package com.evolveum.midpoint.authentication.impl.ldap;

import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.config.AuthenticationEvaluator;
import com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext;
import com.evolveum.midpoint.model.api.context.PreAuthenticationContext;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import java.util.Collection;
import java.util.List;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;

/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.6.2-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/ldap/MidpointPrincipalContextMapper.class */
public class MidpointPrincipalContextMapper implements UserDetailsContextMapper {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) MidpointPrincipalContextMapper.class);

    @Autowired
    @Qualifier("passwordAuthenticationEvaluator")
    private AuthenticationEvaluator<PasswordAuthenticationContext> authenticationEvaluator;

    @Override // org.springframework.security.ldap.userdetails.UserDetailsContextMapper
    public UserDetails mapUserFromContext(DirContextOperations dirContextOperations, String str, Collection<? extends GrantedAuthority> collection) {
        if (!(dirContextOperations instanceof LdapDirContextAdapter) || ((LdapDirContextAdapter) dirContextOperations).getNamingAttr() == null) {
            LOGGER.debug("Couldn't define midpoint user");
            throw new AuthenticationServiceException("web.security.provider.invalid");
        }
        try {
            String resolveLdapName = resolveLdapName(dirContextOperations, str, ((LdapDirContextAdapter) dirContextOperations).getNamingAttr());
            Class<? extends FocusType> focusType = ((LdapDirContextAdapter) dirContextOperations).getFocusType();
            List<ObjectReferenceType> requireAssignment = ((LdapDirContextAdapter) dirContextOperations).getRequireAssignment();
            AuthenticationChannel channel = ((LdapDirContextAdapter) dirContextOperations).getChannel();
            ConnectionEnvironment connectionEnvironment = ((LdapDirContextAdapter) dirContextOperations).getConnectionEnvironment();
            PreAuthenticationContext preAuthenticationContext = new PreAuthenticationContext(resolveLdapName, focusType, requireAssignment);
            if (channel != null) {
                preAuthenticationContext.setSupportActivationByChannel(channel.isSupportActivationByChannel());
            }
            try {
                return (UserDetails) this.authenticationEvaluator.authenticateUserPreAuthenticated(connectionEnvironment, preAuthenticationContext).getPrincipal();
            } catch (AuthenticationServiceException | DisabledException | UsernameNotFoundException e) {
                throw new AuditedAuthenticationException(e);
            }
        } catch (NamingException e2) {
            throw new SystemException(e2.getMessage(), e2);
        } catch (ObjectNotFoundException e3) {
            throw new UsernameNotFoundException("web.security.provider.invalid.credentials", e3);
        }
    }

    private String resolveLdapName(DirContextOperations dirContextOperations, String str, String str2) throws NamingException, ObjectNotFoundException {
        Attribute attribute = dirContextOperations.getAttributes().get(str2);
        if (attribute != null) {
            if (attribute.size() != 1) {
                if (attribute.size() == 0) {
                    LOGGER.debug("LDAP attribute, which define username is empty");
                    throw new AuthenticationServiceException("web.security.provider.invalid");
                }
                LOGGER.debug("LDAP attribute, which define username contains more values {}", attribute.getAll());
                throw new AuthenticationServiceException("web.security.provider.invalid");
            }
            Object obj = attribute.get(0);
            if (obj != null) {
                return obj.toString().toLowerCase();
            }
        }
        return str;
    }

    @Override // org.springframework.security.ldap.userdetails.UserDetailsContextMapper
    public void mapUserToContext(UserDetails userDetails, DirContextAdapter dirContextAdapter) {
        throw new UnsupportedOperationException();
    }
}
