package org.elasticsearch.xpack.security.authc.ldap.support;

import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPInterface;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.common.Strings;
import org.elasticsearch.core.CheckedConsumer;
import org.elasticsearch.core.Nullable;
import org.elasticsearch.core.TimeValue;
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
import org.elasticsearch.xpack.core.security.authc.ldap.support.LdapMetadataResolverSettings;
import org.elasticsearch.xpack.security.authc.ldap.ActiveDirectorySIDUtil;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/ldap/support/LdapMetadataResolver.class */
public class LdapMetadataResolver {
    private final String[] attributeNames;
    private final boolean ignoreReferralErrors;
    private final String fullNameAttributeName;
    private final String emailAttributeName;
    private final String[] allAttributeNamesToResolve;

    /* loaded from: input_file:org/elasticsearch/xpack/security/authc/ldap/support/LdapMetadataResolver$LdapMetadataResult.class */
    public static class LdapMetadataResult {
        public static final LdapMetadataResult EMPTY = new LdapMetadataResult(null, null, Map.of());
        private final String fullName;
        private final String email;
        private final Map<String, Object> metaData;

        public LdapMetadataResult(@Nullable String str, @Nullable String str2, Map<String, Object> map) {
            this.fullName = str;
            this.email = str2;
            this.metaData = map;
        }

        @Nullable
        public String getFullName() {
            return this.fullName;
        }

        @Nullable
        public String getEmail() {
            return this.email;
        }

        public Map<String, Object> getMetaData() {
            return this.metaData;
        }
    }

    public LdapMetadataResolver(RealmConfig realmConfig, boolean z) {
        this((String) realmConfig.getSetting(LdapMetadataResolverSettings.FULL_NAME_SETTING), (String) realmConfig.getSetting(LdapMetadataResolverSettings.EMAIL_SETTING), (Collection) realmConfig.getSetting(LdapMetadataResolverSettings.ADDITIONAL_METADATA_SETTING), z);
    }

    LdapMetadataResolver(String str, String str2, Collection<String> collection, boolean z) {
        this.fullNameAttributeName = str;
        this.emailAttributeName = str2;
        this.attributeNames = (String[]) collection.toArray(new String[collection.size()]);
        this.ignoreReferralErrors = z;
        this.allAttributeNamesToResolve = (String[]) Stream.concat(Stream.of((Object[]) this.attributeNames), Stream.of((Object[]) new String[]{this.fullNameAttributeName, this.emailAttributeName})).distinct().toArray(i -> {
            return new String[i];
        });
    }

    public String[] attributeNames() {
        return this.attributeNames;
    }

    public void resolve(LDAPInterface lDAPInterface, String str, TimeValue timeValue, Logger logger, Collection<Attribute> collection, ActionListener<LdapMetadataResult> actionListener) {
        if (Strings.isEmpty(this.fullNameAttributeName) && Strings.isEmpty(this.emailAttributeName) && this.attributeNames.length == 0) {
            actionListener.onResponse(LdapMetadataResult.EMPTY);
            return;
        }
        if (collection != null) {
            actionListener.onResponse(toLdapMetadataResult(str2 -> {
                return findAttribute(collection, str2);
            }));
            return;
        }
        SearchScope searchScope = SearchScope.BASE;
        Filter filter = LdapUtils.OBJECT_CLASS_PRESENCE_FILTER;
        int intExact = Math.toIntExact(timeValue.seconds());
        boolean z = this.ignoreReferralErrors;
        CheckedConsumer checkedConsumer = searchResultEntry -> {
            if (searchResultEntry == null) {
                actionListener.onResponse(LdapMetadataResult.EMPTY);
            } else {
                Objects.requireNonNull(searchResultEntry);
                actionListener.onResponse(toLdapMetadataResult(searchResultEntry::getAttribute));
            }
        };
        Objects.requireNonNull(actionListener);
        LdapUtils.searchForEntry(lDAPInterface, str, searchScope, filter, intExact, z, (ActionListener<SearchResultEntry>) ActionListener.wrap(checkedConsumer, actionListener::onFailure), this.allAttributeNamesToResolve);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Attribute findAttribute(Collection<Attribute> collection, String str) {
        return collection.stream().filter(attribute -> {
            return attribute.getName().equals(str);
        }).findFirst().orElse(null);
    }

    private static Object parseLdapAttributeValue(Attribute attribute) {
        String[] values = attribute.getValues();
        return attribute.getName().equals(ActiveDirectorySIDUtil.TOKEN_GROUPS) ? values.length == 1 ? ActiveDirectorySIDUtil.convertToString(attribute.getValueByteArrays()[0]) : Arrays.stream(attribute.getValueByteArrays()).map(ActiveDirectorySIDUtil::convertToString).collect(Collectors.toList()) : values.length == 1 ? values[0] : List.of((Object[]) values);
    }

    private LdapMetadataResult toLdapMetadataResult(Function<String, Attribute> function) {
        Attribute apply = function.apply(this.emailAttributeName);
        Attribute apply2 = function.apply(this.fullNameAttributeName);
        return new LdapMetadataResult(apply2 == null ? null : parseLdapAttributeValue(apply2).toString(), apply == null ? null : parseLdapAttributeValue(apply).toString(), (Map) Arrays.stream(this.attributeNames).map(function).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toUnmodifiableMap((v0) -> {
            return v0.getName();
        }, LdapMetadataResolver::parseLdapAttributeValue)));
    }
}
