package org.ldaptive.auth;

import java.util.Arrays;
import org.ldaptive.Credential;
import org.ldaptive.LdapEntry;
import org.ldaptive.LdapException;
import org.ldaptive.ReturnAttributes;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/ldaptive-1.0.13.jar:org/ldaptive/auth/Authenticator.class */
public class Authenticator {
    private static final EntryResolver NOOP_RESOLVER = new NoOpEntryResolver();
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private DnResolver dnResolver;
    private AuthenticationHandler authenticationHandler;
    private EntryResolver entryResolver;
    private AuthenticationRequestHandler[] authenticationRequestHandlers;
    private AuthenticationResponseHandler[] authenticationResponseHandlers;
    private boolean resolveEntryOnFailure;

    public Authenticator() {
    }

    public Authenticator(DnResolver dnResolver, AuthenticationHandler authenticationHandler) {
        setDnResolver(dnResolver);
        setAuthenticationHandler(authenticationHandler);
    }

    public DnResolver getDnResolver() {
        return this.dnResolver;
    }

    public void setDnResolver(DnResolver dnResolver) {
        this.dnResolver = dnResolver;
    }

    public AuthenticationHandler getAuthenticationHandler() {
        return this.authenticationHandler;
    }

    public void setAuthenticationHandler(AuthenticationHandler authenticationHandler) {
        this.authenticationHandler = authenticationHandler;
    }

    public EntryResolver getEntryResolver() {
        return this.entryResolver;
    }

    public void setEntryResolver(EntryResolver entryResolver) {
        this.entryResolver = entryResolver;
    }

    public boolean getResolveEntryOnFailure() {
        return this.resolveEntryOnFailure;
    }

    public void setResolveEntryOnFailure(boolean z) {
        this.resolveEntryOnFailure = z;
    }

    public AuthenticationRequestHandler[] getAuthenticationRequestHandlers() {
        return this.authenticationRequestHandlers;
    }

    public void setAuthenticationRequestHandlers(AuthenticationRequestHandler... authenticationRequestHandlerArr) {
        this.authenticationRequestHandlers = authenticationRequestHandlerArr;
    }

    public AuthenticationResponseHandler[] getAuthenticationResponseHandlers() {
        return this.authenticationResponseHandlers;
    }

    public void setAuthenticationResponseHandlers(AuthenticationResponseHandler... authenticationResponseHandlerArr) {
        this.authenticationResponseHandlers = authenticationResponseHandlerArr;
    }

    public String resolveDn(String str) throws LdapException {
        return this.dnResolver.resolve(str);
    }

    public String resolveDn(User user) throws LdapException {
        return this.dnResolver instanceof DnResolverEx ? ((DnResolverEx) this.dnResolver).resolve(user) : this.dnResolver.resolve(user.getIdentifier());
    }

    public AuthenticationResponse authenticate(AuthenticationRequest authenticationRequest) throws LdapException {
        return this.dnResolver instanceof DnResolverEx ? authenticate(resolveDn(authenticationRequest.getUserEx()), authenticationRequest) : authenticate(resolveDn(authenticationRequest.getUser()), authenticationRequest);
    }

    protected AuthenticationResponse authenticate(String str, AuthenticationRequest authenticationRequest) throws LdapException {
        this.logger.debug("authenticate dn={} with request={}", str, authenticationRequest);
        AuthenticationResponse validateInput = validateInput(str, authenticationRequest);
        if (validateInput != null) {
            return validateInput;
        }
        AuthenticationRequest processRequest = processRequest(str, authenticationRequest);
        AuthenticationHandlerResponse authenticationHandlerResponse = null;
        try {
            AuthenticationCriteria authenticationCriteria = new AuthenticationCriteria(str, processRequest);
            authenticationHandlerResponse = getAuthenticationHandler().authenticate(authenticationCriteria);
            LdapEntry resolveEntry = resolveEntry(authenticationRequest, authenticationHandlerResponse, authenticationCriteria);
            if (authenticationHandlerResponse != null && authenticationHandlerResponse.getConnection() != null) {
                authenticationHandlerResponse.getConnection().close();
            }
            this.logger.info("Authentication {} for dn: {}", authenticationHandlerResponse.getResult().booleanValue() ? "succeeded" : "failed", str);
            AuthenticationResponse authenticationResponse = new AuthenticationResponse(authenticationHandlerResponse.getResult().booleanValue() ? AuthenticationResultCode.AUTHENTICATION_HANDLER_SUCCESS : AuthenticationResultCode.AUTHENTICATION_HANDLER_FAILURE, authenticationHandlerResponse.getResultCode(), resolveEntry, authenticationHandlerResponse.getMessage(), authenticationHandlerResponse.getControls(), authenticationHandlerResponse.getMessageId());
            if (getAuthenticationResponseHandlers() != null && getAuthenticationResponseHandlers().length > 0) {
                for (AuthenticationResponseHandler authenticationResponseHandler : getAuthenticationResponseHandlers()) {
                    authenticationResponseHandler.handle(authenticationResponse);
                }
            }
            this.logger.debug("authenticate response={} for dn={} with request={}", authenticationHandlerResponse, str, processRequest);
            return authenticationResponse;
        } catch (Throwable th) {
            if (authenticationHandlerResponse != null && authenticationHandlerResponse.getConnection() != null) {
                authenticationHandlerResponse.getConnection().close();
            }
            throw th;
        }
    }

    protected AuthenticationResponse validateInput(String str, AuthenticationRequest authenticationRequest) {
        AuthenticationResponse authenticationResponse = null;
        Credential credential = authenticationRequest.getCredential();
        if (credential == null || credential.getBytes() == null) {
            authenticationResponse = new AuthenticationResponse(AuthenticationResultCode.INVALID_CREDENTIAL, null, null, "Credential cannot be null", null, -1);
        } else if (credential.getBytes().length == 0) {
            authenticationResponse = new AuthenticationResponse(AuthenticationResultCode.INVALID_CREDENTIAL, null, null, "Credential cannot be empty", null, -1);
        } else if (str == null) {
            authenticationResponse = new AuthenticationResponse(AuthenticationResultCode.DN_RESOLUTION_FAILURE, null, null, "DN cannot be null", null, -1);
        } else if (str.isEmpty()) {
            authenticationResponse = new AuthenticationResponse(AuthenticationResultCode.DN_RESOLUTION_FAILURE, null, null, "DN cannot be empty", null, -1);
        }
        return authenticationResponse;
    }

    protected AuthenticationRequest processRequest(String str, AuthenticationRequest authenticationRequest) throws LdapException {
        if (getAuthenticationRequestHandlers() == null || getAuthenticationRequestHandlers().length == 0) {
            return authenticationRequest;
        }
        AuthenticationRequest newAuthenticationRequest = AuthenticationRequest.newAuthenticationRequest(authenticationRequest);
        if (getAuthenticationRequestHandlers() != null && getAuthenticationRequestHandlers().length > 0) {
            for (AuthenticationRequestHandler authenticationRequestHandler : getAuthenticationRequestHandlers()) {
                authenticationRequestHandler.handle(str, newAuthenticationRequest);
            }
        }
        return newAuthenticationRequest;
    }

    protected LdapEntry resolveEntry(AuthenticationRequest authenticationRequest, AuthenticationHandlerResponse authenticationHandlerResponse, AuthenticationCriteria authenticationCriteria) throws LdapException {
        LdapEntry ldapEntry = null;
        if (this.resolveEntryOnFailure || authenticationHandlerResponse.getResult().booleanValue()) {
            EntryResolver searchEntryResolver = this.entryResolver != null ? this.entryResolver : !ReturnAttributes.NONE.equalsAttributes(authenticationRequest.getReturnAttributes()) ? new SearchEntryResolver() : NOOP_RESOLVER;
            try {
                ldapEntry = searchEntryResolver.resolve(authenticationHandlerResponse.getConnection(), authenticationCriteria);
                this.logger.trace("resolved entry={} with resolver={}", ldapEntry, searchEntryResolver);
            } catch (LdapException e) {
                this.logger.debug("entry resolution failed for resolver={}", searchEntryResolver, e);
            }
        }
        if (ldapEntry == null) {
            ldapEntry = NOOP_RESOLVER.resolve(authenticationHandlerResponse.getConnection(), authenticationCriteria);
            this.logger.trace("resolved entry={} with resolver={}", ldapEntry, NOOP_RESOLVER);
        }
        return ldapEntry;
    }

    public String toString() {
        return String.format("[%s@%d::dnResolver=%s, authenticationHandler=%s, entryResolver=%s, authenticationResponseHandlers=%s]", getClass().getName(), Integer.valueOf(hashCode()), getDnResolver(), getAuthenticationHandler(), getEntryResolver(), Arrays.toString(getAuthenticationResponseHandlers()));
    }
}
