package org.jasig.cas.userdetails;

import java.util.ArrayList;
import javax.validation.constraints.NotNull;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.LdapException;
import org.ldaptive.Response;
import org.ldaptive.SearchExecutor;
import org.ldaptive.SearchFilter;
import org.ldaptive.SearchResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:org/jasig/cas/userdetails/LdapUserDetailsService.class */
public class LdapUserDetailsService implements UserDetailsService {
    public static final String DEFAULT_ROLE_PREFIX = "ROLE_";
    public static final String UNKNOWN_PASSWORD = "<UNKNOWN>";

    @NotNull
    private final ConnectionFactory connectionFactory;

    @NotNull
    private final SearchExecutor userSearchExecutor;

    @NotNull
    private final SearchExecutor roleSearchExecutor;

    @NotNull
    private final String userAttributeName;

    @NotNull
    private final String roleAttributeName;
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @NotNull
    private String rolePrefix = DEFAULT_ROLE_PREFIX;
    private boolean allowMultipleResults = false;

    public LdapUserDetailsService(ConnectionFactory connectionFactory, SearchExecutor searchExecutor, SearchExecutor searchExecutor2, String str, String str2) {
        this.connectionFactory = connectionFactory;
        this.userSearchExecutor = searchExecutor;
        this.roleSearchExecutor = searchExecutor2;
        this.userAttributeName = str;
        this.roleAttributeName = str2;
    }

    public void setRolePrefix(String str) {
        this.rolePrefix = str;
    }

    public void setAllowMultipleResults(boolean z) {
        this.allowMultipleResults = z;
    }

    public UserDetails loadUserByUsername(String str) {
        try {
            this.logger.debug("Attempting to get details for user {}.", str);
            Response search = this.userSearchExecutor.search(this.connectionFactory, createSearchFilter(this.userSearchExecutor, str));
            this.logger.debug("LDAP user search response: {}", search);
            SearchResult searchResult = (SearchResult) search.getResult();
            if (searchResult.size() == 0) {
                throw new UsernameNotFoundException(str + " not found.");
            }
            if (searchResult.size() > 1 && !this.allowMultipleResults) {
                throw new IllegalStateException("Found multiple results for user which is not allowed (allowMultipleResults=false).");
            }
            String dn = searchResult.getEntry().getDn();
            LdapAttribute attribute = searchResult.getEntry().getAttribute(this.userAttributeName);
            if (attribute == null) {
                throw new IllegalStateException(this.userAttributeName + " attribute not found in results.");
            }
            String stringValue = attribute.getStringValue();
            try {
                this.logger.debug("Attempting to get roles for user {}.", dn);
                Response search2 = this.roleSearchExecutor.search(this.connectionFactory, createSearchFilter(this.roleSearchExecutor, dn));
                this.logger.debug("LDAP role search response: {}", search2);
                SearchResult searchResult2 = (SearchResult) search2.getResult();
                ArrayList arrayList = new ArrayList(searchResult2.size());
                for (LdapEntry ldapEntry : searchResult2.getEntries()) {
                    LdapAttribute attribute2 = ldapEntry.getAttribute(this.roleAttributeName);
                    if (attribute2 == null) {
                        this.logger.warn("Role attribute not found on entry {}", ldapEntry);
                    } else {
                        arrayList.add(new SimpleGrantedAuthority(this.rolePrefix + attribute2.getStringValue().toUpperCase()));
                    }
                }
                return new User(stringValue, UNKNOWN_PASSWORD, arrayList);
            } catch (LdapException e) {
                throw new RuntimeException("LDAP error fetching roles for user.", e);
            }
        } catch (LdapException e2) {
            throw new RuntimeException("LDAP error fetching details for user.", e2);
        }
    }

    private SearchFilter createSearchFilter(SearchExecutor searchExecutor, String str) {
        SearchFilter searchFilter = new SearchFilter();
        searchFilter.setFilter(searchExecutor.getSearchFilter().getFilter());
        searchFilter.setParameter(0, str);
        this.logger.debug("Constructed LDAP search filter [{}]", searchFilter.format());
        return searchFilter;
    }
}
