package com.greenhat.server.container.server.security.ldap.trace;

import com.greenhat.server.container.shared.datamodel.Role;
import com.greenhat.server.container.shared.datamodel.User;
import java.io.PrintStream;
import java.text.MessageFormat;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:security-config.jar:com/greenhat/server/container/server/security/ldap/trace/LdapAuthenticationTrace.class */
public class LdapAuthenticationTrace {
    public AttemptStatus adminConnectionAttempt;
    public Exception adminConnectionException;
    public GetUserSearchResultTrace userEntryQuery = new GetUserSearchResultTrace();
    public String userConnectionLogin;
    public String userConnectionPasswordHash;
    public Exception userConnectionException;
    public LdapQueryParams groupsForUserQuery;
    public AttemptStatus groupsForUserQueryAttempt;
    public Set<String> groupsForUser;
    public Exception groupsForUserQueryException;
    public Map<String, Set<Role>> groupRoleMappings;
    public Map<String, String> userRolesFromEachGroup;
    public AttemptStatus canonicalNameRetrievalAttempt;
    public Boolean canonicalNameUserSearchResultFound;
    public String canonicalNameAttributeName;
    public Boolean canonicalNameAttributeFound;
    public Object canonicalNameObject;
    public Exception canonicalNameException;
    public FinalRejection finalRejection;
    public User user;

    /* loaded from: input_file:security-config.jar:com/greenhat/server/container/server/security/ldap/trace/LdapAuthenticationTrace$AttemptStatus.class */
    public enum AttemptStatus {
        STARTED_NOT_COMPLETED,
        SUCCEEDED
    }

    /* loaded from: input_file:security-config.jar:com/greenhat/server/container/server/security/ldap/trace/LdapAuthenticationTrace$FinalRejection.class */
    public enum FinalRejection {
        DID_NOT_HAVE_USER_ROLE,
        COULD_NOT_FIND_CANONICAL_NAME,
        LDAP_AUTHENTICATION_DID_NOT_SUCCEED,
        USER_NOT_FOUND
    }

    /* loaded from: input_file:security-config.jar:com/greenhat/server/container/server/security/ldap/trace/LdapAuthenticationTrace$LdapQueryParams.class */
    public static class LdapQueryParams {
        public String base;
        public String filter;
        public int scope;

        public LdapQueryParams(String str, String str2, int i) {
            this.base = str;
            this.filter = str2;
            this.scope = i;
        }

        public String toString() {
            return "LdapQueryParams [base=" + this.base + ", filter=" + this.filter + ", scope=" + this.scope + "]";
        }
    }

    public LdapAuthenticationTrace() {
    }

    public LdapAuthenticationTrace(User user) {
        this.user = user;
    }

    public void print(PrintStream printStream) {
        if (this.user == null) {
            printStream.println("Login failed");
        } else {
            printStream.println("Login succeeded");
        }
        printStream.println();
        if (this.adminConnectionAttempt == null) {
            printStream.println("Did not get as far as logging in to the server with the admin credentials.");
        } else if (this.adminConnectionAttempt == AttemptStatus.STARTED_NOT_COMPLETED) {
            printStream.println("Attempted to authenticate with the LDAP server using the admin credentials.");
            printStream.println("  Authentication with admin credentials did not complete succesfully");
            printExceptionChainMessages(printStream, this.adminConnectionException);
        } else {
            printStream.println("Connection using the admin credentials succeeded");
        }
        if (this.userEntryQuery.queryParams == null) {
            printStream.println("Did not get as far as querying the server for the user's entry.");
        } else {
            printStream.println("Queried the server (using the connection authenticated with the admin credentials) to look for the user's record.");
            printQueryParams(printStream, this.userEntryQuery.queryParams);
            if (this.userEntryQuery.resultCount == null) {
                printStream.println("  Query failed");
            } else {
                printStream.println(MessageFormat.format("  Results found: {0}", this.userEntryQuery.resultCount));
            }
        }
        if (this.userConnectionLogin == null) {
            printStream.println("Did not get as far as logging in to the server with the user's credentials.");
        } else {
            printStream.println("Attempted to authenticate with the LDAP server using the user's DN as the username.");
            printStream.println(MessageFormat.format("  Username (User''s DN): {0}", this.userConnectionLogin));
            printStream.println(MessageFormat.format("  Password (SHA-256 hash): {0}", this.userConnectionPasswordHash));
            if (this.userConnectionException != null) {
                printStream.println("  Authentication with user's credentials did not complete succesfully");
                printExceptionChainMessages(printStream, this.userConnectionException);
            } else {
                printStream.println("  Authentication of user's credentials with LDAP server was successful");
            }
        }
        if (this.groupsForUserQuery == null) {
            printStream.println("Did not get as far as querying for the groups that contain the user.");
        } else {
            printStream.println("Queried the server for the user's groups.");
            printQueryParams(printStream, this.groupsForUserQuery);
            if (this.groupsForUserQueryAttempt == AttemptStatus.STARTED_NOT_COMPLETED) {
                printStream.println("  Query failed");
                printExceptionChainMessages(printStream, this.groupsForUserQueryException);
            } else {
                printStream.println(MessageFormat.format("  Names of groups found: {0}", this.groupsForUser));
            }
        }
        if (this.groupRoleMappings == null) {
            printStream.println("Did not get as far as mapping groups to roles.");
        } else {
            printStream.println("Mapping groups to roles.");
            printStream.println(MessageFormat.format("  Group to role mappings: {0}", this.groupRoleMappings));
            if (this.userRolesFromEachGroup == null) {
                printStream.println("  Didn't get as far as mapping groups to roles.");
            } else {
                for (Map.Entry<String, String> entry : this.userRolesFromEachGroup.entrySet()) {
                    printStream.println(MessageFormat.format("  User is in group {0}, receiving roles {1}.", entry.getKey(), entry.getValue()));
                }
            }
        }
        if (this.canonicalNameRetrievalAttempt == null) {
            printStream.println("Did not get as far as querying for the user's canonical login name.");
        } else {
            printStream.println("Queried for the user's canonical login name.");
            if (this.canonicalNameUserSearchResultFound == null || !this.canonicalNameUserSearchResultFound.booleanValue()) {
                printStream.println("  Failed to find user's LDAP entry");
            } else {
                printStream.println(MessageFormat.format("  Using attribute name: {0}", this.canonicalNameAttributeName));
                if (this.canonicalNameAttributeName != null) {
                    printStream.println(MessageFormat.format("  Attribute found: {0}", this.canonicalNameAttributeFound));
                    if (Boolean.TRUE.equals(this.canonicalNameAttributeFound)) {
                        printStream.println(MessageFormat.format("  Attribute value: {0} ({1})", this.canonicalNameObject, this.canonicalNameObject == null ? null : this.canonicalNameObject.getClass().getName()));
                    }
                }
            }
            if (this.canonicalNameRetrievalAttempt == AttemptStatus.SUCCEEDED) {
                printStream.println("  Canonical login name found successfully");
            } else {
                printStream.println("  Canonical login name not found");
            }
            printExceptionChainMessages(printStream, this.canonicalNameException);
        }
        if (this.finalRejection != null) {
            printStream.println();
            printStream.println(getFinalRejectionText(this.finalRejection));
        } else if (this.user == null) {
            printStream.println();
            printStream.println("Authentication was rejected for an unknown reason. Check trace above for any potential reasons.");
        }
        if (this.user != null) {
            printStream.println("Login succeeded");
            printStream.println();
            printStream.println(MessageFormat.format("Found canonical/definitive user name: {0}", this.user.getName()));
            printStream.println("  (This is the name that will be displayed in Rational Test Control Panel UI.)");
            printStream.println(MessageFormat.format("User has roles: {0}", this.user.getRoles()));
        }
    }

    private String getFinalRejectionText(FinalRejection finalRejection) {
        switch (finalRejection) {
            case COULD_NOT_FIND_CANONICAL_NAME:
                return "Authentication was rejected as we could not find the user's canonical/definitive username.";
            case DID_NOT_HAVE_USER_ROLE:
                return "Authentication was rejected as the user (although they exist) did not have the 'user' role.";
            case LDAP_AUTHENTICATION_DID_NOT_SUCCEED:
                return "Authentication was rejected as we could not verify the user's credentials with the server. See the trace above for more information.";
            case USER_NOT_FOUND:
                return "Authentication was rejected as no user was found with the given username.";
            default:
                return finalRejection.toString();
        }
    }

    private void printQueryParams(PrintStream printStream, LdapQueryParams ldapQueryParams) {
        printStream.println(MessageFormat.format("  Search base/name: {0}", ldapQueryParams.base));
        printStream.println(MessageFormat.format("  Search filter: {0}", ldapQueryParams.filter));
        printStream.println(MessageFormat.format("  Search scope: {0}", getScopeDisplayName(ldapQueryParams.scope)));
    }

    private String getScopeDisplayName(int i) {
        String valueOf;
        switch (i) {
            case 0:
                valueOf = "Object scope (Base)";
                break;
            case 1:
                valueOf = "One level";
                break;
            case 2:
                valueOf = "Subtree";
                break;
            default:
                valueOf = String.valueOf(i);
                break;
        }
        return valueOf;
    }

    private void printExceptionChainMessages(PrintStream printStream, Throwable th) {
        while (th != null) {
            printStream.println(MessageFormat.format("    {0} ({1})", th.getMessage(), th.getClass().getSimpleName()));
            th = th.getCause();
        }
    }
}
