package org.sonatype.security.ldap;

import com.google.common.base.Preconditions;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.naming.NamingException;
import javax.naming.ldap.LdapContext;
import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.apache.shiro.realm.ldap.LdapUtils;
import org.sonatype.security.authentication.AuthenticationException;
import org.sonatype.security.ldap.dao.LdapUser;
import org.sonatype.security.ldap.dao.password.PasswordEncoderManager;

@Singleton
@Named
/* loaded from: input_file:WEB-INF/plugin-repository/nexus-ldap-realm-plugin-2.14.20-02/dependencies/nexus-ldap-common-2.14.20-02.jar:org/sonatype/security/ldap/LdapAuthenticator.class */
public class LdapAuthenticator {
    private final PasswordEncoderManager passwordManager;

    @Inject
    public LdapAuthenticator(PasswordEncoderManager passwordEncoderManager) {
        this.passwordManager = (PasswordEncoderManager) Preconditions.checkNotNull(passwordEncoderManager);
    }

    public void authenticateUserWithPassword(LdapUser ldapUser, String str) throws AuthenticationException {
        if (!this.passwordManager.isPasswordValid(ldapUser.getPassword(), str, null)) {
            throw new AuthenticationException("User '" + ldapUser.getUsername() + "' cannot be authenticated.");
        }
    }

    public void authenticateUserWithBind(LdapUser ldapUser, String str, LdapContextFactory ldapContextFactory, String str2) throws AuthenticationException {
        String username = ldapUser.getUsername();
        String dn = ldapUser.getDn();
        if ("DIGEST-MD5".equals(str2) || "CRAM-MD5".equals(str2)) {
            dn = username;
        }
        checkPasswordUsingBind(ldapContextFactory, dn, str);
    }

    private void checkPasswordUsingBind(LdapContextFactory ldapContextFactory, String str, String str2) throws AuthenticationException {
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = ldapContextFactory.getLdapContext(str, str2);
                LdapUtils.closeContext(ldapContext);
            } catch (javax.naming.AuthenticationException e) {
                throw new AuthenticationException("User '" + str + "' cannot be authenticated.", e);
            } catch (NamingException e2) {
                throw new AuthenticationException("User '" + str + "' cannot be authenticated.", e2);
            }
        } catch (Throwable th) {
            LdapUtils.closeContext(ldapContext);
            throw th;
        }
    }
}
