package org.elasticsearch.xpack.security.authc.ldap;

import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ServerSet;
import com.unboundid.ldap.sdk.SimpleBindRequest;
import java.io.Closeable;
import java.text.FieldPosition;
import java.text.MessageFormat;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.common.CharArrays;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.AbstractRunnable;
import org.elasticsearch.core.internal.io.IOUtils;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
import org.elasticsearch.xpack.core.security.authc.RealmSettings;
import org.elasticsearch.xpack.core.security.authc.ldap.LdapSessionFactorySettings;
import org.elasticsearch.xpack.core.security.authc.ldap.SearchGroupsResolverSettings;
import org.elasticsearch.xpack.core.ssl.SSLService;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapMetaDataResolver;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils;
import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/ldap/LdapSessionFactory.class */
public class LdapSessionFactory extends SessionFactory {
    private final String[] userDnTemplates;
    private final LdapSession.GroupsResolver groupResolver;
    private final LdapMetaDataResolver metaDataResolver;

    public LdapSessionFactory(RealmConfig realmConfig, SSLService sSLService, ThreadPool threadPool) {
        super(realmConfig, sSLService, threadPool);
        Settings settings = realmConfig.settings();
        this.userDnTemplates = (String[]) ((List) LdapSessionFactorySettings.USER_DN_TEMPLATES_SETTING.get(settings)).toArray(Strings.EMPTY_ARRAY);
        if (this.userDnTemplates.length == 0) {
            throw new IllegalArgumentException("missing required LDAP setting [" + RealmSettings.getFullSettingKey(realmConfig, LdapSessionFactorySettings.USER_DN_TEMPLATES_SETTING) + "]");
        }
        this.logger.info("Realm [{}] is in user-dn-template mode: [{}]", realmConfig.name(), this.userDnTemplates);
        this.groupResolver = groupResolver(settings);
        this.metaDataResolver = new LdapMetaDataResolver(settings, this.ignoreReferralErrors);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [org.elasticsearch.xpack.security.authc.ldap.LdapSessionFactory$1] */
    @Override // org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory
    public void session(final String str, final SecureString secureString, final ActionListener<LdapSession> actionListener) {
        try {
            new AbstractRunnable() { // from class: org.elasticsearch.xpack.security.authc.ldap.LdapSessionFactory.1
                final LDAPConnection connection;
                final byte[] passwordBytes;
                Exception containerException;
                int loopIndex;

                {
                    ServerSet serverSet = LdapSessionFactory.this.serverSet;
                    Objects.requireNonNull(serverSet);
                    this.connection = (LDAPConnection) LdapUtils.privilegedConnect(serverSet::getConnection);
                    this.passwordBytes = CharArrays.toUtf8Bytes(secureString.getChars());
                    this.containerException = null;
                    this.loopIndex = 0;
                }

                protected void doRun() throws Exception {
                    actionListener.onResponse(new LdapSession(LdapSessionFactory.this.logger, LdapSessionFactory.this.config, this.connection, this.connection.getLastBindRequest().getBindDN(), LdapSessionFactory.this.groupResolver, LdapSessionFactory.this.metaDataResolver, LdapSessionFactory.this.timeout, null));
                }

                public void onFailure(Exception exc) {
                    if (this.containerException == null) {
                        this.containerException = exc;
                    } else {
                        this.containerException.addSuppressed(exc);
                    }
                    if (this.loopIndex > LdapSessionFactory.this.userDnTemplates.length) {
                        actionListener.onFailure(new IllegalStateException("User DN template iteration index out of bounds."));
                    } else if (this.loopIndex != LdapSessionFactory.this.userDnTemplates.length) {
                        loop();
                    } else {
                        IOUtils.closeWhileHandlingException(new Closeable[]{this.connection});
                        actionListener.onFailure(this.containerException);
                    }
                }

                void loop() {
                    String[] strArr = LdapSessionFactory.this.userDnTemplates;
                    int i = this.loopIndex;
                    this.loopIndex = i + 1;
                    LdapUtils.maybeForkThenBind(this.connection, new SimpleBindRequest(LdapSessionFactory.this.buildDnFromTemplate(str, strArr[i]), this.passwordBytes), LdapSessionFactory.this.threadPool, this);
                }
            }.loop();
        } catch (LDAPException e) {
            actionListener.onFailure(e);
        }
    }

    String buildDnFromTemplate(String str, String str2) {
        return new MessageFormat(str2, Locale.ROOT).format(new Object[]{LdapUtils.escapedRDNValue(str)}, new StringBuffer(), (FieldPosition) null).toString();
    }

    static LdapSession.GroupsResolver groupResolver(Settings settings) {
        return SearchGroupsResolverSettings.BASE_DN.exists(settings) ? new SearchGroupsResolver(settings) : new UserAttributeGroupsResolver(settings);
    }
}
