package io.galactica.ldap;

import io.galactica.commons.LdapConfiguration;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.security.sasl.AuthenticationException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.util.Strings;

/* loaded from: input_file:io/galactica/ldap/LdapAuthentication.class */
public class LdapAuthentication {
    private static final Logger LOG = LogManager.getLogger((Class<?>) LdapAuthentication.class);
    private static final List<FilterFactory> FILTER_FACTORIES = new ArrayList(Arrays.asList(new CustomQueryFilterFactory(), new ChainFilterFactory(new UserSearchFilterFactory(), new UserFilterFactory(), new GroupFilterFactory())));
    private final Filter filter;
    private final DirSearchFactory searchFactory;
    private final LdapConfiguration conf;

    public LdapAuthentication(LdapConfiguration ldapConfiguration) {
        this(ldapConfiguration, new LdapSearchFactory());
    }

    public LdapAuthentication(LdapConfiguration ldapConfiguration, DirSearchFactory dirSearchFactory) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("LDAP authentication provider created.");
        }
        this.conf = ldapConfiguration;
        this.searchFactory = dirSearchFactory;
        this.filter = resolveFilter(ldapConfiguration);
    }

    public void authenticate(String str, String str2) throws AuthenticationException {
        try {
            DirSearch createDirSearch = createDirSearch(str, str2);
            Throwable th = null;
            try {
                applyFilter(createDirSearch, str);
                if (createDirSearch != null) {
                    if (0 != 0) {
                        try {
                            createDirSearch.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        createDirSearch.close();
                    }
                }
            } finally {
            }
        } catch (IOException e) {
            throw new AuthenticationException("Unable to authenticate", e);
        }
    }

    private DirSearch createDirSearch(String str, String str2) throws AuthenticationException {
        if (Strings.isBlank(str)) {
            throw new AuthenticationException("Error validating LDAP user: a null or blank user name has been provided");
        }
        if (Strings.isBlank(str2) || str2.getBytes()[0] == 0) {
            throw new AuthenticationException("Error validating LDAP user: a null or blank password has been provided");
        }
        Iterator<String> it = LdapUtils.createCandidatePrincipals(this.conf, str).iterator();
        while (it.hasNext()) {
            String next = it.next();
            try {
                return this.searchFactory.getInstance(this.conf, next, str2);
            } catch (AuthenticationException e) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Unable to authenticate '" + str + "' from principal '" + next + "'", e);
                }
                if (!it.hasNext()) {
                    throw e;
                }
            }
        }
        throw new AuthenticationException(String.format("No candidate principals for %s was found.", str));
    }

    private static Filter resolveFilter(LdapConfiguration ldapConfiguration) {
        Iterator<FilterFactory> it = FILTER_FACTORIES.iterator();
        while (it.hasNext()) {
            Filter filterFactory = it.next().getInstance(ldapConfiguration);
            if (filterFactory != null) {
                return filterFactory;
            }
        }
        return null;
    }

    private void applyFilter(DirSearch dirSearch, String str) throws AuthenticationException {
        if (this.filter != null) {
            if (LdapUtils.hasDomain(str)) {
                this.filter.apply(dirSearch, LdapUtils.extractUserName(str));
            } else {
                this.filter.apply(dirSearch, str);
            }
        }
    }
}
