package net.bluemind.system.ldap.importation.hooks;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.netflix.spectator.api.Timer;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import net.bluemind.authentication.provider.IAuthProvider;
import net.bluemind.domain.api.Domain;
import net.bluemind.system.importation.commons.Parameters;
import net.bluemind.system.importation.commons.UuidMapper;
import net.bluemind.system.importation.commons.hooks.ImportAuthenticationService;
import net.bluemind.system.importation.commons.pool.LdapPoolByDomain;
import net.bluemind.system.ldap.importation.Activator;
import net.bluemind.system.ldap.importation.internal.tools.LdapParameters;
import net.bluemind.system.ldap.importation.internal.tools.LdapUuidMapper;
import net.bluemind.system.ldap.importation.metrics.MetricsHolder;
import net.bluemind.system.ldap.importation.search.LdapUserSearchFilter;
import org.apache.directory.api.ldap.model.cursor.EntryCursor;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.message.BindRequestImpl;
import org.apache.directory.api.ldap.model.message.BindResponse;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/system/ldap/importation/hooks/ImportLdapAuthenticationService.class */
public class ImportLdapAuthenticationService extends ImportAuthenticationService {
    private static final Logger logger = LoggerFactory.getLogger(ImportLdapAuthenticationService.class);
    private static final MetricsHolder metrics = MetricsHolder.get();
    private static final Cache<String, String> uuidToDnCache = CacheBuilder.newBuilder().expireAfterWrite(1, TimeUnit.HOURS).recordStats().build();

    protected String getDirectoryKind() {
        return "LDAP";
    }

    protected String getPrefix() {
        return "ldap://";
    }

    protected Parameters getParameters(Domain domain, Map<String, String> map) {
        return LdapParameters.build(domain, map);
    }

    protected Optional<UuidMapper> getUuidMapper(String str) {
        return LdapUuidMapper.fromExtId(str);
    }

    protected String getUserDnByUserLogin(Parameters parameters, String str, String str2) {
        String str3 = null;
        Timer forOperation = metrics.forOperation("dnByLogin");
        long monotonicTime = metrics.clock.monotonicTime();
        LdapPoolByDomain ldapPoolByDomain = Activator.getLdapPoolByDomain();
        Optional empty = Optional.empty();
        try {
            try {
                empty = ldapPoolByDomain.getAuthenticatedConnectionContext(parameters);
                if (empty.isPresent()) {
                    EntryCursor search = ((LdapPoolByDomain.LdapConnectionContext) empty.get()).ldapCon.search(parameters.ldapDirectory.baseDn, new LdapUserSearchFilter().getSearchFilter(parameters, Optional.empty(), str2, null), SearchScope.SUBTREE, new String[]{"dn"});
                    if (search.next()) {
                        str3 = ((Entry) search.get()).getDn().getName();
                    }
                    forOperation.record(metrics.clock.monotonicTime() - monotonicTime, TimeUnit.NANOSECONDS);
                }
                empty.ifPresent(ldapConnectionContext -> {
                    releaseConnection(ldapPoolByDomain, parameters, ldapConnectionContext);
                });
                if (str3 == null) {
                    logger.error("Unable to find {}@{}", str2, str);
                }
                return str3;
            } catch (RuntimeException e) {
                if (e.getCause() != null && (e.getCause() instanceof InterruptedException)) {
                    logger.error("Getting an interrupted exception, reseting pool for {}", parameters, e);
                    ldapPoolByDomain.resetPool(parameters);
                }
                throw e;
            } catch (Exception e2) {
                logger.error("Fail to get LDAP DN for user: " + str2 + "@" + str, e2);
                empty.ifPresent((v0) -> {
                    v0.setError();
                });
                empty.ifPresent(ldapConnectionContext2 -> {
                    releaseConnection(ldapPoolByDomain, parameters, ldapConnectionContext2);
                });
                return null;
            }
        } catch (Throwable th) {
            empty.ifPresent(ldapConnectionContext22 -> {
                releaseConnection(ldapPoolByDomain, parameters, ldapConnectionContext22);
            });
            throw th;
        }
    }

    protected String getUserDnByUuid(Parameters parameters, String str) throws Exception {
        String str2 = (String) uuidToDnCache.getIfPresent(str);
        if (str2 != null) {
            return str2;
        }
        Timer forOperation = metrics.forOperation("dnByUUID");
        LdapPoolByDomain ldapPoolByDomain = Activator.getLdapPoolByDomain();
        Optional empty = Optional.empty();
        long nanoTime = System.nanoTime();
        try {
            try {
                try {
                    empty = ldapPoolByDomain.getAuthenticatedConnectionContext(parameters);
                    if (empty.isPresent()) {
                        String searchFilter = new LdapUserSearchFilter().getSearchFilter(parameters, Optional.empty(), null, str);
                        EntryCursor search = ((LdapPoolByDomain.LdapConnectionContext) empty.get()).ldapCon.search(parameters.ldapDirectory.baseDn, searchFilter, SearchScope.SUBTREE, new String[]{"dn"});
                        if (search.next()) {
                            str2 = ((Entry) search.get()).getDn().getName();
                        } else {
                            logger.warn("uuid {} not found with filter {}", str, searchFilter);
                        }
                        forOperation.record(metrics.clock.monotonicTime() - nanoTime, TimeUnit.NANOSECONDS);
                    }
                    empty.ifPresent(ldapConnectionContext -> {
                        releaseConnection(ldapPoolByDomain, parameters, ldapConnectionContext);
                    });
                    if (str2 == null) {
                        logger.error("Unable to find {}", str);
                    } else {
                        uuidToDnCache.put(str, str2);
                    }
                    return str2;
                } catch (Exception e) {
                    logger.error(String.format("Error searching external ID %s", str), e);
                    empty.ifPresent((v0) -> {
                        v0.setError();
                    });
                    throw e;
                }
            } catch (RuntimeException e2) {
                if (e2.getCause() != null && (e2.getCause() instanceof InterruptedException)) {
                    logger.error("Getting an interrupted exception, reseting pool for {}", parameters, e2);
                    ldapPoolByDomain.resetPool(parameters);
                }
                throw e2;
            }
        } catch (Throwable th) {
            empty.ifPresent(ldapConnectionContext2 -> {
                releaseConnection(ldapPoolByDomain, parameters, ldapConnectionContext2);
            });
            throw th;
        }
    }

    protected IAuthProvider.AuthResult checkAuth(Parameters parameters, String str, String str2) {
        Timer forOperation = metrics.forOperation("authCheck");
        long monotonicTime = metrics.clock.monotonicTime();
        LdapPoolByDomain ldapPoolByDomain = Activator.getLdapPoolByDomain();
        LdapPoolByDomain.LdapConnectionContext ldapConnectionContext = null;
        try {
            try {
                LdapPoolByDomain.LdapConnectionContext connectionContext = ldapPoolByDomain.getConnectionContext(parameters);
                BindRequestImpl bindRequestImpl = new BindRequestImpl();
                bindRequestImpl.setSimple(true);
                bindRequestImpl.setName(str);
                bindRequestImpl.setCredentials(str2);
                long currentTimeMillis = System.currentTimeMillis();
                BindResponse bind = connectionContext.ldapCon.bind(bindRequestImpl);
                long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
                if (ResultCodeEnum.SUCCESS == bind.getLdapResult().getResultCode() && connectionContext.ldapCon.isAuthenticated()) {
                    if (logger.isInfoEnabled()) {
                        logger.info("Login success on: {}:{}:{}, user dn: {}, ldapAuth: {}ms", new Object[]{connectionContext.getConnectedProtocol().name(), connectionContext.ldapConnectionConfig.getLdapHost(), Integer.valueOf(connectionContext.ldapConnectionConfig.getLdapPort()), str, Long.valueOf(currentTimeMillis2)});
                    }
                    forOperation.record(metrics.clock.monotonicTime() - monotonicTime, TimeUnit.NANOSECONDS);
                    IAuthProvider.AuthResult authResult = IAuthProvider.AuthResult.YES;
                    releaseConnection(ldapPoolByDomain, parameters, connectionContext);
                    return authResult;
                }
                if (logger.isErrorEnabled()) {
                    logger.error("Login failed on: {}:{}:{}, result: {}, message: {}, authenticated: {}, user dn: {},ldapAuth: {}ms", new Object[]{connectionContext.getConnectedProtocol().name(), connectionContext.ldapConnectionConfig.getLdapHost(), Integer.valueOf(connectionContext.ldapConnectionConfig.getLdapPort()), bind.getLdapResult().getResultCode().name(), bind.getLdapResult().getDiagnosticMessage(), Boolean.valueOf(connectionContext.ldapCon.isAuthenticated()), str, Long.valueOf(currentTimeMillis2)});
                }
                forOperation.record(metrics.clock.monotonicTime() - monotonicTime, TimeUnit.NANOSECONDS);
                IAuthProvider.AuthResult authResult2 = IAuthProvider.AuthResult.NO;
                releaseConnection(ldapPoolByDomain, parameters, connectionContext);
                return authResult2;
            } catch (RuntimeException e) {
                if (e.getCause() != null && (e.getCause() instanceof InterruptedException)) {
                    logger.error(String.format("Getting an interrupted exception, reseting pool for %s", parameters), e);
                    ldapPoolByDomain.resetPool(parameters);
                }
                throw e;
            } catch (Exception e2) {
                logger.error("Fail to check LDAP authentication", e2);
                LdapPoolByDomain.LdapConnectionContext error = ldapConnectionContext.setError();
                IAuthProvider.AuthResult authResult3 = IAuthProvider.AuthResult.NO;
                releaseConnection(ldapPoolByDomain, parameters, error);
                return authResult3;
            }
        } catch (Throwable th) {
            releaseConnection(ldapPoolByDomain, parameters, null);
            throw th;
        }
    }

    private void releaseConnection(LdapPoolByDomain ldapPoolByDomain, Parameters parameters, LdapPoolByDomain.LdapConnectionContext ldapConnectionContext) {
        Timer forOperation = metrics.forOperation("release");
        long monotonicTime = metrics.clock.monotonicTime();
        ldapPoolByDomain.releaseConnectionContext(ldapConnectionContext);
        forOperation.record(metrics.clock.monotonicTime() - monotonicTime, TimeUnit.NANOSECONDS);
    }
}
