package no.kantega.security.api.impl.ldap.password;

import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPReferralException;
import com.novell.ldap.LDAPSearchResults;
import java.io.IOException;
import no.kantega.security.api.common.SystemException;
import no.kantega.security.api.identity.Identity;
import no.kantega.security.api.impl.ldap.CloseableLdapConnection;
import no.kantega.security.api.impl.ldap.LdapConfigurable;
import no.kantega.security.api.password.PasswordManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/kantega/security/api/impl/ldap/password/LdapPasswordManager.class */
public class LdapPasswordManager extends LdapConfigurable implements PasswordManager {
    private String domain;
    private Logger log = LoggerFactory.getLogger(getClass());

    /* JADX WARN: Finally extract failed */
    public boolean verifyPassword(Identity identity, String str) throws SystemException {
        if (str == null || str.length() == 0) {
            return false;
        }
        String escapeChars = escapeChars(identity.getUserId());
        try {
            CloseableLdapConnection ldapConnection = getLdapConnection();
            Throwable th = null;
            try {
                String str2 = this.objectClassUsers.length() > 0 ? "(&(objectclass=" + this.objectClassUsers + ")(" + this.usernameAttribute + "=" + escapeChars + "))" : "(" + this.usernameAttribute + "=" + escapeChars + ")";
                ldapConnection.bind(3, this.adminUser, this.adminPassword.getBytes());
                LDAPSearchResults search = ldapConnection.search(this.searchBaseUsers, 2, str2, new String[0], false);
                if (search.hasMore()) {
                    try {
                        ldapConnection.bind(3, search.next().getDN(), str.getBytes("utf-8"));
                        this.log.debug("Password verified for userid: {}", identity.getUserId());
                        if (ldapConnection != null) {
                            if (0 != 0) {
                                try {
                                    ldapConnection.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                ldapConnection.close();
                            }
                        }
                        return true;
                    } catch (Exception e) {
                        throw new SystemException("Feil ved verifisering av passord", e);
                    } catch (LDAPException e2) {
                        if (e2.getResultCode() == 19) {
                            this.log.debug("Password verification failed for userid: {} (CONSTRAINT_VIOLATION)", identity.getUserId());
                            if (ldapConnection != null) {
                                if (0 != 0) {
                                    try {
                                        ldapConnection.close();
                                    } catch (Throwable th3) {
                                        th.addSuppressed(th3);
                                    }
                                } else {
                                    ldapConnection.close();
                                }
                            }
                            return false;
                        }
                        if (e2.getResultCode() != 49) {
                            throw new SystemException("Feil ved verifisering av passord", e2);
                        }
                        this.log.debug("Password verification failed for userid: {} (INVALID_CREDENTIALS)", identity.getUserId());
                        if (ldapConnection != null) {
                            if (0 != 0) {
                                try {
                                    ldapConnection.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                ldapConnection.close();
                            }
                        }
                        return false;
                    } catch (LDAPReferralException e3) {
                    }
                }
                if (ldapConnection != null) {
                    if (0 != 0) {
                        try {
                            ldapConnection.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        ldapConnection.close();
                    }
                }
                return false;
            } catch (Throwable th6) {
                if (ldapConnection != null) {
                    if (0 != 0) {
                        try {
                            ldapConnection.close();
                        } catch (Throwable th7) {
                            th.addSuppressed(th7);
                        }
                    } else {
                        ldapConnection.close();
                    }
                }
                throw th6;
            }
        } catch (IOException | LDAPException e4) {
            throw new SystemException("Feil ved lesing fra LDAP", e4);
        }
    }

    public void setPassword(Identity identity, String str, String str2) throws SystemException {
    }

    public boolean supportsPasswordChange() {
        return false;
    }

    public String getDomain() {
        return this.domain;
    }

    public void setDomain(String str) {
        this.domain = str;
    }
}
