package org.jasig.cas.authentication;

import com.google.common.base.Functions;
import com.google.common.collect.Maps;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.validation.constraints.NotNull;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.jasig.cas.authentication.principal.Principal;
import org.jasig.cas.authentication.support.LdapPasswordPolicyConfiguration;
import org.jasig.inspektr.aspect.TraceLogAspect;
import org.ldaptive.Credential;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.LdapException;
import org.ldaptive.ReturnAttributes;
import org.ldaptive.auth.AuthenticationRequest;
import org.ldaptive.auth.AuthenticationResponse;
import org.ldaptive.auth.AuthenticationResultCode;
import org.ldaptive.auth.Authenticator;

/* loaded from: input_file:org/jasig/cas/authentication/LdapAuthenticationHandler.class */
public class LdapAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {

    @NotNull
    private final Authenticator authenticator;
    private String principalIdAttribute;
    private boolean allowMultiplePrincipalAttributeValues;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;

    @NotNull
    protected Map<String, String> principalAttributeMap = Collections.emptyMap();

    @NotNull
    protected List<String> additionalAttributes = Collections.emptyList();

    @NotNull
    private String name = LdapAuthenticationHandler.class.getSimpleName();
    private String[] authenticatedEntryAttributes = ReturnAttributes.NONE.value();

    /* loaded from: input_file:org/jasig/cas/authentication/LdapAuthenticationHandler$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(LdapAuthenticationHandler.supports_aroundBody0((LdapAuthenticationHandler) objArr2[0], (Credential) objArr2[1], (JoinPoint) objArr2[2]));
        }
    }

    /* loaded from: input_file:org/jasig/cas/authentication/LdapAuthenticationHandler$AjcClosure3.class */
    public class AjcClosure3 extends AroundClosure {
        public AjcClosure3(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return LdapAuthenticationHandler.getName_aroundBody2((LdapAuthenticationHandler) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/jasig/cas/authentication/LdapAuthenticationHandler$AjcClosure5.class */
    public class AjcClosure5 extends AroundClosure {
        public AjcClosure5(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            LdapAuthenticationHandler.initialize_aroundBody4((LdapAuthenticationHandler) objArr2[0], (JoinPoint) objArr2[1]);
            return null;
        }
    }

    public LdapAuthenticationHandler(@NotNull Authenticator authenticator) {
        this.authenticator = authenticator;
    }

    public void setName(String str) {
        this.name = str;
    }

    public void setPrincipalIdAttribute(String str) {
        this.principalIdAttribute = str;
    }

    public void setAllowMultiplePrincipalAttributeValues(boolean z) {
        this.allowMultiplePrincipalAttributeValues = z;
    }

    public void setPrincipalAttributeMap(Map<String, String> map) {
        this.principalAttributeMap = map;
    }

    public void setPrincipalAttributeList(List<String> list) {
        this.principalAttributeMap = Maps.uniqueIndex(list, Functions.toStringFunction());
    }

    public void setAdditionalAttributes(List<String> list) {
        this.additionalAttributes = list;
    }

    protected HandlerResult authenticateUsernamePasswordInternal(UsernamePasswordCredential usernamePasswordCredential) throws GeneralSecurityException, PreventedException {
        List<MessageDescriptor> emptyList;
        try {
            this.logger.debug("Attempting LDAP authentication for {}", usernamePasswordCredential);
            AuthenticationResponse authenticate = this.authenticator.authenticate(new AuthenticationRequest(usernamePasswordCredential.getUsername(), new Credential(getPasswordEncoder().encode(usernamePasswordCredential.getPassword())), this.authenticatedEntryAttributes));
            this.logger.debug("LDAP response: {}", authenticate);
            LdapPasswordPolicyConfiguration ldapPasswordPolicyConfiguration = (LdapPasswordPolicyConfiguration) super.getPasswordPolicyConfiguration();
            if (ldapPasswordPolicyConfiguration != null) {
                this.logger.debug("Applying password policy to {}", authenticate);
                emptyList = ldapPasswordPolicyConfiguration.getAccountStateHandler().handle(authenticate, ldapPasswordPolicyConfiguration);
            } else {
                this.logger.debug("No ldap password policy configuration is defined");
                emptyList = Collections.emptyList();
            }
            if (((Boolean) authenticate.getResult()).booleanValue()) {
                this.logger.debug("LDAP response returned as result. Creating the final LDAP principal");
                return createHandlerResult(usernamePasswordCredential, createPrincipal(usernamePasswordCredential.getUsername(), authenticate.getLdapEntry()), emptyList);
            }
            if (AuthenticationResultCode.DN_RESOLUTION_FAILURE != authenticate.getAuthenticationResultCode()) {
                throw new FailedLoginException("Invalid credentials");
            }
            this.logger.warn("DN resolution failed. {}", authenticate.getMessage());
            throw new AccountNotFoundException(String.valueOf(usernamePasswordCredential.getUsername()) + " not found.");
        } catch (LdapException e) {
            this.logger.trace(e.getMessage(), e);
            throw new PreventedException("Unexpected LDAP error", e);
        }
    }

    public boolean supports(Credential credential) {
        return Conversions.booleanValue(TraceLogAspect.aspectOf().traceMethod(new AjcClosure1(new Object[]{this, credential, Factory.makeJP(ajc$tjp_0, this, this, credential)}).linkClosureAndJoinPoint(69648)));
    }

    public String getName() {
        return (String) TraceLogAspect.aspectOf().traceMethod(new AjcClosure3(new Object[]{this, Factory.makeJP(ajc$tjp_1, this, this)}).linkClosureAndJoinPoint(69648));
    }

    protected Principal createPrincipal(String str, LdapEntry ldapEntry) throws LoginException {
        String str2;
        this.logger.debug("Creating LDAP principal for {} based on {}", str, ldapEntry.getDn());
        if (this.principalIdAttribute != null) {
            LdapAttribute attribute = ldapEntry.getAttribute(this.principalIdAttribute);
            if (attribute == null || attribute.size() == 0) {
                throw new LoginException(String.valueOf(this.principalIdAttribute) + " attribute not found for " + str);
            }
            if (attribute.size() > 1) {
                if (!this.allowMultiplePrincipalAttributeValues) {
                    throw new LoginException("Multiple principal values not allowed: " + attribute);
                }
                this.logger.warn("Found multiple values for principal ID attribute: {}. Using first value={}.", attribute, attribute.getStringValue());
            }
            str2 = attribute.getStringValue();
            this.logger.debug("Retrieved principal id attribute {}", str2);
        } else {
            str2 = str;
            this.logger.debug("Principal id attribute is not defined. Using the default id {}", str2);
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap(this.principalAttributeMap.size());
        for (Map.Entry<String, String> entry : this.principalAttributeMap.entrySet()) {
            LdapAttribute attribute2 = ldapEntry.getAttribute(entry.getKey());
            if (attribute2 != null) {
                this.logger.debug("Found principal attribute: {}", attribute2);
                String value = entry.getValue();
                if (attribute2.size() > 1) {
                    this.logger.debug("Principal attribute: {} is multivalued", attribute2);
                    linkedHashMap.put(value, attribute2.getStringValues());
                } else {
                    linkedHashMap.put(value, attribute2.getStringValue());
                }
            }
        }
        this.logger.debug("Created LDAP principal for id {} and {} attributes", str2, Integer.valueOf(linkedHashMap.size()));
        return this.principalFactory.createPrincipal(str2, linkedHashMap);
    }

    @PostConstruct
    public void initialize() {
        TraceLogAspect.aspectOf().traceMethod(new AjcClosure5(new Object[]{this, Factory.makeJP(ajc$tjp_2, this, this)}).linkClosureAndJoinPoint(69648));
    }

    static {
        ajc$preClinit();
    }

    static final boolean supports_aroundBody0(LdapAuthenticationHandler ldapAuthenticationHandler, Credential credential, JoinPoint joinPoint) {
        return credential instanceof UsernamePasswordCredential;
    }

    static final String getName_aroundBody2(LdapAuthenticationHandler ldapAuthenticationHandler, JoinPoint joinPoint) {
        return ldapAuthenticationHandler.name;
    }

    static final void initialize_aroundBody4(LdapAuthenticationHandler ldapAuthenticationHandler, JoinPoint joinPoint) {
        HashSet hashSet = new HashSet();
        ldapAuthenticationHandler.logger.debug("Initializing LDAP attribute configuration.");
        if (ldapAuthenticationHandler.principalIdAttribute != null) {
            ldapAuthenticationHandler.logger.debug("Configured to retrieve principal id attribute {}", ldapAuthenticationHandler.principalIdAttribute);
            hashSet.add(ldapAuthenticationHandler.principalIdAttribute);
        }
        if (!ldapAuthenticationHandler.principalAttributeMap.isEmpty()) {
            Set<String> keySet = ldapAuthenticationHandler.principalAttributeMap.keySet();
            hashSet.addAll(keySet);
            ldapAuthenticationHandler.logger.debug("Configured to retrieve principal attribute collection of {}", keySet);
        }
        if (!ldapAuthenticationHandler.additionalAttributes.isEmpty()) {
            hashSet.addAll(ldapAuthenticationHandler.additionalAttributes);
            ldapAuthenticationHandler.logger.debug("Configured to retrieve additional attributes {}", ldapAuthenticationHandler.additionalAttributes);
        }
        if (!hashSet.isEmpty()) {
            ldapAuthenticationHandler.authenticatedEntryAttributes = (String[]) hashSet.toArray(new String[hashSet.size()]);
        }
        ldapAuthenticationHandler.logger.debug("LDAP authentication entry attributes are {}", ldapAuthenticationHandler.authenticatedEntryAttributes);
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("LdapAuthenticationHandler.java", LdapAuthenticationHandler.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "supports", "org.jasig.cas.authentication.LdapAuthenticationHandler", "org.jasig.cas.authentication.Credential", "credential", "", "boolean"), 205);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "getName", "org.jasig.cas.authentication.LdapAuthenticationHandler", "", "", "", "java.lang.String"), 210);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "initialize", "org.jasig.cas.authentication.LdapAuthenticationHandler", "", "", "", "void"), 273);
    }
}
