package org.apache.doris.ldap;

import com.google.common.base.Strings;
import java.util.List;
import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.catalog.Env;
import org.apache.doris.cluster.ClusterNamespace;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.ErrorReport;
import org.apache.doris.qe.ConnectContext;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:org/apache/doris/ldap/LdapAuthenticate.class */
public class LdapAuthenticate {
    private static final Logger LOG = LogManager.getLogger(LdapAuthenticate.class);

    public static boolean authenticate(ConnectContext connectContext, String str, String str2) {
        UserIdentity userIdentity;
        String str3 = Strings.isNullOrEmpty(str) ? "NO" : "YES";
        String nameFromFullName = ClusterNamespace.getNameFromFullName(str2);
        LOG.debug("user:{}, cluster:{}", nameFromFullName, ClusterNamespace.getClusterNameFromFullName(str2));
        try {
            if (!Env.getCurrentEnv().getAuth().getLdapManager().checkUserPasswd(str2, str)) {
                LOG.info("user:{} use check LDAP password failed.", nameFromFullName);
                ErrorReport.report(ErrorCode.ERR_ACCESS_DENIED_ERROR, str2, connectContext.getRemoteIP(), str3);
                return false;
            }
            String remoteIp = connectContext.getMysqlChannel().getRemoteIp();
            UserIdentity createAnalyzedUserIdentWithIp = UserIdentity.createAnalyzedUserIdentWithIp(str2, remoteIp);
            List<UserIdentity> userIdentityForLdap = Env.getCurrentEnv().getAuth().getUserIdentityForLdap(str2, remoteIp);
            if (userIdentityForLdap.isEmpty()) {
                userIdentity = createAnalyzedUserIdentWithIp;
                LOG.debug("User:{} does not exists in doris, login as temporary users.", nameFromFullName);
                connectContext.setIsTempUser(true);
            } else {
                userIdentity = userIdentityForLdap.get(0);
            }
            connectContext.setCurrentUserIdentity(userIdentity);
            connectContext.setRemoteIP(remoteIp);
            LOG.debug("ldap authentication success: identity:{}", connectContext.getCurrentUserIdentity());
            return true;
        } catch (Exception e) {
            LOG.error("Check ldap password error.", e);
            return false;
        }
    }
}
