package org.keycloak.services.managers;

import java.net.ConnectException;
import java.net.MalformedURLException;
import java.net.NoRouteToHostException;
import java.net.SocketException;
import java.net.URI;
import java.net.UnknownHostException;
import java.util.Collections;
import java.util.Objects;
import java.util.Set;
import javax.naming.AuthenticationException;
import javax.naming.CommunicationException;
import javax.naming.InvalidNameException;
import javax.naming.NameNotFoundException;
import javax.naming.NamingException;
import javax.naming.ServiceUnavailableException;
import javax.naming.ldap.Control;
import javax.naming.ldap.LdapContext;
import javax.net.ssl.SSLHandshakeException;
import org.jboss.logging.Logger;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.LDAPCapabilityRepresentation;
import org.keycloak.representations.idm.TestLdapConnectionRepresentation;
import org.keycloak.services.ServicesLogger;
import org.keycloak.storage.ldap.LDAPConfig;
import org.keycloak.storage.ldap.idm.model.LDAPDn;
import org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager;
import org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore;
import org.keycloak.storage.ldap.mappers.membership.group.GroupTreeResolver;
import org.keycloak.utils.StringUtil;

/* loaded from: input_file:org/keycloak/services/managers/LDAPServerCapabilitiesManager.class */
public class LDAPServerCapabilitiesManager {
    private static final Logger logger = Logger.getLogger(LDAPServerCapabilitiesManager.class);
    public static final String TEST_CONNECTION = "testConnection";
    public static final String TEST_AUTHENTICATION = "testAuthentication";
    public static final String QUERY_SERVER_CAPABILITIES = "queryServerCapabilities";
    public static final int DEFAULT_TEST_TIMEOUT = 30000;

    /* loaded from: input_file:org/keycloak/services/managers/LDAPServerCapabilitiesManager$InvalidBindDNException.class */
    public static class InvalidBindDNException extends NamingException {
        public InvalidBindDNException(String str) {
            super(str);
        }
    }

    private static int parseConnectionTimeout(String str) {
        if (!StringUtil.isNotBlank(str)) {
            return DEFAULT_TEST_TIMEOUT;
        }
        try {
            int parseInt = Integer.parseInt(str);
            return parseInt > 0 ? parseInt : DEFAULT_TEST_TIMEOUT;
        } catch (NumberFormatException e) {
            return DEFAULT_TEST_TIMEOUT;
        }
    }

    public static LDAPConfig buildLDAPConfig(TestLdapConnectionRepresentation testLdapConnectionRepresentation, RealmModel realmModel) {
        ComponentModel component;
        String bindCredential = testLdapConnectionRepresentation.getBindCredential();
        if (testLdapConnectionRepresentation.getComponentId() != null && !"authType".equals("none") && "**********".equals(bindCredential) && (component = realmModel.getComponent(testLdapConnectionRepresentation.getComponentId())) != null) {
            LDAPConfig lDAPConfig = new LDAPConfig(component.getConfig());
            if (Objects.equals(URI.create(testLdapConnectionRepresentation.getConnectionUrl()), URI.create(lDAPConfig.getConnectionUrl())) && Objects.equals(LDAPDn.fromString(testLdapConnectionRepresentation.getBindDn()), LDAPDn.fromString(lDAPConfig.getBindDN()))) {
                bindCredential = lDAPConfig.getBindCredential();
            }
        }
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("authType", testLdapConnectionRepresentation.getAuthType());
        multivaluedHashMap.putSingle("bindDn", testLdapConnectionRepresentation.getBindDn());
        multivaluedHashMap.putSingle("bindCredential", bindCredential);
        multivaluedHashMap.add("connectionUrl", testLdapConnectionRepresentation.getConnectionUrl());
        multivaluedHashMap.add("useTruststoreSpi", testLdapConnectionRepresentation.getUseTruststoreSpi());
        String num = Integer.toString(parseConnectionTimeout(testLdapConnectionRepresentation.getConnectionTimeout()));
        multivaluedHashMap.putSingle("connectionTimeout", num);
        multivaluedHashMap.putSingle("readTimeout", num);
        multivaluedHashMap.add("startTls", testLdapConnectionRepresentation.getStartTls());
        return new LDAPConfig(multivaluedHashMap);
    }

    public static Set<LDAPCapabilityRepresentation> queryServerCapabilities(TestLdapConnectionRepresentation testLdapConnectionRepresentation, KeycloakSession keycloakSession, RealmModel realmModel) {
        if (QUERY_SERVER_CAPABILITIES.equals(testLdapConnectionRepresentation.getAction())) {
            return new LDAPIdentityStore(keycloakSession, buildLDAPConfig(testLdapConnectionRepresentation, realmModel)).queryServerCapabilities();
        }
        ServicesLogger.LOGGER.unknownAction(testLdapConnectionRepresentation.getAction());
        return Collections.emptySet();
    }

    public static String getErrorCode(Throwable th) {
        String str = th instanceof NamingException ? "NamingError" : "UnknownError";
        if (th instanceof AuthenticationException) {
            str = "AuthenticationFailure";
        }
        if (th instanceof CommunicationException) {
            str = "CommunicationError";
        }
        if (th instanceof ServiceUnavailableException) {
            str = "ServiceUnavailable";
        }
        if (th instanceof InvalidNameException) {
            str = "InvalidName";
        }
        if (th instanceof ServiceUnavailableException) {
            str = "ServiceUnavailable";
        }
        if (th instanceof InvalidBindDNException) {
            str = "InvalidBindDN";
        }
        if (th instanceof NameNotFoundException) {
            str = "NameNotFound";
        }
        if (th instanceof GroupTreeResolver.GroupTreeResolveException) {
            str = "GroupsMultipleParents";
        }
        if (th instanceof NamingException) {
            Throwable rootCause = ((NamingException) th).getRootCause();
            if (rootCause instanceof MalformedURLException) {
                str = "MalformedURL";
            }
            if (rootCause instanceof NoRouteToHostException) {
                str = "NoRouteToHost";
            }
            if (rootCause instanceof ConnectException) {
                str = "ConnectionFailed";
            }
            if (rootCause instanceof UnknownHostException) {
                str = "UnknownHost";
            }
            if (rootCause instanceof SSLHandshakeException) {
                str = "SSLHandshakeFailed";
            }
            if (rootCause instanceof SocketException) {
                str = "SocketReset";
            }
        }
        return str;
    }

    public static void testLDAP(TestLdapConnectionRepresentation testLdapConnectionRepresentation, KeycloakSession keycloakSession, RealmModel realmModel) throws NamingException {
        if (!TEST_CONNECTION.equals(testLdapConnectionRepresentation.getAction()) && !TEST_AUTHENTICATION.equals(testLdapConnectionRepresentation.getAction())) {
            ServicesLogger.LOGGER.unknownAction(testLdapConnectionRepresentation.getAction());
            throw new NamingException("testLDAP unknown action");
        }
        if (!TEST_AUTHENTICATION.equals(testLdapConnectionRepresentation.getAction())) {
            testLdapConnectionRepresentation.setAuthType("none");
        } else if ((testLdapConnectionRepresentation.getBindDn() == null || testLdapConnectionRepresentation.getBindDn().isEmpty()) && "simple".equals(testLdapConnectionRepresentation.getAuthType())) {
            throw new InvalidBindDNException("Unknown bind DN");
        }
        try {
            LDAPContextManager create = LDAPContextManager.create(keycloakSession, buildLDAPConfig(testLdapConnectionRepresentation, realmModel));
            try {
                LdapContext ldapContext = create.getLdapContext();
                if (TEST_AUTHENTICATION.equals(testLdapConnectionRepresentation.getAction()) && "none".equals(testLdapConnectionRepresentation.getAuthType())) {
                    ldapContext.reconnect((Control[]) null);
                }
                if (create != null) {
                    create.close();
                }
            } finally {
            }
        } catch (Exception e) {
            ServicesLogger.LOGGER.errorAuthenticating(e, (TEST_AUTHENTICATION.equals(testLdapConnectionRepresentation.getAction()) ? "Error when authenticating to LDAP: " : "Error when connecting to LDAP: ") + e.getMessage());
            throw e;
        }
    }
}
