package org.jasig.cas.authentication.principal;

import java.util.List;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.validation.constraints.NotNull;
import org.jasig.cas.util.LdapUtils;
import org.springframework.ldap.core.AttributesMapper;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-ldap-3.4.2.jar:org/jasig/cas/authentication/principal/CredentialsToLDAPAttributePrincipalResolver.class */
public final class CredentialsToLDAPAttributePrincipalResolver extends AbstractLdapPersonDirectoryCredentialsToPrincipalResolver {

    @NotNull
    private CredentialsToPrincipalResolver credentialsToPrincipalResolver;

    @Override // org.jasig.cas.authentication.principal.AbstractPersonDirectoryCredentialsToPrincipalResolver
    protected String extractPrincipalId(Credentials credentials) {
        Principal resolvePrincipal = this.credentialsToPrincipalResolver.resolvePrincipal(credentials);
        if (resolvePrincipal == null) {
            this.log.info("Initial principal could not be resolved from request, returning null");
            return null;
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("Resolved " + resolvePrincipal + ". Trying LDAP resolve now...");
        }
        String resolveFromLDAP = resolveFromLDAP(resolvePrincipal.getId());
        if (resolveFromLDAP == null) {
            this.log.info("Initial principal \"" + resolvePrincipal.getId() + "\" was not found in LDAP, returning null");
        } else {
            this.log.debug("Resolved " + resolvePrincipal + " to " + resolveFromLDAP);
        }
        return resolveFromLDAP;
    }

    private String resolveFromLDAP(String str) {
        String filterWithValues = LdapUtils.getFilterWithValues(getFilter(), str);
        if (this.log.isDebugEnabled()) {
            this.log.debug("LDAP search with filter \"" + filterWithValues + "\"");
        }
        try {
            final String str2 = getAttributeIds()[0];
            List search = getLdapTemplate().search(getSearchBase(), filterWithValues, getSearchControls(), new AttributesMapper() { // from class: org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver.1
                @Override // org.springframework.ldap.core.AttributesMapper
                public Object mapFromAttributes(Attributes attributes) throws NamingException {
                    Attribute attribute = attributes.get(str2);
                    if (attribute != null) {
                        return attribute.get();
                    }
                    CredentialsToLDAPAttributePrincipalResolver.this.log.debug("Principal attribute \"" + str2 + "\" not found in LDAP search results. Returning null.");
                    return null;
                }
            });
            if (search.isEmpty()) {
                this.log.debug("LDAP search returned zero results.");
                return null;
            }
            if (search.size() <= 1) {
                return (String) search.get(0);
            }
            this.log.error("LDAP search returned multiple results for filter \"" + filterWithValues + "\", which is not allowed.");
            return null;
        } catch (Exception e) {
            this.log.error(e.getMessage(), (Throwable) e);
            return null;
        }
    }

    @Override // org.jasig.cas.authentication.principal.CredentialsToPrincipalResolver
    public boolean supports(Credentials credentials) {
        return this.credentialsToPrincipalResolver.supports(credentials);
    }

    public final void setCredentialsToPrincipalResolver(CredentialsToPrincipalResolver credentialsToPrincipalResolver) {
        this.credentialsToPrincipalResolver = credentialsToPrincipalResolver;
    }
}
