package org.elasticsearch.shield.authc.ldap;

import java.io.IOException;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.shield.ShieldSettingsFilter;
import org.elasticsearch.shield.authc.RealmConfig;
import org.elasticsearch.shield.authc.ldap.support.AbstractLdapRealm;
import org.elasticsearch.shield.authc.ldap.support.SessionFactory;
import org.elasticsearch.shield.authc.support.DnRoleMapper;
import org.elasticsearch.shield.ssl.ClientSSLService;
import org.elasticsearch.watcher.ResourceWatcherService;

/* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/authc/ldap/LdapRealm.class */
public class LdapRealm extends AbstractLdapRealm {
    public static final String TYPE = "ldap";

    /* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/authc/ldap/LdapRealm$Factory.class */
    public static class Factory extends AbstractLdapRealm.Factory<LdapRealm> {
        private final ResourceWatcherService watcherService;
        private final ClientSSLService clientSSLService;

        @Inject
        public Factory(ResourceWatcherService resourceWatcherService, ClientSSLService clientSSLService) {
            super(LdapRealm.TYPE);
            this.watcherService = resourceWatcherService;
            this.clientSSLService = clientSSLService;
        }

        @Override // org.elasticsearch.shield.authc.Realm.Factory
        public void filterOutSensitiveSettings(String str, ShieldSettingsFilter shieldSettingsFilter) {
            LdapUserSearchSessionFactory.filterOutSensitiveSettings(str, shieldSettingsFilter);
        }

        @Override // org.elasticsearch.shield.authc.Realm.Factory
        public LdapRealm create(RealmConfig realmConfig) {
            try {
                return new LdapRealm(realmConfig, sessionFactory(realmConfig, this.clientSSLService), new DnRoleMapper(LdapRealm.TYPE, realmConfig, this.watcherService, null));
            } catch (IOException e) {
                throw new ElasticsearchException("failed to create realm [{}/{}]", e, new Object[]{LdapRealm.TYPE, realmConfig.name()});
            }
        }

        static SessionFactory sessionFactory(RealmConfig realmConfig, ClientSSLService clientSSLService) throws IOException {
            if (realmConfig.settings().getAsSettings("user_search").names().isEmpty()) {
                return new LdapSessionFactory(realmConfig, clientSSLService).init();
            }
            if (realmConfig.settings().getAsArray(LdapSessionFactory.USER_DN_TEMPLATES_SETTING).length > 0) {
                throw new IllegalArgumentException("settings were found for both user search and user template modes of operation. Please remove the settings for the\nmode you do not wish to use. For more details refer to the ldap authentication section of the Shield guide.");
            }
            return new LdapUserSearchSessionFactory(realmConfig, clientSSLService).init();
        }
    }

    public LdapRealm(RealmConfig realmConfig, SessionFactory sessionFactory, DnRoleMapper dnRoleMapper) {
        super(TYPE, realmConfig, sessionFactory, dnRoleMapper);
    }
}
