package org.elasticsearch.shield.authc.ldap;

import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import java.io.IOException;
import java.text.FieldPosition;
import java.text.MessageFormat;
import java.util.Locale;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.authc.RealmConfig;
import org.elasticsearch.shield.authc.ldap.support.LdapSession;
import org.elasticsearch.shield.authc.ldap.support.LdapUtils;
import org.elasticsearch.shield.authc.ldap.support.SessionFactory;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.ssl.ClientSSLService;
import org.elasticsearch.shield.support.Exceptions;

/* loaded from: input_file:org/elasticsearch/shield/authc/ldap/LdapSessionFactory.class */
public class LdapSessionFactory extends SessionFactory {
    public static final String USER_DN_TEMPLATES_SETTING = "user_dn_templates";
    private final String[] userDnTemplates;
    private final LdapSession.GroupsResolver groupResolver;

    public LdapSessionFactory(RealmConfig realmConfig, ClientSSLService clientSSLService) {
        super(realmConfig, clientSSLService);
        Settings settings = realmConfig.settings();
        this.userDnTemplates = settings.getAsArray(USER_DN_TEMPLATES_SETTING);
        if (this.userDnTemplates == null) {
            throw new IllegalArgumentException("missing required LDAP setting [user_dn_templates]");
        }
        this.groupResolver = groupResolver(settings);
    }

    @Override // org.elasticsearch.shield.authc.ldap.support.SessionFactory
    protected LdapSession getSession(String str, SecuredString securedString) throws Exception {
        try {
            LDAPConnection connection = this.serverSet.getConnection();
            LDAPException lDAPException = null;
            String str2 = new String(securedString.internalChars());
            for (String str3 : this.userDnTemplates) {
                String buildDnFromTemplate = buildDnFromTemplate(str, str3);
                try {
                    connection.bind(buildDnFromTemplate, str2);
                    return new LdapSession(this.connectionLogger, connection, buildDnFromTemplate, this.groupResolver, this.timeout);
                } catch (LDAPException e) {
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug("failed LDAP authentication with user template [{}] and DN [{}]", e, new Object[]{str3, buildDnFromTemplate});
                    } else {
                        this.logger.warn("failed LDAP authentication with user template [{}] and DN [{}]: {}", new Object[]{str3, buildDnFromTemplate, e.getMessage()});
                    }
                    lDAPException = e;
                }
            }
            connection.close();
            throw Exceptions.authenticationError("failed LDAP authentication", lDAPException, new Object[0]);
        } catch (LDAPException e2) {
            throw new IOException("failed to connect to any LDAP servers", e2);
        }
    }

    String buildDnFromTemplate(String str, String str2) {
        return new MessageFormat(str2, Locale.ROOT).format(new Object[]{LdapUtils.escapedRDNValue(str)}, new StringBuffer(), (FieldPosition) null).toString();
    }

    static LdapSession.GroupsResolver groupResolver(Settings settings) {
        Settings asSettings = settings.getAsSettings("group_search");
        return !asSettings.names().isEmpty() ? new SearchGroupsResolver(asSettings) : new UserAttributeGroupsResolver(settings);
    }
}
