package org.ldaptive.auth.ext;

import java.time.Period;
import java.time.ZonedDateTime;
import java.time.temporal.TemporalAmount;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.ResultCode;
import org.ldaptive.auth.AuthenticationResponse;
import org.ldaptive.auth.AuthenticationResponseHandler;
import org.ldaptive.auth.ext.FreeIPAAccountState;
import org.ldaptive.transcode.GeneralizedTimeValueTranscoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ldaptive/auth/ext/FreeIPAAuthenticationResponseHandler.class */
public class FreeIPAAuthenticationResponseHandler implements AuthenticationResponseHandler {
    public static final String[] ATTRIBUTES = {"krbPasswordExpiration", "krbLoginFailedCount", "krbLastPwdChange"};
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private Period expirationPeriod;
    private Period warningPeriod;
    private int maxLoginFailures;

    public FreeIPAAuthenticationResponseHandler() {
    }

    public FreeIPAAuthenticationResponseHandler(Period period, int i) {
        setWarningPeriod(period);
        setMaxLoginFailures(i);
    }

    public FreeIPAAuthenticationResponseHandler(Period period, Period period2, int i) {
        setExpirationPeriod(period);
        setWarningPeriod(period2);
        setMaxLoginFailures(i);
    }

    @Override // org.ldaptive.auth.AuthenticationResponseHandler
    public void handle(AuthenticationResponse authenticationResponse) {
        if (authenticationResponse.getResultCode() != ResultCode.SUCCESS) {
            FreeIPAAccountState.Error parse = FreeIPAAccountState.Error.parse(authenticationResponse.getResultCode(), authenticationResponse.getDiagnosticMessage());
            if (parse != null) {
                authenticationResponse.setAccountState(new FreeIPAAccountState(parse));
                return;
            }
            return;
        }
        if (authenticationResponse.isSuccess()) {
            LdapEntry ldapEntry = authenticationResponse.getLdapEntry();
            LdapAttribute attribute = ldapEntry.getAttribute("krbPasswordExpiration");
            LdapAttribute attribute2 = ldapEntry.getAttribute("krbLoginFailedCount");
            LdapAttribute attribute3 = ldapEntry.getAttribute("krbLastPwdChange");
            ZonedDateTime zonedDateTime = null;
            Integer num = null;
            if (attribute2 != null && this.maxLoginFailures > 0) {
                num = Integer.valueOf(this.maxLoginFailures - Integer.parseInt(attribute2.getStringValue()));
            }
            if (attribute != null) {
                zonedDateTime = (ZonedDateTime) attribute.getValue(new GeneralizedTimeValueTranscoder().decoder());
            } else if (this.expirationPeriod != null && attribute3 != null) {
                zonedDateTime = ((ZonedDateTime) attribute3.getValue(new GeneralizedTimeValueTranscoder().decoder())).plus((TemporalAmount) this.expirationPeriod);
            }
            if (zonedDateTime == null) {
                if (num == null || num.intValue() >= this.maxLoginFailures) {
                    return;
                }
                authenticationResponse.setAccountState(new FreeIPAAccountState(null, num.intValue()));
                return;
            }
            if (this.warningPeriod == null) {
                authenticationResponse.setAccountState(new FreeIPAAccountState(zonedDateTime, num != null ? num.intValue() : 0));
                return;
            }
            if (ZonedDateTime.now().isAfter(zonedDateTime.minus((TemporalAmount) this.warningPeriod))) {
                authenticationResponse.setAccountState(new FreeIPAAccountState(zonedDateTime, num != null ? num.intValue() : 0));
            }
        }
    }

    public int getMaxLoginFailures() {
        return this.maxLoginFailures;
    }

    public void setMaxLoginFailures(int i) {
        if (i < 0) {
            throw new IllegalArgumentException("Login failures must be >= 0");
        }
        this.maxLoginFailures = i;
    }

    public Period getExpirationPeriod() {
        return this.expirationPeriod;
    }

    public void setExpirationPeriod(Period period) {
        this.expirationPeriod = period;
    }

    public Period getWarningPeriod() {
        return this.warningPeriod;
    }

    public void setWarningPeriod(Period period) {
        this.warningPeriod = period;
    }

    public String toString() {
        return "[" + getClass().getName() + "@" + hashCode() + "::expirationPeriod=" + this.expirationPeriod + ", warningPeriod=" + this.warningPeriod + ", maxLoginFailures=" + this.maxLoginFailures + "]";
    }
}
