package io.micronaut.configuration.security.ldap;

import io.micronaut.configuration.security.ldap.configuration.LdapConfiguration;
import io.micronaut.configuration.security.ldap.context.ContextBuilder;
import io.micronaut.configuration.security.ldap.context.LdapSearchResult;
import io.micronaut.configuration.security.ldap.context.LdapSearchService;
import io.micronaut.configuration.security.ldap.group.LdapGroupProcessor;
import io.micronaut.security.authentication.AuthenticationFailed;
import io.micronaut.security.authentication.AuthenticationFailureReason;
import io.micronaut.security.authentication.AuthenticationProvider;
import io.micronaut.security.authentication.AuthenticationRequest;
import io.micronaut.security.authentication.AuthenticationResponse;
import io.reactivex.Flowable;
import java.io.Closeable;
import java.util.Collections;
import java.util.Optional;
import java.util.Set;
import javax.naming.AuthenticationException;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import org.reactivestreams.Publisher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/micronaut/configuration/security/ldap/LdapAuthenticationProvider.class */
public class LdapAuthenticationProvider implements AuthenticationProvider, Closeable {
    private static final Logger LOG = LoggerFactory.getLogger(LdapAuthenticationProvider.class);
    private final LdapConfiguration configuration;
    private final LdapSearchService ldapSearchService;
    private final ContextBuilder contextBuilder;
    private final ContextAuthenticationMapper contextAuthenticationMapper;
    private final LdapGroupProcessor ldapGroupProcessor;

    public LdapAuthenticationProvider(LdapConfiguration ldapConfiguration, LdapSearchService ldapSearchService, ContextBuilder contextBuilder, ContextAuthenticationMapper contextAuthenticationMapper, LdapGroupProcessor ldapGroupProcessor) {
        this.configuration = ldapConfiguration;
        this.ldapSearchService = ldapSearchService;
        this.contextBuilder = contextBuilder;
        this.contextAuthenticationMapper = contextAuthenticationMapper;
        this.ldapGroupProcessor = ldapGroupProcessor;
    }

    public Publisher<AuthenticationResponse> authenticate(AuthenticationRequest authenticationRequest) {
        String obj = authenticationRequest.getIdentity().toString();
        String obj2 = authenticationRequest.getSecret().toString();
        if (LOG.isDebugEnabled()) {
            LOG.debug("Starting authentication with configuration [{}]", this.configuration.getName());
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Attempting to initialize manager context");
        }
        try {
            DirContext build = this.contextBuilder.build(this.configuration.getManagerSettings());
            if (LOG.isDebugEnabled()) {
                LOG.debug("Manager context initialized successfully");
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Attempting to authenticate with user [{}]", obj);
            }
            AuthenticationResponse authenticationFailed = new AuthenticationFailed(AuthenticationFailureReason.USER_NOT_FOUND);
            try {
                try {
                    Optional<LdapSearchResult> searchFirst = this.ldapSearchService.searchFirst(build, this.configuration.getSearch().getSettings(new Object[]{obj}));
                    if (searchFirst.isPresent()) {
                        LdapSearchResult ldapSearchResult = searchFirst.get();
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("User found in context [{}]. Attempting to bind.", ldapSearchResult.getDn());
                        }
                        DirContext dirContext = null;
                        try {
                            String dn = ldapSearchResult.getDn();
                            dirContext = this.contextBuilder.build(this.configuration.getSettings(ldapSearchResult.getDn(), obj2));
                            if (ldapSearchResult.getAttributes() == null) {
                                ldapSearchResult.setAttributes(dirContext.getAttributes(dn));
                            }
                            this.contextBuilder.close(dirContext);
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("Successfully bound user [{}]. Attempting to retrieving groups.", ldapSearchResult.getDn());
                            }
                            Set<String> emptySet = Collections.emptySet();
                            LdapConfiguration.GroupConfiguration groups = this.configuration.getGroups();
                            if (groups.isEnabled()) {
                                emptySet = this.ldapGroupProcessor.process(groups.getAttribute(), ldapSearchResult, () -> {
                                    return this.ldapSearchService.search(build, groups.getSearchSettings(new Object[]{ldapSearchResult.getDn()}));
                                });
                                if (LOG.isDebugEnabled()) {
                                    LOG.debug("Group search returned [{}] for user [{}]", emptySet, obj);
                                }
                            } else if (LOG.isDebugEnabled()) {
                                LOG.debug("Group search is disabled for configuration [{}]", this.configuration.getName());
                            }
                            if (LOG.isTraceEnabled()) {
                                LOG.trace("Attempting to map [{}] with groups [{}] to an authentication response.", obj, emptySet);
                            }
                            authenticationFailed = this.contextAuthenticationMapper.map(ldapSearchResult.getAttributes(), obj, emptySet);
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("Response successfully created for [{}]. Response is authenticated: [{}]", obj, Boolean.valueOf(authenticationFailed.isAuthenticated()));
                            }
                        } catch (Throwable th) {
                            this.contextBuilder.close(dirContext);
                            throw th;
                        }
                    } else if (LOG.isDebugEnabled()) {
                        LOG.debug("User not found [{}]", obj);
                    }
                    this.contextBuilder.close(build);
                } catch (NamingException e) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Failed to authenticate with user [{}].  {}", obj, e);
                    }
                    if (e instanceof AuthenticationException) {
                        authenticationFailed = new AuthenticationFailed(AuthenticationFailureReason.CREDENTIALS_DO_NOT_MATCH);
                    }
                    this.contextBuilder.close(build);
                }
                return Flowable.just(authenticationFailed);
            } catch (Throwable th2) {
                this.contextBuilder.close(build);
                throw th2;
            }
        } catch (NamingException e2) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Failed to create manager context. Returning unknown authentication failure. Encountered {}", e2);
            }
            return Flowable.just(new AuthenticationFailed(AuthenticationFailureReason.UNKNOWN));
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
    }
}
