package de.deepamehta.ldap;

import de.deepamehta.ldap.Configuration;
import de.deepamehta.ldap.LDAP;
import java.io.Closeable;
import java.io.IOException;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.cursor.CursorException;
import org.apache.directory.api.ldap.model.cursor.EntryCursor;
import org.apache.directory.api.ldap.model.entry.DefaultAttribute;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.api.ldap.model.password.PasswordUtil;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;

/* loaded from: input_file:de/deepamehta/ldap/ApacheLDAP.class */
public class ApacheLDAP implements LDAP {
    private final Configuration configuration;
    private final PluginLog pluginLog;
    private final LdapConnectionConfig defaultConnectionConfig;

    /* loaded from: input_file:de/deepamehta/ldap/ApacheLDAP$LdapAction.class */
    public interface LdapAction {
        void run(LdapConnection ldapConnection);
    }

    public ApacheLDAP(Configuration configuration, PluginLog pluginLog) {
        this.configuration = configuration;
        this.pluginLog = pluginLog;
        this.defaultConnectionConfig = createConfig(configuration.manager, configuration.password);
    }

    private LdapConnectionConfig createConfig(String str, String str2) {
        LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
        ldapConnectionConfig.setName(str);
        ldapConnectionConfig.setCredentials(str2);
        ldapConnectionConfig.setLdapHost(this.configuration.server);
        ldapConnectionConfig.setLdapPort(Integer.parseInt(this.configuration.port));
        if (this.configuration.protocol == Configuration.ProtocolType.LDAPS) {
            ldapConnectionConfig.setUseSsl(true);
        } else if (this.configuration.protocol == Configuration.ProtocolType.STARTTLS) {
            ldapConnectionConfig.setUseTls(true);
        }
        return ldapConnectionConfig;
    }

    private void whenBound(String str, String str2, LdapAction ldapAction) {
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection(this.defaultConnectionConfig);
        try {
            try {
                ldapNetworkConnection.bind(str, str2);
                ldapAction.run(ldapNetworkConnection);
                closeQuietly(ldapNetworkConnection);
            } catch (LdapException e) {
                throw new RuntimeException("Error opening LDAP connection.", e);
            }
        } catch (Throwable th) {
            closeQuietly(ldapNetworkConnection);
            throw th;
        }
    }

    @Override // de.deepamehta.ldap.LDAP
    public boolean checkCredentials(String str, String str2) {
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        whenBound(this.configuration.manager, this.configuration.password, ApacheLDAP$$Lambda$1.lambdaFactory$(this, str, atomicBoolean, str2));
        return atomicBoolean.get();
    }

    private void closeQuietly(Closeable closeable) {
        if (closeable != null) {
            try {
                closeable.close();
            } catch (IOException e) {
                this.pluginLog.actionWarning("Exception when closing resource.", e);
            }
        }
    }

    @Override // de.deepamehta.ldap.LDAP
    public boolean createUser(String str, String str2, LDAP.CompletableAction completableAction) {
        return false;
    }

    @Override // de.deepamehta.ldap.LDAP
    public boolean changePassword(String str, String str2) {
        return false;
    }

    @Override // de.deepamehta.ldap.LDAP
    public boolean deleteUser(String str, String str2) {
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        String format = String.format("%s=%s,%s", this.configuration.userAttribute, str, this.configuration.userBase);
        whenBound(format, str2, ApacheLDAP$$Lambda$2.lambdaFactory$(this, format, atomicBoolean));
        return atomicBoolean.get();
    }

    public static /* synthetic */ void lambda$deleteUser$1(ApacheLDAP apacheLDAP, String str, AtomicBoolean atomicBoolean, LdapConnection ldapConnection) {
        try {
            ldapConnection.delete(str);
            atomicBoolean.set(true);
        } catch (LdapException e) {
            apacheLDAP.pluginLog.actionWarning("Attempt to delete user entry lead to exception", e);
        }
    }

    public static /* synthetic */ void lambda$checkCredentials$0(ApacheLDAP apacheLDAP, String str, AtomicBoolean atomicBoolean, String str2, LdapConnection ldapConnection) {
        String format = StringUtils.isEmpty(apacheLDAP.configuration.userFilter) ? String.format("(%s=%s)", apacheLDAP.configuration.userAttribute, str) : String.format("(&(%s)(%s=%s))", apacheLDAP.configuration.userFilter, apacheLDAP.configuration.userAttribute, str);
        apacheLDAP.pluginLog.actionHint("Complete filter expression for user lookup: %s", format);
        apacheLDAP.pluginLog.actionHint("Search base is: %s", apacheLDAP.configuration.userBase);
        DefaultAttribute defaultAttribute = new DefaultAttribute(SchemaConstants.USER_PASSWORD_AT);
        try {
            try {
                EntryCursor search = ldapConnection.search(apacheLDAP.configuration.userBase, format, SearchScope.ONELEVEL, defaultAttribute.getId());
                if (!search.next()) {
                    apacheLDAP.pluginLog.actionWarning("Lookup using search filter was empty.", null);
                    apacheLDAP.closeQuietly(search);
                    return;
                }
                Entry entry = search.get();
                if (search.next()) {
                    apacheLDAP.pluginLog.actionWarning("Ambiguity in LDAP CN query: Matched multiple users for the accountName", null);
                    apacheLDAP.closeQuietly(search);
                    return;
                }
                apacheLDAP.pluginLog.actionHint("Lookup using search filter returned a single non-empty result.", new Object[0]);
                if (!entry.contains(defaultAttribute)) {
                    apacheLDAP.pluginLog.actionWarning("Result does not contains the requested userPassword attribute.", null);
                    apacheLDAP.closeQuietly(search);
                    return;
                }
                atomicBoolean.set(PasswordUtil.compareCredentials(str2.getBytes(), entry.get(defaultAttribute.getId()).get().getBytes()));
                PluginLog pluginLog = apacheLDAP.pluginLog;
                Object[] objArr = new Object[1];
                objArr[0] = atomicBoolean.get() ? "SUCEEDED" : "FAILED";
                pluginLog.actionHint("Password comparison: %s", objArr);
                apacheLDAP.closeQuietly(search);
            } catch (CursorException | LdapException e) {
                throw new RuntimeException("Error while checking credentials.", e);
            }
        } catch (Throwable th) {
            apacheLDAP.closeQuietly(null);
            throw th;
        }
    }
}
