package org.pac4j.ldap.credentials.authenticator;

import org.ldaptive.Credential;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.LdapException;
import org.ldaptive.auth.AuthenticationRequest;
import org.ldaptive.auth.AuthenticationResponse;
import org.ldaptive.auth.AuthenticationResultCode;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.UsernamePasswordCredentials;
import org.pac4j.core.credentials.authenticator.Authenticator;
import org.pac4j.core.exception.AccountNotFoundException;
import org.pac4j.core.exception.BadCredentialsException;
import org.pac4j.core.exception.HttpAction;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.core.util.InitializableWebObject;
import org.pac4j.ldap.profile.LdapProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/pac4j/ldap/credentials/authenticator/LdapAuthenticator.class */
public class LdapAuthenticator extends InitializableWebObject implements Authenticator<UsernamePasswordCredentials> {
    protected final Logger logger;
    private org.ldaptive.auth.Authenticator ldapAuthenticator;
    private String attributes;

    public LdapAuthenticator() {
        this.logger = LoggerFactory.getLogger(getClass());
        this.attributes = "";
    }

    public LdapAuthenticator(org.ldaptive.auth.Authenticator authenticator) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.attributes = "";
        this.ldapAuthenticator = authenticator;
    }

    public LdapAuthenticator(org.ldaptive.auth.Authenticator authenticator, String str) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.attributes = "";
        this.ldapAuthenticator = authenticator;
        this.attributes = str;
    }

    protected void internalInit(WebContext webContext) {
        CommonHelper.assertNotNull("ldapAuthenticator", this.ldapAuthenticator);
        CommonHelper.assertNotNull("attributes", this.attributes);
    }

    public void validate(UsernamePasswordCredentials usernamePasswordCredentials, WebContext webContext) throws HttpAction {
        init(webContext);
        String username = usernamePasswordCredentials.getUsername();
        String[] split = this.attributes.split(",");
        try {
            this.logger.debug("Attempting LDAP authentication for: {}", usernamePasswordCredentials);
            AuthenticationResponse authenticate = this.ldapAuthenticator.authenticate(new AuthenticationRequest(username, new Credential(usernamePasswordCredentials.getPassword()), split));
            this.logger.debug("LDAP response: {}", authenticate);
            if (((Boolean) authenticate.getResult()).booleanValue()) {
                usernamePasswordCredentials.setUserProfile(createProfile(username, split, authenticate.getLdapEntry()));
            } else {
                if (AuthenticationResultCode.DN_RESOLUTION_FAILURE != authenticate.getAuthenticationResultCode()) {
                    throw new BadCredentialsException("Invalid credentials for: " + username);
                }
                throw new AccountNotFoundException(username + " not found");
            }
        } catch (LdapException e) {
            throw new TechnicalException("Unexpected LDAP error", e);
        }
    }

    protected LdapProfile createProfile(String str, String[] strArr, LdapEntry ldapEntry) {
        LdapProfile ldapProfile = new LdapProfile();
        ldapProfile.setId(str);
        for (String str2 : strArr) {
            LdapAttribute attribute = ldapEntry.getAttribute(str2);
            if (attribute != null) {
                this.logger.debug("Found attribute: {}", str2);
                if (attribute.size() > 1) {
                    ldapProfile.addAttribute(str2, attribute.getStringValues());
                } else {
                    ldapProfile.addAttribute(str2, attribute.getStringValue());
                }
            }
        }
        return ldapProfile;
    }

    public org.ldaptive.auth.Authenticator getLdapAuthenticator() {
        return this.ldapAuthenticator;
    }

    public void setLdapAuthenticator(org.ldaptive.auth.Authenticator authenticator) {
        this.ldapAuthenticator = authenticator;
    }

    public String getAttributes() {
        return this.attributes;
    }

    public void setAttributes(String str) {
        this.attributes = str;
    }
}
