package org.jasig.cas.adaptors.ldap;

import java.util.ArrayList;
import javax.naming.NameClassPair;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import org.inspektr.common.ioc.annotation.IsIn;
import org.jasig.cas.authentication.handler.AuthenticationException;
import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
import org.jasig.cas.util.LdapUtils;
import org.springframework.ldap.core.NameClassPairCallbackHandler;
import org.springframework.ldap.core.SearchExecutor;

/* loaded from: input_file:org/jasig/cas/adaptors/ldap/BindLdapAuthenticationHandler.class */
public class BindLdapAuthenticationHandler extends AbstractLdapUsernamePasswordAuthenticationHandler {
    private static final int DEFAULT_MAX_NUMBER_OF_RESULTS = 1000;
    private static final int DEFAULT_TIMEOUT = 1000;
    private String searchBase;

    @IsIn({0, 1, 2})
    private int scope = 2;
    private int maxNumberResults = 1000;
    private int timeout = 1000;
    private boolean allowMultipleAccounts;

    protected final boolean authenticateUsernamePasswordInternal(UsernamePasswordCredentials usernamePasswordCredentials) throws AuthenticationException {
        final ArrayList<String> arrayList = new ArrayList();
        final SearchControls searchControls = getSearchControls();
        final String str = this.searchBase;
        final String filterWithValues = LdapUtils.getFilterWithValues(getFilter(), usernamePasswordCredentials.getUsername());
        getLdapTemplate().search(new SearchExecutor() { // from class: org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.1
            public NamingEnumeration executeSearch(DirContext dirContext) throws NamingException {
                return dirContext.search(str, filterWithValues, searchControls);
            }
        }, new NameClassPairCallbackHandler() { // from class: org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.2
            public void handleNameClassPair(NameClassPair nameClassPair) {
                arrayList.add(nameClassPair.getNameInNamespace());
            }
        });
        if (arrayList.isEmpty()) {
            this.log.info("Search for " + filterWithValues + " returned 0 results.");
            return false;
        }
        if (arrayList.size() > 1 && !this.allowMultipleAccounts) {
            this.log.warn("Search for " + filterWithValues + " returned multiple results, which is not allowed.");
            return false;
        }
        for (String str2 : arrayList) {
            DirContext dirContext = null;
            String composeCompleteDnToCheck = composeCompleteDnToCheck(str2, usernamePasswordCredentials);
            try {
                this.log.debug("Performing LDAP bind with credential: " + str2);
                dirContext = getContextSource().getContext(composeCompleteDnToCheck, usernamePasswordCredentials.getPassword());
            } catch (Exception e) {
                LdapUtils.closeContext(dirContext);
            } catch (Throwable th) {
                LdapUtils.closeContext(dirContext);
                throw th;
            }
            if (dirContext != null) {
                LdapUtils.closeContext(dirContext);
                return true;
            }
            LdapUtils.closeContext(dirContext);
        }
        return false;
    }

    protected String composeCompleteDnToCheck(String str, UsernamePasswordCredentials usernamePasswordCredentials) {
        return str;
    }

    private final SearchControls getSearchControls() {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(this.scope);
        searchControls.setReturningAttributes(new String[0]);
        searchControls.setTimeLimit(this.timeout);
        searchControls.setCountLimit(this.maxNumberResults);
        return searchControls;
    }

    protected boolean isAllowMultipleAccounts() {
        return this.allowMultipleAccounts;
    }

    protected int getMaxNumberResults() {
        return this.maxNumberResults;
    }

    protected int getScope() {
        return this.scope;
    }

    protected String getSearchBase() {
        return this.searchBase;
    }

    protected int getTimeout() {
        return this.timeout;
    }

    public final void setScope(int i) {
        this.scope = i;
    }

    public void setAllowMultipleAccounts(boolean z) {
        this.allowMultipleAccounts = z;
    }

    public final void setMaxNumberResults(int i) {
        this.maxNumberResults = i;
    }

    public final void setSearchBase(String str) {
        this.searchBase = str;
    }

    public final void setTimeout(int i) {
        this.timeout = i;
    }
}
