package org.apache.directory.server.ldap.handlers.extended;

import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.apache.directory.api.ldap.extras.extended.pwdModify.PasswordModifyRequest;
import org.apache.directory.api.ldap.extras.extended.pwdModify.PasswordModifyResponse;
import org.apache.directory.api.ldap.extras.extended.pwdModify.PasswordModifyResponseImpl;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.Strings;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
import org.apache.directory.server.ldap.ExtendedOperationHandler;
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.ldap.LdapSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/ldap/handlers/extended/PwdModifyHandler.class */
public class PwdModifyHandler implements ExtendedOperationHandler<PasswordModifyRequest, PasswordModifyResponse> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) PwdModifyHandler.class);
    public static final Set<String> EXTENSION_OIDS;

    @Override // org.apache.directory.server.ldap.ExtendedOperationHandler
    public String getOid() {
        return "1.3.6.1.4.1.4203.1.11.1";
    }

    /* JADX WARN: Removed duplicated region for block: B:46:0x02db  */
    /* JADX WARN: Type inference failed for: r4v11, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r4v13, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r4v3, types: [byte[], byte[][]] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void modifyUserPassword(org.apache.directory.server.core.api.CoreSession r10, org.apache.mina.core.session.IoSession r11, org.apache.directory.api.ldap.model.name.Dn r12, byte[] r13, byte[] r14, org.apache.directory.api.ldap.extras.extended.pwdModify.PasswordModifyRequest r15) {
        /*
            Method dump skipped, instructions count: 749
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.directory.server.ldap.handlers.extended.PwdModifyHandler.modifyUserPassword(org.apache.directory.server.core.api.CoreSession, org.apache.mina.core.session.IoSession, org.apache.directory.api.ldap.model.name.Dn, byte[], byte[], org.apache.directory.api.ldap.extras.extended.pwdModify.PasswordModifyRequest):void");
    }

    @Override // org.apache.directory.server.ldap.ExtendedOperationHandler
    public void handleExtendedOperation(LdapSession ldapSession, PasswordModifyRequest passwordModifyRequest) throws Exception {
        LOG.debug("Password modification requested");
        DirectoryService directoryService = ldapSession.getLdapServer().getDirectoryService();
        CoreSession adminSession = directoryService.getAdminSession();
        String utf8ToString = Strings.utf8ToString(passwordModifyRequest.getUserIdentity());
        Dn dn = null;
        if (!Strings.isEmpty(utf8ToString)) {
            try {
                dn = directoryService.getDnFactory().create(utf8ToString);
            } catch (LdapInvalidDnException e) {
                LOG.error("The user DN is invalid : " + dn);
                ldapSession.getIoSession().write(new PasswordModifyResponseImpl(passwordModifyRequest.getMessageId(), ResultCodeEnum.INVALID_DN_SYNTAX, "The user DN is invalid : " + dn));
                return;
            }
        }
        byte[] oldPassword = passwordModifyRequest.getOldPassword();
        byte[] newPassword = passwordModifyRequest.getNewPassword();
        if (!ldapSession.isAuthenticated()) {
            BindOperationContext bindOperationContext = new BindOperationContext(adminSession);
            bindOperationContext.setDn(dn);
            bindOperationContext.setCredentials(oldPassword);
            try {
                directoryService.getOperationManager().bind(bindOperationContext);
                modifyUserPassword(ldapSession.getCoreSession(), ldapSession.getIoSession(), dn, oldPassword, newPassword, passwordModifyRequest);
                return;
            } catch (LdapException e2) {
                ldapSession.getIoSession().write(new PasswordModifyResponseImpl(passwordModifyRequest.getMessageId(), ResultCodeEnum.INVALID_CREDENTIALS));
                return;
            }
        }
        Dn dn2 = ldapSession.getCoreSession().getEffectivePrincipal().getDn();
        LOG.debug("User {} trying to modify password of user {}", dn2, dn);
        if (dn == null || dn.equals(dn2)) {
            modifyUserPassword(ldapSession.getCoreSession(), ldapSession.getIoSession(), dn2, oldPassword, newPassword, passwordModifyRequest);
        } else if (ldapSession.getCoreSession().isAdministrator()) {
            modifyUserPassword(ldapSession.getCoreSession(), ldapSession.getIoSession(), dn, oldPassword, newPassword, passwordModifyRequest);
        } else {
            LOG.error("Non-admin user cannot access another user's password to modify it");
            ldapSession.getIoSession().write(new PasswordModifyResponseImpl(passwordModifyRequest.getMessageId(), ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, "Non-admin user cannot access another user's password to modify it"));
        }
    }

    @Override // org.apache.directory.server.ldap.ExtendedOperationHandler
    public Set<String> getExtensionOids() {
        return EXTENSION_OIDS;
    }

    @Override // org.apache.directory.server.ldap.ExtendedOperationHandler
    public void setLdapServer(LdapServer ldapServer) {
    }

    static {
        HashSet hashSet = new HashSet(2);
        hashSet.add("1.3.6.1.4.1.4203.1.11.1");
        hashSet.add("1.3.6.1.4.1.4203.1.11.1");
        EXTENSION_OIDS = Collections.unmodifiableSet(hashSet);
    }
}
