package com.zimbra.cs.service.account;

import com.zimbra.common.account.Key;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.AccountConstants;
import com.zimbra.common.soap.Element;
import com.zimbra.common.util.StringUtil;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.AuthToken;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.service.AuthProvider;
import com.zimbra.soap.ZimbraSoapContext;
import java.util.Map;

/* loaded from: input_file:com/zimbra/cs/service/account/ChangePassword.class */
public class ChangePassword extends AccountDocumentHandler {
    @Override // com.zimbra.soap.DocumentHandler
    public Element handle(Element element, Map<String, Object> map) throws ServiceException {
        Domain domain;
        if (!checkPasswordSecurity(map)) {
            throw ServiceException.INVALID_REQUEST("clear text password is not allowed", (Throwable) null);
        }
        ZimbraSoapContext zimbraSoapContext = getZimbraSoapContext(map);
        Provisioning provisioning = Provisioning.getInstance();
        String attribute = element.getAttribute("account");
        String str = attribute;
        Element optionalElement = element.getOptionalElement("virtualHost");
        String lowerCase = optionalElement == null ? null : optionalElement.getText().toLowerCase();
        if (lowerCase != null && str.indexOf(64) == -1 && (domain = provisioning.get(Key.DomainBy.virtualHostname, lowerCase)) != null) {
            str = str + "@" + domain.getName();
        }
        Account account = provisioning.get(Key.AccountBy.name, str, zimbraSoapContext.getAuthToken());
        if (account == null) {
            throw AccountServiceException.AuthFailedServiceException.AUTH_FAILED(str, attribute, "account not found");
        }
        if (!Provisioning.onLocalServer(account)) {
            try {
                return proxyRequest(element, map, account.getId());
            } catch (ServiceException e) {
                if (!"service.PROXY_ERROR".equals(e.getCode())) {
                    throw e;
                }
                ZimbraLog.account.warn("encountered proxy error", e);
            }
        }
        String attribute2 = element.getAttribute("oldPassword");
        String attribute3 = element.getAttribute("password");
        if (account.isIsExternalVirtualAccount() && StringUtil.isNullOrEmpty(attribute2) && !account.isVirtualAccountInitialPasswordSet() && account.getId().equals(zimbraSoapContext.getAuthtokenAccountId())) {
            AuthProvider.validateAuthToken(provisioning, zimbraSoapContext.getAuthToken(), false);
            provisioning.setPassword(account, attribute3, true);
            account.setVirtualAccountInitialPasswordSet(true);
        } else {
            provisioning.changePassword(account, attribute2, attribute3);
        }
        AuthToken authToken = AuthProvider.getAuthToken(account);
        Element createElement = zimbraSoapContext.createElement(AccountConstants.CHANGE_PASSWORD_RESPONSE);
        authToken.encodeAuthResp(createElement, false);
        createElement.addAttribute("lifetime", authToken.getExpires() - System.currentTimeMillis(), Element.Disposition.CONTENT);
        return createElement;
    }

    @Override // com.zimbra.soap.DocumentHandler
    public boolean needsAuth(Map<String, Object> map) {
        return false;
    }
}
