package org.apache.directory.server.kerberos.kdc;

import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.entry.DefaultAttribute;
import org.apache.directory.api.ldap.model.entry.DefaultModification;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.ModificationOperation;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.apache.directory.api.util.Strings;
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.LdapPrincipal;
import org.apache.directory.server.core.shared.DefaultCoreSession;
import org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswdErrorType;
import org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswordException;
import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
import org.apache.directory.server.protocol.shared.kerberos.GetPrincipal;
import org.apache.directory.server.protocol.shared.kerberos.StoreUtils;
import org.apache.directory.shared.kerberos.KerberosAttribute;

/* loaded from: input_file:WEB-INF/lib/apacheds-all-2.0.0-M24.jar:org/apache/directory/server/kerberos/kdc/DirectoryPrincipalStore.class */
public class DirectoryPrincipalStore implements PrincipalStore {
    private final DirectoryService directoryService;
    private final Dn searchBaseDn;
    private CoreSession adminSession;

    public DirectoryPrincipalStore(DirectoryService directoryService, Dn dn) {
        this.directoryService = directoryService;
        this.adminSession = directoryService.getAdminSession();
        this.searchBaseDn = dn;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v28, types: [org.apache.directory.server.core.api.CoreSession] */
    /* JADX WARN: Type inference failed for: r3v8, types: [byte[], byte[][]] */
    @Override // org.apache.directory.server.kerberos.shared.store.PrincipalStore
    public void changePassword(KerberosPrincipal kerberosPrincipal, KerberosPrincipal kerberosPrincipal2, String str, boolean z) throws ChangePasswordException {
        try {
            Entry findPrincipalEntry = StoreUtils.findPrincipalEntry(this.adminSession, this.searchBaseDn, kerberosPrincipal.getName());
            if (findPrincipalEntry == null) {
                throw new ChangePasswordException(ChangePasswdErrorType.KRB5_KPASSWD_HARDERROR, ("No such principal " + kerberosPrincipal).getBytes());
            }
            SchemaManager schemaManager = this.directoryService.getSchemaManager();
            boolean equals = findPrincipalEntry.getDn().getNormName().equals(ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED);
            if (!z && !equals) {
                throw new ChangePasswordException(ChangePasswdErrorType.KRB5_KPASSWD_INITIAL_FLAG_NEEDED);
            }
            this.adminSession.modify(StoreUtils.findPrincipalEntry(equals ? this.adminSession : new DefaultCoreSession(new LdapPrincipal(schemaManager, findPrincipalEntry.getDn(), AuthenticationLevel.SIMPLE), this.directoryService), this.searchBaseDn, kerberosPrincipal2.getName()).getDn(), new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, new DefaultAttribute(schemaManager.lookupAttributeTypeRegistry(SchemaConstants.USER_PASSWORD_AT), (byte[][]) new byte[]{Strings.getBytesUtf8(str)})), new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, new DefaultAttribute(schemaManager.lookupAttributeTypeRegistry(KerberosAttribute.KRB5_PRINCIPAL_NAME_AT), kerberosPrincipal2.getName())));
        } catch (LdapException e) {
            throw new ChangePasswordException(ChangePasswdErrorType.KRB5_KPASSWD_ACCESSDENIED, e);
        } catch (Exception e2) {
            throw new ChangePasswordException(ChangePasswdErrorType.KRB5_KPASSWD_HARDERROR, e2);
        }
    }

    @Override // org.apache.directory.server.kerberos.shared.store.PrincipalStore
    public PrincipalStoreEntry getPrincipal(KerberosPrincipal kerberosPrincipal) throws Exception {
        return (PrincipalStoreEntry) new GetPrincipal(kerberosPrincipal).execute(this.adminSession, this.searchBaseDn);
    }
}
