package net.tirasa.connid.bundles.ldap;

import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import net.tirasa.connid.bundles.ldap.LdapConnection;
import net.tirasa.connid.bundles.ldap.commons.LdapConstants;
import net.tirasa.connid.bundles.ldap.search.LdapSearches;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.framework.common.exceptions.ConnectorSecurityException;
import org.identityconnectors.framework.common.exceptions.InvalidCredentialException;
import org.identityconnectors.framework.common.exceptions.PasswordExpiredException;
import org.identityconnectors.framework.common.objects.AttributeBuilder;
import org.identityconnectors.framework.common.objects.ConnectorObject;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.OperationOptions;
import org.identityconnectors.framework.common.objects.Uid;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/classes/bundles/net.tirasa.connid.bundles.ad-1.3.8-bundle.jar:lib/net.tirasa.connid.bundles.ldap-1.5.5.jar:net/tirasa/connid/bundles/ldap/LdapAuthenticate.class
 */
/* loaded from: input_file:WEB-INF/classes/bundles/net.tirasa.connid.bundles.ldap-1.5.6-bundle.jar:net/tirasa/connid/bundles/ldap/LdapAuthenticate.class */
public class LdapAuthenticate {
    private final LdapConnection conn;
    private final ObjectClass oclass;
    private final String username;
    private final OperationOptions options;

    public LdapAuthenticate(LdapConnection ldapConnection, ObjectClass objectClass, String str, OperationOptions operationOptions) {
        this.conn = ldapConnection;
        this.oclass = objectClass;
        this.username = str;
        this.options = operationOptions;
    }

    public Uid authenticate(GuardedString guardedString) {
        ConnectorObject objectToAuthenticate = getObjectToAuthenticate();
        LdapConnection.AuthenticationResult authenticationResult = null;
        if (objectToAuthenticate != null) {
            authenticationResult = this.conn.authenticate(objectToAuthenticate.getAttributeByName(this.conn.getConfiguration().getDnAttribute()).getValue().get(0).toString(), guardedString);
        }
        if (authenticationResult == null || !isSuccess(authenticationResult)) {
            throw new InvalidCredentialException(this.conn.format("authenticationFailed", null, this.username));
        }
        try {
            authenticationResult.propagate();
            return objectToAuthenticate.getUid();
        } catch (PasswordExpiredException e) {
            e.initUid(objectToAuthenticate.getUid());
            throw e;
        }
    }

    public Uid resolveUsername() {
        ConnectorObject objectToAuthenticate = getObjectToAuthenticate();
        if (objectToAuthenticate == null) {
            throw new InvalidCredentialException(this.conn.format("cannotResolveUsername", null, this.username));
        }
        return objectToAuthenticate.getUid();
    }

    private ConnectorObject getObjectToAuthenticate() {
        List<String> userNameAttributes = getUserNameAttributes();
        HashMap hashMap = new HashMap();
        String dnAttribute = this.conn.getConfiguration().getDnAttribute();
        for (String str : this.conn.getConfiguration().getBaseContexts()) {
            Iterator<String> it = userNameAttributes.iterator();
            while (it.hasNext()) {
                for (ConnectorObject connectorObject : LdapSearches.findObjects(this.conn, this.oclass, str, AttributeBuilder.build(it.next(), this.username), dnAttribute)) {
                    hashMap.put(connectorObject.getAttributeByName(dnAttribute).getValue().get(0).toString(), connectorObject);
                }
                if (hashMap.size() > 1) {
                    throw new ConnectorSecurityException(this.conn.format("moreThanOneEntryMatched", null, this.username));
                }
            }
        }
        if (hashMap.isEmpty()) {
            return null;
        }
        return (ConnectorObject) hashMap.values().iterator().next();
    }

    private List<String> getUserNameAttributes() {
        String[] ldapUidAttributes = LdapConstants.getLdapUidAttributes(this.options);
        return (ldapUidAttributes == null || ldapUidAttributes.length <= 0) ? this.conn.getSchemaMapping().getUserNameLdapAttributes(this.oclass) : Arrays.asList(ldapUidAttributes);
    }

    private static boolean isSuccess(LdapConnection.AuthenticationResult authenticationResult) {
        return authenticationResult.getType() != null && (authenticationResult.getType().equals(LdapConnection.AuthenticationResultType.SUCCESS) || authenticationResult.getType().equals(LdapConnection.AuthenticationResultType.PASSWORD_EXPIRED));
    }
}
