package com.unboundid.util.json;

import com.unboundid.ldap.sdk.BindRequest;
import com.unboundid.ldap.sdk.CRAMMD5BindRequest;
import com.unboundid.ldap.sdk.Control;
import com.unboundid.ldap.sdk.DIGESTMD5BindRequest;
import com.unboundid.ldap.sdk.DIGESTMD5BindRequestProperties;
import com.unboundid.ldap.sdk.EXTERNALBindRequest;
import com.unboundid.ldap.sdk.GSSAPIBindRequest;
import com.unboundid.ldap.sdk.GSSAPIBindRequestProperties;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.PLAINBindRequest;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.SASLQualityOfProtection;
import com.unboundid.ldap.sdk.SimpleBindRequest;
import com.unboundid.util.NotMutable;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;

/* JADX INFO: Access modifiers changed from: package-private */
@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
@NotMutable
/* loaded from: input_file:BOOT-INF/lib/unboundid-ldapsdk-4.0.14.jar:com/unboundid/util/json/AuthenticationDetails.class */
public final class AuthenticationDetails implements Serializable {
    private static final String FIELD_AUTHENTICATION_ID = "authentication-id";
    private static final String FIELD_AUTHENTICATION_TYPE = "authentication-type";
    private static final String FIELD_AUTHORIZATION_ID = "authorization-id";
    private static final String FIELD_CONFIG_FILE_PATH = "config-file-path";
    private static final String FIELD_DN = "dn";
    private static final String FIELD_KDC_ADDRESS = "kdc-address";
    private static final String FIELD_PASSWORD = "password";
    private static final String FIELD_PASSWORD_FILE = "password-file";
    private static final String FIELD_QOP = "qop";
    private static final String FIELD_REALM = "realm";
    private static final String FIELD_RENEW_TGT = "renew-tgt";
    private static final String FIELD_REQUIRE_CACHED_CREDENTIALS = "require-cached-credentials";
    private static final String FIELD_TICKET_CACHE_PATH = "ticket-cache-path";
    private static final String FIELD_USE_SUBJECT_CREDS_ONLY = "use-subject-credentials-only";
    private static final String FIELD_USE_TICKET_CACHE = "use-ticket-cache";
    private static final long serialVersionUID = 2798778432389082274L;
    private final BindRequest bindRequest;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationDetails(JSONObject jSONObject) throws LDAPException {
        JSONObject object = LDAPConnectionDetailsJSONSpecification.getObject(jSONObject, "authentication-details");
        if (object == null) {
            this.bindRequest = null;
            return;
        }
        String string = LDAPConnectionDetailsJSONSpecification.getString(object, FIELD_AUTHENTICATION_TYPE, null);
        String lowerCase = StaticUtils.toLowerCase(string);
        if (lowerCase == null) {
            throw new LDAPException(ResultCode.PARAM_ERROR, JSONMessages.ERR_AUTH_DETAILS_MISSING_REQUIRED_FIELD.get("authentication-details", FIELD_AUTHENTICATION_TYPE));
        }
        if (lowerCase.equals("none")) {
            LDAPConnectionDetailsJSONSpecification.validateAllowedFields(object, "authentication-details", FIELD_AUTHENTICATION_TYPE);
            this.bindRequest = null;
            return;
        }
        if (lowerCase.equals("simple")) {
            validateAllowedFields(object, string, "dn", "password", FIELD_PASSWORD_FILE);
            String string2 = LDAPConnectionDetailsJSONSpecification.getString(object, "dn", null);
            if (string2 == null) {
                throw new LDAPException(ResultCode.PARAM_ERROR, JSONMessages.ERR_AUTH_DETAILS_MISSING_REQUIRED_FIELD_FOR_AUTH_TYPE.get("dn", string));
            }
            this.bindRequest = new SimpleBindRequest(string2, getPassword(object, string, false));
            return;
        }
        if (lowerCase.equals("cram-md5") || lowerCase.equals("crammd5")) {
            validateAllowedFields(object, string, FIELD_AUTHENTICATION_ID, "password", FIELD_PASSWORD_FILE);
            String string3 = LDAPConnectionDetailsJSONSpecification.getString(object, FIELD_AUTHENTICATION_ID, null);
            if (string3 == null) {
                throw new LDAPException(ResultCode.PARAM_ERROR, JSONMessages.ERR_AUTH_DETAILS_MISSING_REQUIRED_FIELD_FOR_AUTH_TYPE.get(FIELD_AUTHENTICATION_ID, string));
            }
            this.bindRequest = new CRAMMD5BindRequest(string3, getPassword(object, string, false));
            return;
        }
        if (lowerCase.equals("digest-md5") || lowerCase.equals("digestmd5")) {
            validateAllowedFields(object, string, FIELD_AUTHENTICATION_ID, FIELD_AUTHORIZATION_ID, "password", FIELD_PASSWORD_FILE, "qop", "realm");
            String string4 = LDAPConnectionDetailsJSONSpecification.getString(object, FIELD_AUTHENTICATION_ID, null);
            if (string4 == null) {
                throw new LDAPException(ResultCode.PARAM_ERROR, JSONMessages.ERR_AUTH_DETAILS_MISSING_REQUIRED_FIELD_FOR_AUTH_TYPE.get(FIELD_AUTHENTICATION_ID, string));
            }
            DIGESTMD5BindRequestProperties dIGESTMD5BindRequestProperties = new DIGESTMD5BindRequestProperties(string4, getPassword(object, string, false));
            dIGESTMD5BindRequestProperties.setAuthorizationID(LDAPConnectionDetailsJSONSpecification.getString(object, FIELD_AUTHORIZATION_ID, null));
            dIGESTMD5BindRequestProperties.setRealm(LDAPConnectionDetailsJSONSpecification.getString(object, "realm", null));
            dIGESTMD5BindRequestProperties.setAllowedQoP(getAllowedQoP(object));
            this.bindRequest = new DIGESTMD5BindRequest(dIGESTMD5BindRequestProperties, new Control[0]);
            return;
        }
        if (lowerCase.equals("external")) {
            validateAllowedFields(object, string, FIELD_AUTHORIZATION_ID);
            this.bindRequest = new EXTERNALBindRequest(LDAPConnectionDetailsJSONSpecification.getString(object, FIELD_AUTHORIZATION_ID, null));
            return;
        }
        if (!lowerCase.equals("gssapi") && !lowerCase.equals("gss-api")) {
            if (!lowerCase.equals("plain")) {
                throw new LDAPException(ResultCode.PARAM_ERROR, JSONMessages.ERR_AUTH_DETAILS_UNRECOGNIZED_TYPE.get(string));
            }
            validateAllowedFields(object, string, FIELD_AUTHENTICATION_ID, FIELD_AUTHORIZATION_ID, "password", FIELD_PASSWORD_FILE);
            String string5 = LDAPConnectionDetailsJSONSpecification.getString(object, FIELD_AUTHENTICATION_ID, null);
            if (string5 == null) {
                throw new LDAPException(ResultCode.PARAM_ERROR, JSONMessages.ERR_AUTH_DETAILS_MISSING_REQUIRED_FIELD_FOR_AUTH_TYPE.get(FIELD_AUTHENTICATION_ID, string));
            }
            this.bindRequest = new PLAINBindRequest(string5, LDAPConnectionDetailsJSONSpecification.getString(object, FIELD_AUTHORIZATION_ID, null), getPassword(object, string, false));
            return;
        }
        validateAllowedFields(object, string, FIELD_AUTHENTICATION_ID, FIELD_AUTHORIZATION_ID, "password", FIELD_PASSWORD_FILE, FIELD_CONFIG_FILE_PATH, FIELD_KDC_ADDRESS, "qop", "realm", FIELD_RENEW_TGT, FIELD_REQUIRE_CACHED_CREDENTIALS, FIELD_TICKET_CACHE_PATH, FIELD_USE_SUBJECT_CREDS_ONLY, FIELD_USE_TICKET_CACHE);
        String string6 = LDAPConnectionDetailsJSONSpecification.getString(object, FIELD_AUTHENTICATION_ID, null);
        if (string6 == null) {
            throw new LDAPException(ResultCode.PARAM_ERROR, JSONMessages.ERR_AUTH_DETAILS_MISSING_REQUIRED_FIELD_FOR_AUTH_TYPE.get(FIELD_AUTHENTICATION_ID, string));
        }
        String password = getPassword(object, string, true);
        GSSAPIBindRequestProperties gSSAPIBindRequestProperties = new GSSAPIBindRequestProperties(string6, password);
        gSSAPIBindRequestProperties.setAuthorizationID(LDAPConnectionDetailsJSONSpecification.getString(object, FIELD_AUTHORIZATION_ID, null));
        gSSAPIBindRequestProperties.setRealm(LDAPConnectionDetailsJSONSpecification.getString(object, "realm", null));
        gSSAPIBindRequestProperties.setAllowedQoP(getAllowedQoP(object));
        gSSAPIBindRequestProperties.setConfigFilePath(LDAPConnectionDetailsJSONSpecification.getString(object, FIELD_CONFIG_FILE_PATH, null));
        gSSAPIBindRequestProperties.setKDCAddress(LDAPConnectionDetailsJSONSpecification.getString(object, FIELD_KDC_ADDRESS, null));
        gSSAPIBindRequestProperties.setRenewTGT(LDAPConnectionDetailsJSONSpecification.getBoolean(object, FIELD_RENEW_TGT, false));
        gSSAPIBindRequestProperties.setRequireCachedCredentials(LDAPConnectionDetailsJSONSpecification.getBoolean(object, FIELD_REQUIRE_CACHED_CREDENTIALS, false));
        gSSAPIBindRequestProperties.setTicketCachePath(LDAPConnectionDetailsJSONSpecification.getString(object, FIELD_TICKET_CACHE_PATH, null));
        gSSAPIBindRequestProperties.setUseSubjectCredentialsOnly(LDAPConnectionDetailsJSONSpecification.getBoolean(object, FIELD_USE_SUBJECT_CREDS_ONLY, true));
        gSSAPIBindRequestProperties.setUseTicketCache(LDAPConnectionDetailsJSONSpecification.getBoolean(object, FIELD_USE_TICKET_CACHE, true));
        if (password == null && !gSSAPIBindRequestProperties.requireCachedCredentials()) {
            throw new LDAPException(ResultCode.PARAM_ERROR, JSONMessages.ERR_AUTH_DETAILS_MISSING_GSSAPI_PASSWORD.get("password", FIELD_PASSWORD_FILE, string, FIELD_REQUIRE_CACHED_CREDENTIALS));
        }
        this.bindRequest = new GSSAPIBindRequest(gSSAPIBindRequestProperties, new Control[0]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BindRequest getBindRequest() {
        return this.bindRequest;
    }

    private static void validateAllowedFields(JSONObject jSONObject, String str, String... strArr) throws LDAPException {
        HashSet hashSet = new HashSet(Arrays.asList(strArr));
        for (String str2 : jSONObject.getFields().keySet()) {
            if (!str2.equals(FIELD_AUTHENTICATION_TYPE) && !hashSet.contains(str2)) {
                throw new LDAPException(ResultCode.PARAM_ERROR, JSONMessages.ERR_AUTH_DETAILS_FIELD_NOT_PERMITTED_FOR_AUTH_TYPE.get(str2, str));
            }
        }
    }

    private static String getPassword(JSONObject jSONObject, String str, boolean z) throws LDAPException {
        String string = LDAPConnectionDetailsJSONSpecification.getString(jSONObject, "password", null);
        if (string != null) {
            LDAPConnectionDetailsJSONSpecification.rejectConflictingFields(jSONObject, "password", FIELD_PASSWORD_FILE);
            return string;
        }
        String string2 = LDAPConnectionDetailsJSONSpecification.getString(jSONObject, FIELD_PASSWORD_FILE, null);
        if (string2 != null) {
            return LDAPConnectionDetailsJSONSpecification.getStringFromFile(string2, FIELD_PASSWORD_FILE);
        }
        if (z) {
            return null;
        }
        throw new LDAPException(ResultCode.PARAM_ERROR, JSONMessages.ERR_AUTH_DETAILS_NO_PASSWORD.get("password", FIELD_PASSWORD_FILE, str));
    }

    private static List<SASLQualityOfProtection> getAllowedQoP(JSONObject jSONObject) throws LDAPException {
        JSONValue field = jSONObject.getField("qop");
        if (field == null) {
            return Collections.singletonList(SASLQualityOfProtection.AUTH);
        }
        if (field instanceof JSONString) {
            return SASLQualityOfProtection.decodeQoPList(((JSONString) field).stringValue());
        }
        if (!(field instanceof JSONArray)) {
            throw new LDAPException(ResultCode.PARAM_ERROR, JSONMessages.ERR_AUTH_DETAILS_INVALID_QOP.get("qop"));
        }
        JSONArray jSONArray = (JSONArray) field;
        ArrayList arrayList = new ArrayList(jSONArray.size());
        for (JSONValue jSONValue : jSONArray.getValues()) {
            if (!(jSONValue instanceof JSONString)) {
                throw new LDAPException(ResultCode.PARAM_ERROR, JSONMessages.ERR_AUTH_DETAILS_INVALID_QOP.get("qop"));
            }
            SASLQualityOfProtection forName = SASLQualityOfProtection.forName(((JSONString) jSONValue).stringValue());
            if (forName == null) {
                throw new LDAPException(ResultCode.PARAM_ERROR, JSONMessages.ERR_AUTH_DETAILS_INVALID_QOP.get("qop"));
            }
            arrayList.add(forName);
        }
        return arrayList;
    }
}
