package hudson.plugins.active_directory;

import java.util.GregorianCalendar;
import java.util.concurrent.TimeUnit;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;

@Restricted({NoExternalUse.class})
/* loaded from: input_file:hudson/plugins/active_directory/UserAttributesHelper.class */
public class UserAttributesHelper {
    private static final String ATTR_USER_ACCOUNT_CONTROL = "userAccountControl";
    private static final String ATTR_ACCOUNT_EXPIRES = "accountExpires";
    private static final String ATTR_USER_ACCOUNT_CONTROL_COMPUTED = "msDS-User-Account-Control-Computed";
    private static final String ATTR_USER_ACCOUNT_DISABLED = "msDS-UserAccountDisabled";
    private static final String ATTR_USER_PASSWORD_EXPIRED = "msDS-UserPasswordExpired";
    private static final long ACCOUNT_NO_EXPIRATION = Long.MAX_VALUE;
    private static final int ADS_UF_DISABLED = 2;
    private static final int ADS_UF_LOCK_OUT = 16;
    private static final int ADS_DONT_EXPIRE_PASSWORD = 65536;
    private static final int ADS_UF_PASSWORD_EXPIRED = 8388608;

    public static boolean checkIfUserIsEnabled(@Nonnull Attributes attributes) {
        if (ActiveDirectorySecurityRealm.DISABLE_USER_POLICY_ENFORCEMENT) {
            return true;
        }
        Integer userAccountControl = getUserAccountControl(attributes);
        return (userAccountControl == null || (userAccountControl.intValue() & ADS_UF_DISABLED) != ADS_UF_DISABLED) && !"true".equalsIgnoreCase(getStringAttribute(attributes, ATTR_USER_ACCOUNT_DISABLED));
    }

    public static boolean checkIfAccountNonExpired(@Nonnull Attributes attributes) {
        String stringAttribute;
        if (ActiveDirectorySecurityRealm.DISABLE_USER_POLICY_ENFORCEMENT || (stringAttribute = getStringAttribute(attributes, ATTR_ACCOUNT_EXPIRES)) == null) {
            return true;
        }
        long parseLong = Long.parseLong(stringAttribute);
        if (parseLong == 0 || parseLong == ACCOUNT_NO_EXPIRATION) {
            return true;
        }
        return !((parseLong > getWin32EpochHundredNanos() ? 1 : (parseLong == getWin32EpochHundredNanos() ? 0 : -1)) < 0);
    }

    private static long getWin32EpochHundredNanos() {
        return TimeUnit.NANOSECONDS.convert(new GregorianCalendar().getTime().getTime() - new GregorianCalendar(1601, 0, 1).getTime().getTime(), TimeUnit.MILLISECONDS) * 100;
    }

    public static boolean checkIfCredentialsAreNonExpired(@Nonnull Attributes attributes) {
        if (ActiveDirectorySecurityRealm.DISABLE_USER_POLICY_ENFORCEMENT) {
            return true;
        }
        Integer userAccountControl = getUserAccountControl(attributes);
        if (userAccountControl != null) {
            if ((userAccountControl.intValue() & ADS_DONT_EXPIRE_PASSWORD) == ADS_DONT_EXPIRE_PASSWORD) {
                return true;
            }
            if ((userAccountControl.intValue() & ADS_UF_PASSWORD_EXPIRED) == ADS_UF_PASSWORD_EXPIRED) {
                return false;
            }
        }
        return !"true".equalsIgnoreCase(getStringAttribute(attributes, ATTR_USER_PASSWORD_EXPIRED));
    }

    public static boolean checkIfAccountNonLocked(@Nonnull Attributes attributes) {
        Integer userAccountControl;
        return ActiveDirectorySecurityRealm.DISABLE_USER_POLICY_ENFORCEMENT || (userAccountControl = getUserAccountControl(attributes)) == null || (userAccountControl.intValue() & ADS_UF_LOCK_OUT) != ADS_UF_LOCK_OUT;
    }

    @CheckForNull
    private static Integer getUserAccountControl(@Nonnull Attributes attributes) {
        String stringAttribute = getStringAttribute(attributes, ATTR_USER_ACCOUNT_CONTROL);
        String stringAttribute2 = getStringAttribute(attributes, ATTR_USER_ACCOUNT_CONTROL_COMPUTED);
        if (stringAttribute != null) {
            return stringAttribute2 == null ? Integer.valueOf(Integer.parseInt(stringAttribute)) : Integer.valueOf(Integer.parseInt(stringAttribute) | Integer.parseInt(stringAttribute2));
        }
        if (stringAttribute2 == null) {
            return null;
        }
        return Integer.valueOf(Integer.parseInt(stringAttribute2));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @CheckForNull
    public static String getStringAttribute(@Nonnull Attributes attributes, @Nonnull String str) {
        Attribute attribute = attributes.get(str);
        if (attribute == null || attribute.size() == 0) {
            return null;
        }
        try {
            Object obj = attribute.get();
            if (obj == null) {
                return null;
            }
            return obj.toString();
        } catch (NamingException e) {
            return null;
        }
    }
}
