package org.apereo.cas.authentication.principal.ldap;

import java.util.HashMap;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.ArrayUtils;
import org.apereo.cas.authentication.principal.BaseDelegatedClientAuthenticationCredentialResolver;
import org.apereo.cas.authentication.principal.ClientCredential;
import org.apereo.cas.authentication.principal.DelegatedAuthenticationCandidateProfile;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationLdapProfileSelectionProperties;
import org.apereo.cas.util.LdapConnectionFactory;
import org.apereo.cas.util.LdapUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationConfigurationContext;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.FilterTemplate;
import org.ldaptive.LdapAttribute;
import org.ldaptive.SearchResponse;
import org.pac4j.core.profile.UserProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/authentication/principal/ldap/LdapDelegatedClientAuthenticationCredentialResolver.class */
public class LdapDelegatedClientAuthenticationCredentialResolver extends BaseDelegatedClientAuthenticationCredentialResolver implements DisposableBean {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(LdapDelegatedClientAuthenticationCredentialResolver.class);
    private final ConnectionFactory connectionFactory;

    public LdapDelegatedClientAuthenticationCredentialResolver(DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext, ConnectionFactory connectionFactory) {
        super(delegatedClientAuthenticationConfigurationContext);
        this.connectionFactory = connectionFactory;
    }

    public List<DelegatedAuthenticationCandidateProfile> resolve(RequestContext requestContext, ClientCredential clientCredential) {
        return (List) FunctionUtils.doUnchecked(() -> {
            UserProfile userProfile = resolveUserProfile(requestContext, clientCredential).get();
            Pac4jDelegatedAuthenticationLdapProfileSelectionProperties ldap = this.configContext.getCasProperties().getAuthn().getPac4j().getProfileSelection().getLdap();
            LdapConnectionFactory ldapConnectionFactory = new LdapConnectionFactory(this.connectionFactory);
            try {
                FilterTemplate newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter(ldap.getSearchFilter(), "user", List.of(userProfile.getId()));
                LOGGER.debug("Fetching user attributes [{}] for [{}] via [{}]", new Object[]{ldap.getAttributes(), userProfile, newLdaptiveSearchFilter});
                SearchResponse executeSearchOperation = ldapConnectionFactory.executeSearchOperation(ldap.getBaseDn(), newLdaptiveSearchFilter, 0, (String[]) ldap.getAttributes().toArray(ArrayUtils.EMPTY_STRING_ARRAY));
                LOGGER.debug("Found entries: [{}]", Integer.valueOf(executeSearchOperation.getEntries().size()));
                List list = (List) executeSearchOperation.getEntries().stream().map(ldapEntry -> {
                    LOGGER.trace("Found entry [{}]", ldapEntry);
                    HashMap hashMap = new HashMap(userProfile.getAttributes());
                    for (LdapAttribute ldapAttribute : ldapEntry.getAttributes()) {
                        hashMap.put(ldapAttribute.getName(), ldapAttribute.getStringValues());
                    }
                    Optional map = Optional.ofNullable(ldapEntry.getAttribute(ldap.getProfileIdAttribute())).map((v0) -> {
                        return v0.getStringValue();
                    });
                    Objects.requireNonNull(userProfile);
                    String str = (String) map.orElseGet(userProfile::getId);
                    LOGGER.debug("Adding attributes [{}] to the selected profile: [{}]", hashMap, str);
                    return DelegatedAuthenticationCandidateProfile.builder().attributes(hashMap).id(str).key(UUID.randomUUID().toString()).linkedId(userProfile.getId()).build();
                }).collect(Collectors.toList());
                ldapConnectionFactory.close();
                return list;
            } catch (Throwable th) {
                try {
                    ldapConnectionFactory.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        });
    }

    public void destroy() {
        this.connectionFactory.close();
    }
}
