package org.elasticsearch.xpack.security.authc.ldap.support;

import com.unboundid.ldap.sdk.LDAPException;
import java.util.Map;
import java.util.Set;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.xpack.monitoring.exporter.http.HttpExporter;
import org.elasticsearch.xpack.security.authc.RealmConfig;
import org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm;
import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
import org.elasticsearch.xpack.security.authc.support.RefreshListener;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.xpack.security.user.User;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/ldap/support/AbstractLdapRealm.class */
public abstract class AbstractLdapRealm extends CachingUsernamePasswordRealm {
    protected final SessionFactory sessionFactory;
    protected final DnRoleMapper roleMapper;

    /* loaded from: input_file:org/elasticsearch/xpack/security/authc/ldap/support/AbstractLdapRealm$Listener.class */
    class Listener implements RefreshListener {
        Listener() {
        }

        @Override // org.elasticsearch.xpack.security.authc.support.RefreshListener
        public void onRefresh() {
            AbstractLdapRealm.this.expireAll();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractLdapRealm(String str, RealmConfig realmConfig, SessionFactory sessionFactory, DnRoleMapper dnRoleMapper) {
        super(str, realmConfig);
        this.sessionFactory = sessionFactory;
        this.roleMapper = dnRoleMapper;
        dnRoleMapper.addListener(new Listener());
    }

    @Override // org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm
    protected User doAuthenticate(UsernamePasswordToken usernamePasswordToken) {
        try {
            LdapSession session = this.sessionFactory.session(usernamePasswordToken.principal(), usernamePasswordToken.credentials());
            Throwable th = null;
            try {
                try {
                    User createUser = createUser(usernamePasswordToken.principal(), session);
                    if (session != null) {
                        if (0 != 0) {
                            try {
                                session.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            session.close();
                        }
                    }
                    return createUser;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            logException("authentication", e, usernamePasswordToken.principal());
            return null;
        }
    }

    @Override // org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm
    public User doLookupUser(String str) {
        if (!this.sessionFactory.supportsUnauthenticatedSession()) {
            return null;
        }
        try {
            LdapSession unauthenticatedSession = this.sessionFactory.unauthenticatedSession(str);
            Throwable th = null;
            try {
                try {
                    User createUser = createUser(str, unauthenticatedSession);
                    if (unauthenticatedSession != null) {
                        if (0 != 0) {
                            try {
                                unauthenticatedSession.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            unauthenticatedSession.close();
                        }
                    }
                    return createUser;
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (Exception e) {
            logException("lookup", e, str);
            return null;
        }
    }

    @Override // org.elasticsearch.xpack.security.authc.Realm
    public boolean userLookupSupported() {
        return this.sessionFactory.supportsUnauthenticatedSession();
    }

    @Override // org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm, org.elasticsearch.xpack.security.authc.Realm
    public Map<String, Object> usageStats() {
        Map<String, Object> usageStats = super.usageStats();
        usageStats.put("load_balance_type", LdapLoadBalancing.resolve(this.config.settings()).toString());
        usageStats.put(HttpExporter.SSL_SETTING, Boolean.valueOf(this.sessionFactory.sslUsed));
        return usageStats;
    }

    private void logException(String str, Exception exc, String str2) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(() -> {
                return new ParameterizedMessage("{} failed for user [{}]", str, str2);
            }, exc);
            return;
        }
        String message = exc.getCause() == null ? null : exc.getCause().getMessage();
        if (message == null) {
            this.logger.warn("{} failed for user [{}]: {}", str, str2, exc.getMessage());
        } else {
            this.logger.warn("{} failed for user [{}]: {}\ncause: {}: {}", str, str2, exc.getMessage(), exc.getCause().getClass().getName(), message);
        }
    }

    private User createUser(String str, LdapSession ldapSession) throws LDAPException {
        Set<String> resolveRoles = this.roleMapper.resolveRoles(ldapSession.userDn(), ldapSession.groups());
        return new User(str, (String[]) resolveRoles.toArray(new String[resolveRoles.size()]));
    }
}
