pwdResetAT;
    private AttributeType pwdChangedTimeAT;
    private AttributeType pwdHistoryAT;
    private AttributeType pwdFailureTimeAT;
    private AttributeType pwdAccountLockedTimeAT;
    private AttributeType pwdLastSuccessAT;
    private AttributeType pwdGraceUseTimeAT;
    private AttributeType pwdPolicySubentryAT;
    private AttributeType pwdStartTimeAT;
    private AttributeType pwdEndTimeAT;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.directory.server.core.ppolicy.PPolicyInterceptor$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/directory/server/core/ppolicy/PPolicyInterceptor$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$directory$api$ldap$model$message$MessageTypeEnum = new int[MessageTypeEnum.values().length];

        static {
            try {
                $SwitchMap$org$apache$directory$api$ldap$model$message$MessageTypeEnum[MessageTypeEnum.ADD_REQUEST.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$directory$api$ldap$model$message$MessageTypeEnum[MessageTypeEnum.BIND_REQUEST.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$directory$api$ldap$model$message$MessageTypeEnum[MessageTypeEnum.COMPARE_REQUEST.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$directory$api$ldap$model$message$MessageTypeEnum[MessageTypeEnum.DEL_REQUEST.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$directory$api$ldap$model$message$MessageTypeEnum[MessageTypeEnum.EXTENDED_REQUEST.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$apache$directory$api$ldap$model$message$MessageTypeEnum[MessageTypeEnum.MODIFY_REQUEST.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$apache$directory$api$ldap$model$message$MessageTypeEnum[MessageTypeEnum.MODIFYDN_REQUEST.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$apache$directory$api$ldap$model$message$MessageTypeEnum[MessageTypeEnum.SEARCH_REQUEST.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$apache$directory$api$ldap$model$message$MessageTypeEnum[MessageTypeEnum.UNBIND_REQUEST.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$apache$directory$api$ldap$model$message$MessageTypeEnum[MessageTypeEnum.ABANDON_REQUEST.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
        }
    }

    public PPolicyInterceptor() {
        super(InterceptorEnum.PASSWORD_POLICY_INTERCEPTOR);
    }

    public void init(DirectoryService directoryService) throws LdapException {
        super.init(directoryService);
        loadPwdPolicyStateAttributeTypes();
    }

    public void loadPwdPolicyStateAttributeTypes() throws LdapException {
        this.pwdResetAT = this.schemaManager.lookupAttributeTypeRegistry("pwdReset");
        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add(this.pwdResetAT);
        this.pwdChangedTimeAT = this.schemaManager.lookupAttributeTypeRegistry("pwdChangedTime");
        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add(this.pwdChangedTimeAT);
        this.pwdHistoryAT = this.schemaManager.lookupAttributeTypeRegistry("pwdHistory");
        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add(this.pwdHistoryAT);
        this.pwdFailureTimeAT = this.schemaManager.lookupAttributeTypeRegistry("pwdFailureTime");
        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add(this.pwdFailureTimeAT);
        this.pwdAccountLockedTimeAT = this.schemaManager.lookupAttributeTypeRegistry("pwdAccountLockedTime");
        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add(this.pwdAccountLockedTimeAT);
        this.pwdLastSuccessAT = this.schemaManager.lookupAttributeTypeRegistry("pwdLastSuccess");
        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add(this.pwdLastSuccessAT);
        this.pwdGraceUseTimeAT = this.schemaManager.lookupAttributeTypeRegistry("pwdGraceUseTime");
        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add(this.pwdGraceUseTimeAT);
        this.pwdPolicySubentryAT = this.schemaManager.lookupAttributeTypeRegistry("pwdPolicySubentry");
        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add(this.pwdPolicySubentryAT);
        this.pwdStartTimeAT = this.schemaManager.lookupAttributeTypeRegistry("pwdStartTime");
        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add(this.pwdStartTimeAT);
        this.pwdEndTimeAT = this.schemaManager.lookupAttributeTypeRegistry("pwdEndTime");
        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add(this.pwdEndTimeAT);
    }

    public void add(AddOperationContext addOperationContext) throws LdapException {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", addOperationContext);
        }
        if (!this.directoryService.isPwdPolicyEnabled() || addOperationContext.isReplEvent()) {
            next(addOperationContext);
        } else if (getPwdPolicy(addOperationContext.getEntry(), MessageTypeEnum.ADD_REQUEST) == null) {
            next(addOperationContext);
        } else {
            checkPwdReset(addOperationContext);
            next(addOperationContext);
        }
    }

    public void bind(BindOperationContext bindOperationContext) throws LdapException {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", bindOperationContext);
        }
        next(bindOperationContext);
    }

    public boolean compare(CompareOperationContext compareOperationContext) throws LdapException {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", compareOperationContext);
        }
        return next(compareOperationContext);
    }

    public void delete(DeleteOperationContext deleteOperationContext) throws LdapException {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", deleteOperationContext);
        }
        next(deleteOperationContext);
    }

    public Entry getRootDse(GetRootDseOperationContext getRootDseOperationContext) throws LdapException {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", getRootDseOperationContext);
        }
        return next(getRootDseOperationContext);
    }

    public boolean hasEntry(HasEntryOperationContext hasEntryOperationContext) throws LdapException {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", hasEntryOperationContext);
        }
        return next(hasEntryOperationContext);
    }

    public Entry lookup(LookupOperationContext lookupOperationContext) throws LdapException {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", lookupOperationContext);
        }
        return next(lookupOperationContext);
    }

    public void modify(ModifyOperationContext modifyOperationContext) throws LdapException {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", modifyOperationContext);
        }
        next(modifyOperationContext);
    }

    public void move(MoveOperationContext moveOperationContext) throws LdapException {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", moveOperationContext);
        }
        next(moveOperationContext);
    }

    public void moveAndRename(MoveAndRenameOperationContext moveAndRenameOperationContext) throws LdapException {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", moveAndRenameOperationContext);
        }
        next(moveAndRenameOperationContext);
    }

    public void rename(RenameOperationContext renameOperationContext) throws LdapException {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", renameOperationContext);
        }
        next(renameOperationContext);
    }

    public EntryFilteringCursor search(SearchOperationContext searchOperationContext) throws LdapException {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", searchOperationContext);
        }
        return next(searchOperationContext);
    }

    public void unbind(UnbindOperationContext unbindOperationContext) throws LdapException {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", unbindOperationContext);
        }
        next(unbindOperationContext);
    }

    private void checkPwdReset(OperationContext operationContext) throws LdapException {
        if (this.directoryService.isPwdPolicyEnabled() && operationContext.getSession().isPwdMustChange()) {
            if (operationContext.hasRequestControl("1.3.6.1.4.1.42.2.27.8.5.1")) {
                PasswordPolicyResponseImpl passwordPolicyResponseImpl = new PasswordPolicyResponseImpl();
                passwordPolicyResponseImpl.setPasswordPolicyError(PasswordPolicyErrorEnum.CHANGE_AFTER_RESET);
                operationContext.addResponseControl(passwordPolicyResponseImpl);
            }
            throw new LdapNoPermissionException("password needs to be reset before performing this operation");
        }
    }

    private PasswordPolicyConfiguration getPwdPolicy(Entry entry, MessageTypeEnum messageTypeEnum) throws LdapException {
        switch (AnonymousClass1.$SwitchMap$org$apache$directory$api$ldap$model$message$MessageTypeEnum[messageTypeEnum.ordinal()]) {
            case 1:
            case 2:
            case 3:
            case 4:
            case 5:
            case 6:
                return entry.get(this.pwdPolicySubentryAT) == null ? null : null;
            case 7:
            case 8:
            case 9:
            case 10:
            default:
                return null;
        }
    }
}
