package org.sonatype.nexus.security.ldap.realms;

import com.google.common.base.Preconditions;
import java.net.MalformedURLException;
import java.util.HashMap;
import java.util.Set;
import java.util.SortedSet;
import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.codehaus.plexus.util.StringUtils;
import org.sonatype.security.authentication.AuthenticationException;
import org.sonatype.security.ldap.LdapAuthenticator;
import org.sonatype.security.ldap.dao.LdapAuthConfiguration;
import org.sonatype.security.ldap.dao.LdapDAOException;
import org.sonatype.security.ldap.dao.LdapGroupDAO;
import org.sonatype.security.ldap.dao.LdapUser;
import org.sonatype.security.ldap.dao.LdapUserDAO;
import org.sonatype.security.ldap.dao.NoLdapUserRolesFoundException;
import org.sonatype.security.ldap.dao.NoSuchLdapGroupException;
import org.sonatype.security.ldap.dao.NoSuchLdapUserException;
import org.sonatype.security.ldap.realms.DefaultLdapContextFactory;
import org.sonatype.security.ldap.realms.LdapManager;
import org.sonatype.security.ldap.realms.connector.DefaultLdapConnector;
import org.sonatype.security.ldap.realms.connector.LdapConnector;
import org.sonatype.security.ldap.realms.persist.LdapConfiguration;
import org.sonatype.security.ldap.realms.persist.model.CConnectionInfo;
import org.sonatype.security.ldap.realms.tools.LdapURL;
import org.sonatype.sisu.goodies.common.ComponentSupport;

/* loaded from: input_file:WEB-INF/plugin-repository/nexus-ldap-realm-plugin-2.14.17-01/nexus-ldap-realm-plugin-2.14.17-01.jar:org/sonatype/nexus/security/ldap/realms/AbstractLdapManager.class */
public abstract class AbstractLdapManager extends ComponentSupport implements LdapManager {
    private final LdapAuthenticator ldapAuthenticator;
    private final LdapUserDAO ldapUserManager;
    private final LdapGroupDAO ldapGroupManager;
    private final LdapConfiguration ldapConfiguration;
    private LdapConnector ldapConnector;

    public AbstractLdapManager(LdapAuthenticator ldapAuthenticator, LdapUserDAO ldapUserDAO, LdapGroupDAO ldapGroupDAO, LdapConfiguration ldapConfiguration) {
        this.ldapAuthenticator = (LdapAuthenticator) Preconditions.checkNotNull(ldapAuthenticator);
        this.ldapUserManager = (LdapUserDAO) Preconditions.checkNotNull(ldapUserDAO);
        this.ldapGroupManager = (LdapGroupDAO) Preconditions.checkNotNull(ldapGroupDAO);
        this.ldapConfiguration = (LdapConfiguration) Preconditions.checkNotNull(ldapConfiguration);
    }

    @Override // org.sonatype.security.ldap.realms.LdapManager
    public SortedSet<String> getAllGroups() throws LdapDAOException {
        return getLdapConnector().getAllGroups();
    }

    @Override // org.sonatype.security.ldap.realms.LdapManager
    public SortedSet<LdapUser> getAllUsers() throws LdapDAOException {
        return getLdapConnector().getAllUsers();
    }

    @Override // org.sonatype.security.ldap.realms.LdapManager
    public String getGroupName(String str) throws LdapDAOException, NoSuchLdapGroupException {
        return getLdapConnector().getGroupName(str);
    }

    @Override // org.sonatype.security.ldap.realms.LdapManager
    public LdapUser getUser(String str) throws NoSuchLdapUserException, LdapDAOException {
        return getLdapConnector().getUser(str);
    }

    @Override // org.sonatype.security.ldap.realms.LdapManager
    public Set<String> getUserRoles(String str) throws LdapDAOException, NoLdapUserRolesFoundException {
        return getLdapConnector().getUserRoles(str);
    }

    @Override // org.sonatype.security.ldap.realms.LdapManager
    public SortedSet<LdapUser> getUsers(int i) throws LdapDAOException {
        return getLdapConnector().getUsers(i);
    }

    @Override // org.sonatype.security.ldap.realms.LdapManager
    public SortedSet<LdapUser> searchUsers(String str, Set<String> set) throws LdapDAOException {
        return getLdapConnector().searchUsers(str, set);
    }

    private LdapConnector getLdapConnector() throws LdapDAOException {
        if (this.ldapConnector == null) {
            this.ldapConnector = new DefaultLdapConnector("default", this.ldapUserManager, this.ldapGroupManager, getLdapContextFactory(), getLdapAuthConfiguration());
        }
        return this.ldapConnector;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void resetLdapConnector() {
        this.ldapConnector = null;
    }

    protected LdapConfiguration getLdapConfiguration() {
        return this.ldapConfiguration;
    }

    protected LdapAuthConfiguration getLdapAuthConfiguration() {
        return getLdapConfiguration().getLdapAuthConfiguration();
    }

    protected LdapContextFactory getLdapContextFactory() throws LdapDAOException {
        DefaultLdapContextFactory defaultLdapContextFactory = new DefaultLdapContextFactory();
        if (getLdapConfiguration() == null || getLdapConfiguration().readConnectionInfo() == null) {
            throw new LdapDAOException("Ldap connection is not configured.");
        }
        CConnectionInfo readConnectionInfo = getLdapConfiguration().readConnectionInfo();
        try {
            String ldapURL = new LdapURL(readConnectionInfo.getProtocol(), readConnectionInfo.getHost(), readConnectionInfo.getPort(), readConnectionInfo.getSearchBase()).toString();
            defaultLdapContextFactory.setUsePooling(true);
            defaultLdapContextFactory.setUrl(ldapURL);
            defaultLdapContextFactory.setSystemUsername(readConnectionInfo.getSystemUsername());
            defaultLdapContextFactory.setSystemPassword(readConnectionInfo.getSystemPassword());
            defaultLdapContextFactory.setSearchBase(readConnectionInfo.getSearchBase());
            defaultLdapContextFactory.setAuthentication(readConnectionInfo.getAuthScheme());
            HashMap hashMap = new HashMap();
            if (readConnectionInfo.getRealm() != null) {
                hashMap.put("java.naming.security.sasl.realm", readConnectionInfo.getRealm());
            }
            defaultLdapContextFactory.addAdditionalEnvironment(hashMap);
            return defaultLdapContextFactory;
        } catch (MalformedURLException e) {
            this.log.error("LDAP Configuration is Invalid.");
            throw new LdapDAOException("Invalid LDAP URL: " + e.getMessage());
        }
    }

    @Override // org.sonatype.security.ldap.realms.LdapManager
    public LdapUser authenticateUser(String str, String str2) throws AuthenticationException {
        try {
            LdapUser user = getUser(str);
            String authScheme = getLdapConfiguration().readConnectionInfo().getAuthScheme();
            if (StringUtils.isEmpty(getLdapConfiguration().readUserAndGroupConfiguration().getUserPasswordAttribute())) {
                this.ldapAuthenticator.authenticateUserWithBind(user, str2, getLdapContextFactory(), authScheme);
            } else {
                this.ldapAuthenticator.authenticateUserWithPassword(user, str2);
            }
            return user;
        } catch (Exception e) {
            this.log.debug("Failed to find user: {}", str, e);
            throw new AuthenticationException("User: " + str + " could not be authenticated.");
        }
    }
}
