package org.elasticsearch.xpack.security.authc.ldap;

import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPInterface;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.common.CheckedConsumer;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.xpack.core.security.authc.ldap.SearchGroupsResolverSettings;
import org.elasticsearch.xpack.core.security.authc.ldap.support.LdapSearchScope;
import org.elasticsearch.xpack.core.security.authc.ldap.support.SessionFactorySettings;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/ldap/SearchGroupsResolver.class */
class SearchGroupsResolver implements LdapSession.GroupsResolver {
    private final String baseDn;
    private final String filter;
    private final String userAttribute;
    private final LdapSearchScope scope;
    private final boolean ignoreReferralErrors;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SearchGroupsResolver(Settings settings) {
        if (!SearchGroupsResolverSettings.BASE_DN.exists(settings)) {
            throw new IllegalArgumentException("base_dn must be specified");
        }
        this.baseDn = (String) SearchGroupsResolverSettings.BASE_DN.get(settings);
        this.filter = (String) SearchGroupsResolverSettings.FILTER.get(settings);
        this.userAttribute = (String) SearchGroupsResolverSettings.USER_ATTRIBUTE.get(settings);
        this.scope = (LdapSearchScope) SearchGroupsResolverSettings.SCOPE.get(settings);
        this.ignoreReferralErrors = ((Boolean) SessionFactorySettings.IGNORE_REFERRAL_ERRORS_SETTING.get(settings)).booleanValue();
    }

    @Override // org.elasticsearch.xpack.security.authc.ldap.support.LdapSession.GroupsResolver
    public void resolve(LDAPInterface lDAPInterface, String str, TimeValue timeValue, Logger logger, Collection<Attribute> collection, ActionListener<List<String>> actionListener) {
        CheckedConsumer checkedConsumer = str2 -> {
            if (str2 == null) {
                actionListener.onResponse(Collections.emptyList());
                return;
            }
            try {
                Filter createFilter = LdapUtils.createFilter(this.filter, str2);
                String str2 = this.baseDn;
                SearchScope scope = this.scope.scope();
                int intExact = Math.toIntExact(timeValue.seconds());
                boolean z = this.ignoreReferralErrors;
                CheckedConsumer checkedConsumer2 = list -> {
                    actionListener.onResponse((List) list.stream().map(searchResultEntry -> {
                        return searchResultEntry.getDN();
                    }).collect(Collectors.toList()));
                };
                Objects.requireNonNull(actionListener);
                LdapUtils.search(lDAPInterface, str2, scope, createFilter, intExact, z, (ActionListener<List<SearchResultEntry>>) ActionListener.wrap(checkedConsumer2, actionListener::onFailure), "1.1");
            } catch (LDAPException e) {
                actionListener.onFailure(e);
            }
        };
        Objects.requireNonNull(actionListener);
        getUserId(str, collection, lDAPInterface, timeValue, ActionListener.wrap(checkedConsumer, actionListener::onFailure));
    }

    @Override // org.elasticsearch.xpack.security.authc.ldap.support.LdapSession.GroupsResolver
    public String[] attributes() {
        if (Strings.hasLength(this.userAttribute)) {
            return new String[]{this.userAttribute};
        }
        return null;
    }

    private void getUserId(String str, Collection<Attribute> collection, LDAPInterface lDAPInterface, TimeValue timeValue, ActionListener<String> actionListener) {
        if (Strings.isNullOrEmpty(this.userAttribute) || this.userAttribute.equals("dn")) {
            actionListener.onResponse(str);
        } else if (collection != null) {
            actionListener.onResponse((String) collection.stream().filter(attribute -> {
                return attribute.getName().equals(this.userAttribute);
            }).map((v0) -> {
                return v0.getValue();
            }).findFirst().orElse(null));
        } else {
            readUserAttribute(lDAPInterface, str, timeValue, actionListener);
        }
    }

    void readUserAttribute(LDAPInterface lDAPInterface, String str, TimeValue timeValue, ActionListener<String> actionListener) {
        SearchScope searchScope = SearchScope.BASE;
        Filter filter = LdapUtils.OBJECT_CLASS_PRESENCE_FILTER;
        int intExact = Math.toIntExact(timeValue.seconds());
        boolean z = this.ignoreReferralErrors;
        CheckedConsumer checkedConsumer = searchResultEntry -> {
            if (searchResultEntry == null || !searchResultEntry.hasAttribute(this.userAttribute)) {
                actionListener.onResponse((Object) null);
            } else {
                actionListener.onResponse(searchResultEntry.getAttributeValue(this.userAttribute));
            }
        };
        Objects.requireNonNull(actionListener);
        LdapUtils.searchForEntry(lDAPInterface, str, searchScope, filter, intExact, z, (ActionListener<SearchResultEntry>) ActionListener.wrap(checkedConsumer, actionListener::onFailure), this.userAttribute);
    }
}
