package org.elasticsearch.xpack.security.authc.ldap;

import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import java.text.FieldPosition;
import java.text.MessageFormat;
import java.util.Locale;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.xpack.security.authc.RealmConfig;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils;
import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.ssl.SSLService;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/ldap/LdapSessionFactory.class */
public class LdapSessionFactory extends SessionFactory {
    public static final String USER_DN_TEMPLATES_SETTING = "user_dn_templates";
    private final String[] userDnTemplates;
    private final LdapSession.GroupsResolver groupResolver;
    static final /* synthetic */ boolean $assertionsDisabled;

    public LdapSessionFactory(RealmConfig realmConfig, SSLService sSLService) {
        super(realmConfig, sSLService);
        Settings settings = realmConfig.settings();
        this.userDnTemplates = settings.getAsArray(USER_DN_TEMPLATES_SETTING);
        if (this.userDnTemplates == null) {
            throw new IllegalArgumentException("missing required LDAP setting [user_dn_templates]");
        }
        this.groupResolver = groupResolver(settings);
    }

    @Override // org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory
    protected LdapSession getSession(String str, SecuredString securedString) throws Exception {
        LDAPConnection connection = this.serverSet.getConnection();
        LDAPException lDAPException = null;
        String str2 = new String(securedString.internalChars());
        for (String str3 : this.userDnTemplates) {
            String buildDnFromTemplate = buildDnFromTemplate(str, str3);
            try {
                connection.bind(buildDnFromTemplate, str2);
                return new LdapSession(this.logger, connection, buildDnFromTemplate, this.groupResolver, this.timeout, null);
            } catch (LDAPException e) {
                this.logger.debug(() -> {
                    return new ParameterizedMessage("failed LDAP authentication with user template [{}] and DN [{}]", str3, buildDnFromTemplate);
                }, e);
                if (lDAPException == null) {
                    lDAPException = e;
                } else {
                    lDAPException.addSuppressed(e);
                }
            }
        }
        connection.close();
        if ($assertionsDisabled || lDAPException != null) {
            throw lDAPException;
        }
        throw new AssertionError();
    }

    String buildDnFromTemplate(String str, String str2) {
        return new MessageFormat(str2, Locale.ROOT).format(new Object[]{LdapUtils.escapedRDNValue(str)}, new StringBuffer(), (FieldPosition) null).toString();
    }

    static LdapSession.GroupsResolver groupResolver(Settings settings) {
        Settings asSettings = settings.getAsSettings("group_search");
        return !asSettings.names().isEmpty() ? new SearchGroupsResolver(asSettings) : new UserAttributeGroupsResolver(settings);
    }

    static {
        $assertionsDisabled = !LdapSessionFactory.class.desiredAssertionStatus();
    }
}
