package com.unboundid.ldap.listener;

import com.unboundid.asn1.ASN1OctetString;
import com.unboundid.ldap.sdk.BindResult;
import com.unboundid.ldap.sdk.Control;
import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.PLAINBindRequest;
import com.unboundid.ldap.sdk.ReadOnlyEntry;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl;
import com.unboundid.ldap.sdk.controls.AuthorizationIdentityResponseControl;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.NotNull;
import com.unboundid.util.Nullable;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import java.util.Arrays;
import java.util.List;
import java.util.Map;

@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
@NotMutable
/* loaded from: input_file:WEB-INF/lib/unboundid-ldapsdk-6.0.6.jar:com/unboundid/ldap/listener/PLAINBindHandler.class */
public final class PLAINBindHandler extends InMemorySASLBindHandler {
    @Override // com.unboundid.ldap.listener.InMemorySASLBindHandler
    @NotNull
    public String getSASLMechanismName() {
        return PLAINBindRequest.PLAIN_MECHANISM_NAME;
    }

    @Override // com.unboundid.ldap.listener.InMemorySASLBindHandler
    @NotNull
    public BindResult processSASLBind(@NotNull InMemoryRequestHandler inMemoryRequestHandler, int i, @NotNull DN dn, @Nullable ASN1OctetString aSN1OctetString, @NotNull List<Control> list) {
        boolean z;
        try {
            Map<String, Control> processControls = RequestControlPreProcessor.processControls((byte) 96, list);
            if (aSN1OctetString == null) {
                return new BindResult(i, ResultCode.INVALID_CREDENTIALS, ListenerMessages.ERR_PLAIN_BIND_NO_CREDENTIALS.get(), null, null, null);
            }
            int i2 = -1;
            int i3 = -1;
            byte[] value = aSN1OctetString.getValue();
            int i4 = 0;
            while (true) {
                if (i4 >= value.length) {
                    break;
                }
                if (value[i4] == 0) {
                    if (i2 >= 0) {
                        i3 = i4;
                        break;
                    }
                    i2 = i4;
                }
                i4++;
            }
            if (i3 < 0) {
                return new BindResult(i, ResultCode.INVALID_CREDENTIALS, ListenerMessages.ERR_PLAIN_BIND_MALFORMED_CREDENTIALS.get(), null, null, null);
            }
            String uTF8String = StaticUtils.toUTF8String(value, i2 + 1, (i3 - i2) - 1);
            String uTF8String2 = i2 == 0 ? null : StaticUtils.toUTF8String(value, 0, i2);
            try {
                DN dNForAuthzID = inMemoryRequestHandler.getDNForAuthzID(uTF8String);
                byte[] bArr = new byte[(value.length - i3) - 1];
                System.arraycopy(value, i3 + 1, bArr, 0, bArr.length);
                if (dNForAuthzID.isNullDN()) {
                    z = bArr.length == 0 && uTF8String2 == null;
                } else {
                    ReadOnlyEntry entry = inMemoryRequestHandler.getEntry(dNForAuthzID);
                    if (entry == null) {
                        z = Arrays.equals(bArr, inMemoryRequestHandler.getAdditionalBindCredentials(dNForAuthzID));
                    } else {
                        z = !inMemoryRequestHandler.getPasswordsInEntry(entry, new ASN1OctetString(bArr)).isEmpty();
                    }
                }
                if (!z) {
                    return new BindResult(i, ResultCode.INVALID_CREDENTIALS, null, null, null, null);
                }
                if (uTF8String2 != null) {
                    try {
                        dNForAuthzID = inMemoryRequestHandler.getDNForAuthzID(uTF8String2);
                    } catch (LDAPException e) {
                        Debug.debugException(e);
                        return new BindResult(i, ResultCode.INVALID_CREDENTIALS, e.getMessage(), e.getMatchedDN(), e.getReferralURLs(), e.getResponseControls());
                    }
                }
                inMemoryRequestHandler.setAuthenticatedDN(dNForAuthzID);
                return new BindResult(i, ResultCode.SUCCESS, null, null, null, processControls.containsKey(AuthorizationIdentityRequestControl.AUTHORIZATION_IDENTITY_REQUEST_OID) ? dNForAuthzID == null ? new Control[]{new AuthorizationIdentityResponseControl("")} : new Control[]{new AuthorizationIdentityResponseControl("dn:" + dNForAuthzID.toString())} : null);
            } catch (LDAPException e2) {
                Debug.debugException(e2);
                return new BindResult(i, ResultCode.INVALID_CREDENTIALS, e2.getMessage(), e2.getMatchedDN(), e2.getReferralURLs(), e2.getResponseControls());
            }
        } catch (LDAPException e3) {
            Debug.debugException(e3);
            return new BindResult(i, e3.getResultCode(), e3.getMessage(), e3.getMatchedDN(), e3.getReferralURLs(), e3.getResponseControls());
        }
    }
}
