package org.opends.server.extensions;

import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import org.opends.messages.ExtensionMessages;
import org.opends.messages.Message;
import org.opends.server.admin.server.ConfigurationChangeListener;
import org.opends.server.admin.std.server.CertificateMapperCfg;
import org.opends.server.admin.std.server.SubjectAttributeToUserAttributeCertificateMapperCfg;
import org.opends.server.api.Backend;
import org.opends.server.api.CertificateMapper;
import org.opends.server.config.ConfigException;
import org.opends.server.core.DirectoryServer;
import org.opends.server.loggers.ErrorLogger;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.types.AttributeType;
import org.opends.server.types.ConfigChangeResult;
import org.opends.server.types.DN;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.IndexType;
import org.opends.server.types.InitializationException;
import org.opends.server.types.RDN;
import org.opends.server.types.ResultCode;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.SearchResultEntry;
import org.opends.server.types.SearchScope;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:WEB-INF/lib/OpenDS.jar:org/opends/server/extensions/SubjectAttributeToUserAttributeCertificateMapper.class */
public class SubjectAttributeToUserAttributeCertificateMapper extends CertificateMapper<SubjectAttributeToUserAttributeCertificateMapperCfg> implements ConfigurationChangeListener<SubjectAttributeToUserAttributeCertificateMapperCfg> {
    private static final DebugTracer TRACER = DebugLogger.getTracer();
    private DN configEntryDN;
    private LinkedHashMap<String, AttributeType> attributeMap;
    private SubjectAttributeToUserAttributeCertificateMapperCfg currentConfig;

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.opends.server.api.CertificateMapper
    public void initializeCertificateMapper(SubjectAttributeToUserAttributeCertificateMapperCfg subjectAttributeToUserAttributeCertificateMapperCfg) throws ConfigException, InitializationException {
        subjectAttributeToUserAttributeCertificateMapperCfg.addSubjectAttributeToUserAttributeChangeListener(this);
        this.currentConfig = subjectAttributeToUserAttributeCertificateMapperCfg;
        this.configEntryDN = subjectAttributeToUserAttributeCertificateMapperCfg.dn();
        this.attributeMap = new LinkedHashMap<>();
        for (String str : subjectAttributeToUserAttributeCertificateMapperCfg.getSubjectAttributeMapping()) {
            String lowerCase = StaticUtils.toLowerCase(str);
            int indexOf = lowerCase.indexOf(58);
            if (indexOf <= 0) {
                throw new ConfigException(ExtensionMessages.ERR_SATUACM_INVALID_MAP_FORMAT.get(String.valueOf(this.configEntryDN), str));
            }
            String trim = lowerCase.substring(0, indexOf).trim();
            String trim2 = lowerCase.substring(indexOf + 1).trim();
            if (trim.length() == 0 || trim2.length() == 0) {
                throw new ConfigException(ExtensionMessages.ERR_SATUACM_INVALID_MAP_FORMAT.get(String.valueOf(this.configEntryDN), str));
            }
            if (this.attributeMap.containsKey(trim)) {
                throw new ConfigException(ExtensionMessages.ERR_SATUACM_DUPLICATE_CERT_ATTR.get(String.valueOf(this.configEntryDN), trim));
            }
            AttributeType attributeType = DirectoryServer.getAttributeType(trim2, false);
            if (attributeType == null) {
                throw new ConfigException(ExtensionMessages.ERR_SATUACM_NO_SUCH_ATTR.get(str, String.valueOf(this.configEntryDN), trim2));
            }
            for (AttributeType attributeType2 : this.attributeMap.values()) {
                if (attributeType2.equals(attributeType)) {
                    throw new ConfigException(ExtensionMessages.ERR_SATUACM_DUPLICATE_USER_ATTR.get(String.valueOf(this.configEntryDN), attributeType2.getNameOrOID()));
                }
            }
            this.attributeMap.put(trim, attributeType);
        }
        Set userBaseDN = subjectAttributeToUserAttributeCertificateMapperCfg.getUserBaseDN();
        if (userBaseDN == null || userBaseDN.isEmpty()) {
            userBaseDN = DirectoryServer.getPublicNamingContexts().keySet();
        }
        for (DN dn : userBaseDN) {
            for (AttributeType attributeType3 : this.attributeMap.values()) {
                Backend backend = DirectoryServer.getBackend(dn);
                if (backend != null && !backend.isIndexed(attributeType3, IndexType.EQUALITY)) {
                    ErrorLogger.logError(ExtensionMessages.WARN_SATUACM_ATTR_UNINDEXED.get(subjectAttributeToUserAttributeCertificateMapperCfg.dn().toString(), attributeType3.getNameOrOID(), backend.getBackendID()));
                }
            }
        }
    }

    @Override // org.opends.server.api.CertificateMapper
    public void finalizeCertificateMapper() {
        this.currentConfig.removeSubjectAttributeToUserAttributeChangeListener(this);
    }

    @Override // org.opends.server.api.CertificateMapper
    public Entry mapCertificateToUser(Certificate[] certificateArr) throws DirectoryException {
        SubjectAttributeToUserAttributeCertificateMapperCfg subjectAttributeToUserAttributeCertificateMapperCfg = this.currentConfig;
        LinkedHashMap<String, AttributeType> linkedHashMap = this.attributeMap;
        if (certificateArr == null || certificateArr.length == 0) {
            throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_SATUACM_NO_PEER_CERTIFICATE.get());
        }
        try {
            String name = ((X509Certificate) certificateArr[0]).getSubjectX500Principal().getName("RFC2253");
            try {
                DN decode = DN.decode(name);
                LinkedList linkedList = new LinkedList();
                for (int i = 0; i < decode.getNumComponents(); i++) {
                    RDN rdn = decode.getRDN(i);
                    for (int i2 = 0; i2 < rdn.getNumValues(); i2++) {
                        AttributeType attributeType = linkedHashMap.get(StaticUtils.toLowerCase(rdn.getAttributeName(i2)));
                        if (attributeType != null) {
                            linkedList.add(SearchFilter.createEqualityFilter(attributeType, rdn.getAttributeValue(i2)));
                        }
                    }
                }
                if (linkedList.isEmpty()) {
                    throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_SATUACM_NO_MAPPABLE_ATTRIBUTES.get(name));
                }
                SearchFilter createANDFilter = SearchFilter.createANDFilter(linkedList);
                Collection userBaseDN = subjectAttributeToUserAttributeCertificateMapperCfg.getUserBaseDN();
                if (userBaseDN == null || userBaseDN.isEmpty()) {
                    userBaseDN = DirectoryServer.getPublicNamingContexts().keySet();
                }
                SearchResultEntry searchResultEntry = null;
                InternalClientConnection rootConnection = InternalClientConnection.getRootConnection();
                Iterator<DN> it = userBaseDN.iterator();
                while (it.hasNext()) {
                    Iterator<SearchResultEntry> it2 = rootConnection.processSearch(it.next(), SearchScope.WHOLE_SUBTREE, createANDFilter).getSearchEntries().iterator();
                    while (it2.hasNext()) {
                        SearchResultEntry next = it2.next();
                        if (searchResultEntry != null) {
                            throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_SATUACM_MULTIPLE_MATCHING_ENTRIES.get(name, String.valueOf(searchResultEntry.getDN()), String.valueOf(next.getDN())));
                        }
                        searchResultEntry = next;
                    }
                }
                return searchResultEntry;
            } catch (DirectoryException e) {
                throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_SATUACM_CANNOT_DECODE_SUBJECT_AS_DN.get(name, e.getMessageObject()), e);
            }
        } catch (Exception e2) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e2);
            }
            throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_SATUACM_PEER_CERT_NOT_X509.get(String.valueOf(certificateArr[0].getType())));
        }
    }

    @Override // org.opends.server.api.CertificateMapper
    public boolean isConfigurationAcceptable(CertificateMapperCfg certificateMapperCfg, List<Message> list) {
        return isConfigurationChangeAcceptable2((SubjectAttributeToUserAttributeCertificateMapperCfg) certificateMapperCfg, list);
    }

    /* JADX WARN: Code restructure failed: missing block: B:32:0x008f, code lost:
    
        r8.add(org.opends.messages.ExtensionMessages.ERR_SATUACM_INVALID_MAP_FORMAT.get(java.lang.String.valueOf(r0), r0));
        r9 = false;
     */
    /* renamed from: isConfigurationChangeAcceptable, reason: avoid collision after fix types in other method */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean isConfigurationChangeAcceptable2(org.opends.server.admin.std.server.SubjectAttributeToUserAttributeCertificateMapperCfg r7, java.util.List<org.opends.messages.Message> r8) {
        /*
            Method dump skipped, instructions count: 333
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.opends.server.extensions.SubjectAttributeToUserAttributeCertificateMapper.isConfigurationChangeAcceptable2(org.opends.server.admin.std.server.SubjectAttributeToUserAttributeCertificateMapperCfg, java.util.List):boolean");
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.opends.server.admin.server.ConfigurationChangeListener
    public ConfigChangeResult applyConfigurationChange(SubjectAttributeToUserAttributeCertificateMapperCfg subjectAttributeToUserAttributeCertificateMapperCfg) {
        String next;
        ResultCode resultCode = ResultCode.SUCCESS;
        ArrayList arrayList = new ArrayList();
        LinkedHashMap<String, AttributeType> linkedHashMap = new LinkedHashMap<>();
        Iterator<String> it = subjectAttributeToUserAttributeCertificateMapperCfg.getSubjectAttributeMapping().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            next = it.next();
            String lowerCase = StaticUtils.toLowerCase(next);
            int indexOf = lowerCase.indexOf(58);
            if (indexOf <= 0) {
                if (resultCode == ResultCode.SUCCESS) {
                    resultCode = ResultCode.CONSTRAINT_VIOLATION;
                }
                arrayList.add(ExtensionMessages.ERR_SATUACM_INVALID_MAP_FORMAT.get(String.valueOf(this.configEntryDN), next));
            } else {
                String trim = lowerCase.substring(0, indexOf).trim();
                String trim2 = lowerCase.substring(indexOf + 1).trim();
                if (trim.length() == 0 || trim2.length() == 0) {
                    break;
                }
                if (linkedHashMap.containsKey(trim)) {
                    if (resultCode == ResultCode.SUCCESS) {
                        resultCode = ResultCode.CONSTRAINT_VIOLATION;
                    }
                    arrayList.add(ExtensionMessages.ERR_SATUACM_DUPLICATE_CERT_ATTR.get(String.valueOf(this.configEntryDN), trim));
                } else {
                    AttributeType attributeType = DirectoryServer.getAttributeType(trim2, false);
                    if (attributeType == null) {
                        if (resultCode == ResultCode.SUCCESS) {
                            resultCode = ResultCode.CONSTRAINT_VIOLATION;
                        }
                        arrayList.add(ExtensionMessages.ERR_SATUACM_NO_SUCH_ATTR.get(next, String.valueOf(this.configEntryDN), trim2));
                    } else {
                        for (AttributeType attributeType2 : linkedHashMap.values()) {
                            if (attributeType2.equals(attributeType)) {
                                if (resultCode == ResultCode.SUCCESS) {
                                    resultCode = ResultCode.CONSTRAINT_VIOLATION;
                                }
                                arrayList.add(ExtensionMessages.ERR_SATUACM_DUPLICATE_USER_ATTR.get(String.valueOf(this.configEntryDN), attributeType2.getNameOrOID()));
                            }
                        }
                        linkedHashMap.put(trim, attributeType);
                    }
                }
            }
        }
        if (resultCode == ResultCode.SUCCESS) {
            resultCode = ResultCode.CONSTRAINT_VIOLATION;
        }
        arrayList.add(ExtensionMessages.ERR_SATUACM_INVALID_MAP_FORMAT.get(String.valueOf(this.configEntryDN), next));
        Set userBaseDN = subjectAttributeToUserAttributeCertificateMapperCfg.getUserBaseDN();
        if (userBaseDN == null || userBaseDN.isEmpty()) {
            userBaseDN = DirectoryServer.getPublicNamingContexts().keySet();
        }
        for (DN dn : userBaseDN) {
            for (AttributeType attributeType3 : linkedHashMap.values()) {
                Backend backend = DirectoryServer.getBackend(dn);
                if (backend != null && !backend.isIndexed(attributeType3, IndexType.EQUALITY)) {
                    Message message = ExtensionMessages.WARN_SATUACM_ATTR_UNINDEXED.get(subjectAttributeToUserAttributeCertificateMapperCfg.dn().toString(), attributeType3.getNameOrOID(), backend.getBackendID());
                    arrayList.add(message);
                    ErrorLogger.logError(message);
                }
            }
        }
        if (resultCode == ResultCode.SUCCESS) {
            this.attributeMap = linkedHashMap;
            this.currentConfig = subjectAttributeToUserAttributeCertificateMapperCfg;
        }
        return new ConfigChangeResult(resultCode, false, arrayList);
    }

    @Override // org.opends.server.admin.server.ConfigurationChangeListener
    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(SubjectAttributeToUserAttributeCertificateMapperCfg subjectAttributeToUserAttributeCertificateMapperCfg, List list) {
        return isConfigurationChangeAcceptable2(subjectAttributeToUserAttributeCertificateMapperCfg, (List<Message>) list);
    }
}
