package io.trino.gateway.ha.security;

import io.trino.gateway.ha.config.LdapConfiguration;
import java.util.List;
import javax.net.ssl.TrustManager;
import org.apache.commons.pool2.impl.GenericObjectPoolConfig;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.ldap.client.api.DefaultLdapConnectionFactory;
import org.apache.directory.ldap.client.api.LdapClientTrustStoreManager;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapConnectionPool;
import org.apache.directory.ldap.client.api.ValidatingPoolableLdapConnectionFactory;
import org.apache.directory.ldap.client.template.EntryMapper;
import org.apache.directory.ldap.client.template.LdapConnectionTemplate;
import org.apache.directory.ldap.client.template.PasswordWarning;
import org.apache.directory.ldap.client.template.exception.PasswordException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/trino/gateway/ha/security/LbLdapClient.class */
public class LbLdapClient {
    private static final Logger log = LoggerFactory.getLogger(LbLdapClient.class);
    private LdapConnectionTemplate ldapConnectionTemplate;
    private LdapConfiguration config;
    private UserEntryMapper userRecordEntryMapper;

    /* loaded from: input_file:io/trino/gateway/ha/security/LbLdapClient$UserEntryMapper.class */
    public static class UserEntryMapper implements EntryMapper<UserRecord> {
        String memberOf;

        public UserEntryMapper(String str) {
            this.memberOf = str;
        }

        /* renamed from: map, reason: merged with bridge method [inline-methods] */
        public UserRecord m37map(Entry entry) throws LdapException {
            return new UserRecord(entry.get(this.memberOf).toString());
        }
    }

    /* loaded from: input_file:io/trino/gateway/ha/security/LbLdapClient$UserRecord.class */
    public static class UserRecord {
        String memberOf;

        public UserRecord(String str) {
            this.memberOf = str;
        }

        String getMemberOf() {
            return this.memberOf;
        }
    }

    public LbLdapClient(LdapConfiguration ldapConfiguration) {
        this.config = ldapConfiguration;
        LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
        ldapConnectionConfig.setLdapHost(ldapConfiguration.getLdapHost());
        ldapConnectionConfig.setLdapPort(ldapConfiguration.getLdapPort().intValue());
        ldapConnectionConfig.setUseTls(ldapConfiguration.isUseTls());
        ldapConnectionConfig.setUseSsl(ldapConfiguration.isUseSsl());
        ldapConnectionConfig.setName(ldapConfiguration.getLdapAdminBindDn());
        ldapConnectionConfig.setCredentials(ldapConfiguration.getLdapAdminPassword());
        String ldapTrustStorePath = ldapConfiguration.getLdapTrustStorePath();
        String ldapTrustStorePassword = ldapConfiguration.getLdapTrustStorePassword();
        if (ldapTrustStorePath != null && ldapTrustStorePassword != null) {
            ldapConnectionConfig.setTrustManagers(new TrustManager[]{new LdapClientTrustStoreManager(ldapTrustStorePath, ldapTrustStorePassword.toCharArray(), (String) null, true)});
        }
        DefaultLdapConnectionFactory defaultLdapConnectionFactory = new DefaultLdapConnectionFactory(ldapConnectionConfig);
        GenericObjectPoolConfig genericObjectPoolConfig = new GenericObjectPoolConfig();
        genericObjectPoolConfig.setMaxIdle(1);
        genericObjectPoolConfig.setMaxTotal(1);
        genericObjectPoolConfig.setMinIdle(0);
        this.ldapConnectionTemplate = new LdapConnectionTemplate(new LdapConnectionPool(new ValidatingPoolableLdapConnectionFactory(defaultLdapConnectionFactory), genericObjectPoolConfig));
        this.userRecordEntryMapper = new UserEntryMapper(this.config.getLdapGroupMemberAttribute());
    }

    public boolean authenticate(String str, String str2) {
        try {
            PasswordWarning authenticate = this.ldapConnectionTemplate.authenticate(this.config.getLdapUserBaseDn(), this.config.getLdapUserSearch().replace("${USER}", str), SearchScope.SUBTREE, str2.toCharArray());
            if (authenticate != null) {
                log.warn("password warning {}", authenticate);
                return true;
            }
            log.info("Authenticated successfully");
            return true;
        } catch (PasswordException e) {
            log.error("Failed to authenticate {}", e.getResultCode());
            return false;
        }
    }

    public String getMemberOf(String str) {
        List search = this.ldapConnectionTemplate.search(this.config.getLdapUserBaseDn(), this.config.getLdapUserSearch().replace("${USER}", str), SearchScope.SUBTREE, new String[]{this.config.getLdapGroupMemberAttribute()}, this.userRecordEntryMapper);
        String str2 = "";
        if (search != null && !search.isEmpty()) {
            str2 = ((UserRecord) search.listIterator().next()).getMemberOf();
            log.debug("Member of {}", str2);
        }
        return str2;
    }
}
