package com.google.gerrit.server.auth.ldap;

import com.google.gerrit.extensions.client.AuthType;
import com.google.gerrit.server.account.AccountException;
import com.google.gerrit.server.auth.AuthBackend;
import com.google.gerrit.server.auth.AuthException;
import com.google.gerrit.server.auth.AuthRequest;
import com.google.gerrit.server.auth.AuthUser;
import com.google.gerrit.server.auth.InvalidCredentialsException;
import com.google.gerrit.server.auth.MissingCredentialsException;
import com.google.gerrit.server.auth.UnknownUserException;
import com.google.gerrit.server.auth.UserNotAllowedException;
import com.google.gerrit.server.auth.ldap.LdapQuery;
import com.google.gerrit.server.config.AuthConfig;
import com.google.gerrit.server.config.GerritServerConfig;
import com.google.inject.Inject;
import java.util.Locale;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.security.auth.login.LoginException;
import org.eclipse.jgit.lib.Config;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/google/gerrit/server/auth/ldap/LdapAuthBackend.class */
public class LdapAuthBackend implements AuthBackend {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) LdapAuthBackend.class);
    private final Helper helper;
    private final AuthConfig authConfig;
    private final boolean lowerCaseUsername;

    @Inject
    public LdapAuthBackend(Helper helper, AuthConfig authConfig, @GerritServerConfig Config config) {
        this.helper = helper;
        this.authConfig = authConfig;
        this.lowerCaseUsername = config.getBoolean("ldap", "localUsernameToLowerCase", false);
    }

    @Override // com.google.gerrit.server.auth.AuthBackend
    public String getDomain() {
        return "ldap";
    }

    @Override // com.google.gerrit.server.auth.AuthBackend
    public AuthUser authenticate(AuthRequest authRequest) throws MissingCredentialsException, InvalidCredentialsException, UnknownUserException, UserNotAllowedException, AuthException {
        if (authRequest.getUsername() == null) {
            throw new MissingCredentialsException();
        }
        String lowerCase = this.lowerCaseUsername ? authRequest.getUsername().toLowerCase(Locale.US) : authRequest.getUsername();
        try {
            DirContext authenticate = this.authConfig.getAuthType() == AuthType.LDAP_BIND ? this.helper.authenticate(lowerCase, authRequest.getPassword()) : this.helper.open();
            try {
                LdapQuery.Result findAccount = this.helper.findAccount(this.helper.getSchema(authenticate), authenticate, lowerCase, false);
                if (this.authConfig.getAuthType() == AuthType.LDAP) {
                    this.helper.authenticate(findAccount.getDN(), authRequest.getPassword()).close();
                }
                return new AuthUser(AuthUser.UUID.create(lowerCase), lowerCase);
            } finally {
                try {
                    authenticate.close();
                } catch (NamingException e) {
                    log.warn("Cannot close LDAP query handle", e);
                }
            }
        } catch (AccountException e2) {
            log.error("Cannot query LDAP to authenticate user", (Throwable) e2);
            throw new InvalidCredentialsException("Cannot query LDAP for account", e2);
        } catch (NamingException e3) {
            log.error("Cannot query LDAP to authenticate user", e3);
            throw new AuthException("Cannot query LDAP for account", e3);
        } catch (LoginException e4) {
            log.error("Cannot authenticate server via JAAS", (Throwable) e4);
            throw new AuthException("Cannot query LDAP for account", e4);
        }
    }
}
