package ome.security.auth;

import ome.conditions.ApiUsageException;
import ome.conditions.ValidationException;
import ome.logic.LdapImpl;
import org.springframework.util.Assert;

/* loaded from: input_file:ome/security/auth/LdapPasswordProvider.class */
public class LdapPasswordProvider extends ConfigurablePasswordProvider {
    protected final LdapImpl ldapUtil;

    public LdapPasswordProvider(PasswordUtil passwordUtil, LdapImpl ldapImpl) {
        super(passwordUtil);
        Assert.notNull(ldapImpl);
        this.ldapUtil = ldapImpl;
    }

    public LdapPasswordProvider(PasswordUtil passwordUtil, LdapImpl ldapImpl, boolean z) {
        super(passwordUtil, z);
        Assert.notNull(ldapImpl);
        this.ldapUtil = ldapImpl;
    }

    @Override // ome.security.auth.ConfigurablePasswordProvider, ome.security.auth.PasswordProvider
    public boolean hasPassword(String str) {
        Long userId;
        return (!this.ldapUtil.getSetting() || (userId = this.util.userId(str)) == null || this.ldapUtil.lookupLdapAuthExperimenter(userId) == null) ? false : true;
    }

    @Override // ome.security.auth.ConfigurablePasswordProvider, ome.security.auth.PasswordProvider
    public Boolean checkPassword(String str, String str2, boolean z) {
        if (!this.ldapUtil.getSetting()) {
            return null;
        }
        if (str2 == null || str2.equals("")) {
            this.log.warn("Empty password for user: " + str);
            loginAttempt(str, false);
            return false;
        }
        Long userId = this.util.userId(str);
        if (null == userId) {
            try {
                if (z) {
                    throw new IllegalStateException("Cannot create user!");
                }
                if (this.ldapUtil.createUserFromLdap(str, str2)) {
                    loginAttempt(str, true);
                    return true;
                }
            } catch (ApiUsageException e) {
                this.log.info(String.format("Default choice on create user: %s (%s)", str, e));
            }
        }
        String omeroDN = userId == null ? null : getOmeroDN(userId.longValue());
        if (omeroDN == null) {
            return super.checkPassword(str, str2, z);
        }
        String ldapDN = getLdapDN(str);
        if (ldapDN == null) {
            this.log.info(String.format("User not found in LDAP: {username=%s, dn=%s}", str, omeroDN));
            return loginAttempt(str, false);
        }
        if (omeroDN.equals(ldapDN)) {
            this.ldapUtil.synchronizeLdapUser(str);
            return loginAttempt(str, Boolean.valueOf(this.ldapUtil.validatePassword(omeroDN, str2)));
        }
        String format = String.format("DNs don't match: '%s' and '%s'", omeroDN, ldapDN);
        this.log.warn(format);
        loginAttempt(str, false);
        throw new ValidationException(format);
    }

    private String getOmeroDN(long j) {
        try {
            String lookupLdapAuthExperimenter = this.ldapUtil.lookupLdapAuthExperimenter(Long.valueOf(j));
            if (this.log.isDebugEnabled()) {
                this.log.debug(String.format("lookupLdap(%s)=%s", Long.valueOf(j), lookupLdapAuthExperimenter));
            }
            return lookupLdapAuthExperimenter;
        } catch (ApiUsageException e) {
            if (!this.log.isDebugEnabled()) {
                return null;
            }
            this.log.debug(String.format("lookupLdap(%s) is empty", Long.valueOf(j)));
            return null;
        }
    }

    private String getLdapDN(String str) {
        try {
            String findDN = this.ldapUtil.findDN(str);
            if (this.log.isDebugEnabled()) {
                this.log.debug(String.format("findDN(%s)=%s", str, findDN));
            }
            return findDN;
        } catch (ApiUsageException e) {
            if (!this.log.isDebugEnabled()) {
                return null;
            }
            this.log.debug(String.format("findDN(%s) is empty", str));
            return null;
        }
    }
}
