package org.ldaptive.auth;

import java.util.Arrays;
import java.util.Iterator;
import org.apache.commons.jexl3.scripting.JexlScriptEngine;
import org.ldaptive.AbstractSearchOperationFactory;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.DerefAliases;
import org.ldaptive.FilterTemplate;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.LdapException;
import org.ldaptive.ReturnAttributes;
import org.ldaptive.SearchRequest;
import org.ldaptive.SearchResponse;
import org.ldaptive.SearchScope;
import org.springframework.beans.PropertyAccessor;

/* loaded from: input_file:WEB-INF/lib/ldaptive-2.1.1.jar:org/ldaptive/auth/SearchDnResolver.class */
public class SearchDnResolver extends AbstractSearchOperationFactory implements DnResolver {
    private String userFilter;
    private Object[] userFilterParameters;
    private boolean allowMultipleDns;
    private boolean subtreeSearch;
    private String resolveFromAttribute;
    private String baseDn = "";
    private DerefAliases derefAliases = DerefAliases.NEVER;

    /* loaded from: input_file:WEB-INF/lib/ldaptive-2.1.1.jar:org/ldaptive/auth/SearchDnResolver$Builder.class */
    public static class Builder {
        private final SearchDnResolver object = new SearchDnResolver();

        protected Builder() {
        }

        public Builder factory(ConnectionFactory connectionFactory) {
            this.object.setConnectionFactory(connectionFactory);
            return this;
        }

        public Builder dn(String str) {
            this.object.setBaseDn(str);
            return this;
        }

        public Builder filter(String str) {
            this.object.setUserFilter(str);
            return this;
        }

        public Builder filterParameters(Object... objArr) {
            this.object.setUserFilterParameters(objArr);
            return this;
        }

        public Builder allowMultipleDns(boolean z) {
            this.object.setAllowMultipleDns(z);
            return this;
        }

        public Builder subtreeSearch(boolean z) {
            this.object.setSubtreeSearch(z);
            return this;
        }

        public Builder aliases(DerefAliases derefAliases) {
            this.object.setDerefAliases(derefAliases);
            return this;
        }

        public Builder resolveFromAttribute(String str) {
            this.object.setResolveFromAttribute(str);
            return this;
        }

        public SearchDnResolver build() {
            return this.object;
        }
    }

    public SearchDnResolver() {
    }

    public SearchDnResolver(ConnectionFactory connectionFactory) {
        setConnectionFactory(connectionFactory);
    }

    public String getBaseDn() {
        return this.baseDn;
    }

    public void setBaseDn(String str) {
        this.logger.trace("setting baseDn: {}", str);
        this.baseDn = str;
    }

    public String getUserFilter() {
        return this.userFilter;
    }

    public void setUserFilter(String str) {
        this.logger.trace("setting userFilter: {}", str);
        this.userFilter = str;
    }

    public Object[] getUserFilterParameters() {
        return this.userFilterParameters;
    }

    public void setUserFilterParameters(Object[] objArr) {
        this.logger.trace("setting userFilterParameters: {}", Arrays.toString(objArr));
        this.userFilterParameters = objArr;
    }

    public boolean getAllowMultipleDns() {
        return this.allowMultipleDns;
    }

    public void setAllowMultipleDns(boolean z) {
        this.logger.trace("setting allowMultipleDns: {}", Boolean.valueOf(z));
        this.allowMultipleDns = z;
    }

    public boolean getSubtreeSearch() {
        return this.subtreeSearch;
    }

    public void setSubtreeSearch(boolean z) {
        this.logger.trace("setting subtreeSearch: {}", Boolean.valueOf(z));
        this.subtreeSearch = z;
    }

    public DerefAliases getDerefAliases() {
        return this.derefAliases;
    }

    public void setDerefAliases(DerefAliases derefAliases) {
        this.logger.trace("setting derefAliases: {}", derefAliases);
        this.derefAliases = derefAliases;
    }

    public String getResolveFromAttribute() {
        return this.resolveFromAttribute;
    }

    public void setResolveFromAttribute(String str) {
        this.logger.trace("setting resolveFromAttribute: {}", str);
        this.resolveFromAttribute = str;
    }

    @Override // org.ldaptive.auth.DnResolver
    public String resolve(User user) throws LdapException {
        this.logger.trace("resolve user={}", user);
        String str = null;
        if (user != null) {
            FilterTemplate createFilterTemplate = createFilterTemplate(user);
            if (createFilterTemplate == null || createFilterTemplate.getFilter() == null) {
                this.logger.error("DN filter template not found, no search performed");
            } else {
                SearchResponse performLdapSearch = performLdapSearch(createFilterTemplate);
                if (!performLdapSearch.isSuccess()) {
                    throw new LdapException("Error resolving DN for user " + user + " with filter " + createFilterTemplate + ". Unsuccessful search response: " + performLdapSearch);
                }
                Iterator<LdapEntry> it = performLdapSearch.getEntries().iterator();
                if (it == null || !it.hasNext()) {
                    this.logger.info("Search for user={} failed using filter={}", user, createFilterTemplate);
                } else {
                    str = resolveDn(it.next());
                    if (it.hasNext()) {
                        this.logger.debug("Multiple results found for user={} using filter={}", user, createFilterTemplate);
                        if (!this.allowMultipleDns) {
                            throw new LdapException("Found " + performLdapSearch.entrySize() + " DNs for " + user + " : " + performLdapSearch.getEntryDns());
                        }
                    }
                }
            }
        } else {
            this.logger.warn("DN resolution cannot occur, user is null");
        }
        this.logger.debug("Resolved dn={} for user={}", str, user);
        return str;
    }

    protected String resolveDn(LdapEntry ldapEntry) {
        return this.resolveFromAttribute != null ? performResolveFromAttribute(ldapEntry) : ldapEntry.getDn();
    }

    protected String performResolveFromAttribute(LdapEntry ldapEntry) {
        LdapAttribute attribute = ldapEntry.getAttribute(this.resolveFromAttribute);
        if (attribute.size() != 1) {
            this.logger.warn("Skipping attribute as it does not meet cardinality (must contain a single value), in dn: {} resolveDnFromAttribute: {}", ldapEntry.getDn(), this.resolveFromAttribute);
            return null;
        }
        if (!attribute.isBinary()) {
            return attribute.getStringValue();
        }
        this.logger.warn("Skipping attribute as it is binary, in dn: {} resolveDnFromAttribute: {}", ldapEntry.getDn(), this.resolveFromAttribute);
        return null;
    }

    protected FilterTemplate createFilterTemplate(User user) {
        FilterTemplate filterTemplate = new FilterTemplate();
        if (user == null || user.getIdentifier() == null || "".equals(user.getIdentifier())) {
            this.logger.warn("Filter template cannot be created, user input was empty or null");
        } else if (this.userFilter != null) {
            this.logger.debug("Searching for DN using userFilter");
            filterTemplate.setFilter(this.userFilter);
            if (this.userFilterParameters != null) {
                filterTemplate.setParameters(this.userFilterParameters);
            }
            filterTemplate.setParameter("user", user.getIdentifier());
            filterTemplate.setParameter(JexlScriptEngine.CONTEXT_KEY, user.getContext());
        } else {
            this.logger.error("Invalid userFilter, cannot be null or empty.");
        }
        return filterTemplate;
    }

    protected SearchRequest createSearchRequest(FilterTemplate filterTemplate) {
        return (SearchRequest) SearchRequest.builder().dn(this.baseDn).filter(filterTemplate).returnAttributes(this.resolveFromAttribute == null ? ReturnAttributes.NONE.value() : new String[]{this.resolveFromAttribute}).scope(this.subtreeSearch ? SearchScope.SUBTREE : SearchScope.ONELEVEL).aliases(this.derefAliases).build();
    }

    protected SearchResponse performLdapSearch(FilterTemplate filterTemplate) throws LdapException {
        return createSearchOperation().execute(createSearchRequest(filterTemplate));
    }

    public String toString() {
        return PropertyAccessor.PROPERTY_KEY_PREFIX + getClass().getName() + "@" + hashCode() + "::factory=" + getConnectionFactory() + ", baseDn=" + this.baseDn + ", userFilter=" + this.userFilter + ", userFilterParameters=" + Arrays.toString(this.userFilterParameters) + ", allowMultipleDns=" + this.allowMultipleDns + ", subtreeSearch=" + this.subtreeSearch + ", derefAliases=" + this.derefAliases + ", resolveDnFromAttribute=" + this.resolveFromAttribute + "]";
    }

    public static Builder builder() {
        return new Builder();
    }
}
