package org.wildfly.security.auth.provider.ldap;

import java.security.spec.InvalidKeySpecException;
import java.util.HashMap;
import java.util.Map;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.server.CredentialSupport;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.sasl.otp.OTP;

/* loaded from: input_file:org/wildfly/security/auth/provider/ldap/UserPasswordCredentialLoader.class */
class UserPasswordCredentialLoader implements CredentialLoader {
    static final String DEFAULT_USER_PASSWORD_ATTRIBUTE_NAME = "userPassword";
    static Map<String, CredentialSupport> DEFAULT_CREDENTIAL_SUPPORT = new HashMap();
    private final String userPasswordAttributeName;

    /* loaded from: input_file:org/wildfly/security/auth/provider/ldap/UserPasswordCredentialLoader$ForIdentityLoader.class */
    private class ForIdentityLoader implements IdentityCredentialLoader {
        private final DirContextFactory contextFactory;
        private final String distinguishedName;

        public ForIdentityLoader(DirContextFactory dirContextFactory, String str) {
            this.contextFactory = dirContextFactory;
            this.distinguishedName = str;
        }

        @Override // org.wildfly.security.auth.provider.ldap.IdentityCredentialLoader
        public CredentialSupport getCredentialSupport(String str) {
            return getCredential(str, Object.class) != null ? CredentialSupport.FULLY_SUPPORTED : CredentialSupport.UNSUPPORTED;
        }

        @Override // org.wildfly.security.auth.provider.ldap.IdentityCredentialLoader
        public <C> C getCredential(String str, Class<C> cls) {
            DirContext dirContext = null;
            String[] split = str.split("-");
            if (split.length < 2) {
                if (!ElytronMessages.log.isTraceEnabled()) {
                    return null;
                }
                ElytronMessages.log.trace("User-password credential name \"" + str + "\" is not in attribute-type form - not supported by LDAP realm");
                return null;
            }
            try {
                try {
                    dirContext = this.contextFactory.obtainDirContext(null);
                    Attribute attribute = dirContext.getAttributes(this.distinguishedName, new String[]{split[0]}).get(split[0]);
                    for (int i = 0; i < attribute.size(); i++) {
                        Password parseUserPassword = UserPasswordPasswordUtil.parseUserPassword((byte[]) attribute.get(i), split[1]);
                        if (cls.isInstance(parseUserPassword)) {
                            C cast = cls.cast(parseUserPassword);
                            this.contextFactory.returnContext(dirContext);
                            return cast;
                        }
                    }
                    this.contextFactory.returnContext(dirContext);
                    return null;
                } catch (NamingException | InvalidKeySpecException e) {
                    if (ElytronMessages.log.isTraceEnabled()) {
                        ElytronMessages.log.trace("Getting user-password credential " + cls.getName() + " failed. dn=" + this.distinguishedName, e);
                    }
                    this.contextFactory.returnContext(dirContext);
                    return null;
                }
            } catch (Throwable th) {
                this.contextFactory.returnContext(dirContext);
                throw th;
            }
        }
    }

    public UserPasswordCredentialLoader(String str) {
        this.userPasswordAttributeName = str;
    }

    @Override // org.wildfly.security.auth.provider.ldap.CredentialLoader, org.wildfly.security.auth.provider.ldap.CredentialPersister
    public CredentialSupport getCredentialSupport(DirContextFactory dirContextFactory, String str) {
        String[] split = str.split("-");
        if (split.length < 2 || !split[0].equals(this.userPasswordAttributeName)) {
            return CredentialSupport.UNSUPPORTED;
        }
        CredentialSupport credentialSupport = DEFAULT_CREDENTIAL_SUPPORT.get(split[1]);
        return credentialSupport == null ? CredentialSupport.UNSUPPORTED : credentialSupport;
    }

    @Override // org.wildfly.security.auth.provider.ldap.CredentialLoader, org.wildfly.security.auth.provider.ldap.CredentialPersister
    public IdentityCredentialLoader forIdentity(DirContextFactory dirContextFactory, String str) {
        return new ForIdentityLoader(dirContextFactory, str);
    }

    static {
        DEFAULT_CREDENTIAL_SUPPORT.put(ClearPassword.ALGORITHM_CLEAR, CredentialSupport.UNKNOWN);
        DEFAULT_CREDENTIAL_SUPPORT.put(OTP.MD5, CredentialSupport.UNKNOWN);
        DEFAULT_CREDENTIAL_SUPPORT.put(OTP.SHA1, CredentialSupport.UNKNOWN);
        DEFAULT_CREDENTIAL_SUPPORT.put("sha256", CredentialSupport.UNKNOWN);
        DEFAULT_CREDENTIAL_SUPPORT.put("sha384", CredentialSupport.UNKNOWN);
        DEFAULT_CREDENTIAL_SUPPORT.put("sha512", CredentialSupport.UNKNOWN);
        DEFAULT_CREDENTIAL_SUPPORT.put("smd5", CredentialSupport.UNKNOWN);
        DEFAULT_CREDENTIAL_SUPPORT.put("ssha", CredentialSupport.UNKNOWN);
        DEFAULT_CREDENTIAL_SUPPORT.put("ssha256", CredentialSupport.UNKNOWN);
        DEFAULT_CREDENTIAL_SUPPORT.put("ssha384", CredentialSupport.UNKNOWN);
        DEFAULT_CREDENTIAL_SUPPORT.put("ssha512", CredentialSupport.UNKNOWN);
        DEFAULT_CREDENTIAL_SUPPORT.put("crypt_", CredentialSupport.UNKNOWN);
        DEFAULT_CREDENTIAL_SUPPORT.put("crypt", CredentialSupport.UNKNOWN);
    }
}
