package org.apereo.cas.authorization;

import java.util.List;
import java.util.function.Function;
import lombok.Generated;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LdapUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.ldaptive.FilterTemplate;
import org.ldaptive.LdapEntry;
import org.ldaptive.SearchOperation;
import org.ldaptive.SearchResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:org/apereo/cas/authorization/BaseUseAttributesAuthorizationGenerator.class */
public abstract class BaseUseAttributesAuthorizationGenerator implements Function<Principal, List<SimpleGrantedAuthority>> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(BaseUseAttributesAuthorizationGenerator.class);
    private final SearchOperation userSearchOperation;
    private final boolean allowMultipleResults;

    @Override // java.util.function.Function
    public List<SimpleGrantedAuthority> apply(Principal principal) {
        String id = principal.getId();
        LOGGER.debug("Attempting to get details for user [{}].", id);
        FilterTemplate newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter(this.userSearchOperation.getTemplate().getFilter(), LdapUtils.LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME, (List<String>) CollectionUtils.wrap(id));
        SearchResponse searchResponse = (SearchResponse) FunctionUtils.doUnchecked(() -> {
            return this.userSearchOperation.execute(newLdaptiveSearchFilter);
        });
        LOGGER.debug("LDAP user search response: [{}]", searchResponse);
        if (this.allowMultipleResults || searchResponse.entrySize() <= 1) {
            return searchResponse.entrySize() > 0 ? generateAuthorizationForLdapEntry(principal, searchResponse.getEntry()) : List.of();
        }
        throw new IllegalStateException("Found multiple results for user which is not allowed.");
    }

    protected abstract List<SimpleGrantedAuthority> generateAuthorizationForLdapEntry(Principal principal, LdapEntry ldapEntry);

    /* JADX INFO: Access modifiers changed from: protected */
    @Generated
    public BaseUseAttributesAuthorizationGenerator(SearchOperation searchOperation, boolean z) {
        this.userSearchOperation = searchOperation;
        this.allowMultipleResults = z;
    }

    @Generated
    public SearchOperation getUserSearchOperation() {
        return this.userSearchOperation;
    }

    @Generated
    public boolean isAllowMultipleResults() {
        return this.allowMultipleResults;
    }
}
