package org.jasig.cas.authentication;

import com.google.common.base.Functions;
import com.google.common.collect.Maps;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.validation.constraints.NotNull;
import org.jasig.cas.MessageDescriptor;
import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.jasig.cas.authentication.principal.Principal;
import org.jasig.cas.authentication.support.LdapPasswordPolicyConfiguration;
import org.ldaptive.Credential;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.LdapException;
import org.ldaptive.ReturnAttributes;
import org.ldaptive.auth.AuthenticationRequest;
import org.ldaptive.auth.AuthenticationResponse;
import org.ldaptive.auth.AuthenticationResultCode;
import org.ldaptive.auth.Authenticator;

/* loaded from: input_file:org/jasig/cas/authentication/LdapAuthenticationHandler.class */
public class LdapAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {

    @NotNull
    private final Authenticator authenticator;
    private String principalIdAttribute;
    private boolean allowMultiplePrincipalAttributeValues;

    @NotNull
    protected Map<String, String> principalAttributeMap = Collections.emptyMap();

    @NotNull
    protected List<String> additionalAttributes = Collections.emptyList();

    @NotNull
    private String name = LdapAuthenticationHandler.class.getSimpleName();
    private String[] authenticatedEntryAttributes = ReturnAttributes.NONE.value();

    public LdapAuthenticationHandler(@NotNull Authenticator authenticator) {
        this.authenticator = authenticator;
    }

    public void setName(String str) {
        this.name = str;
    }

    public void setPrincipalIdAttribute(String str) {
        this.principalIdAttribute = str;
    }

    public void setAllowMultiplePrincipalAttributeValues(boolean z) {
        this.allowMultiplePrincipalAttributeValues = z;
    }

    public void setPrincipalAttributeMap(Map<String, String> map) {
        this.principalAttributeMap = map;
    }

    public void setPrincipalAttributeList(List<String> list) {
        this.principalAttributeMap = Maps.uniqueIndex(list, Functions.toStringFunction());
    }

    public void setAdditionalAttributes(List<String> list) {
        this.additionalAttributes = list;
    }

    protected HandlerResult authenticateUsernamePasswordInternal(UsernamePasswordCredential usernamePasswordCredential) throws GeneralSecurityException, PreventedException {
        List<MessageDescriptor> emptyList;
        try {
            this.logger.debug("Attempting LDAP authentication for {}", usernamePasswordCredential);
            AuthenticationResponse authenticate = this.authenticator.authenticate(new AuthenticationRequest(usernamePasswordCredential.getUsername(), new Credential(getPasswordEncoder().encode(usernamePasswordCredential.getPassword())), this.authenticatedEntryAttributes));
            this.logger.debug("LDAP response: {}", authenticate);
            LdapPasswordPolicyConfiguration ldapPasswordPolicyConfiguration = (LdapPasswordPolicyConfiguration) super.getPasswordPolicyConfiguration();
            if (ldapPasswordPolicyConfiguration != null) {
                this.logger.debug("Applying password policy to {}", authenticate);
                emptyList = ldapPasswordPolicyConfiguration.getAccountStateHandler().handle(authenticate, ldapPasswordPolicyConfiguration);
            } else {
                emptyList = Collections.emptyList();
            }
            if (((Boolean) authenticate.getResult()).booleanValue()) {
                return createHandlerResult(usernamePasswordCredential, createPrincipal(usernamePasswordCredential.getUsername(), authenticate.getLdapEntry()), emptyList);
            }
            if (AuthenticationResultCode.DN_RESOLUTION_FAILURE == authenticate.getAuthenticationResultCode()) {
                throw new AccountNotFoundException(usernamePasswordCredential.getUsername() + " not found.");
            }
            throw new FailedLoginException("Invalid credentials");
        } catch (LdapException e) {
            throw new PreventedException("Unexpected LDAP error", e);
        }
    }

    public boolean supports(Credential credential) {
        return credential instanceof UsernamePasswordCredential;
    }

    public String getName() {
        return this.name;
    }

    protected Principal createPrincipal(String str, LdapEntry ldapEntry) throws LoginException {
        String str2;
        if (this.principalIdAttribute != null) {
            LdapAttribute attribute = ldapEntry.getAttribute(this.principalIdAttribute);
            if (attribute == null || attribute.size() == 0) {
                throw new LoginException(this.principalIdAttribute + " attribute not found for " + str);
            }
            if (attribute.size() > 1) {
                if (!this.allowMultiplePrincipalAttributeValues) {
                    throw new LoginException("Multiple principal values not allowed: " + attribute);
                }
                this.logger.warn("Found multiple values for principal ID attribute: {}. Using first value={}.", attribute, attribute.getStringValue());
            }
            str2 = attribute.getStringValue();
        } else {
            str2 = str;
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap(this.principalAttributeMap.size());
        for (Map.Entry<String, String> entry : this.principalAttributeMap.entrySet()) {
            LdapAttribute attribute2 = ldapEntry.getAttribute(entry.getKey());
            if (attribute2 != null) {
                this.logger.debug("Found principal attribute: {}", attribute2);
                String value = entry.getValue();
                if (attribute2.size() > 1) {
                    linkedHashMap.put(value, attribute2.getStringValues());
                } else {
                    linkedHashMap.put(value, attribute2.getStringValue());
                }
            }
        }
        return this.principalFactory.createPrincipal(str2, linkedHashMap);
    }

    @PostConstruct
    public void initialize() {
        HashSet hashSet = new HashSet();
        if (this.principalIdAttribute != null) {
            hashSet.add(this.principalIdAttribute);
        }
        if (!this.principalAttributeMap.isEmpty()) {
            hashSet.addAll(this.principalAttributeMap.keySet());
        }
        if (!this.additionalAttributes.isEmpty()) {
            hashSet.addAll(this.additionalAttributes);
        }
        if (hashSet.isEmpty()) {
            return;
        }
        this.authenticatedEntryAttributes = (String[]) hashSet.toArray(new String[hashSet.size()]);
    }
}
