package org.jasig.cas.authentication.principal;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import javax.validation.constraints.NotNull;
import org.jasig.cas.authentication.Credential;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.LdapException;
import org.ldaptive.Response;
import org.ldaptive.SearchExecutor;
import org.ldaptive.SearchFilter;
import org.ldaptive.SearchResult;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;

/* loaded from: input_file:org/jasig/cas/authentication/principal/CredentialsToLdapAttributePrincipalResolver.class */
public class CredentialsToLdapAttributePrincipalResolver extends AbstractLdapPersonDirectoryPrincipalResolver implements InitializingBean {

    @NotNull
    private final SearchExecutor searchExecutor;

    @NotNull
    private final ConnectionFactory connectionFactory;

    @NotNull
    private PrincipalResolver principalResolver;
    private Map<String, String> attributeMapping = new HashMap();
    private boolean allowMultipleResults = false;

    @NotNull
    private String usernameAttribute = "user";

    public CredentialsToLdapAttributePrincipalResolver(ConnectionFactory connectionFactory, SearchExecutor searchExecutor) {
        this.connectionFactory = connectionFactory;
        this.searchExecutor = searchExecutor;
    }

    public final void setAllowMultipleResults(boolean z) {
        this.allowMultipleResults = z;
    }

    public final void setAttributeMapping(Map<String, String> map) {
        this.attributeMapping = map;
    }

    public final void setUsernameAttribute(String str) {
        this.usernameAttribute = str;
    }

    public final void setPrincipalResolver(PrincipalResolver principalResolver) {
        this.principalResolver = principalResolver;
    }

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.principalResolver, "principalResolver cannot be null");
        Assert.notNull(this.searchExecutor.getSearchFilter(), "SearchExecutor#searchFilter cannot be null.");
        Assert.notNull(this.searchExecutor.getSearchFilter().getFilter(), "SearchExecutor#searchFilter#filter cannot be null.");
    }

    public final boolean supports(Credential credential) {
        return this.principalResolver.supports(credential);
    }

    protected String extractPrincipalId(Credential credential) {
        Principal resolve = this.principalResolver.resolve(credential);
        if (resolve == null) {
            this.logger.warn("Initial principal could not be resolved from request via {}, returning null", this.principalResolver.getClass().getSimpleName());
            return null;
        }
        this.logger.debug("Resolved {}. Trying LDAP resolve now...", resolve);
        Principal resolveFromLDAP = resolveFromLDAP(resolve);
        if (resolveFromLDAP == null) {
            this.logger.info("Initial principal {} was not found in LDAP, returning null", resolve.getId());
            return null;
        }
        this.logger.debug("Resolved {} to {}", resolve, resolveFromLDAP);
        return resolveFromLDAP.getId();
    }

    protected final Principal resolveFromLDAP(Principal principal) {
        Principal principalFromEntry;
        try {
            this.logger.debug("Attempting to resolve LDAP principal for {}.", principal);
            HashSet hashSet = new HashSet(this.attributeMapping.keySet());
            hashSet.add(this.usernameAttribute);
            Response search = this.searchExecutor.search(this.connectionFactory, createSearchFilter(principal), (String[]) hashSet.toArray(new String[0]));
            this.logger.debug("LDAP response: {}", search);
            SearchResult searchResult = (SearchResult) search.getResult();
            if (searchResult.getEntries().size() > 1 && !this.allowMultipleResults) {
                throw new IllegalStateException("Multiple search results found but not allowed.");
            }
            if (searchResult.getEntries().isEmpty()) {
                this.logger.debug("No results found for {}.", principal);
                principalFromEntry = null;
            } else {
                principalFromEntry = principalFromEntry(searchResult.getEntry());
            }
            this.logger.debug("Resolved principal {}", principalFromEntry);
            return principalFromEntry;
        } catch (LdapException e) {
            this.logger.error("LDAP error resolving principal from {}.", principal, e);
            return null;
        }
    }

    private Principal principalFromEntry(LdapEntry ldapEntry) {
        LdapAttribute attribute = ldapEntry.getAttribute(this.usernameAttribute);
        if (attribute == null) {
            this.logger.warn("Username attribute {} not found on {}; Returning null principal.", this.usernameAttribute, ldapEntry);
            return null;
        }
        String stringValue = attribute.getStringValue();
        HashMap hashMap = new HashMap(ldapEntry.getAttributes().size());
        for (LdapAttribute ldapAttribute : ldapEntry.getAttributes()) {
            if (!this.usernameAttribute.equals(ldapAttribute.getName())) {
                this.logger.debug("Resolving LDAP attribute [{}]", ldapAttribute.getName());
                Object binaryValue = ldapAttribute.size() == 1 ? ldapAttribute.isBinary() ? ldapAttribute.getBinaryValue() : ldapAttribute.getStringValue() : ldapAttribute.isBinary() ? ldapAttribute.getBinaryValues() : ldapAttribute.getStringValues();
                String mapAttributeName = mapAttributeName(ldapAttribute.getName());
                this.logger.debug("Resolved LDAP attribute [{}] with value [{}]", mapAttributeName, binaryValue);
                hashMap.put(mapAttributeName, binaryValue);
            }
        }
        return new SimplePrincipal(stringValue, hashMap);
    }

    private String mapAttributeName(String str) {
        String str2 = this.attributeMapping.get(str);
        return str2 != null ? str2 : str;
    }

    protected final SearchFilter createSearchFilter(Principal principal) {
        SearchFilter searchFilter = new SearchFilter();
        searchFilter.setFilter(this.searchExecutor.getSearchFilter().getFilter());
        searchFilter.setParameter(0, principal.getId());
        this.logger.debug("Constructed LDAP search filter [{}] for principal id [{}]", searchFilter.format(), principal.getId());
        return searchFilter;
    }
}
