package org.jasig.cas.authentication.principal;

import java.util.Arrays;
import java.util.List;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import org.inspektr.common.ioc.annotation.IsIn;
import org.inspektr.common.ioc.annotation.NotNull;
import org.jasig.cas.util.LdapUtils;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-3.2.1.jar:org/jasig/cas/authentication/principal/CredentialsToLDAPAttributePrincipalResolver.class */
public final class CredentialsToLDAPAttributePrincipalResolver extends AbstractPersonDirectoryCredentialsToPrincipalResolver {
    private static final int DEFAULT_MAX_NUMBER_OF_RESULTS = 2;
    private static final int DEFAULT_TIMEOUT = 1000;

    @NotNull
    private CredentialsToPrincipalResolver credentialsToPrincipalResolver;

    @NotNull
    private LdapTemplate ldapTemplate;

    @NotNull
    private String filter;

    @NotNull
    private String[] attributeIds;

    @NotNull
    private String searchBase;

    @IsIn({0, 1, 2})
    private int scope = 2;
    private int timeout = 1000;

    private SearchControls getSearchControls() {
        SearchControls searchControls = new SearchControls();
        if (this.log.isDebugEnabled()) {
            this.log.debug("returning searchcontrols: scope=" + this.scope + "; search base=" + this.searchBase + "; attributes=" + Arrays.toString(this.attributeIds) + "; timeout=" + this.timeout);
        }
        searchControls.setSearchScope(this.scope);
        searchControls.setReturningAttributes(this.attributeIds);
        searchControls.setTimeLimit(this.timeout);
        searchControls.setCountLimit(2L);
        return searchControls;
    }

    @Override // org.jasig.cas.authentication.principal.AbstractPersonDirectoryCredentialsToPrincipalResolver
    protected String extractPrincipalId(Credentials credentials) {
        Principal resolvePrincipal = this.credentialsToPrincipalResolver.resolvePrincipal(credentials);
        if (resolvePrincipal == null) {
            this.log.info("Initial principal could not be resolved from request, returning null");
            return null;
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("Resolved " + resolvePrincipal + ". Trying LDAP resolve now...");
        }
        String resolveFromLDAP = resolveFromLDAP(resolvePrincipal.getId());
        if (resolveFromLDAP == null) {
            this.log.info("Initial principal \"" + resolvePrincipal.getId() + "\" was not found in LDAP, returning null");
        } else {
            this.log.debug("Resolved " + resolvePrincipal + " to " + resolveFromLDAP);
        }
        return resolveFromLDAP;
    }

    private String resolveFromLDAP(String str) {
        String filterWithValues = LdapUtils.getFilterWithValues(this.filter, str);
        if (this.log.isDebugEnabled()) {
            this.log.debug("LDAP search with filter \"" + filterWithValues + "\"");
        }
        try {
            final String str2 = this.attributeIds[0];
            List search = this.ldapTemplate.search(this.searchBase, filterWithValues, getSearchControls(), new AttributesMapper() { // from class: org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver.1
                @Override // org.springframework.ldap.core.AttributesMapper
                public Object mapFromAttributes(Attributes attributes) throws NamingException {
                    Attribute attribute = attributes.get(str2);
                    if (attribute != null) {
                        return attribute.get();
                    }
                    CredentialsToLDAPAttributePrincipalResolver.this.log.debug("Principal attribute \"" + str2 + "\" not found in LDAP search results. Returning null.");
                    return null;
                }
            });
            if (search.isEmpty()) {
                this.log.debug("LDAP search returned zero results.");
                return null;
            }
            if (search.size() <= 1) {
                return (String) search.get(0);
            }
            this.log.error("LDAP search returned multiple results for filter \"" + filterWithValues + "\", which is not allowed.");
            return null;
        } catch (Exception e) {
            this.log.error(e, e);
            return null;
        }
    }

    @Override // org.jasig.cas.authentication.principal.CredentialsToPrincipalResolver
    public boolean supports(Credentials credentials) {
        return this.credentialsToPrincipalResolver.supports(credentials);
    }

    public final void setCredentialsToPrincipalResolver(CredentialsToPrincipalResolver credentialsToPrincipalResolver) {
        this.credentialsToPrincipalResolver = credentialsToPrincipalResolver;
    }

    public final void setContextSource(LdapContextSource ldapContextSource) {
        this.ldapTemplate = new LdapTemplate(ldapContextSource);
    }

    public void setFilter(String str) {
        this.filter = str;
    }

    public final void setPrincipalAttributeName(String str) {
        this.attributeIds = new String[]{str};
    }

    public final void setScope(int i) {
        this.scope = i;
    }

    public final void setSearchBase(String str) {
        this.searchBase = str;
    }

    public final void setTimeout(int i) {
        this.timeout = i;
    }
}
