package org.forgerock.openam.authentication.modules.common.mapping;

import com.iplanet.sso.SSOException;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.AMIdentityRepository;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdSearchControl;
import com.sun.identity.idm.IdSearchOpModifier;
import com.sun.identity.idm.IdType;
import com.sun.identity.shared.debug.Debug;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.UUID;

/* loaded from: input_file:org/forgerock/openam/authentication/modules/common/mapping/DefaultAccountProvider.class */
public class DefaultAccountProvider implements AccountProvider {
    private static Debug debug = Debug.getInstance("amAuth");
    private String idNameAttribute;

    public DefaultAccountProvider() {
        this.idNameAttribute = "uid";
    }

    public DefaultAccountProvider(String str) {
        this.idNameAttribute = "uid";
        this.idNameAttribute = str;
    }

    @Override // org.forgerock.openam.authentication.modules.common.mapping.AccountProvider
    public AMIdentity searchUser(AMIdentityRepository aMIdentityRepository, Map<String, Set<String>> map) {
        AMIdentity aMIdentity = null;
        if (map == null || map.isEmpty()) {
            debug.warning("DefaultAccountMapper.searchUser: empty search");
            return null;
        }
        try {
            Iterator it = aMIdentityRepository.searchIdentities(IdType.USER, "*", getSearchControl(IdSearchOpModifier.OR, map)).getSearchResults().iterator();
            if (it.hasNext()) {
                aMIdentity = (AMIdentity) it.next();
                if (debug.messageEnabled()) {
                    debug.message("getUser: user found : " + aMIdentity.getName());
                }
            }
        } catch (IdRepoException e) {
            debug.error("DefaultAccountMapper.searchUser: Problem while searching for the user. IdRepo", e);
        } catch (SSOException e2) {
            debug.error("DefaultAccountMapper.searchUser: Problem while searching for the user. SSOExc", e2);
        }
        return aMIdentity;
    }

    @Override // org.forgerock.openam.authentication.modules.common.mapping.AccountProvider
    public AMIdentity provisionUser(AMIdentityRepository aMIdentityRepository, Map<String, Set<String>> map) throws AuthLoginException {
        AMIdentity aMIdentity = null;
        try {
            Set<String> set = map.get(this.idNameAttribute);
            aMIdentity = aMIdentityRepository.createIdentity(IdType.USER, (set == null || set.isEmpty()) ? UUID.randomUUID().toString() : set.iterator().next(), map);
        } catch (IdRepoException e) {
            debug.error("DefaultAccountMapper.getAccount: IRE ", e);
            debug.error("LDAPERROR Code = " + e.getLDAPErrorCode());
            if (e.getLDAPErrorCode() != null && !e.getLDAPErrorCode().equalsIgnoreCase("68")) {
                throw new AuthLoginException("Failed to create user");
            }
        } catch (SSOException e2) {
            debug.error("DefaultAccountMapper.getAttributes: Problem while creating the user. SSOExc", e2);
            throw new AuthLoginException("Failed to create user");
        }
        return aMIdentity;
    }

    private IdSearchControl getSearchControl(IdSearchOpModifier idSearchOpModifier, Map<String, Set<String>> map) {
        IdSearchControl idSearchControl = new IdSearchControl();
        idSearchControl.setMaxResults(1);
        idSearchControl.setSearchModifiers(idSearchOpModifier, map);
        return idSearchControl;
    }
}
