package blackboard.platform.security.authentication;

import blackboard.platform.security.SecurityUtil;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.TimeZone;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;

/* loaded from: input_file:blackboard/platform/security/authentication/PasswordPolicyErrorHandler.class */
public class PasswordPolicyErrorHandler implements LDAPAuthErrorHandler {
    private static final String PASSWORD_EXPIRATION_TIME_ATTRIBUTE = "passwordExpirationTime";
    private static final String[] PASSWORD_EXPIRATION_CHECK_ATTRIBUTES = {PASSWORD_EXPIRATION_TIME_ATTRIBUTE};
    private static final String PASSWORD_EXPIRATION_TIME_FORMAT = "yyyyMMddHHmmss'Z'";

    @Override // blackboard.platform.security.authentication.LDAPAuthErrorHandler
    public void handleAuthenticationException(LDAPAuthContext lDAPAuthContext, AuthenticationException authenticationException) throws BbBindException {
        try {
            if (lDAPAuthContext.getServerConfig().getUsePrivilegedUserForSearch()) {
                lDAPAuthContext.getLdapContext().addToEnvironment("java.naming.security.authentication", "simple");
                lDAPAuthContext.getLdapContext().addToEnvironment("java.naming.security.principal", lDAPAuthContext.getServerConfig().getPrivilegedUserFDN());
                lDAPAuthContext.getLdapContext().addToEnvironment("java.naming.security.credentials", lDAPAuthContext.getServerConfig().getPrivilegedUserPassword());
                NamingEnumeration all = lDAPAuthContext.getLdapContext().getAttributes("", PASSWORD_EXPIRATION_CHECK_ATTRIBUTES).getAll();
                while (all != null && all.hasMore()) {
                    Attribute attribute = (Attribute) all.next();
                    if (attribute.getID().equalsIgnoreCase(PASSWORD_EXPIRATION_TIME_ATTRIBUTE)) {
                        NamingEnumeration all2 = attribute.getAll();
                        Date date = new Date();
                        while (all2.hasMore()) {
                            if (parseExpirationTime((String) all2.next()).before(date)) {
                                throw new PasswordExpiredBindException(SecurityUtil.getBundle().getString("auth.impl.ldap.bind.password.expired"), authenticationException);
                            }
                        }
                    }
                }
            }
        } catch (NamingException e) {
            lDAPAuthContext.getLogger().logDebug(e.getMessage(), e);
        }
        throw new BbBindException(SecurityUtil.getBundle().getString("auth.impl.ldap.bind.general.exception"), authenticationException);
    }

    private Date parseExpirationTime(String str) throws BbBindException {
        try {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat(PASSWORD_EXPIRATION_TIME_FORMAT);
            simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
            return simpleDateFormat.parse(str);
        } catch (ParseException e) {
            throw new BbBindException(SecurityUtil.getBundle().getString("auth.impl.ldap.bind.general.exception"), e);
        }
    }
}
