package org.wildfly.security.auth.provider.ldap;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Spliterators;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import org.wildfly.common.Assert;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.provider.ldap.LdapSecurityRealmBuilder;
import org.wildfly.security.auth.server.CredentialSupport;
import org.wildfly.security.auth.server.NameRewriter;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.authz.Attributes;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.interfaces.ClearPassword;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/security/auth/provider/ldap/LdapSecurityRealm.class */
public class LdapSecurityRealm implements SecurityRealm {
    private final DirContextFactory dirContextFactory;
    private final NameRewriter nameRewriter;
    private final PrincipalMapping principalMapping;
    private final List<CredentialLoader> credentialLoaders = new ArrayList();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/security/auth/provider/ldap/LdapSecurityRealm$LdapRealmIdentity.class */
    public class LdapRealmIdentity implements RealmIdentity {
        private final String name;
        private LdapIdentity identity;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/wildfly/security/auth/provider/ldap/LdapSecurityRealm$LdapRealmIdentity$LdapIdentity.class */
        public class LdapIdentity {
            private final String distinguishedName;
            private final Attributes attributes;

            LdapIdentity(String str, Attributes attributes) {
                this.distinguishedName = str;
                this.attributes = attributes;
            }

            String getDistinguishedName() {
                return this.distinguishedName;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/wildfly/security/auth/provider/ldap/LdapSecurityRealm$LdapRealmIdentity$LdapSearch.class */
        public class LdapSearch {
            private final String[] filterArgs;
            private final String searchDn;
            private final String filter;
            private String[] returningAttributes;

            public LdapSearch(String str, String str2, String... strArr) {
                this.searchDn = str;
                this.filter = str2;
                this.filterArgs = strArr;
            }

            public Stream<SearchResult> search(DirContext dirContext) throws RealmUnavailableException {
                ElytronMessages.log.debugf("Executing search [%s] in context [%s] with arguments [%s]. Returning attributes are [%s]", new Object[]{this.filter, this.searchDn, this.filterArgs, this.returningAttributes});
                try {
                    final NamingEnumeration search = dirContext.search(this.searchDn, this.filter, this.filterArgs, LdapRealmIdentity.this.createSearchControls(this.returningAttributes));
                    return (Stream) StreamSupport.stream(new Spliterators.AbstractSpliterator<SearchResult>(Long.MAX_VALUE, 256) { // from class: org.wildfly.security.auth.provider.ldap.LdapSecurityRealm.LdapRealmIdentity.LdapSearch.1
                        @Override // java.util.Spliterator
                        public boolean tryAdvance(Consumer<? super SearchResult> consumer) {
                            try {
                                if (!search.hasMore()) {
                                    return false;
                                }
                                SearchResult searchResult = (SearchResult) search.next();
                                ElytronMessages.log.debugf("Found entry [%s].", searchResult.getNameInNamespace());
                                consumer.accept(searchResult);
                                return true;
                            } catch (NamingException e) {
                                throw new RuntimeException("Error while consuming results from search. SearchDn [" + LdapSearch.this.searchDn + "], Filter [" + LdapSearch.this.filter + "], Filter Args [" + LdapSearch.this.filterArgs + "].", e);
                            }
                        }
                    }, false).onClose(() -> {
                        if (search != null) {
                            try {
                                search.close();
                            } catch (NamingException e) {
                            }
                        }
                    });
                } catch (Exception e) {
                    throw ElytronMessages.log.ldapRealmFailedObtainIdentityFromServer(e);
                }
            }

            public void setReturningAttributes(String... strArr) {
                this.returningAttributes = strArr;
            }
        }

        LdapRealmIdentity(String str) {
            this.name = str;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public String getName() {
            return this.name;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public CredentialSupport getCredentialSupport(Class<?> cls) throws RealmUnavailableException {
            if (!exists()) {
                return null;
            }
            if (LdapSecurityRealm.this.getCredentialSupport(cls) == CredentialSupport.UNSUPPORTED) {
                return CredentialSupport.UNSUPPORTED;
            }
            CredentialSupport credentialSupport = null;
            for (CredentialLoader credentialLoader : LdapSecurityRealm.this.credentialLoaders) {
                if (credentialLoader.getCredentialSupport(LdapSecurityRealm.this.dirContextFactory, cls).mayBeObtainable()) {
                    CredentialSupport credentialSupport2 = credentialLoader.forIdentity(LdapSecurityRealm.this.dirContextFactory, this.identity.getDistinguishedName()).getCredentialSupport(cls);
                    if (credentialSupport2 != null && credentialSupport2.isDefinitelyObtainable()) {
                        return credentialSupport2;
                    }
                    if (credentialSupport == null || (credentialSupport2 != null && credentialSupport.compareTo(credentialSupport2) < 0)) {
                        credentialSupport = credentialSupport2;
                    }
                }
            }
            return credentialSupport == null ? CredentialSupport.UNSUPPORTED : credentialSupport;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C> C getCredential(Class<C> cls) throws RealmUnavailableException {
            C c;
            if (!exists() || LdapSecurityRealm.this.getCredentialSupport(cls) == CredentialSupport.UNSUPPORTED) {
                return null;
            }
            for (CredentialLoader credentialLoader : LdapSecurityRealm.this.credentialLoaders) {
                if (credentialLoader.getCredentialSupport(LdapSecurityRealm.this.dirContextFactory, cls).mayBeObtainable() && (c = (C) credentialLoader.forIdentity(LdapSecurityRealm.this.dirContextFactory, this.identity.getDistinguishedName()).getCredential(cls)) != null) {
                    return c;
                }
            }
            return null;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
            return !exists() ? AuthorizationIdentity.EMPTY : AuthorizationIdentity.basicIdentity(this.identity.attributes);
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean verifyCredential(Object obj) throws RealmUnavailableException {
            char[] password;
            if (!exists()) {
                return false;
            }
            if (char[].class.isInstance(obj)) {
                password = (char[]) obj;
            } else if (String.class.isInstance(obj)) {
                password = obj.toString().toCharArray();
            } else {
                if (!ClearPassword.class.isInstance(obj)) {
                    throw ElytronMessages.log.passwordBasedCredentialsMustBeStringCharsOrClearPassword();
                }
                password = ((ClearPassword) obj).getPassword();
            }
            DirContext dirContext = null;
            try {
                try {
                    char[] cArr = password;
                    dirContext = LdapSecurityRealm.this.dirContextFactory.obtainDirContext(callbackArr -> {
                        for (Callback callback : callbackArr) {
                            if (NameCallback.class.isInstance(callback)) {
                                ((NameCallback) callback).setName(this.identity.getDistinguishedName());
                            } else if (PasswordCallback.class.isInstance(callback)) {
                                ((PasswordCallback) callback).setPassword(cArr);
                            }
                        }
                    }, null);
                    LdapSecurityRealm.this.dirContextFactory.returnContext(dirContext);
                    return true;
                } catch (NamingException e) {
                    ElytronMessages.log.debugf("Credential verification failed.", e);
                    LdapSecurityRealm.this.dirContextFactory.returnContext(dirContext);
                    return false;
                }
            } catch (Throwable th) {
                LdapSecurityRealm.this.dirContextFactory.returnContext(dirContext);
                throw th;
            }
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean exists() throws RealmUnavailableException {
            if (this.identity == null) {
                this.identity = getIdentity(this.name);
            }
            boolean z = this.identity != null;
            if (!z) {
                ElytronMessages.log.debugf("Principal [%s] does not exists.", this.name);
            }
            return z;
        }

        /* JADX WARN: Failed to calculate best type for var: r18v0 ??
        java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
         */
        /* JADX WARN: Failed to calculate best type for var: r18v0 ??
        java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
        	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
         */
        /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
        	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
        	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
        	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
        	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
        	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
        	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
        	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
        	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
         */
        /* JADX WARN: Not initialized variable reg: 18, insn: 0x01d3: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r18 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:50:0x01d3 */
        /* JADX WARN: Type inference failed for: r18v0, types: [java.lang.Throwable] */
        private LdapIdentity getIdentity(String str) throws RealmUnavailableException {
            ?? r18;
            Rdn rdn;
            ElytronMessages.log.debugf("Trying to create identity for principal [%s].", this.name);
            try {
                try {
                    DirContext obtainDirContext = LdapSecurityRealm.this.dirContextFactory.obtainDirContext(null);
                    String str2 = LdapSecurityRealm.this.principalMapping.searchDn;
                    String str3 = str;
                    if (str.startsWith(LdapSecurityRealm.this.principalMapping.rdnIdentifier)) {
                        LdapName ldapName = new LdapName(str);
                        int size = ldapName.size() - 1;
                        rdn = ldapName.getRdn(size);
                        str3 = rdn.getValue().toString();
                        ldapName.remove(size);
                        str2 = ldapName.toString();
                    }
                    try {
                        LdapSearch ldapSearch = new LdapSearch(str2, String.format("(%s={0})", LdapSecurityRealm.this.principalMapping.rdnIdentifier), str3);
                        ldapSearch.setReturningAttributes((String[]) LdapSecurityRealm.this.principalMapping.attributes.stream().map((v0) -> {
                            return v0.getLdapName();
                        }).toArray(i -> {
                            return new String[i];
                        }));
                        Stream map = ldapSearch.search(obtainDirContext).map(searchResult -> {
                            MapAttributes mapAttributes = new MapAttributes();
                            mapAttributes.addAll(extractSingleAttributes(searchResult));
                            mapAttributes.addAll(extractFilteredAttributes(searchResult, obtainDirContext));
                            return new LdapIdentity(searchResult.getNameInNamespace(), mapAttributes.asReadOnly());
                        });
                        Throwable th = null;
                        Optional findFirst = map.findFirst();
                        if (!findFirst.isPresent()) {
                            if (map != null) {
                                if (0 != 0) {
                                    try {
                                        map.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    map.close();
                                }
                            }
                            LdapSecurityRealm.this.dirContextFactory.returnContext(obtainDirContext);
                            return null;
                        }
                        LdapIdentity ldapIdentity = (LdapIdentity) findFirst.get();
                        if (ElytronMessages.log.isDebugEnabled()) {
                            ElytronMessages.log.debugf("Successfully created identity for principal [%s].", str);
                            if (ldapIdentity.attributes.isEmpty()) {
                                ElytronMessages.log.debugf("Identity [%s] does not have any attributes.", str);
                            } else {
                                ElytronMessages.log.debugf("Identity [%s] attributes are:", str);
                                ldapIdentity.attributes.keySet().forEach(str4 -> {
                                    ldapIdentity.attributes.get(str4).forEach(str4 -> {
                                        ElytronMessages.log.debugf("    Attribute [%s] value [%s].", str4, str4);
                                    });
                                });
                            }
                        }
                        if (map != null) {
                            if (0 != 0) {
                                try {
                                    map.close();
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                }
                            } else {
                                map.close();
                            }
                        }
                        LdapSecurityRealm.this.dirContextFactory.returnContext(obtainDirContext);
                        return ldapIdentity;
                    } catch (Throwable th4) {
                        if (rdn != null) {
                            if (r18 != 0) {
                                try {
                                    rdn.close();
                                } catch (Throwable th5) {
                                    r18.addSuppressed(th5);
                                }
                            } else {
                                rdn.close();
                            }
                        }
                        throw th4;
                    }
                } catch (Throwable th6) {
                    LdapSecurityRealm.this.dirContextFactory.returnContext(null);
                    throw th6;
                }
            } catch (NamingException e) {
                throw ElytronMessages.log.ldapRealmFailedObtainIdentityFromServer(e);
            }
        }

        private Map<String, Collection<String>> extractFilteredAttributes(SearchResult searchResult, DirContext dirContext) {
            String nameInNamespace = searchResult.getNameInNamespace();
            return extractAttributes(attribute -> {
                return attribute.getFilter() != null;
            }, attribute2 -> {
                ArrayList arrayList = new ArrayList();
                String searchDn = attribute2.getSearchDn();
                if (searchDn == null) {
                    searchDn = LdapSecurityRealm.this.principalMapping.searchDn;
                }
                LdapSearch ldapSearch = new LdapSearch(searchDn, attribute2.getFilter(), nameInNamespace);
                ldapSearch.setReturningAttributes(attribute2.getLdapName());
                try {
                    Stream<SearchResult> search = ldapSearch.search(dirContext);
                    Throwable th = null;
                    try {
                        try {
                            search.forEach(searchResult2 -> {
                                String rdn = attribute2.getRdn();
                                if (rdn != null) {
                                    String nameInNamespace2 = searchResult2.getNameInNamespace();
                                    try {
                                        Iterator it = new LdapName(nameInNamespace2).getRdns().iterator();
                                        while (true) {
                                            if (!it.hasNext()) {
                                                break;
                                            }
                                            Rdn rdn2 = (Rdn) it.next();
                                            if (rdn2.getType().equalsIgnoreCase(rdn)) {
                                                break;
                                            }
                                        }
                                        return;
                                    } catch (Exception e) {
                                        throw ElytronMessages.log.ldapRealmInvalidRdnForAttribute(attribute2.getName(), nameInNamespace2, rdn);
                                    }
                                }
                                NamingEnumeration namingEnumeration = null;
                                try {
                                    try {
                                        namingEnumeration = searchResult2.getAttributes().get(attribute2.getLdapName()).getAll();
                                        while (namingEnumeration.hasMore()) {
                                            arrayList.add(namingEnumeration.next().toString());
                                        }
                                        if (namingEnumeration != null) {
                                            try {
                                                namingEnumeration.close();
                                            } catch (NamingException e2) {
                                            }
                                        }
                                    } catch (Throwable th2) {
                                        if (namingEnumeration != null) {
                                            try {
                                                namingEnumeration.close();
                                            } catch (NamingException e3) {
                                            }
                                        }
                                        throw th2;
                                    }
                                } catch (Exception e4) {
                                    throw ElytronMessages.log.ldapRealmFailedObtainAttributes(nameInNamespace, e4);
                                }
                            });
                            if (search != null) {
                                if (0 != 0) {
                                    try {
                                        search.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    search.close();
                                }
                            }
                            return arrayList;
                        } finally {
                        }
                    } finally {
                    }
                } catch (Exception e) {
                    throw ElytronMessages.log.ldapRealmFailedObtainAttributes(nameInNamespace, e);
                }
            });
        }

        private Map<String, Collection<String>> extractSingleAttributes(SearchResult searchResult) {
            return extractAttributes(attribute -> {
                return attribute.getFilter() == null;
            }, attribute2 -> {
                NamingEnumeration all = searchResult.getAttributes().getAll();
                ArrayList arrayList = new ArrayList();
                while (all.hasMore()) {
                    try {
                        Attribute attribute2 = (Attribute) all.next();
                        if (attribute2.getID().equalsIgnoreCase(attribute2.getLdapName())) {
                            NamingEnumeration all2 = attribute2.getAll();
                            while (all2.hasMore()) {
                                try {
                                    String obj = all2.next().toString();
                                    String rdn = attribute2.getRdn();
                                    if (rdn != null) {
                                        try {
                                            Iterator it = new LdapName(obj).getRdns().iterator();
                                            while (true) {
                                                if (!it.hasNext()) {
                                                    break;
                                                }
                                                Rdn rdn2 = (Rdn) it.next();
                                                if (rdn2.getType().equalsIgnoreCase(rdn)) {
                                                    obj = rdn2.getValue().toString();
                                                    break;
                                                }
                                            }
                                        } catch (Exception e) {
                                            throw ElytronMessages.log.ldapRealmInvalidRdnForAttribute(attribute2.getName(), obj, rdn);
                                        }
                                    }
                                    arrayList.add(obj);
                                } finally {
                                    if (all2 != null) {
                                        try {
                                            all2.close();
                                        } catch (NamingException e2) {
                                        }
                                    }
                                }
                            }
                        }
                    } catch (NamingException e3) {
                        throw ElytronMessages.log.ldapRealmFailedObtainAttributes(searchResult.getNameInNamespace(), e3);
                    }
                }
                return arrayList;
            });
        }

        /* JADX INFO: Access modifiers changed from: private */
        public SearchControls createSearchControls(String... strArr) {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(LdapSecurityRealm.this.principalMapping.searchRecursive ? 2 : 1);
            searchControls.setTimeLimit(LdapSecurityRealm.this.principalMapping.searchTimeLimit);
            searchControls.setReturningAttributes(strArr);
            return searchControls;
        }

        private Map<String, Collection<String>> extractAttributes(Predicate<LdapSecurityRealmBuilder.PrincipalMappingBuilder.Attribute> predicate, Function<LdapSecurityRealmBuilder.PrincipalMappingBuilder.Attribute, Collection<String>> function) {
            return (Map) LdapSecurityRealm.this.principalMapping.attributes.stream().filter(predicate).collect(Collectors.toMap(attribute -> {
                return attribute.getName();
            }, function, (collection, collection2) -> {
                ArrayList arrayList = new ArrayList(collection);
                arrayList.addAll(collection2);
                return arrayList;
            }));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/security/auth/provider/ldap/LdapSecurityRealm$PrincipalMapping.class */
    public static class PrincipalMapping {
        private final String searchDn;
        private final boolean searchRecursive;
        private final String rdnIdentifier;
        private final String passwordAttribute;
        private final List<LdapSecurityRealmBuilder.PrincipalMappingBuilder.Attribute> attributes;
        public final int searchTimeLimit;

        public PrincipalMapping(String str, boolean z, int i, String str2, String str3, List<LdapSecurityRealmBuilder.PrincipalMappingBuilder.Attribute> list) {
            Assert.checkNotNullParam("rdnIdentifier", str2);
            Assert.checkNotNullParam("passwordAttribute", str3);
            this.searchDn = str;
            this.searchRecursive = z;
            this.searchTimeLimit = i;
            this.rdnIdentifier = str2;
            this.passwordAttribute = str3;
            this.attributes = list;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LdapSecurityRealm(DirContextFactory dirContextFactory, NameRewriter nameRewriter, PrincipalMapping principalMapping) {
        this.dirContextFactory = dirContextFactory;
        this.nameRewriter = nameRewriter;
        this.principalMapping = principalMapping;
        this.credentialLoaders.add(new UserPasswordCredentialLoader(this.principalMapping.passwordAttribute));
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public RealmIdentity createRealmIdentity(String str) {
        String rewriteName = this.nameRewriter.rewriteName(str);
        if (rewriteName == null) {
            throw ElytronMessages.log.invalidName();
        }
        return new LdapRealmIdentity(rewriteName);
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public CredentialSupport getCredentialSupport(Class<?> cls) {
        CredentialSupport credentialSupport = CredentialSupport.UNSUPPORTED;
        if (!Password.class.isAssignableFrom(cls)) {
            return credentialSupport;
        }
        Iterator<CredentialLoader> it = this.credentialLoaders.iterator();
        while (it.hasNext()) {
            CredentialSupport credentialSupport2 = it.next().getCredentialSupport(this.dirContextFactory, cls);
            if (credentialSupport2.isDefinitelyObtainable()) {
                return credentialSupport2;
            }
            if (credentialSupport.compareTo(credentialSupport2) < 0) {
                credentialSupport = credentialSupport2;
            }
        }
        return credentialSupport;
    }
}
