package com.datastax.bdp.cassandra.auth;

import com.datastax.bdp.config.LdapConfig;
import com.datastax.dse.byos.shade.com.google.common.annotations.VisibleForTesting;
import com.datastax.dse.byos.shade.com.google.common.base.Strings;
import com.datastax.dse.byos.shade.com.google.common.cache.Cache;
import com.datastax.dse.byos.shade.com.google.common.cache.CacheBuilder;
import com.datastax.dse.byos.shade.com.google.common.util.concurrent.Uninterruptibles;
import com.datastax.dse.byos.shade.org.mindrot.jbcrypt.BCrypt;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.text.MessageFormat;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nonnull;
import javax.annotation.concurrent.NotThreadSafe;
import org.apache.cassandra.auth.AuthenticatedUser;
import org.apache.cassandra.concurrent.TPC;
import org.apache.cassandra.concurrent.TPCUtils;
import org.apache.cassandra.exceptions.AuthenticationException;
import org.apache.cassandra.utils.Throwables;
import org.apache.commons.lang3.StringUtils;
import org.apache.directory.api.ldap.model.cursor.CursorException;
import org.apache.directory.api.ldap.model.cursor.CursorLdapReferralException;
import org.apache.directory.api.ldap.model.cursor.EntryCursor;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.name.Rdn;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@NotThreadSafe
/* loaded from: input_file:com/datastax/bdp/cassandra/auth/LdapManagerImpl.class */
public class LdapManagerImpl implements LdapManager {
    private static final Logger logger;
    private final Cache<String, Dn> searchCache = initSearchCache();
    private final Cache<String, CachedCredentials> credentialsCache = initCredentialsCache();
    private static final int GENSALT_LOG2_ROUNDS = 10;
    public static final String FAIL_FOR_TEST = "FAIL_FOR_DSE_UNIT_TEST";
    private final LdapConnectionProvider ldapConnectionProvider;
    private final LdapConfig.SearchConfig searchConfig;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:com/datastax/bdp/cassandra/auth/LdapManagerImpl$CachedCredentials.class */
    private static final class CachedCredentials {
        final String hashedPassword;
        final AuthenticatedUser user;

        CachedCredentials(String str, AuthenticatedUser authenticatedUser) {
            this.hashedPassword = str;
            this.user = authenticatedUser;
        }
    }

    public LdapManagerImpl(@Nonnull LdapConnectionProvider ldapConnectionProvider, @Nonnull LdapConfig.SearchConfig searchConfig) {
        this.ldapConnectionProvider = ldapConnectionProvider;
        this.searchConfig = searchConfig;
    }

    @Override // com.datastax.bdp.cassandra.auth.LdapManager
    public AuthenticatedUser authenticate(Credentials credentials) throws AuthenticationException {
        if (StringUtils.isEmpty(credentials.authenticationUser) || StringUtils.isEmpty(credentials.password)) {
            logger.error("Either the username or password were null or zero length");
            throw new DseAuthenticationException(credentials.authorizationUser, credentials.authenticationUser);
        }
        if (this.credentialsCache == null) {
            return doAuthenticationWithRetry(credentials.authenticationUser, credentials.password);
        }
        CachedCredentials ifPresent = this.credentialsCache.getIfPresent(credentials.authenticationUser);
        if (ifPresent == null || !BCrypt.checkpw(credentials.password, ifPresent.hashedPassword)) {
            this.credentialsCache.invalidate(credentials.authenticationUser);
            ifPresent = new CachedCredentials(BCrypt.hashpw(credentials.password, BCrypt.gensalt(10)), doAuthenticationWithRetry(credentials.authenticationUser, credentials.password));
            this.credentialsCache.put(credentials.authenticationUser, ifPresent);
        }
        return ifPresent.user;
    }

    private AuthenticatedUser doAuthenticationWithRetry(String str, String str2) {
        AuthenticationException authenticationException = null;
        for (int i = 0; i <= this.searchConfig.maxRetries; i++) {
            if (i > 0) {
                try {
                    logger.trace("[ldap-authenticate] attempting authentication retry: {}", Integer.valueOf(i));
                } catch (AuthenticationException e) {
                    if (authenticationException == null) {
                        authenticationException = e;
                    } else {
                        authenticationException.addSuppressed(e);
                    }
                    Uninterruptibles.sleepUninterruptibly(this.searchConfig.retryInterval.toNanos(), TimeUnit.NANOSECONDS);
                }
            }
            return doAuthentication(str, str2);
        }
        if ($assertionsDisabled || authenticationException != null) {
            throw authenticationException;
        }
        throw new AssertionError();
    }

    private AuthenticatedUser doAuthentication(String str, String str2) throws AuthenticationException {
        Dn ifPresent = this.searchCache == null ? null : this.searchCache.getIfPresent(str);
        boolean z = true;
        if (ifPresent == null) {
            logger.trace("[ldap-authenticate] username: {} not found in cache", str);
            ifPresent = fetchUserDn(str);
            if (ifPresent == null) {
                logger.trace("[ldap-authenticate] ERROR - could not find userDN for username: {}", str);
                throw new DseAuthenticationException(str);
            }
            z = false;
        }
        try {
            if (userCanBind(ifPresent, str2)) {
                logger.trace("[ldap-authenticate] SUCCESS - username: {}, userDN: {}", str, ifPresent);
                if (!z && this.searchCache != null) {
                    this.searchCache.put(str, ifPresent);
                }
                return new AuthenticatedUser(str);
            }
            logger.trace("[ldap-authenticate] FAILURE - bind failed for username: {}, userDN: {}", str, ifPresent);
            if (z) {
                logger.trace("[ldap-authenticate] - userDN was in cache so looking for new DN");
                Dn fetchUserDn = fetchUserDn(str);
                if (fetchUserDn == null) {
                    logger.trace("[ldap-authenticate] ERROR - could not find userDN for username: {}", str);
                    throw new DseAuthenticationException(str);
                }
                if (!fetchUserDn.equals(ifPresent)) {
                    logger.trace("[ldap-authenticate] new userDN: {} does not match cached userDN: {} so attempting to bind again", fetchUserDn, ifPresent);
                    if (userCanBind(fetchUserDn, str2)) {
                        logger.trace("[ldap-authenticate] SUCCESS - username: {}, userDN: {}", str, ifPresent);
                        this.searchCache.put(str, fetchUserDn);
                        return new AuthenticatedUser(str);
                    }
                }
            }
            if (this.searchCache != null) {
                this.searchCache.invalidate(str);
            }
            logger.trace("[ldap-authenticate] ERROR - username: {} failed to authenticate", str);
            throw new DseAuthenticationException(str);
        } catch (RuntimeException e) {
            logger.trace("[ldap-authenticate] ERROR - unexpected error for username: {}", str, e);
            if (this.searchCache != null) {
                this.searchCache.invalidate(str);
            }
            AuthenticationException authenticationException = new AuthenticationException(str);
            authenticationException.initCause(e);
            throw authenticationException;
        }
    }

    private boolean userCanBind(Dn dn, String str) {
        if (TPC.isTPCThread()) {
            throw new TPCUtils.WouldBlockException("Binding LDAP user would block TPC thread");
        }
        try {
            LdapConnection connection = this.ldapConnectionProvider.getConnection();
            Throwable th = null;
            try {
                logger.trace("[ldap-bind] userDN: {} connection: {}", dn, connection);
                connection.bind(dn, str);
                logger.trace("[ldap-bind] SUCCESS - bind succcessful for userDN: {}", dn);
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        connection.close();
                    }
                }
                return true;
            } catch (Throwable th3) {
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        connection.close();
                    }
                }
                throw th3;
            }
        } catch (LdapException | IOException | RuntimeException e) {
            logger.trace("[ldap-bind] ERROR - bind failed for userDN: {}", dn, e);
            return false;
        }
    }

    private static String doRFC2254Escaping(String str) {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        StringBuilder sb = new StringBuilder(bytes.length);
        for (byte b : bytes) {
            if (b == 42 || b == 40 || b == 41 || b == 92 || b < 32) {
                sb.append('\\').append("0123456789abcdef".charAt((b >> 4) & 15)).append("0123456789abcdef".charAt(b & 15));
            } else {
                sb.append((char) b);
            }
        }
        return sb.toString();
    }

    @VisibleForTesting
    static String rfc2254EscapedPattern(String str, String str2) {
        return MessageFormat.format(str, doRFC2254Escaping(str2));
    }

    /* JADX WARN: Failed to calculate best type for var: r8v2 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r9v1 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
     */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x0196: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:84:0x0196 */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x019a: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:86:0x019a */
    /* JADX WARN: Type inference failed for: r8v2, types: [org.apache.directory.ldap.client.api.LdapConnection] */
    /* JADX WARN: Type inference failed for: r9v1, types: [java.lang.Throwable] */
    private Dn fetchUserDn(String str) throws AuthenticationException {
        ?? r8;
        ?? r9;
        LdapConnection connection;
        Throwable th;
        EntryCursor search;
        Throwable th2;
        if (TPC.isTPCThread()) {
            throw new TPCUtils.WouldBlockException("Fetching user from LDAP would block TPC thread");
        }
        try {
            try {
                try {
                    connection = this.ldapConnectionProvider.getConnection();
                    th = null;
                    logger.trace("[ldap-fetch-user] username: {} connection: {}", str, connection);
                    if (this.searchConfig.anonymousSearch) {
                        logger.trace("[ldap-fetch-user] anonymous bind to connection");
                        connection.anonymousBind();
                    } else {
                        logger.trace("[ldap-fetch-user] bind to connection");
                        connection.bind();
                    }
                    String rfc2254EscapedPattern = rfc2254EscapedPattern(this.searchConfig.userSearchFilter, str);
                    logger.trace("[ldap-fetch-user] user_search_base: {}, user_search_filter: {}", this.searchConfig.userSearchBase, rfc2254EscapedPattern);
                    search = connection.search(this.searchConfig.userSearchBase, rfc2254EscapedPattern, SearchScope.SUBTREE, new String[0]);
                    th2 = null;
                } catch (Throwable th3) {
                    if (r8 != 0) {
                        if (r9 != 0) {
                            try {
                                r8.close();
                            } catch (Throwable th4) {
                                r9.addSuppressed(th4);
                            }
                        } else {
                            r8.close();
                        }
                    }
                    throw th3;
                }
            } catch (CursorException | LdapException | IOException | RuntimeException e) {
                logger.trace("[ldap-fetch-user] ERROR - failed to fetch username: {}", str, e);
                DseAuthenticationException dseAuthenticationException = new DseAuthenticationException(str);
                dseAuthenticationException.initCause(e);
                throw dseAuthenticationException;
            }
        } catch (LdapAuthenticationException e2) {
        }
        try {
            try {
                if (!search.next()) {
                    if (search != null) {
                        if (0 != 0) {
                            try {
                                search.close();
                            } catch (Throwable th5) {
                                th2.addSuppressed(th5);
                            }
                        } else {
                            search.close();
                        }
                    }
                    if (connection != null) {
                        if (0 != 0) {
                            try {
                                connection.close();
                            } catch (Throwable th6) {
                                th.addSuppressed(th6);
                            }
                        } else {
                            connection.close();
                        }
                    }
                    logger.trace("[ldap-fetch-user] ERROR - failed to fetch username: {}", str);
                    throw new DseAuthenticationException(str);
                }
                logger.trace("[ldap-fetch-user] found entry for username: {}", str);
                Dn dn = ((Entry) search.get()).getDn();
                if (search != null) {
                    if (0 != 0) {
                        try {
                            search.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        search.close();
                    }
                }
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th8) {
                            th.addSuppressed(th8);
                        }
                    } else {
                        connection.close();
                    }
                }
                return dn;
            } finally {
            }
        } catch (Throwable th9) {
            if (search != null) {
                if (th2 != null) {
                    try {
                        search.close();
                    } catch (Throwable th10) {
                        th2.addSuppressed(th10);
                    }
                } else {
                    search.close();
                }
            }
            throw th9;
        }
    }

    private Entry safeGetEntry(EntryCursor entryCursor) throws CursorException {
        try {
            return (Entry) entryCursor.get();
        } catch (CursorLdapReferralException e) {
            String str = "<empty>";
            try {
                str = e.getReferralInfo();
            } catch (RuntimeException e2) {
            }
            logger.warn("[ldap-get-from-cursor] A search reference to {} was returned but we do not support search references", str);
            return null;
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r15v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r15v3 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r16v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r16v4 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
     */
    /* JADX WARN: Not initialized variable reg: 15, insn: 0x025b: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r15 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:157:0x025b */
    /* JADX WARN: Not initialized variable reg: 15, insn: 0x0406: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r15 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:75:0x0406 */
    /* JADX WARN: Not initialized variable reg: 16, insn: 0x0260: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r16 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:159:0x0260 */
    /* JADX WARN: Not initialized variable reg: 16, insn: 0x040b: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r16 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:77:0x040b */
    /* JADX WARN: Type inference failed for: r15v0, types: [org.apache.directory.api.ldap.model.cursor.EntryCursor] */
    /* JADX WARN: Type inference failed for: r15v3, types: [org.apache.directory.api.ldap.model.cursor.EntryCursor] */
    /* JADX WARN: Type inference failed for: r16v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r16v4, types: [java.lang.Throwable] */
    @Override // com.datastax.bdp.cassandra.auth.LdapManager
    public List<String> fetchUserGroups(String str) {
        if (TPC.isTPCThread()) {
            throw new TPCUtils.WouldBlockException("Fetching groups from LDAP would block TPC thread");
        }
        try {
            LdapConnection connection = this.ldapConnectionProvider.getConnection();
            Throwable th = null;
            try {
                ArrayList arrayList = new ArrayList();
                logger.trace("[ldap-fetch-user-groups] username: {}  connection: {}", str, connection);
                if (this.searchConfig.anonymousSearch) {
                    logger.trace("[ldap-fetch-user-groups] anonymous bind to connection");
                    connection.anonymousBind();
                } else {
                    logger.trace("[ldap-fetch-user-groups] bind to connection");
                    connection.bind();
                }
                String rfc2254EscapedPattern = rfc2254EscapedPattern(this.searchConfig.userSearchFilter, str);
                if (this.searchConfig.group.searchType == LdapConfig.GroupSearchType.DIRECTORY_SEARCH) {
                    try {
                        logger.trace("[ldap-fetch-user-groups] performing directory search for groups - fetching username: {} with user_search_base: {}, user_search_filter: {}", new Object[]{str, this.searchConfig.userSearchBase, rfc2254EscapedPattern});
                        EntryCursor search = connection.search(this.searchConfig.userSearchBase, rfc2254EscapedPattern, SearchScope.SUBTREE, new String[0]);
                        Throwable th2 = null;
                        if (search.next()) {
                            Entry safeGetEntry = safeGetEntry(search);
                            if (safeGetEntry != null) {
                                Dn dn = safeGetEntry.getDn();
                                String rfc2254EscapedPattern2 = rfc2254EscapedPattern(this.searchConfig.group.searchFilter, dn.toString());
                                logger.trace("[ldap-fetch-user-groups] looking for groups for userDN: {} with group_search_base: {}, group_search_filter: {}", new Object[]{dn, this.searchConfig.group.searchBase, rfc2254EscapedPattern2});
                                EntryCursor search2 = connection.search(this.searchConfig.group.searchBase, rfc2254EscapedPattern2, SearchScope.SUBTREE, new String[0]);
                                Throwable th3 = null;
                                while (search2.next()) {
                                    try {
                                        try {
                                            Entry safeGetEntry2 = safeGetEntry(search2);
                                            if (safeGetEntry2 != null) {
                                                if (safeGetEntry2.containsAttribute(new String[]{this.searchConfig.group.nameAttribute})) {
                                                    String string = safeGetEntry2.get(this.searchConfig.group.nameAttribute).getString();
                                                    logger.trace("[ldap-fetch-user-groups] found group: {} for username: {}", string, str);
                                                    arrayList.add(string);
                                                } else {
                                                    logger.trace("[ldap-fetch-user-groups] ERROR - group entry: {} does not contain group_name_attribute: {}", safeGetEntry2.getDn(), this.searchConfig.group.nameAttribute);
                                                }
                                            }
                                        } finally {
                                        }
                                    } catch (Throwable th4) {
                                        if (search2 != null) {
                                            if (th3 != null) {
                                                try {
                                                    search2.close();
                                                } catch (Throwable th5) {
                                                    th3.addSuppressed(th5);
                                                }
                                            } else {
                                                search2.close();
                                            }
                                        }
                                        throw th4;
                                    }
                                }
                                if (search2 != null) {
                                    if (0 != 0) {
                                        try {
                                            search2.close();
                                        } catch (Throwable th6) {
                                            th3.addSuppressed(th6);
                                        }
                                    } else {
                                        search2.close();
                                    }
                                }
                            }
                        } else {
                            logger.trace("[ldap-fetch-user-groups] FAILURE - could not find user entry for username: {}", str);
                        }
                        if (search != null) {
                            if (0 != 0) {
                                try {
                                    search.close();
                                } catch (Throwable th7) {
                                    th2.addSuppressed(th7);
                                }
                            } else {
                                search.close();
                            }
                        }
                    } finally {
                    }
                } else {
                    logger.trace("[ldap-fetch-user-groups] performing member-of lookup for groups - fetching username: {} with user_search_base: {}, user_search_filter: {}", new Object[]{str, this.searchConfig.userSearchBase, rfc2254EscapedPattern});
                    if (FAIL_FOR_TEST.equals(this.searchConfig.group.userMemberOfAttribute)) {
                        throw new RuntimeException("TEST CASE EXCEPTION");
                    }
                    try {
                        EntryCursor search3 = connection.search(this.searchConfig.userSearchBase, rfc2254EscapedPattern, SearchScope.SUBTREE, new String[]{this.searchConfig.group.userMemberOfAttribute});
                        Throwable th8 = null;
                        if (search3.next()) {
                            Entry safeGetEntry3 = safeGetEntry(search3);
                            if (safeGetEntry3 != null && safeGetEntry3.containsAttribute(new String[]{this.searchConfig.group.userMemberOfAttribute})) {
                                Iterator it2 = safeGetEntry3.get(this.searchConfig.group.userMemberOfAttribute).iterator();
                                while (it2.hasNext()) {
                                    String str2 = null;
                                    Iterator it3 = new Dn(new String[]{((Value) it2.next()).toString()}).iterator();
                                    while (it3.hasNext()) {
                                        Rdn rdn = (Rdn) it3.next();
                                        if (this.searchConfig.group.nameAttribute.equalsIgnoreCase(rdn.getType())) {
                                            str2 = rdn.getValue();
                                        }
                                    }
                                    if (!Strings.isNullOrEmpty(str2)) {
                                        logger.trace("[ldap-fetch-user-groups] found group: {} for username: {}", str2, str);
                                        arrayList.add(str2);
                                    }
                                }
                            }
                        } else {
                            logger.trace("[ldap-fetch-user-groups] FAILURE - could not find user entry for username: {} or user entry did not have any memberOf attribute entries", str);
                        }
                        if (search3 != null) {
                            if (0 != 0) {
                                try {
                                    search3.close();
                                } catch (Throwable th9) {
                                    th8.addSuppressed(th9);
                                }
                            } else {
                                search3.close();
                            }
                        }
                    } finally {
                    }
                }
                return arrayList;
            } finally {
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th10) {
                            th.addSuppressed(th10);
                        }
                    } else {
                        connection.close();
                    }
                }
            }
        } catch (Exception e) {
            logger.debug("[ldap-fetch-user-groups] ERROR - failed to fetch groups for username: {}", str, e);
            throw Throwables.cleaned(e);
        }
    }

    @Override // com.datastax.bdp.cassandra.auth.LdapManager
    public long getSearchCacheSize() {
        if (this.searchCache == null) {
            return -1L;
        }
        return this.searchCache.size();
    }

    @Override // com.datastax.bdp.cassandra.auth.LdapManager
    public long getCredentialsCacheSize() {
        if (this.credentialsCache == null) {
            return -1L;
        }
        return this.credentialsCache.size();
    }

    @Override // com.datastax.bdp.cassandra.auth.LdapManager
    public void invalidateSearchCacheAll() {
        if (this.searchCache != null) {
            this.searchCache.invalidateAll();
        }
    }

    @Override // com.datastax.bdp.cassandra.auth.LdapManager
    public void invalidateSearchCache(String str) {
        if (this.searchCache == null || !StringUtils.isNotEmpty(str)) {
            return;
        }
        this.searchCache.invalidate(str);
    }

    @Override // com.datastax.bdp.cassandra.auth.LdapManager
    public void invalidateCredentialsCacheAll() {
        if (this.credentialsCache != null) {
            this.credentialsCache.invalidateAll();
        }
    }

    @Override // com.datastax.bdp.cassandra.auth.LdapManager
    public void invalidateCredentialsCache(String str) {
        if (this.credentialsCache == null || !StringUtils.isNotEmpty(str)) {
            return;
        }
        this.credentialsCache.invalidate(str);
    }

    private Cache<String, Dn> initSearchCache() {
        Duration duration = this.searchConfig.caching.searchValidity;
        if (duration.isZero()) {
            return null;
        }
        return CacheBuilder.newBuilder().expireAfterWrite(duration.toNanos(), TimeUnit.NANOSECONDS).build();
    }

    private Cache<String, CachedCredentials> initCredentialsCache() {
        Duration duration = this.searchConfig.caching.credentialsValidity;
        if (duration.isZero()) {
            return null;
        }
        return CacheBuilder.newBuilder().expireAfterWrite(duration.toNanos(), TimeUnit.NANOSECONDS).build();
    }

    static {
        $assertionsDisabled = !LdapManagerImpl.class.desiredAssertionStatus();
        logger = LoggerFactory.getLogger(LdapManagerImpl.class);
    }
}
