package oracle.security.idm.providers.oid;

import java.io.UnsupportedEncodingException;
import java.util.logging.Level;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.LdapContext;
import oracle.security.idm.AuthenticationException;
import oracle.security.idm.AuthenticationWarningException;
import oracle.security.idm.CommunicationFailureException;
import oracle.security.idm.IMException;
import oracle.security.idm.OperationNotSupportedException;
import oracle.security.idm.User;
import oracle.security.idm.providers.stdldap.LDConfiguration;
import oracle.security.idm.providers.stdldap.LDIdentityStore;
import oracle.security.idm.providers.stdldap.LDUserManager;

/* loaded from: input_file:oracle/security/idm/providers/oid/OIDUserManager.class */
public class OIDUserManager extends LDUserManager {
    public static final String classname = "oracle.security.idm.providers.oid.OIDUserManager";

    public OIDUserManager(LDIdentityStore lDIdentityStore) throws IMException {
        super(lDIdentityStore);
    }

    @Override // oracle.security.idm.providers.stdldap.LDUserManager, oracle.security.idm.UserManager
    public User authenticateUser(String str, char[] cArr) throws IMException {
        this.store.factory.logr.entering(classname, "authenticateUser(String, char[])");
        try {
            User authenticateUser = authenticateUser(str, this.store.getMappedLDAPAttribute("PASSWORD"), cArr, ((LDConfiguration) this.store.getStoreConfiguration()).isPasswordPolicyEnabled());
            this.store.factory.logr.exiting(classname, "authenticateUser(String, char[])");
            return authenticateUser;
        } catch (Throwable th) {
            this.store.factory.logr.exiting(classname, "authenticateUser(String, char[])");
            throw th;
        }
    }

    @Override // oracle.security.idm.providers.stdldap.LDUserManager, oracle.security.idm.spi.AbstractUserManager, oracle.security.idm.UserManager
    public User authenticateUser(User user, char[] cArr) throws IMException {
        this.store.factory.logr.entering(classname, "authenticateUser(User, char[])");
        try {
            User authenticateUser = authenticateUser(user, this.store.getMappedLDAPAttribute("PASSWORD"), cArr, ((LDConfiguration) this.store.getStoreConfiguration()).isPasswordPolicyEnabled());
            this.store.factory.logr.exiting(classname, "authenticateUser(User, char[])");
            return authenticateUser;
        } catch (Throwable th) {
            this.store.factory.logr.exiting(classname, "authenticateUser(User, char[])");
            throw th;
        }
    }

    @Override // oracle.security.idm.spi.AbstractUserManager, oracle.security.idm.UserManager
    public User authenticateUser(String str, String str2, char[] cArr) throws IMException {
        this.store.factory.logr.entering(classname, "authenticateUser(String ,String, char[])");
        int length = "APPID:".length();
        LdapContext ldapContext = null;
        if (!"APPID:".regionMatches(true, 0, str2, 0, length)) {
            this.store.factory.logr.logp(Level.FINER, classname, "authenticateUser(String ,String, char[])", "Attribute \"" + str2 + "\" doesn't begin with prefix \"APPID:\". Authentication is not supported for this attribute.");
            throw new OperationNotSupportedException("Authentication not supported for the specified attribute");
        }
        String substring = str2.substring(length);
        try {
            try {
                ldapContext = this.store.acquireConnection();
                SearchControls searchControls = new SearchControls();
                searchControls.setReturningAttributes(new String[]{"orclappid"});
                searchControls.setSearchScope(2);
                String str3 = null;
                NamingEnumeration search = ldapContext.search("cn=common,cn=products,cn=oraclecontext", "objectclass=orclcommonverifierprofile", searchControls);
                while (true) {
                    if (!search.hasMore()) {
                        break;
                    }
                    Attribute attribute = ((SearchResult) search.next()).getAttributes().get("orclappid");
                    if (attribute != null && substring.equalsIgnoreCase((String) attribute.get(0))) {
                        str3 = "orclpasswordverifier;" + substring;
                        search.close();
                        break;
                    }
                }
                if (str3 == null) {
                    this.store.factory.logr.logp(Level.FINER, classname, "authenticateUser(String ,String, char[])", "No verifier found for supplied appid");
                    throw new OperationNotSupportedException("Authentication not supported for the specified attribute");
                }
                if (ldapContext != null) {
                    try {
                        this.store.releaseConnection(ldapContext);
                    } catch (IMException e) {
                    }
                }
                try {
                    User authenticateUser = authenticateUser(str, str3, cArr, false);
                    this.store.factory.logr.exiting(classname, "authenticateUser(String ,String, char[])");
                    return authenticateUser;
                } catch (Throwable th) {
                    this.store.factory.logr.exiting(classname, "authenticateUser(String ,String, char[])");
                    throw th;
                }
            } catch (NamingException e2) {
                this.store.factory.logr.throwing(classname, "authenticateUser(String ,String, char[])", e2);
                if (e2.getMessage().contains("CommunicationException")) {
                    throw new CommunicationFailureException("Cannot connect to LDAP server");
                }
                throw new AuthenticationException("invalid username/password");
            }
        } catch (Throwable th2) {
            if (ldapContext != null) {
                try {
                    this.store.releaseConnection(ldapContext);
                } catch (IMException e3) {
                }
            }
            throw th2;
        }
    }

    public User authenticateUser(String str, String str2, char[] cArr, boolean z) throws IMException {
        this.store.factory.logr.entering(classname, "authenticateUser(String ,String, char[], boolean)");
        try {
            try {
                User authenticateUser = authenticateUser(this.store.searchUserByName(str), str2, cArr, z);
                this.store.factory.logr.exiting(classname, "authenticateUser(String ,String, char[], boolean)");
                return authenticateUser;
            } catch (Throwable th) {
                this.store.factory.logr.exiting(classname, "authenticateUser(String ,String, char[], boolean)");
                throw th;
            }
        } catch (IMException e) {
            this.store.factory.logr.throwing(classname, "authenticateUser(String ,String, char[], boolean)", e);
            if (e.getMessage().contains("CommunicationException")) {
                throw new CommunicationFailureException("Cannot connect to LDAP server");
            }
            throw new AuthenticationException("invalid username/password");
        }
    }

    public User authenticateUser(User user, String str, char[] cArr, boolean z) throws IMException {
        this.store.factory.logr.entering(classname, "authenticateUser(User, String, char[], boolean)");
        byte[] bArr = null;
        try {
            try {
                LdapContext acquireConnection = this.store.acquireConnection();
                if (z) {
                    Control[] requestControls = acquireConnection.getRequestControls();
                    int length = requestControls != null ? requestControls.length : 0;
                    Control[] controlArr = new Control[length + 1];
                    int i = 0;
                    while (i < length) {
                        controlArr[i] = requestControls[i];
                        i++;
                    }
                    controlArr[i] = new PasswordPolicyControl();
                    acquireConnection.setRequestControls(controlArr);
                }
                SearchControls searchControls = new SearchControls();
                searchControls.setReturningAttributes(new String[0]);
                searchControls.setSearchScope(0);
                try {
                    bArr = new String(cArr).getBytes("UTF-8");
                } catch (UnsupportedEncodingException e) {
                }
                this.store.factory.logr.logp(Level.FINER, classname, "authenticateUser(User, String, char[], boolean)", "Comparing password for " + user.getUniqueName());
                NamingEnumeration search = acquireConnection.search(user.getUniqueName(), "(" + str + "={0})", new Object[]{bArr}, searchControls);
                if (!search.hasMore()) {
                    this.store.factory.logr.logp(Level.FINER, classname, "authenticateUser(User, String, char[], boolean)", "Password mismatch !!");
                    throw new AuthenticationException("invalid username/password");
                }
                search.close();
                if (z) {
                    try {
                        Control[] responseControls = acquireConnection.getResponseControls();
                        if (responseControls != null && responseControls.length > 0) {
                            String id = responseControls[0].getID();
                            if (id.equals(OIDException.PASSWORD_EXPIRE_WARNING_CONTROL)) {
                                throw new AuthenticationWarningException("User Password Expire Warning", 9002);
                            }
                            if (id.equals(OIDException.PASSWORD_EXPIRE_GRACE_LOGIN_CONTROL)) {
                                throw new AuthenticationWarningException("User in Grace Login mode", 9008);
                            }
                            if (id.equals(OIDException.PASSWORD_EXPIRE_GRACETIME_CONTROL)) {
                                throw new AuthenticationWarningException("User in Grace Time mode", 9008);
                            }
                            if (id.equals(OIDException.PASSWORD_EXPIRE_MUST_CHANGE_CONTROL)) {
                                throw new AuthenticationWarningException("User password must be changed", 9009);
                            }
                        }
                    } catch (NamingException e2) {
                        this.store.factory.logr.logp(Level.FINER, classname, "authenticateUser(User, String, char[], boolean)", "Got following exception while reading response controls. Ignoring this exception.");
                        this.store.factory.logr.throwing(classname, "authenticateUser(User, String, char[], boolean)", e2);
                    }
                }
                if (acquireConnection != null) {
                    try {
                        this.store.releaseConnection(acquireConnection);
                    } catch (IMException e3) {
                    }
                }
                this.store.factory.logr.exiting(classname, "authenticateUser(User, String, char[], boolean)");
                return user;
            } catch (NamingException e4) {
                this.store.factory.logr.throwing(classname, "authenticateUser(User, String, char[], boolean)", e4);
                if (z) {
                    OIDException oIDException = new OIDException(e4);
                    if (oIDException.hasPasswordPolicyError()) {
                        int passwordPolicyErrorCode = oIDException.getPasswordPolicyErrorCode();
                        switch (passwordPolicyErrorCode) {
                            case 9000:
                                throw new AuthenticationException("Password has expired", oIDException.getNamingException(), 9000);
                            case 9001:
                                throw new AuthenticationException("The account is locked", oIDException.getNamingException(), 9001);
                            case 9005:
                                throw new AuthenticationException("Password is null", oIDException.getNamingException(), 9005);
                            case 9011:
                                throw new AuthenticationException("The account is locked from this IP address", oIDException.getNamingException(), 9011);
                            case 9038:
                                throw new AuthenticationException("The account is expirted", oIDException.getNamingException(), 9038);
                            case 9050:
                                throw new AuthenticationException("The account has been disabled", oIDException.getNamingException(), 9050);
                            case 9053:
                                throw new AuthenticationException("The account is inactive", oIDException.getNamingException(), 9053);
                            default:
                                throw new AuthenticationException("Password policy error encountered: " + oIDException.getNamingException().toString(), oIDException.getNamingException(), passwordPolicyErrorCode);
                        }
                    }
                }
                if (e4.getMessage().contains("CommunicationException")) {
                    throw new CommunicationFailureException("Cannot connect to LDAP server");
                }
                throw new AuthenticationException("invalid username/password");
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    this.store.releaseConnection(null);
                } catch (IMException e5) {
                }
            }
            this.store.factory.logr.exiting(classname, "authenticateUser(User, String, char[], boolean)");
            throw th;
        }
    }
}
