package com.unboundid.ldap.listener;

import com.unboundid.asn1.ASN1OctetString;
import com.unboundid.ldap.sdk.Control;
import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.ExtendedRequest;
import com.unboundid.ldap.sdk.ExtendedResult;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.Modification;
import com.unboundid.ldap.sdk.ModificationType;
import com.unboundid.ldap.sdk.ReadOnlyEntry;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest;
import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import mu.b;

/* compiled from: ProGuard */
@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
@NotMutable
/* loaded from: classes5.dex */
public final class PasswordModifyExtendedOperationHandler extends InMemoryExtendedOperationHandler {
    @Override // com.unboundid.ldap.listener.InMemoryExtendedOperationHandler
    public String getExtendedOperationHandlerName() {
        return "Password Modify";
    }

    @Override // com.unboundid.ldap.listener.InMemoryExtendedOperationHandler
    public List<String> getSupportedExtendedRequestOIDs() {
        return Collections.singletonList(PasswordModifyExtendedRequest.PASSWORD_MODIFY_REQUEST_OID);
    }

    @Override // com.unboundid.ldap.listener.InMemoryExtendedOperationHandler
    public ExtendedResult processExtendedOperation(InMemoryRequestHandler inMemoryRequestHandler, int i11, ExtendedRequest extendedRequest) {
        DN dNForAuthzID;
        ASN1OctetString aSN1OctetString;
        for (Control control : extendedRequest.getControls()) {
            if (control.isCritical()) {
                return new ExtendedResult(i11, ResultCode.UNAVAILABLE_CRITICAL_EXTENSION, b.ERR_PW_MOD_EXTOP_UNSUPPORTED_CONTROL.b(control.getOID()), null, null, null, null, null);
            }
        }
        try {
            PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(extendedRequest);
            String userIdentity = passwordModifyExtendedRequest.getUserIdentity();
            byte[] oldPasswordBytes = passwordModifyExtendedRequest.getOldPasswordBytes();
            byte[] newPasswordBytes = passwordModifyExtendedRequest.getNewPasswordBytes();
            if (userIdentity == null) {
                dNForAuthzID = inMemoryRequestHandler.getAuthenticatedDN();
            } else {
                String lowerCase = StaticUtils.toLowerCase(userIdentity);
                if (lowerCase.startsWith("dn:") || lowerCase.startsWith("u:")) {
                    try {
                        dNForAuthzID = inMemoryRequestHandler.getDNForAuthzID(userIdentity);
                    } catch (LDAPException e11) {
                        Debug.debugException(e11);
                        return new PasswordModifyExtendedResult(i11, e11.getResultCode(), e11.getMessage(), e11.getMatchedDN(), e11.getReferralURLs(), null, e11.getResponseControls());
                    }
                } else {
                    try {
                        dNForAuthzID = new DN(userIdentity);
                    } catch (LDAPException e12) {
                        Debug.debugException(e12);
                        return new PasswordModifyExtendedResult(i11, ResultCode.INVALID_DN_SYNTAX, b.ERR_PW_MOD_EXTOP_CANNOT_PARSE_USER_IDENTITY.b(userIdentity), null, null, null, null);
                    }
                }
            }
            if (dNForAuthzID == null || dNForAuthzID.isNullDN()) {
                return new PasswordModifyExtendedResult(i11, ResultCode.UNWILLING_TO_PERFORM, b.ERR_PW_MOD_NO_IDENTITY.a(), null, null, null, null);
            }
            ReadOnlyEntry entry = inMemoryRequestHandler.getEntry(dNForAuthzID);
            if (entry == null) {
                return new PasswordModifyExtendedResult(i11, ResultCode.UNWILLING_TO_PERFORM, b.ERR_PW_MOD_EXTOP_CANNOT_GET_USER_ENTRY.b(dNForAuthzID.toString()), null, null, null, null);
            }
            List<String> passwordAttributes = inMemoryRequestHandler.getPasswordAttributes();
            if (passwordAttributes.isEmpty()) {
                return new PasswordModifyExtendedResult(i11, ResultCode.UNWILLING_TO_PERFORM, b.ERR_PW_MOD_EXTOP_NO_PW_ATTRS.a(), null, null, null, null);
            }
            if (oldPasswordBytes == null) {
                if (inMemoryRequestHandler.getAuthenticatedDN().isNullDN()) {
                    return new PasswordModifyExtendedResult(i11, ResultCode.UNWILLING_TO_PERFORM, b.ERR_PW_MOD_EXTOP_NO_AUTHENTICATION.a(), null, null, null, null);
                }
            } else if (inMemoryRequestHandler.getPasswordsInEntry(entry, passwordModifyExtendedRequest.getRawOldPassword()).isEmpty()) {
                return new PasswordModifyExtendedResult(i11, ResultCode.INVALID_CREDENTIALS, null, null, null, null, null);
            }
            if (newPasswordBytes == null) {
                SecureRandom secureRandom = new SecureRandom();
                byte[] bytes = StaticUtils.getBytes("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
                byte[] bArr = new byte[8];
                for (int i12 = 0; i12 < 8; i12++) {
                    bArr[i12] = bytes[secureRandom.nextInt(bytes.length)];
                }
                aSN1OctetString = new ASN1OctetString(bArr);
                newPasswordBytes = bArr;
            } else {
                aSN1OctetString = null;
            }
            List<InMemoryDirectoryServerPassword> passwordsInEntry = inMemoryRequestHandler.getPasswordsInEntry(entry, null);
            ArrayList arrayList = new ArrayList(passwordsInEntry.size() + 1);
            if (passwordsInEntry.isEmpty()) {
                arrayList.add(new Modification(ModificationType.REPLACE, passwordAttributes.get(0), newPasswordBytes));
            } else {
                HashSet hashSet = new HashSet(StaticUtils.computeMapCapacity(passwordsInEntry.size()));
                for (InMemoryDirectoryServerPassword inMemoryDirectoryServerPassword : passwordsInEntry) {
                    String lowerCase2 = StaticUtils.toLowerCase(inMemoryDirectoryServerPassword.getAttributeName());
                    if (hashSet.isEmpty()) {
                        hashSet.add(lowerCase2);
                        arrayList.add(new Modification(ModificationType.REPLACE, inMemoryDirectoryServerPassword.getAttributeName(), newPasswordBytes));
                    } else if (!hashSet.contains(lowerCase2)) {
                        hashSet.add(lowerCase2);
                        arrayList.add(new Modification(ModificationType.REPLACE, inMemoryDirectoryServerPassword.getAttributeName()));
                    }
                }
            }
            try {
                inMemoryRequestHandler.modifyEntry(entry.getDN(), arrayList);
                return new PasswordModifyExtendedResult(i11, ResultCode.SUCCESS, null, null, null, aSN1OctetString, null);
            } catch (LDAPException e13) {
                Debug.debugException(e13);
                return new PasswordModifyExtendedResult(i11, e13.getResultCode(), b.ERR_PW_MOD_EXTOP_CANNOT_CHANGE_PW.b(entry.getDN(), e13.getMessage()), null, null, null, null);
            }
        } catch (LDAPException e14) {
            Debug.debugException(e14);
            return new ExtendedResult(i11, e14.getResultCode(), e14.getDiagnosticMessage(), e14.getMatchedDN(), e14.getReferralURLs(), null, null, null);
        }
    }
}
