package org.apereo.services.persondir.support.ldap;

import java.time.DayOfWeek;
import java.time.LocalDate;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.ArrayList;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.TimeZone;
import org.apache.commons.pool2.impl.BaseObjectPoolConfig;
import org.apache.lucene.analysis.ar.ArabicStemmer;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.LdapUtils;
import org.ldaptive.handler.AbstractEntryHandler;
import org.ldaptive.handler.LdapEntryHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/person-directory-impl-2.0.13.jar:org/apereo/services/persondir/support/ldap/ActiveDirectoryLdapEntryHandler.class */
public class ActiveDirectoryLdapEntryHandler extends AbstractEntryHandler<LdapEntry> implements LdapEntryHandler {
    public static final int ACCOUNT_DISABLED = 2;
    public static final int LOCKOUT = 16;
    public static final int PASSWORD_EXPIRED = 8388608;
    protected final Logger logger = LoggerFactory.getLogger(getClass());

    private static String decodeLogonBits(byte b) {
        StringBuilder sb = new StringBuilder();
        sb.append((b & 1) > 0 ? "1" : "0");
        sb.append((b & 2) > 0 ? "1" : "0");
        sb.append((b & 4) > 0 ? "1" : "0");
        sb.append((b & 8) > 0 ? "1" : "0");
        sb.append((b & 16) > 0 ? "1" : "0");
        sb.append((b & 32) > 0 ? "1" : "0");
        sb.append((b & 64) > 0 ? "1" : "0");
        sb.append((b & 128) > 0 ? "1" : "0");
        return sb.toString();
    }

    @Override // org.ldaptive.handler.AbstractEntryHandler
    public boolean equals(Object obj) {
        return obj instanceof ActiveDirectoryLdapEntryHandler;
    }

    @Override // org.ldaptive.handler.AbstractEntryHandler
    public int hashCode() {
        return LdapUtils.computeHashCode(753, new Object[0]);
    }

    public String toString() {
        return "[" + getClass().getName() + "@" + hashCode() + "]";
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v31, types: [java.time.LocalDateTime, java.lang.Object] */
    @Override // java.util.function.Function
    public LdapEntry apply(LdapEntry ldapEntry) {
        LdapAttribute attribute = ldapEntry.getAttribute("userAccountControl");
        if (attribute != null) {
            int parseInt = Integer.parseInt(attribute.getStringValue());
            if ((parseInt & 16) == 16) {
                this.logger.warn("Account is disabled with UAC {} for entry {}", Integer.valueOf(parseInt), ldapEntry);
                return null;
            }
            if ((parseInt & 2) == 2) {
                this.logger.warn("Account is disabled with UAC {} for entry {}", Integer.valueOf(parseInt), ldapEntry);
                return null;
            }
            if ((parseInt & 8388608) == 8388608) {
                this.logger.warn("Account has expired");
                return null;
            }
        }
        if (ldapEntry.getAttribute("accountExpires") != null) {
            long parseLong = Long.parseLong(ldapEntry.getAttribute("accountExpires").getStringValue());
            this.logger.debug("Current active directory account expiration date {}", Long.valueOf(parseLong));
            if (parseLong > 0) {
                GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getDefault());
                gregorianCalendar.set(ArabicStemmer.FEH, 0, 1, 0, 0);
                ?? localDateTime = new Date(Long.valueOf((parseLong / BaseObjectPoolConfig.DEFAULT_EVICTOR_SHUTDOWN_TIMEOUT_MILLIS) + gregorianCalendar.getTime().getTime()).longValue()).toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime();
                LocalDateTime now = LocalDateTime.now();
                this.logger.debug("Now: {}, account expires at {}", now, (Object) localDateTime);
                if (localDateTime.isBefore(now)) {
                    this.logger.warn("Account has expired with date {}", (Object) localDateTime);
                    return null;
                }
            }
        }
        if (isValidLogonHour(ldapEntry)) {
            return ldapEntry;
        }
        this.logger.warn("Logon Hours are invalid and no attributes will be used");
        return null;
    }

    protected boolean isValidLogonHour(LdapEntry ldapEntry) {
        if (ldapEntry.getAttribute("logonHours") == null) {
            return true;
        }
        byte[] binaryValue = ldapEntry.getAttribute("logonHours").getBinaryValue();
        DayOfWeek[] dayOfWeekArr = {DayOfWeek.SUNDAY, DayOfWeek.MONDAY, DayOfWeek.TUESDAY, DayOfWeek.WEDNESDAY, DayOfWeek.THURSDAY, DayOfWeek.FRIDAY, DayOfWeek.SATURDAY};
        ArrayList arrayList = new ArrayList();
        int i = 0;
        while (i < dayOfWeekArr.length) {
            byte[] bArr = i == 6 ? new byte[]{binaryValue[19], binaryValue[20], binaryValue[0]} : new byte[]{binaryValue[i * 3], binaryValue[(i * 3) + 1], binaryValue[(i * 3) + 2]};
            StringBuilder sb = new StringBuilder();
            for (int i2 = 0; i2 < 3; i2++) {
                sb.append(decodeLogonBits(bArr[i2]));
            }
            arrayList.add(sb.toString());
            i++;
        }
        String[] strArr = new String[arrayList.size()];
        arrayList.toArray(strArr);
        DayOfWeek dayOfWeek = LocalDate.now().getDayOfWeek();
        int hour = LocalDateTime.now().getHour() - 1;
        if (hour < 0) {
            hour = 0;
        }
        this.logger.debug("Current day {}, current hour {}", dayOfWeek, Integer.valueOf(hour));
        for (int i3 = 0; i3 < dayOfWeekArr.length; i3++) {
            if (dayOfWeekArr[i3] == dayOfWeek) {
                String str = strArr[i3];
                this.logger.debug("Valid hours are {}", str);
                String valueOf = String.valueOf(str.charAt(hour));
                this.logger.debug("Hour enabled at {} is {}", Integer.valueOf(hour), valueOf);
                if (!valueOf.equalsIgnoreCase("1")) {
                    this.logger.warn("Invalid login hour");
                    return false;
                }
            }
        }
        return true;
    }
}
