package org.opends.server.extensions;

import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.opends.messages.ExtensionMessages;
import org.opends.messages.Message;
import org.opends.server.admin.server.ConfigurationChangeListener;
import org.opends.server.admin.std.server.CertificateMapperCfg;
import org.opends.server.admin.std.server.FingerprintCertificateMapperCfg;
import org.opends.server.api.Backend;
import org.opends.server.api.CertificateMapper;
import org.opends.server.config.ConfigException;
import org.opends.server.core.DirectoryServer;
import org.opends.server.loggers.ErrorLogger;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.types.AttributeType;
import org.opends.server.types.AttributeValues;
import org.opends.server.types.ConfigChangeResult;
import org.opends.server.types.DN;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.IndexType;
import org.opends.server.types.InitializationException;
import org.opends.server.types.ResultCode;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.SearchResultEntry;
import org.opends.server.types.SearchScope;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:WEB-INF/lib/OpenDS.jar:org/opends/server/extensions/FingerprintCertificateMapper.class */
public class FingerprintCertificateMapper extends CertificateMapper<FingerprintCertificateMapperCfg> implements ConfigurationChangeListener<FingerprintCertificateMapperCfg> {
    private static final DebugTracer TRACER = DebugLogger.getTracer();
    private DN configEntryDN;
    private FingerprintCertificateMapperCfg currentConfig;
    private String fingerprintAlgorithm;

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.opends.server.api.CertificateMapper
    public void initializeCertificateMapper(FingerprintCertificateMapperCfg fingerprintCertificateMapperCfg) throws ConfigException, InitializationException {
        fingerprintCertificateMapperCfg.addFingerprintChangeListener(this);
        this.currentConfig = fingerprintCertificateMapperCfg;
        this.configEntryDN = fingerprintCertificateMapperCfg.dn();
        switch (fingerprintCertificateMapperCfg.getFingerprintAlgorithm()) {
            case MD5:
                this.fingerprintAlgorithm = "MD5";
                break;
            case SHA1:
                this.fingerprintAlgorithm = ExtensionsConstants.AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1;
                break;
        }
        Set userBaseDN = fingerprintCertificateMapperCfg.getUserBaseDN();
        if (userBaseDN == null || userBaseDN.isEmpty()) {
            userBaseDN = DirectoryServer.getPublicNamingContexts().keySet();
        }
        AttributeType fingerprintAttribute = fingerprintCertificateMapperCfg.getFingerprintAttribute();
        Iterator<DN> it = userBaseDN.iterator();
        while (it.hasNext()) {
            Backend backend = DirectoryServer.getBackend(it.next());
            if (backend != null && !backend.isIndexed(fingerprintAttribute, IndexType.EQUALITY)) {
                ErrorLogger.logError(ExtensionMessages.WARN_SATUACM_ATTR_UNINDEXED.get(fingerprintCertificateMapperCfg.dn().toString(), fingerprintAttribute.getNameOrOID(), backend.getBackendID()));
            }
        }
    }

    @Override // org.opends.server.api.CertificateMapper
    public void finalizeCertificateMapper() {
        this.currentConfig.removeFingerprintChangeListener(this);
    }

    @Override // org.opends.server.api.CertificateMapper
    public Entry mapCertificateToUser(Certificate[] certificateArr) throws DirectoryException {
        FingerprintCertificateMapperCfg fingerprintCertificateMapperCfg = this.currentConfig;
        AttributeType fingerprintAttribute = fingerprintCertificateMapperCfg.getFingerprintAttribute();
        String str = this.fingerprintAlgorithm;
        if (certificateArr == null || certificateArr.length == 0) {
            throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_FCM_NO_PEER_CERTIFICATE.get());
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) certificateArr[0];
            try {
                String bytesToColonDelimitedHex = StaticUtils.bytesToColonDelimitedHex(MessageDigest.getInstance(str).digest(x509Certificate.getEncoded()));
                SearchFilter createEqualityFilter = SearchFilter.createEqualityFilter(fingerprintAttribute, AttributeValues.create(fingerprintAttribute, bytesToColonDelimitedHex));
                Collection userBaseDN = fingerprintCertificateMapperCfg.getUserBaseDN();
                if (userBaseDN == null || userBaseDN.isEmpty()) {
                    userBaseDN = DirectoryServer.getPublicNamingContexts().keySet();
                }
                SearchResultEntry searchResultEntry = null;
                InternalClientConnection rootConnection = InternalClientConnection.getRootConnection();
                Iterator<DN> it = userBaseDN.iterator();
                while (it.hasNext()) {
                    Iterator<SearchResultEntry> it2 = rootConnection.processSearch(it.next(), SearchScope.WHOLE_SUBTREE, createEqualityFilter).getSearchEntries().iterator();
                    while (it2.hasNext()) {
                        SearchResultEntry next = it2.next();
                        if (searchResultEntry != null) {
                            throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_FCM_MULTIPLE_MATCHING_ENTRIES.get(bytesToColonDelimitedHex, String.valueOf(searchResultEntry.getDN()), String.valueOf(next.getDN())));
                        }
                        searchResultEntry = next;
                    }
                }
                return searchResultEntry;
            } catch (Exception e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_FCM_CANNOT_CALCULATE_FINGERPRINT.get(x509Certificate.getSubjectX500Principal().getName("RFC2253"), StaticUtils.getExceptionMessage(e)));
            }
        } catch (Exception e2) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e2);
            }
            throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, ExtensionMessages.ERR_FCM_PEER_CERT_NOT_X509.get(String.valueOf(certificateArr[0].getType())));
        }
    }

    @Override // org.opends.server.api.CertificateMapper
    public boolean isConfigurationAcceptable(CertificateMapperCfg certificateMapperCfg, List<Message> list) {
        return isConfigurationChangeAcceptable2((FingerprintCertificateMapperCfg) certificateMapperCfg, list);
    }

    /* renamed from: isConfigurationChangeAcceptable, reason: avoid collision after fix types in other method */
    public boolean isConfigurationChangeAcceptable2(FingerprintCertificateMapperCfg fingerprintCertificateMapperCfg, List<Message> list) {
        return true;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.opends.server.admin.server.ConfigurationChangeListener
    public ConfigChangeResult applyConfigurationChange(FingerprintCertificateMapperCfg fingerprintCertificateMapperCfg) {
        ResultCode resultCode = ResultCode.SUCCESS;
        ArrayList arrayList = new ArrayList();
        String str = null;
        switch (fingerprintCertificateMapperCfg.getFingerprintAlgorithm()) {
            case MD5:
                str = "MD5";
                break;
            case SHA1:
                str = ExtensionsConstants.AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1;
                break;
        }
        if (resultCode == ResultCode.SUCCESS) {
            this.fingerprintAlgorithm = str;
            this.currentConfig = fingerprintCertificateMapperCfg;
        }
        Set userBaseDN = fingerprintCertificateMapperCfg.getUserBaseDN();
        if (userBaseDN == null || userBaseDN.isEmpty()) {
            userBaseDN = DirectoryServer.getPublicNamingContexts().keySet();
        }
        AttributeType fingerprintAttribute = fingerprintCertificateMapperCfg.getFingerprintAttribute();
        Iterator<DN> it = userBaseDN.iterator();
        while (it.hasNext()) {
            Backend backend = DirectoryServer.getBackend(it.next());
            if (backend != null && !backend.isIndexed(fingerprintAttribute, IndexType.EQUALITY)) {
                Message message = ExtensionMessages.WARN_SATUACM_ATTR_UNINDEXED.get(fingerprintCertificateMapperCfg.dn().toString(), fingerprintAttribute.getNameOrOID(), backend.getBackendID());
                arrayList.add(message);
                ErrorLogger.logError(message);
            }
        }
        return new ConfigChangeResult(resultCode, false, arrayList);
    }

    @Override // org.opends.server.admin.server.ConfigurationChangeListener
    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(FingerprintCertificateMapperCfg fingerprintCertificateMapperCfg, List list) {
        return isConfigurationChangeAcceptable2(fingerprintCertificateMapperCfg, (List<Message>) list);
    }
}
