package org.jasig.cas.adaptors.x509.authentication.handler.support.ldap;

import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import javax.validation.constraints.NotNull;
import org.jasig.cas.adaptors.x509.authentication.handler.support.ResourceCRLFetcher;
import org.jasig.cas.util.CompressionUtils;
import org.ldaptive.ConnectionConfig;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.DefaultConnectionFactory;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.LdapException;
import org.ldaptive.Response;
import org.ldaptive.ResultCode;
import org.ldaptive.SearchExecutor;
import org.ldaptive.SearchResult;
import org.springframework.core.io.ByteArrayResource;

/* loaded from: input_file:org/jasig/cas/adaptors/x509/authentication/handler/support/ldap/LdaptiveResourceCRLFetcher.class */
public class LdaptiveResourceCRLFetcher extends ResourceCRLFetcher {
    protected final SearchExecutor searchExecutor;
    protected final ConnectionConfig connectionConfig;

    public LdaptiveResourceCRLFetcher(@NotNull ConnectionConfig connectionConfig, @NotNull SearchExecutor searchExecutor) {
        this.connectionConfig = connectionConfig;
        this.searchExecutor = searchExecutor;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.jasig.cas.adaptors.x509.authentication.handler.support.ResourceCRLFetcher
    public X509CRL fetchInternal(Object obj) throws Exception {
        return obj.toString().toLowerCase().startsWith("ldap") ? fetchCRLFromLdap(obj) : super.fetchInternal(obj);
    }

    protected X509CRL fetchCRLFromLdap(Object obj) throws Exception {
        try {
            String obj2 = obj.toString();
            this.logger.debug("Fetching CRL from ldap {}", obj2);
            Response<SearchResult> performLdapSearch = performLdapSearch(obj2);
            if (performLdapSearch.getResultCode() != ResultCode.SUCCESS) {
                this.logger.debug("Failed to execute the search [{}]", performLdapSearch);
                throw new CertificateException("Failed to establish a connection ldap and search.");
            }
            LdapEntry entry = ((SearchResult) performLdapSearch.getResult()).getEntry();
            LdapAttribute attribute = entry.getAttribute();
            this.logger.debug("Located entry [{}]. Retrieving first attribute [{}]", entry, attribute);
            return fetchX509CRLFromAttribute(attribute);
        } catch (LdapException e) {
            this.logger.error(e.getMessage(), e);
            throw new CertificateException((Throwable) e);
        }
    }

    protected X509CRL fetchX509CRLFromAttribute(LdapAttribute ldapAttribute) throws Exception {
        if (ldapAttribute == null) {
            throw new CertificateException("Attribute not found. Can not retrieve CRL");
        }
        byte[] binaryValue = ldapAttribute.getBinaryValue();
        if (binaryValue == null || binaryValue.length == 0) {
            throw new CertificateException("Empty attribute. Can not download CRL from ldap");
        }
        byte[] decodeBase64ToByteArray = CompressionUtils.decodeBase64ToByteArray(binaryValue);
        if (decodeBase64ToByteArray == null) {
            throw new CertificateException("Could not decode the attribute value to base64");
        }
        this.logger.debug("Retrieved CRL from ldap as byte array decoded in base64. Fetching...");
        return super.fetch(new ByteArrayResource(decodeBase64ToByteArray));
    }

    protected Response<SearchResult> performLdapSearch(String str) throws LdapException {
        return this.searchExecutor.search(prepareConnectionFactory(str));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ConnectionFactory prepareConnectionFactory(String str) {
        ConnectionConfig newConnectionConfig = ConnectionConfig.newConnectionConfig(this.connectionConfig);
        newConnectionConfig.setLdapUrl(str);
        return new DefaultConnectionFactory(newConnectionConfig);
    }
}
