package org.identityconnectors.ldap;

import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.framework.common.exceptions.ConnectorSecurityException;
import org.identityconnectors.framework.common.exceptions.InvalidCredentialException;
import org.identityconnectors.framework.common.exceptions.PasswordExpiredException;
import org.identityconnectors.framework.common.objects.AttributeBuilder;
import org.identityconnectors.framework.common.objects.ConnectorObject;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.OperationOptions;
import org.identityconnectors.framework.common.objects.Uid;
import org.identityconnectors.ldap.LdapConnection;
import org.identityconnectors.ldap.search.LdapSearches;

/* loaded from: input_file:org/identityconnectors/ldap/LdapAuthenticate.class */
public class LdapAuthenticate {
    private final LdapConnection conn;
    private final ObjectClass oclass;
    private final String username;
    private final OperationOptions options;

    public LdapAuthenticate(LdapConnection ldapConnection, ObjectClass objectClass, String str, OperationOptions operationOptions) {
        this.conn = ldapConnection;
        this.oclass = objectClass;
        this.username = str;
        this.options = operationOptions;
    }

    public Uid authenticate(GuardedString guardedString) {
        ConnectorObject objectToAuthenticate = getObjectToAuthenticate();
        if (objectToAuthenticate == null) {
            throw new InvalidCredentialException(this.conn.format("cannotResolveUsername", null, this.username));
        }
        LdapConnection.AuthenticationResult authenticate = this.conn.authenticate(objectToAuthenticate.getAttributeByName("entryDN").getValue().get(0).toString(), guardedString);
        if (authenticate == null) {
            throw new InvalidCredentialException(this.conn.format("authenticationFailed", null, this.username));
        }
        try {
            authenticate.propagate();
            return objectToAuthenticate.getUid();
        } catch (PasswordExpiredException e) {
            e.initUid(objectToAuthenticate.getUid());
            throw e;
        }
    }

    public Uid resolveUsername() {
        ConnectorObject objectToAuthenticate = getObjectToAuthenticate();
        if (objectToAuthenticate == null) {
            throw new InvalidCredentialException(this.conn.format("cannotResolveUsername", null, this.username));
        }
        return objectToAuthenticate.getUid();
    }

    public String getDn() {
        ConnectorObject objectToAuthenticate = getObjectToAuthenticate();
        if (objectToAuthenticate == null) {
            throw new InvalidCredentialException(this.conn.format("cannotResolveUsername", null, this.username));
        }
        return objectToAuthenticate.getName().getNameValue();
    }

    private ConnectorObject getObjectToAuthenticate() {
        List<String> userNameAttributes = getUserNameAttributes();
        HashMap hashMap = new HashMap();
        for (String str : this.conn.getConfiguration().getBaseContexts()) {
            Iterator<String> it = userNameAttributes.iterator();
            while (it.hasNext()) {
                for (ConnectorObject connectorObject : LdapSearches.findObjects(this.conn, this.oclass, str, AttributeBuilder.build(it.next(), new Object[]{this.username}), "entryDN")) {
                    hashMap.put(connectorObject.getAttributeByName("entryDN").getValue().get(0).toString(), connectorObject);
                }
                if (hashMap.size() > 1) {
                    throw new ConnectorSecurityException(this.conn.format("moreThanOneEntryMatched", null, this.username));
                }
            }
        }
        if (hashMap.isEmpty()) {
            return null;
        }
        return (ConnectorObject) hashMap.values().iterator().next();
    }

    private List<String> getUserNameAttributes() {
        String[] ldapUidAttributes = LdapConstants.getLdapUidAttributes(this.options);
        return (ldapUidAttributes == null || ldapUidAttributes.length <= 0) ? this.conn.getSchemaMapping().getUserNameLdapAttributes(this.oclass) : Arrays.asList(ldapUidAttributes);
    }

    private static boolean isSuccess(LdapConnection.AuthenticationResult authenticationResult) {
        LdapConnection.AuthenticationResultType type = authenticationResult.getType();
        return type.equals(LdapConnection.AuthenticationResultType.SUCCESS) || type.equals(LdapConnection.AuthenticationResultType.PASSWORD_EXPIRED);
    }
}
