package org.wildfly.security.auth.realm.ldap;

import java.net.URI;
import java.net.URISyntaxException;
import java.security.Provider;
import java.util.Hashtable;
import java.util.Properties;
import java.util.function.Supplier;
import javax.naming.AuthenticationException;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.sonatype.plexus.components.sec.dispatcher.SecUtil;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.PasswordGuessEvidence;

/* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.1.6.Final/wildfly-elytron-1.1.6.Final.jar:org/wildfly/security/auth/realm/ldap/DirectEvidenceVerifier.class */
class DirectEvidenceVerifier implements EvidenceVerifier {
    private final boolean allowBlankPassword;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DirectEvidenceVerifier(boolean z) {
        this.allowBlankPassword = z;
    }

    @Override // org.wildfly.security.auth.realm.ldap.EvidenceVerifier
    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
        return cls == PasswordGuessEvidence.class ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
    }

    @Override // org.wildfly.security.auth.realm.ldap.EvidenceVerifier
    public IdentityEvidenceVerifier forIdentity(final DirContext dirContext, final String str, final String str2, Attributes attributes) throws RealmUnavailableException {
        return new IdentityEvidenceVerifier() { // from class: org.wildfly.security.auth.realm.ldap.DirectEvidenceVerifier.1
            @Override // org.wildfly.security.auth.realm.ldap.IdentityEvidenceVerifier
            public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str3, Supplier<Provider[]> supplier) throws RealmUnavailableException {
                return (cls == PasswordGuessEvidence.class && (dirContext instanceof LdapContext)) ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
            }

            @Override // org.wildfly.security.auth.realm.ldap.IdentityEvidenceVerifier
            public boolean verifyEvidence(Evidence evidence, Supplier<Provider[]> supplier) throws RealmUnavailableException {
                if (!(evidence instanceof PasswordGuessEvidence)) {
                    return false;
                }
                char[] guess = ((PasswordGuessEvidence) evidence).getGuess();
                try {
                    try {
                        try {
                            if (!DirectEvidenceVerifier.this.allowBlankPassword && guess.length == 0) {
                                ElytronMessages.log.debugf("Credential direct evidence verification does not allow blank password.", new Object[0]);
                                ((PasswordGuessEvidence) evidence).destroy();
                                return false;
                            }
                            if (str2 != null) {
                                URI uri = new URI(str2);
                                String str3 = uri.getScheme() + SecUtil.PROTOCOL_DELIM + uri.getAuthority();
                                Properties properties = new Properties();
                                Hashtable environment = dirContext.getEnvironment();
                                properties.getClass();
                                environment.forEach(properties::put);
                                properties.put("java.naming.provider.url", str3);
                                properties.put("java.naming.security.principal", str);
                                properties.put("java.naming.security.credentials", guess);
                                (dirContext instanceof DelegatingLdapContext ? dirContext.newInitialLdapContext(properties, null) : new InitialLdapContext(properties, (Control[]) null)).close();
                            } else {
                                LdapContext newInstance = dirContext.newInstance((Control[]) null);
                                newInstance.addToEnvironment("java.naming.security.principal", str);
                                newInstance.addToEnvironment("java.naming.security.credentials", guess);
                                newInstance.reconnect((Control[]) null);
                                newInstance.close();
                            }
                            ((PasswordGuessEvidence) evidence).destroy();
                            return true;
                        } catch (AuthenticationException e) {
                            ElytronMessages.log.debugf("Credential direct evidence verification failed. DN: [%s]", str, e);
                            ((PasswordGuessEvidence) evidence).destroy();
                            return false;
                        }
                    } catch (NamingException | URISyntaxException e2) {
                        throw ElytronMessages.log.directLdapVerificationFailed(str, str2, e2);
                    }
                } catch (Throwable th) {
                    ((PasswordGuessEvidence) evidence).destroy();
                    throw th;
                }
            }
        };
    }
}
