package com.zimbra.cs.account.ldap;

import com.zimbra.common.account.ZAttrProvisioning;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.auth.AuthMechanism;
import com.zimbra.cs.account.krb5.Krb5Login;
import com.zimbra.cs.account.ldap.AutoProvision;
import java.util.HashMap;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:com/zimbra/cs/account/ldap/AutoProvisionLazy.class */
class AutoProvisionLazy extends AutoProvision {
    private String loginName;
    private String loginPassword;
    private ZAttrProvisioning.AutoProvAuthMech authedByMech;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AutoProvisionLazy(LdapProv ldapProv, Domain domain, String str, String str2, ZAttrProvisioning.AutoProvAuthMech autoProvAuthMech) {
        super(ldapProv, domain);
        this.loginName = str;
        this.loginPassword = str2;
        this.authedByMech = autoProvAuthMech;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.zimbra.cs.account.ldap.AutoProvision
    public Account handle() throws ServiceException {
        if (this.domain == null) {
            this.domain = this.prov.getDefaultDomain();
            if (this.domain == null) {
                return null;
            }
        }
        if (this.authedByMech == null) {
            this.authedByMech = auth();
        }
        if (this.authedByMech != null && autoProvisionEnabled()) {
            return createAccount();
        }
        return null;
    }

    private boolean autoProvisionEnabled() {
        return this.domain.getMultiAttrSet("zimbraAutoProvAuthMech").contains(this.authedByMech.name()) && this.domain.getMultiAttrSet("zimbraAutoProvMode").contains(ZAttrProvisioning.AutoProvMode.LAZY.name());
    }

    private Account createAccount() throws ServiceException {
        AutoProvision.ExternalEntry externalAttrsByName = getExternalAttrsByName(this.loginName);
        String mapName = mapName(externalAttrsByName.getAttrs(), this.loginName);
        ZimbraLog.autoprov.info("auto creating account in LAZY mode: " + mapName);
        return createAccount(mapName, externalAttrsByName, null, ZAttrProvisioning.AutoProvMode.LAZY);
    }

    private ZAttrProvisioning.AutoProvAuthMech auth() {
        String attr = this.domain.getAttr("zimbraAuthMech");
        AuthMechanism.AuthMech authMech = null;
        try {
            authMech = AuthMechanism.AuthMech.fromString(attr);
        } catch (ServiceException e) {
            ZimbraLog.autoprov.debug("invalid auth mech " + attr, e);
        }
        if (AuthMechanism.AuthMech.ldap == authMech || AuthMechanism.AuthMech.ad == authMech) {
            try {
                this.prov.externalLdapAuth(this.domain, authMech, this.loginName, this.loginPassword, new HashMap());
                return ZAttrProvisioning.AutoProvAuthMech.LDAP;
            } catch (ServiceException e2) {
                ZimbraLog.autoprov.info("unable to authenticate " + this.loginName + " for auto provisioning", e2);
                return null;
            }
        }
        if (AuthMechanism.AuthMech.kerberos5 != authMech) {
            return null;
        }
        try {
            Krb5Login.verifyPassword(this.loginName, this.loginPassword);
            return ZAttrProvisioning.AutoProvAuthMech.KRB5;
        } catch (LoginException e3) {
            ZimbraLog.autoprov.info("unable to authenticate " + this.loginName + " for auto provisioning", e3);
            return null;
        }
    }
}
