package org.apache.directory.server.config.listener;

import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.DefaultAttribute;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.server.config.ConfigPartitionReader;
import org.apache.directory.server.config.beans.PasswordPolicyBean;
import org.apache.directory.server.config.builder.ServiceBuilder;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.InterceptorEnum;
import org.apache.directory.server.core.api.authn.ppolicy.PasswordPolicyConfiguration;
import org.apache.directory.server.core.api.event.DirectoryListenerAdapter;
import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.api.interceptor.context.DeleteOperationContext;
import org.apache.directory.server.core.api.interceptor.context.ModifyOperationContext;
import org.apache.directory.server.core.authn.ppolicy.PpolicyConfigContainer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/config/listener/ConfigChangeListener.class */
public class ConfigChangeListener extends DirectoryListenerAdapter {
    private ConfigPartitionReader cpReader;
    private PpolicyConfigContainer ppolicyConfigContainer;
    private Dn ppolicyConfigDnRoot;
    private static final String PPOLICY_OC_NAME = "ads-passwordPolicy";
    private Attribute passwordPolicyObjectClassAttribute;
    private static final Logger LOG = LoggerFactory.getLogger(ConfigChangeListener.class);

    public ConfigChangeListener(ConfigPartitionReader configPartitionReader, DirectoryService directoryService) throws LdapException {
        this.cpReader = configPartitionReader;
        this.ppolicyConfigDnRoot = new Dn(directoryService.getSchemaManager(), new String[]{"ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config"});
        this.ppolicyConfigContainer = directoryService.getInterceptor(InterceptorEnum.AUTHENTICATION_INTERCEPTOR.getName()).getPwdPolicyContainer();
        this.passwordPolicyObjectClassAttribute = new DefaultAttribute(directoryService.getAtProvider().getObjectClass(), new String[]{PPOLICY_OC_NAME});
    }

    public void entryAdded(AddOperationContext addOperationContext) {
        updatePasswordPolicy(addOperationContext.getEntry(), false);
    }

    public void entryDeleted(DeleteOperationContext deleteOperationContext) {
        updatePasswordPolicy(deleteOperationContext.getEntry(), true);
    }

    public void entryModified(ModifyOperationContext modifyOperationContext) {
        updatePasswordPolicy(modifyOperationContext.getAlteredEntry(), false);
    }

    private void updatePasswordPolicy(Entry entry, boolean z) {
        Dn dn = entry.getDn();
        if (dn.isDescendantOf(this.ppolicyConfigDnRoot) && entry.contains(new Attribute[]{this.passwordPolicyObjectClassAttribute})) {
            if (z) {
                LOG.debug("Deleting ppolicy config {}", dn);
                this.ppolicyConfigContainer.removePolicyConfig(dn);
                return;
            }
            try {
                PasswordPolicyBean readConfig = this.cpReader.readConfig(entry);
                if (readConfig.isDisabled()) {
                    LOG.debug("Deleting disabled ppolicy config {}", dn);
                    this.ppolicyConfigContainer.removePolicyConfig(dn);
                    return;
                }
                PasswordPolicyConfiguration createPwdPolicyConfig = ServiceBuilder.createPwdPolicyConfig(readConfig);
                if (this.ppolicyConfigContainer.getPolicyConfig(dn) == null) {
                    LOG.debug("Adding ppolicy config {}", dn);
                } else {
                    LOG.debug("Updating ppolicy config {}", dn);
                }
                this.ppolicyConfigContainer.addPolicy(dn, createPwdPolicyConfig);
            } catch (Exception e) {
                LOG.warn("Failed to read the updated ppolicy configuration from {}", dn);
                LOG.warn("", e);
            }
        }
    }
}
