package io.apiman.gateway.engine.policies.auth;

import io.apiman.gateway.engine.async.AsyncResultImpl;
import io.apiman.gateway.engine.async.IAsyncHandler;
import io.apiman.gateway.engine.async.IAsyncResult;
import io.apiman.gateway.engine.async.IAsyncResultHandler;
import io.apiman.gateway.engine.beans.ApiRequest;
import io.apiman.gateway.engine.components.ILdapComponent;
import io.apiman.gateway.engine.components.ldap.ILdapAttribute;
import io.apiman.gateway.engine.components.ldap.ILdapClientConnection;
import io.apiman.gateway.engine.components.ldap.ILdapDn;
import io.apiman.gateway.engine.components.ldap.ILdapRdn;
import io.apiman.gateway.engine.components.ldap.ILdapResult;
import io.apiman.gateway.engine.components.ldap.ILdapSearchEntry;
import io.apiman.gateway.engine.components.ldap.LdapConfigBean;
import io.apiman.gateway.engine.components.ldap.LdapSearchScope;
import io.apiman.gateway.engine.components.ldap.result.LdapException;
import io.apiman.gateway.engine.components.ldap.result.LdapResult;
import io.apiman.gateway.engine.components.ldap.result.LdapResultCode;
import io.apiman.gateway.engine.policies.AuthorizationPolicy;
import io.apiman.gateway.engine.policies.config.basicauth.LDAPBindAsType;
import io.apiman.gateway.engine.policies.config.basicauth.LDAPIdentitySource;
import io.apiman.gateway.engine.policy.IPolicyContext;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.naming.NamingException;
import org.apache.commons.lang.text.StrSubstitutor;

/* loaded from: input_file:io/apiman/gateway/engine/policies/auth/LDAPIdentityValidator.class */
public class LDAPIdentityValidator implements IIdentityValidator<LDAPIdentitySource> {
    /* renamed from: validate, reason: avoid collision after fix types in other method */
    public void validate2(String str, String str2, ApiRequest apiRequest, IPolicyContext iPolicyContext, LDAPIdentitySource lDAPIdentitySource, IAsyncResultHandler<Boolean> iAsyncResultHandler) {
        try {
            doValidate(str, str2, apiRequest, iPolicyContext, lDAPIdentitySource, iAsyncResultHandler);
        } catch (Throwable th) {
            iAsyncResultHandler.handle(AsyncResultImpl.create(th));
        }
    }

    private void doValidate(final String str, final String str2, final ApiRequest apiRequest, final IPolicyContext iPolicyContext, final LDAPIdentitySource lDAPIdentitySource, final IAsyncResultHandler<Boolean> iAsyncResultHandler) {
        final ILdapComponent iLdapComponent = (ILdapComponent) iPolicyContext.getComponent(ILdapComponent.class);
        String formatDn = formatDn(lDAPIdentitySource.getDnPattern(), str, apiRequest);
        int port = lDAPIdentitySource.getUri().getPort();
        String scheme = lDAPIdentitySource.getUri().getScheme();
        if (port == -1) {
            if ("ldap".equalsIgnoreCase(scheme)) {
                port = 389;
            }
            if ("ldaps".equalsIgnoreCase(scheme)) {
                port = 636;
            }
        }
        final LdapConfigBean ldapConfigBean = new LdapConfigBean();
        ldapConfigBean.setBindDn(formatDn);
        ldapConfigBean.setBindPassword(str2);
        ldapConfigBean.setHost(lDAPIdentitySource.getUri().getHost());
        ldapConfigBean.setPort(port);
        ldapConfigBean.setScheme(scheme);
        if (lDAPIdentitySource.getBindAs() != LDAPBindAsType.ServiceAccount) {
            bind(lDAPIdentitySource, ldapConfigBean, iLdapComponent, iPolicyContext, new IAsyncResultHandler<ILdapResult>() { // from class: io.apiman.gateway.engine.policies.auth.LDAPIdentityValidator.2
                public void handle(IAsyncResult<ILdapResult> iAsyncResult) {
                    if (!iAsyncResult.isSuccess()) {
                        iAsyncResultHandler.handle(AsyncResultImpl.create(iAsyncResult.getError()));
                    } else if (LdapResultCode.isSuccess(((ILdapResult) iAsyncResult.getResult()).getResultCode())) {
                        iAsyncResultHandler.handle(AsyncResultImpl.create(Boolean.TRUE));
                    } else {
                        iAsyncResultHandler.handle(AsyncResultImpl.create(Boolean.FALSE));
                    }
                }
            });
            return;
        }
        ldapConfigBean.setBindDn(formatDn(lDAPIdentitySource.getDnPattern(), lDAPIdentitySource.getCredentials().getUsername(), apiRequest));
        ldapConfigBean.setBindPassword(lDAPIdentitySource.getCredentials().getPassword());
        iLdapComponent.connect(ldapConfigBean, successHandler(iAsyncResultHandler, new IAsyncHandler<ILdapClientConnection>() { // from class: io.apiman.gateway.engine.policies.auth.LDAPIdentityValidator.1
            public void handle(final ILdapClientConnection iLdapClientConnection) {
                iLdapClientConnection.search(LDAPIdentityValidator.this.formatDn(lDAPIdentitySource.getUserSearch().getBaseDn(), str, apiRequest), LDAPIdentityValidator.this.formatDn(lDAPIdentitySource.getUserSearch().getExpression(), str, apiRequest), LdapSearchScope.SUBTREE).setLdapErrorHandler(new IAsyncHandler<LdapException>() { // from class: io.apiman.gateway.engine.policies.auth.LDAPIdentityValidator.1.1
                    public void handle(LdapException ldapException) {
                        iAsyncResultHandler.handle(AsyncResultImpl.create(ldapException));
                    }
                }).search(LDAPIdentityValidator.this.successHandler(iAsyncResultHandler, new IAsyncHandler<List<ILdapSearchEntry>>() { // from class: io.apiman.gateway.engine.policies.auth.LDAPIdentityValidator.1.2
                    public void handle(List<ILdapSearchEntry> list) {
                        LDAPIdentityValidator.this.handleLdapSearch(iLdapClientConnection, list, lDAPIdentitySource, ldapConfigBean, iLdapComponent, iPolicyContext, str, str2, iAsyncResultHandler);
                    }
                }));
            }
        }));
    }

    private void bind(final LDAPIdentitySource lDAPIdentitySource, final LdapConfigBean ldapConfigBean, ILdapComponent iLdapComponent, final IPolicyContext iPolicyContext, final IAsyncResultHandler<ILdapResult> iAsyncResultHandler) {
        if (lDAPIdentitySource.isExtractRoles()) {
            iLdapComponent.connect(ldapConfigBean, successHandler(iAsyncResultHandler, new IAsyncHandler<ILdapClientConnection>() { // from class: io.apiman.gateway.engine.policies.auth.LDAPIdentityValidator.3
                public void handle(ILdapClientConnection iLdapClientConnection) {
                    LDAPIdentityValidator.this.extractRoles(iLdapClientConnection, ldapConfigBean.getBindDn(), lDAPIdentitySource, iPolicyContext, iAsyncResultHandler);
                }
            }));
        } else {
            iLdapComponent.bind(ldapConfigBean, iAsyncResultHandler);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void extractRoles(ILdapClientConnection iLdapClientConnection, String str, final LDAPIdentitySource lDAPIdentitySource, final IPolicyContext iPolicyContext, final IAsyncResultHandler<ILdapResult> iAsyncResultHandler) {
        final HashSet hashSet = new HashSet();
        iLdapClientConnection.search(str, "(objectClass=*)", LdapSearchScope.SUBTREE).setLdapErrorHandler(new IAsyncHandler<LdapException>() { // from class: io.apiman.gateway.engine.policies.auth.LDAPIdentityValidator.4
            public void handle(LdapException ldapException) {
                iAsyncResultHandler.handle(AsyncResultImpl.create(ldapException));
            }
        }).search(successHandler(iAsyncResultHandler, new IAsyncHandler<List<ILdapSearchEntry>>() { // from class: io.apiman.gateway.engine.policies.auth.LDAPIdentityValidator.5
            public void handle(List<ILdapSearchEntry> list) {
                Iterator<ILdapSearchEntry> it = list.iterator();
                while (it.hasNext()) {
                    try {
                        for (ILdapAttribute iLdapAttribute : it.next().getAttributes()) {
                            if (iLdapAttribute.getBaseName().equals(lDAPIdentitySource.getMembershipAttribute())) {
                                addRoles(iLdapAttribute);
                            }
                        }
                        iPolicyContext.setAttribute(AuthorizationPolicy.AUTHENTICATED_USER_ROLES, hashSet);
                        iAsyncResultHandler.handle(AsyncResultImpl.create(LdapResult.SUCCESS));
                    } catch (Exception e) {
                        iAsyncResultHandler.handle(AsyncResultImpl.create(e));
                    }
                }
            }

            private void addRoles(ILdapAttribute iLdapAttribute) {
                Iterator it = iLdapAttribute.getValuesAsDn().iterator();
                while (it.hasNext()) {
                    for (ILdapRdn iLdapRdn : ((ILdapDn) it.next()).getRdns()) {
                        if (iLdapRdn.hasAttribute(lDAPIdentitySource.getRolenameAttribute())) {
                            Iterator it2 = iLdapRdn.getAttributeValues().iterator();
                            while (it2.hasNext()) {
                                hashSet.add((String) it2.next());
                            }
                        }
                    }
                }
            }
        }));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleLdapSearch(final ILdapClientConnection iLdapClientConnection, List<ILdapSearchEntry> list, LDAPIdentitySource lDAPIdentitySource, LdapConfigBean ldapConfigBean, ILdapComponent iLdapComponent, IPolicyContext iPolicyContext, String str, String str2, final IAsyncResultHandler<Boolean> iAsyncResultHandler) {
        if (list.size() > 1) {
            iAsyncResultHandler.handle(AsyncResultImpl.create(new NamingException("Found multiple entries for the same username: " + str)));
            return;
        }
        if (list.isEmpty()) {
            iAsyncResultHandler.handle(AsyncResultImpl.create(Boolean.FALSE));
            return;
        }
        String dn = list.get(0).getDn();
        if (dn == null) {
            iAsyncResultHandler.handle(AsyncResultImpl.create(Boolean.FALSE));
            return;
        }
        ldapConfigBean.setBindDn(dn);
        ldapConfigBean.setBindPassword(str2);
        bind(lDAPIdentitySource, ldapConfigBean, iLdapComponent, iPolicyContext, new IAsyncResultHandler<ILdapResult>() { // from class: io.apiman.gateway.engine.policies.auth.LDAPIdentityValidator.6
            public void handle(IAsyncResult<ILdapResult> iAsyncResult) {
                if (!iAsyncResult.isError()) {
                    if (LdapResultCode.isSuccess(((ILdapResult) iAsyncResult.getResult()).getResultCode())) {
                        iAsyncResultHandler.handle(AsyncResultImpl.create(Boolean.TRUE));
                    } else {
                        iAsyncResultHandler.handle(AsyncResultImpl.create(Boolean.FALSE));
                    }
                    iLdapClientConnection.close();
                    return;
                }
                if (!(iAsyncResult.getError() instanceof LdapException)) {
                    iAsyncResultHandler.handle(AsyncResultImpl.create(iAsyncResult.getError()));
                    iLdapClientConnection.close();
                    return;
                }
                LdapException error = iAsyncResult.getError();
                if (error.getResultCode().isAuthFailure()) {
                    iAsyncResultHandler.handle(AsyncResultImpl.create(Boolean.FALSE));
                } else {
                    iAsyncResultHandler.handle(AsyncResultImpl.create(error));
                }
                iLdapClientConnection.close(error);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String formatDn(String str, String str2, ApiRequest apiRequest) {
        Map map = apiRequest.getHeaders().toMap();
        map.put("username", str2);
        return new StrSubstitutor(map).replace(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <T, Q> IAsyncResultHandler<T> successHandler(final IAsyncResultHandler<Q> iAsyncResultHandler, final IAsyncHandler<T> iAsyncHandler) {
        return new IAsyncResultHandler<T>() { // from class: io.apiman.gateway.engine.policies.auth.LDAPIdentityValidator.7
            public void handle(IAsyncResult<T> iAsyncResult) {
                if (iAsyncResult.isError()) {
                    iAsyncResultHandler.handle(AsyncResultImpl.create(iAsyncResult.getError()));
                } else {
                    iAsyncHandler.handle(iAsyncResult.getResult());
                }
            }
        };
    }

    @Override // io.apiman.gateway.engine.policies.auth.IIdentityValidator
    public /* bridge */ /* synthetic */ void validate(String str, String str2, ApiRequest apiRequest, IPolicyContext iPolicyContext, LDAPIdentitySource lDAPIdentitySource, IAsyncResultHandler iAsyncResultHandler) {
        validate2(str, str2, apiRequest, iPolicyContext, lDAPIdentitySource, (IAsyncResultHandler<Boolean>) iAsyncResultHandler);
    }
}
