package com.sun.identity.authentication.modules.ldap;

import com.sun.identity.authentication.spi.AMAuthCallBackException;
import com.sun.identity.authentication.spi.AMAuthCallBackImpl;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.authentication.spi.InvalidPasswordException;
import com.sun.identity.authentication.spi.UserNamePasswordValidationException;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.shared.debug.Debug;
import java.security.Principal;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.ConfirmationCallback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import org.apache.commons.lang.StringUtils;
import org.forgerock.openam.ldap.LDAPAuthUtils;
import org.forgerock.openam.ldap.LDAPUtilException;
import org.forgerock.openam.ldap.ModuleState;
import org.forgerock.openam.utils.Time;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;

/* loaded from: input_file:com/sun/identity/authentication/modules/ldap/LDAP.class */
public class LDAP extends AMLoginModule {
    private static final String USER_CREATION_ATTR = "iplanet-am-ldap-user-creation-attr-list";
    private static final String INVALID_CHARS = "iplanet-am-auth-ldap-invalid-chars";
    private static final String PIPE_SEPARATOR = "|";
    private static final String AM_AUTH = "amAuth";
    private static final String OPERATION_TIMEOUT_ATTR = "openam-auth-ldap-operation-timeout";
    private static final String OVERRIDE_SHAREDSTATE_USERNAME_ENABLED = "iplanet-am-auth-ldap-override-sharedstate-username-enabled";
    protected String validatedUserID;
    private String userName;
    private String userPassword;
    private String regEx;
    private String currentConfigName;
    private String bindDN;
    private String protocolVersion;
    private int currentState;
    protected LDAPAuthUtils ldapUtil;
    private boolean isReset;
    private boolean isProfileCreationEnabled;
    private boolean getCredentialsFromSharedState;
    private boolean overrideSharedstateUsernameEnabled;
    private Map sharedState;
    public Map currentConfig;
    protected Debug debug;
    protected Principal userPrincipal;
    private boolean sslTrustAll = false;
    private boolean isSecure = false;
    private boolean useStartTLS = false;
    ResourceBundle bundle = null;
    private int requiredPasswordLength = 0;
    private Boolean useBindingForAuth = false;
    private AMAuthCallBackImpl callbackImpl = null;
    private Set userCreationAttrs = new HashSet();
    private HashMap userAttrMap = new HashMap();
    protected String amAuthLDAP = "amAuthLDAP";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.sun.identity.authentication.modules.ldap.LDAP$1, reason: invalid class name */
    /* loaded from: input_file:com/sun/identity/authentication/modules/ldap/LDAP$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$forgerock$openam$ldap$ModuleState = new int[ModuleState.values().length];

        static {
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.SUCCESS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.PASSWORD_EXPIRING.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.PASSWORD_RESET_STATE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.CHANGE_AFTER_RESET.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.PASSWORD_EXPIRED_STATE.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.ACCOUNT_LOCKED.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.GRACE_LOGINS.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.TIME_BEFORE_EXPIRATION.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.USER_NOT_FOUND.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.SERVER_DOWN.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.PASSWORD_UPDATED_SUCCESSFULLY.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.PASSWORD_NOT_UPDATE.ordinal()] = 12;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.PASSWORD_MISMATCH.ordinal()] = 13;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.WRONG_PASSWORD_ENTERED.ordinal()] = 14;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.PASSWORD_MIN_CHARACTERS.ordinal()] = 15;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.USER_PASSWORD_SAME.ordinal()] = 16;
            } catch (NoSuchFieldError e16) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.INSUFFICIENT_PASSWORD_QUALITY.ordinal()] = 17;
            } catch (NoSuchFieldError e17) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.PASSWORD_IN_HISTORY.ordinal()] = 18;
            } catch (NoSuchFieldError e18) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.PASSWORD_TOO_SHORT.ordinal()] = 19;
            } catch (NoSuchFieldError e19) {
            }
            try {
                $SwitchMap$org$forgerock$openam$ldap$ModuleState[ModuleState.PASSWORD_TOO_YOUNG.ordinal()] = 20;
            } catch (NoSuchFieldError e20) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/sun/identity/authentication/modules/ldap/LDAP$LoginScreen.class */
    public enum LoginScreen {
        LOGIN_START(1, "loginState"),
        PASSWORD_CHANGE(2, "passwordChange"),
        PASSWORD_EXPIRED_SCREEN(3, "passwordExpired"),
        USER_INACTIVE(4, "userInactive"),
        ACCOUNT_LOCKED(5, "accountLocked");

        private static final Map<Integer, LoginScreen> lookup = new HashMap();
        private final int state;
        private final String name;

        LoginScreen(int i, String str) {
            this.state = i;
            this.name = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.name;
        }

        public static LoginScreen get(int i) {
            return lookup.get(Integer.valueOf(i));
        }

        int intValue() {
            return this.state;
        }

        static {
            Iterator it = EnumSet.allOf(LoginScreen.class).iterator();
            while (it.hasNext()) {
                LoginScreen loginScreen = (LoginScreen) it.next();
                lookup.put(Integer.valueOf(loginScreen.intValue()), loginScreen);
            }
        }
    }

    public LDAP() {
        this.debug = null;
        this.debug = Debug.getInstance(this.amAuthLDAP);
    }

    public void init(Subject subject, Map map, Map map2) {
        this.currentConfig = map2;
        this.currentConfigName = (String) map2.get("moduleInstanceName");
        this.overrideSharedstateUsernameEnabled = Boolean.valueOf(CollectionHelper.getMapAttr(this.currentConfig, OVERRIDE_SHAREDSTATE_USERNAME_ENABLED, "false")).booleanValue();
        Locale loginLocale = getLoginLocale();
        this.bundle = amCache.getResBundle(this.amAuthLDAP, loginLocale);
        if (this.debug.messageEnabled()) {
            this.debug.message("LDAP resbundle locale=" + loginLocale);
        }
        this.sharedState = map;
    }

    public boolean initializeLDAP() throws AuthLoginException {
        this.debug.message("LDAP initialize()");
        try {
            Set serverMapAttrs = CollectionHelper.getServerMapAttrs(this.currentConfig, "iplanet-am-auth-ldap-server");
            Set serverMapAttrs2 = CollectionHelper.getServerMapAttrs(this.currentConfig, "iplanet-am-auth-ldap-server2");
            String serverMapAttr = CollectionHelper.getServerMapAttr(this.currentConfig, "iplanet-am-auth-ldap-base-dn");
            String mapAttr = CollectionHelper.getMapAttr(this.currentConfig, "iplanet-am-auth-ldap-min-password-length");
            if (mapAttr != null) {
                try {
                    this.requiredPasswordLength = Integer.parseInt(mapAttr);
                } catch (NumberFormatException e) {
                    this.debug.error("LDAP.initializeLDAP : " + mapAttr, e);
                }
            }
            this.bindDN = CollectionHelper.getMapAttr(this.currentConfig, "iplanet-am-auth-ldap-bind-dn", "");
            this.useBindingForAuth = Boolean.valueOf(StringUtils.isEmpty(this.bindDN));
            if (serverMapAttr == null && !this.useBindingForAuth.booleanValue()) {
                this.debug.error("BaseDN for search was null");
            }
            char[] charArray = CollectionHelper.getMapAttr(this.currentConfig, "iplanet-am-auth-ldap-bind-passwd", "").toCharArray();
            String mapAttr2 = CollectionHelper.getMapAttr(this.currentConfig, "iplanet-am-auth-ldap-user-naming-attribute", "uid");
            Set set = (Set) this.currentConfig.get("iplanet-am-auth-ldap-user-search-attributes");
            String mapAttr3 = CollectionHelper.getMapAttr(this.currentConfig, "iplanet-am-auth-ldap-search-filter", "");
            String mapAttr4 = CollectionHelper.getMapAttr(this.currentConfig, "openam-auth-ldap-connection-mode", "LDAP");
            this.useStartTLS = mapAttr4.equalsIgnoreCase("StartTLS");
            this.isSecure = mapAttr4.equalsIgnoreCase("LDAPS") || this.useStartTLS;
            this.protocolVersion = CollectionHelper.getMapAttr(this.currentConfig, "openam-auth-ldap-secure-protocol-version", "TLS");
            getUserCreationAttrs(this.currentConfig);
            String mapAttr5 = CollectionHelper.getMapAttr(this.currentConfig, "iplanet-am-auth-ldap-search-scope", "SUBTREE");
            String mapAttr6 = CollectionHelper.getMapAttr(this.currentConfig, "iplanet-am-auth-ldap-auth-level");
            if (mapAttr6 != null) {
                try {
                    setAuthLevel(Integer.parseInt(mapAttr6));
                } catch (Exception e2) {
                    this.debug.error("Unable to set auth level " + mapAttr6);
                }
            }
            SearchScope searchScope = SearchScope.WHOLE_SUBTREE;
            if (mapAttr5.equalsIgnoreCase("OBJECT")) {
                searchScope = SearchScope.BASE_OBJECT;
            } else if (mapAttr5.equalsIgnoreCase("ONELEVEL")) {
                searchScope = SearchScope.SINGLE_LEVEL;
            }
            String mapAttr7 = CollectionHelper.getMapAttr(this.currentConfig, "iplanet-am-auth-ldap-return-user-dn", "true");
            this.regEx = CollectionHelper.getMapAttr(this.currentConfig, INVALID_CHARS);
            boolean booleanValue = Boolean.valueOf(CollectionHelper.getMapAttr(this.currentConfig, "iplanet-am-auth-ldap-behera-password-policy-enabled", "false")).booleanValue();
            this.sslTrustAll = Boolean.valueOf(CollectionHelper.getMapAttr(this.currentConfig, "iplanet-am-auth-ldap-ssl-trust-all", "false")).booleanValue();
            int intMapAttr = CollectionHelper.getIntMapAttr(this.currentConfig, "openam-auth-ldap-heartbeat-interval", 10, this.debug);
            String mapAttr8 = CollectionHelper.getMapAttr(this.currentConfig, "openam-auth-ldap-heartbeat-timeunit", "SECONDS");
            int intMapAttr2 = CollectionHelper.getIntMapAttr(this.currentConfig, OPERATION_TIMEOUT_ATTR, 0, this.debug);
            this.isProfileCreationEnabled = isDynamicProfileCreationEnabled();
            this.ldapUtil = new LDAPAuthUtils(serverMapAttrs, serverMapAttrs2, this.isSecure, this.bundle, serverMapAttr, this.useBindingForAuth.booleanValue(), this.debug);
            this.ldapUtil.setScope(searchScope);
            this.ldapUtil.setFilter(mapAttr3);
            this.ldapUtil.setUserNamingAttribute(mapAttr2);
            this.ldapUtil.setUserSearchAttribute(set);
            this.ldapUtil.setAuthPassword(charArray);
            this.ldapUtil.setAuthDN(this.bindDN);
            this.ldapUtil.setReturnUserDN(mapAttr7);
            this.ldapUtil.setUserAttributes(this.userCreationAttrs);
            this.ldapUtil.setTrustAll(this.sslTrustAll);
            this.ldapUtil.setUseStartTLS(this.useStartTLS);
            this.ldapUtil.setDynamicProfileCreationEnabled(this.isProfileCreationEnabled);
            this.ldapUtil.setBeheraEnabled(booleanValue);
            this.ldapUtil.setHeartBeatInterval(intMapAttr);
            this.ldapUtil.setHeartBeatTimeUnit(mapAttr8);
            this.ldapUtil.setOperationTimeout(intMapAttr2);
            this.ldapUtil.setProtocolVersion(this.protocolVersion);
            this.ldapUtil.setUseBindingForAuth(this.useBindingForAuth.booleanValue());
            if (!this.debug.messageEnabled()) {
                return true;
            }
            this.debug.message("bindDN-> " + this.bindDN + "\nuseBindingForAuth-> " + this.useBindingForAuth + "\nrequiredPasswordLength-> " + this.requiredPasswordLength + "\nbaseDN-> " + serverMapAttr + "\nuserNamingAttr-> " + mapAttr2 + "\nuserSearchAttr(s)-> " + set + "\nuserCreationAttrs-> " + this.userCreationAttrs + "\nsearchFilter-> " + mapAttr3 + "\nsearchScope-> " + searchScope + "\nisSecure-> " + this.isSecure + "\nuseStartTLS-> " + this.useStartTLS + "\ntrustAll-> " + this.sslTrustAll + "\nauthLevel-> " + mapAttr6 + "\nbeheraEnabled->" + booleanValue + "\nprimaryServers-> " + serverMapAttrs + "\nsecondaryServers-> " + serverMapAttrs2 + "\nheartBeatInterval-> " + intMapAttr + "\nheartBeatTimeUnit-> " + mapAttr8 + "\noperationTimeout-> " + intMapAttr2 + "\nPattern : " + this.regEx);
            return true;
        } catch (Exception e3) {
            this.debug.error("Init Exception", e3);
            throw new AuthLoginException(AM_AUTH, "LDAPex", (Object[]) null, e3);
        }
    }

    public int process(Callback[] callbackArr, int i) throws AuthLoginException {
        ModuleState state;
        ModuleState moduleState;
        this.currentState = i;
        LoginScreen loginScreen = LoginScreen.get(i);
        try {
            if (!loginScreen.equals(LoginScreen.LOGIN_START)) {
                if (!loginScreen.equals(LoginScreen.PASSWORD_CHANGE)) {
                    setFailureID(this.ldapUtil.getUserId(this.userName));
                    throw new AuthLoginException(AM_AUTH, "LDAPex", (Object[]) null);
                }
                if (this.debug.messageEnabled()) {
                    this.debug.message("you are in Password Screen:" + this.currentState);
                }
                if (((ConfirmationCallback) callbackArr[3]).getSelectedIndex() != 0) {
                    if (this.isReset) {
                        this.isReset = false;
                        return LoginScreen.LOGIN_START.intValue();
                    }
                    this.validatedUserID = this.ldapUtil.getUserId();
                    return -1;
                }
                String charToString = charToString(((PasswordCallback) callbackArr[0]).getPassword(), callbackArr[0]);
                String charToString2 = charToString(((PasswordCallback) callbackArr[1]).getPassword(), callbackArr[1]);
                String charToString3 = charToString(((PasswordCallback) callbackArr[2]).getPassword(), callbackArr[2]);
                try {
                    validatePassword(charToString2);
                    int i2 = 0;
                    if (charToString2 != null) {
                        i2 = charToString2.length();
                    }
                    if (i2 < this.requiredPasswordLength) {
                        if (this.debug.messageEnabled()) {
                            this.debug.message("LDAP.process: new password less than the minimal length of " + this.requiredPasswordLength);
                        }
                        state = ModuleState.PASSWORD_MIN_CHARACTERS;
                        getLoginState("LDAP").logFailed(state.name(), "CHANGE_USER_PASSWORD_FAILED", false, (String) null);
                    } else {
                        this.ldapUtil.changePassword(charToString, charToString2, charToString3);
                        state = this.ldapUtil.getState();
                        if (state == ModuleState.PASSWORD_UPDATED_SUCCESSFULLY) {
                            getLoginState("LDAP").logSuccess("changePasswdSucceeded", "CHANGE_USER_PASSWORD_SUCCEEDED");
                        } else {
                            getLoginState("LDAP").logFailed(state.name(), "CHANGE_USER_PASSWORD_FAILED", false, (String) null);
                        }
                    }
                    processPasswordScreen(state);
                    if (this.debug.messageEnabled()) {
                        this.debug.message("Password change state :" + state);
                    }
                } catch (UserNamePasswordValidationException e) {
                    if (this.debug.messageEnabled()) {
                        this.debug.message("Password could not be validated, need a different password");
                    }
                    replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), this.bundle.getString("NewPasswordInvalid"));
                    this.currentState = LoginScreen.PASSWORD_CHANGE.intValue();
                }
                return this.currentState;
            }
            if (callbackArr == null || callbackArr.length == 0) {
                this.userName = (String) this.sharedState.get(getUserKey());
                this.userPassword = (String) this.sharedState.get(getPwdKey());
                if (this.userName == null || this.userPassword == null) {
                    return LoginScreen.LOGIN_START.intValue();
                }
                this.getCredentialsFromSharedState = true;
            } else {
                this.userName = ((NameCallback) callbackArr[0]).getName();
                this.userPassword = charToString(((PasswordCallback) callbackArr[1]).getPassword(), callbackArr[1]);
            }
            if (this.userPassword == null || this.userPassword.length() == 0) {
                if (this.debug.messageEnabled()) {
                    this.debug.message("LDAP.process: Password is null/empty");
                }
                throw new InvalidPasswordException(AM_AUTH, "invalidPasswd", (Object[]) null);
            }
            storeUsernamePasswd(this.userName, this.userPassword);
            if (initializeLDAP()) {
                validateUserName(this.userName, this.regEx);
                this.ldapUtil.authenticateUser(this.userName, this.userPassword);
                moduleState = this.ldapUtil.getState();
            } else {
                moduleState = ModuleState.SERVER_DOWN;
            }
            boolean z = true;
            if (moduleState == ModuleState.SUCCESS) {
                try {
                    validatePassword(this.userPassword);
                } catch (UserNamePasswordValidationException e2) {
                    if (this.debug.messageEnabled()) {
                        this.debug.message("Password does not satisfy password policy rules specified in OpenAM");
                    }
                    this.isReset = true;
                    replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), this.bundle.getString("PasswordInvalid"));
                    this.currentState = LoginScreen.PASSWORD_CHANGE.intValue();
                    z = false;
                }
                if (this.overrideSharedstateUsernameEnabled) {
                    storeUsernamePasswd(this.ldapUtil.getUserNamingValue(), this.userPassword);
                    if (this.debug.messageEnabled()) {
                        this.debug.message("Override SharedState UserName -> ldapUtil.getUserNamingValue(): " + this.ldapUtil.getUserNamingValue());
                    }
                }
            }
            if (z) {
                processLoginScreen(moduleState);
            }
            return this.currentState;
        } catch (LDAPUtilException e3) {
            if (this.getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
                this.getCredentialsFromSharedState = false;
                return LoginScreen.LOGIN_START.intValue();
            }
            setFailureID(this.ldapUtil != null ? this.ldapUtil.getUserId(this.userName) : this.userName);
            if (e3.getResultCode().equals(ResultCode.NO_SUCH_OBJECT)) {
                if (this.debug.messageEnabled()) {
                    this.debug.message("The specified user does not exist.");
                }
                throw new AuthLoginException(AM_AUTH, "NoUser", (Object[]) null);
            }
            if (e3.getResultCode().equals(ResultCode.INVALID_CREDENTIALS)) {
                if (this.debug.messageEnabled()) {
                    this.debug.message("Invalid password.");
                }
                throw new InvalidPasswordException(AM_AUTH, "InvalidUP", (Object[]) null, this.ldapUtil.getUserId(), (Throwable) null);
            }
            if (e3.getResultCode().equals(ResultCode.UNWILLING_TO_PERFORM)) {
                if (this.debug.messageEnabled()) {
                    this.debug.message("Unwilling to perform. Account inactivated.");
                }
                this.currentState = LoginScreen.USER_INACTIVE.intValue();
                return this.currentState;
            }
            if (e3.getResultCode().equals(ResultCode.INAPPROPRIATE_AUTHENTICATION)) {
                if (this.debug.messageEnabled()) {
                    this.debug.message("Inappropriate authentication.");
                }
                throw new AuthLoginException(AM_AUTH, "InappAuth", (Object[]) null);
            }
            if (!e3.getResultCode().equals(ResultCode.CONSTRAINT_VIOLATION)) {
                throw new AuthLoginException(AM_AUTH, "LDAPex", (Object[]) null);
            }
            if (this.debug.messageEnabled()) {
                this.debug.message("Exceed password retry limit.");
            }
            throw new AuthLoginException(this.amAuthLDAP, "ExceedRetryLimit", (Object[]) null);
        } catch (UserNamePasswordValidationException e4) {
            if (this.debug.messageEnabled()) {
                this.debug.message("Invalid Characters detected");
            }
            throw new AuthLoginException(e4);
        }
    }

    public Principal getPrincipal() {
        if (this.userPrincipal != null) {
            return this.userPrincipal;
        }
        if (this.validatedUserID == null) {
            return null;
        }
        this.userPrincipal = new LDAPPrincipal(this.validatedUserID);
        return this.userPrincipal;
    }

    public void destroyModuleState() {
        this.validatedUserID = null;
        this.userPrincipal = null;
    }

    public void nullifyUsedVars() {
        this.bundle = null;
        this.userName = null;
        this.userPassword = null;
        this.regEx = null;
        this.userCreationAttrs = null;
        this.userAttrMap = null;
        this.sharedState = null;
        this.currentConfig = null;
        this.amAuthLDAP = null;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:3:0x0008. Please report as an issue. */
    private void processLoginScreen(ModuleState moduleState) throws AuthLoginException {
        try {
            switch (AnonymousClass1.$SwitchMap$org$forgerock$openam$ldap$ModuleState[moduleState.ordinal()]) {
                case 1:
                    this.validatedUserID = this.ldapUtil.getUserId();
                    createProfile();
                    this.currentState = -1;
                    setForceCallbacksRead(false);
                    return;
                case 2:
                    String formatMessage = com.sun.identity.shared.locale.Locale.formatMessage(this.bundle.getString("PasswordExp"), this.ldapUtil.getExpTime());
                    setForceCallbacksRead(true);
                    forceCallbacksInit();
                    replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), formatMessage);
                    this.currentState = LoginScreen.PASSWORD_CHANGE.intValue();
                    return;
                case 3:
                case 4:
                    this.isReset = true;
                    String string = this.bundle.getString("PasswordReset");
                    setForceCallbacksRead(true);
                    forceCallbacksInit();
                    replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), string);
                    this.currentState = LoginScreen.PASSWORD_CHANGE.intValue();
                    return;
                case 5:
                    setFailureID(this.ldapUtil.getUserId(this.userName));
                    this.currentState = LoginScreen.PASSWORD_EXPIRED_SCREEN.intValue();
                    return;
                case 6:
                    setFailureID(this.ldapUtil.getUserId(this.userName));
                    this.currentState = LoginScreen.ACCOUNT_LOCKED.intValue();
                    return;
                case 7:
                    String formatMessage2 = com.sun.identity.shared.locale.Locale.formatMessage(this.bundle.getString("GraceLogins"), Integer.valueOf(this.ldapUtil.getGraceLogins()));
                    setForceCallbacksRead(true);
                    forceCallbacksInit();
                    if (this.ldapUtil.getGraceLogins() == 1) {
                        ConfirmationCallback[] callback = getCallback(LoginScreen.PASSWORD_CHANGE.intValue());
                        for (int i = 0; i < callback.length; i++) {
                            ConfirmationCallback confirmationCallback = callback[i];
                            if (confirmationCallback instanceof ConfirmationCallback) {
                                ConfirmationCallback confirmationCallback2 = confirmationCallback;
                                String[] options = confirmationCallback2.getOptions();
                                String[] strArr = new String[1];
                                System.arraycopy(options, 0, strArr, 0, 1);
                                replaceCallback(LoginScreen.PASSWORD_CHANGE.intValue(), i, new ConfirmationCallback(confirmationCallback2.getMessageType(), strArr, confirmationCallback2.getDefaultOption()));
                            }
                        }
                    }
                    replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), formatMessage2);
                    this.currentState = LoginScreen.PASSWORD_CHANGE.intValue();
                    return;
                case 8:
                    String formatMessage3 = com.sun.identity.shared.locale.Locale.formatMessage(this.bundle.getString("TimeBeforeExpiration"), this.ldapUtil.getExpTime());
                    setForceCallbacksRead(true);
                    forceCallbacksInit();
                    replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), formatMessage3);
                    this.currentState = LoginScreen.PASSWORD_CHANGE.intValue();
                    setFailureID(this.userName);
                    throw new LDAPUtilException("noUserMatchFound", (Object[]) null);
                case 9:
                    setFailureID(this.userName);
                    throw new LDAPUtilException("noUserMatchFound", (Object[]) null);
                case 10:
                    throw new AuthLoginException(AM_AUTH, "LDAPex", (Object[]) null);
                default:
                    return;
            }
        } catch (LDAPUtilException e) {
            if (!this.getCredentialsFromSharedState || isUseFirstPassEnabled()) {
                if (moduleState != ModuleState.USER_NOT_FOUND) {
                    this.debug.error("Unknown Login State:", e);
                }
                throw new AuthLoginException(AM_AUTH, "LDAPex", (Object[]) null, e);
            }
            this.getCredentialsFromSharedState = false;
            this.currentState = LoginScreen.LOGIN_START.intValue();
        }
    }

    private void processPasswordScreen(ModuleState moduleState) throws AuthLoginException {
        switch (AnonymousClass1.$SwitchMap$org$forgerock$openam$ldap$ModuleState[moduleState.ordinal()]) {
            case 11:
                this.validatedUserID = this.ldapUtil.getUserId();
                createProfile();
                this.currentState = -1;
                try {
                    this.callbackImpl = AMAuthCallBackImpl.getInstance(getRequestOrg());
                    this.callbackImpl.processedPasswordChange(new Long(Time.currentTimeMillis()), this.validatedUserID);
                    return;
                } catch (AMAuthCallBackException e) {
                    if (this.debug.errorEnabled()) {
                        this.debug.error("process : unable to get AMAuthCallBackImpl instance or callback module raised an exception.", e);
                        return;
                    }
                    return;
                }
            case 12:
                replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), this.bundle.getString("PInvalid"));
                this.currentState = LoginScreen.PASSWORD_CHANGE.intValue();
                return;
            case 13:
                replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), this.bundle.getString("PasswdMismatch"));
                this.currentState = LoginScreen.PASSWORD_CHANGE.intValue();
                return;
            case 14:
                replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), this.bundle.getString("PasswdSame"));
                this.currentState = LoginScreen.PASSWORD_CHANGE.intValue();
                return;
            case 15:
                replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), this.bundle.getString("PasswdMinChars"));
                this.currentState = LoginScreen.PASSWORD_CHANGE.intValue();
                return;
            case 16:
                replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), this.bundle.getString("UPsame"));
                this.currentState = LoginScreen.PASSWORD_CHANGE.intValue();
                return;
            case 17:
                replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), this.bundle.getString("inPwdQual"));
                this.currentState = LoginScreen.PASSWORD_CHANGE.intValue();
                return;
            case 18:
                replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), this.bundle.getString("pwdInHist"));
                this.currentState = LoginScreen.PASSWORD_CHANGE.intValue();
                return;
            case 19:
                replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), this.bundle.getString("pwdToShort"));
                this.currentState = LoginScreen.PASSWORD_CHANGE.intValue();
                return;
            case 20:
                replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), this.bundle.getString("pwdToYoung"));
                this.currentState = LoginScreen.PASSWORD_CHANGE.intValue();
                return;
            default:
                return;
        }
    }

    private void createProfile() {
        if (!this.isProfileCreationEnabled || this.userCreationAttrs.size() <= 0) {
            return;
        }
        Map userAttributeValues = this.ldapUtil.getUserAttributeValues();
        if (this.debug.messageEnabled()) {
            this.debug.message("user creation attributes: " + userAttributeValues);
        }
        setUserAttributes(getAttributeMap(userAttributeValues));
    }

    private String charToString(char[] cArr, Callback callback) {
        if (cArr == null) {
            cArr = new char[0];
        }
        char[] cArr2 = new char[cArr.length];
        System.arraycopy(cArr, 0, cArr2, 0, cArr.length);
        ((PasswordCallback) callback).clearPassword();
        return new String(cArr2);
    }

    private void getUserCreationAttrs(Map map) {
        Set<String> set = (Set) map.get(USER_CREATION_ATTR);
        if (this.debug.messageEnabled()) {
            this.debug.message("attrs is : " + set);
        }
        if (set == null || set.isEmpty()) {
            return;
        }
        for (String str : set) {
            int indexOf = str.indexOf(PIPE_SEPARATOR);
            if (indexOf != -1) {
                String substring = str.substring(0, indexOf);
                String substring2 = str.substring(indexOf + 1, str.length());
                if (substring2 == null || substring2.length() == 0) {
                    this.userCreationAttrs.add(substring);
                    this.userAttrMap.put(substring, substring);
                } else {
                    this.userCreationAttrs.add(substring2);
                    this.userAttrMap.put(substring, substring2);
                }
            } else {
                this.userCreationAttrs.add(str);
                this.userAttrMap.put(str, str);
            }
        }
    }

    private Map getAttributeMap(Map map) {
        if (this.debug.messageEnabled()) {
            this.debug.message("In getAttribute Map: " + map);
        }
        HashMap hashMap = new HashMap();
        for (String str : this.userAttrMap.keySet()) {
            Set set = (Set) map.get((String) this.userAttrMap.get(str));
            if (this.debug.messageEnabled()) {
                this.debug.message("key is : " + str);
                this.debug.message("value is : " + set);
            }
            if (set != null) {
                hashMap.put(str, set);
            }
        }
        if (this.debug.messageEnabled()) {
            this.debug.message("New attr map is : " + hashMap);
        }
        return hashMap;
    }
}
