package org.opends.server.extensions;

import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizableMessageBuilder;
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.forgerock.opendj.config.server.ConfigurationChangeListener;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.forgerock.opendj.server.config.server.AttributeValuePasswordValidatorCfg;
import org.forgerock.opendj.server.config.server.PasswordValidatorCfg;
import org.opends.messages.ExtensionMessages;
import org.opends.server.api.PasswordValidator;
import org.opends.server.types.Attribute;
import org.opends.server.types.Attributes;
import org.opends.server.types.Entry;
import org.opends.server.types.Operation;

/* loaded from: input_file:WEB-INF/lib/opendj.jar:org/opends/server/extensions/AttributeValuePasswordValidator.class */
public class AttributeValuePasswordValidator extends PasswordValidator<AttributeValuePasswordValidatorCfg> implements ConfigurationChangeListener<AttributeValuePasswordValidatorCfg> {
    private AttributeValuePasswordValidatorCfg currentConfig;

    @Override // org.opends.server.api.PasswordValidator
    public void initializePasswordValidator(AttributeValuePasswordValidatorCfg attributeValuePasswordValidatorCfg) {
        attributeValuePasswordValidatorCfg.addAttributeValueChangeListener(this);
        this.currentConfig = attributeValuePasswordValidatorCfg;
    }

    @Override // org.opends.server.api.PasswordValidator
    public void finalizePasswordValidator() {
        this.currentConfig.removeAttributeValueChangeListener(this);
    }

    private boolean containsSubstring(String str, int i, Attribute attribute) {
        int length = str.length();
        for (int i2 = 0; i2 < length; i2++) {
            for (int i3 = i2 + i; i3 <= length; i3++) {
                Attribute create = Attributes.create(attribute.getAttributeDescription().getAttributeType(), str.substring(i2, i3));
                Iterator<ByteString> it = attribute.iterator();
                while (it.hasNext()) {
                    if (create.contains(it.next())) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    @Override // org.opends.server.api.PasswordValidator
    public boolean passwordIsAcceptable(ByteString byteString, Set<ByteString> set, Operation operation, Entry entry, LocalizableMessageBuilder localizableMessageBuilder) {
        AttributeValuePasswordValidatorCfg attributeValuePasswordValidatorCfg = this.currentConfig;
        String byteString2 = byteString.toString();
        String sb = new StringBuilder(byteString2).reverse().toString();
        int length = byteString2.length();
        if (attributeValuePasswordValidatorCfg.isCheckSubstrings() && attributeValuePasswordValidatorCfg.getMinSubstringLength() < byteString2.length()) {
            length = attributeValuePasswordValidatorCfg.getMinSubstringLength();
        }
        Set<AttributeType> matchAttribute = attributeValuePasswordValidatorCfg.getMatchAttribute();
        if (matchAttribute == null || matchAttribute.isEmpty()) {
            matchAttribute = entry.getUserAttributes().keySet();
        }
        ByteString valueOfUtf8 = ByteString.valueOfUtf8(byteString2);
        ByteString valueOfUtf82 = ByteString.valueOfUtf8(sb);
        Iterator<AttributeType> it = matchAttribute.iterator();
        while (it.hasNext()) {
            for (Attribute attribute : entry.getAllAttributes(it.next())) {
                if (attribute.contains(valueOfUtf8) || ((attributeValuePasswordValidatorCfg.isTestReversedPassword() && attribute.contains(valueOfUtf82)) || (attributeValuePasswordValidatorCfg.isCheckSubstrings() && containsSubstring(byteString2, length, attribute)))) {
                    localizableMessageBuilder.append(ExtensionMessages.ERR_ATTRVALUE_VALIDATOR_PASSWORD_IN_ENTRY.get());
                    return false;
                }
            }
        }
        return true;
    }

    @Override // org.opends.server.api.PasswordValidator
    public boolean isConfigurationAcceptable(PasswordValidatorCfg passwordValidatorCfg, List<LocalizableMessage> list) {
        return isConfigurationChangeAcceptable2((AttributeValuePasswordValidatorCfg) passwordValidatorCfg, list);
    }

    /* renamed from: isConfigurationChangeAcceptable, reason: avoid collision after fix types in other method */
    public boolean isConfigurationChangeAcceptable2(AttributeValuePasswordValidatorCfg attributeValuePasswordValidatorCfg, List<LocalizableMessage> list) {
        return true;
    }

    @Override // org.forgerock.opendj.config.server.ConfigurationChangeListener
    public ConfigChangeResult applyConfigurationChange(AttributeValuePasswordValidatorCfg attributeValuePasswordValidatorCfg) {
        this.currentConfig = attributeValuePasswordValidatorCfg;
        return new ConfigChangeResult();
    }

    @Override // org.forgerock.opendj.config.server.ConfigurationChangeListener
    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(AttributeValuePasswordValidatorCfg attributeValuePasswordValidatorCfg, List list) {
        return isConfigurationChangeAcceptable2(attributeValuePasswordValidatorCfg, (List<LocalizableMessage>) list);
    }
}
