package org.apereo.cas.authentication.surrogate;

import java.util.Arrays;
import java.util.Collection;
import java.util.LinkedHashSet;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.configuration.model.support.surrogate.SurrogateAuthenticationProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.util.LdapUtils;
import org.apereo.cas.util.RegexUtils;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.LdapAttribute;
import org.ldaptive.Response;
import org.ldaptive.SearchFilter;
import org.ldaptive.SearchResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/authentication/surrogate/LdapSurrogateUsernamePasswordService.class */
public class LdapSurrogateUsernamePasswordService implements SurrogateAuthenticationService {
    private static final Logger LOGGER = LoggerFactory.getLogger(LdapSurrogateUsernamePasswordService.class);
    private final ConnectionFactory connectionFactory;
    private final SurrogateAuthenticationProperties.Ldap ldapProperties;

    public LdapSurrogateUsernamePasswordService(ConnectionFactory connectionFactory, SurrogateAuthenticationProperties.Ldap ldap) {
        this.connectionFactory = connectionFactory;
        this.ldapProperties = ldap;
    }

    @Override // org.apereo.cas.authentication.surrogate.SurrogateAuthenticationService
    public boolean canAuthenticateAs(String str, Principal principal) {
        try {
            if (str.equalsIgnoreCase(principal.getId())) {
                return true;
            }
            SearchFilter newLdaptiveSearchFilter = Beans.newLdaptiveSearchFilter(this.ldapProperties.getSurrogateSearchFilter(), Arrays.asList(str));
            LOGGER.debug("Using search filter: [{}]", newLdaptiveSearchFilter);
            Response executeSearchOperation = LdapUtils.executeSearchOperation(this.connectionFactory, this.ldapProperties.getBaseDn(), newLdaptiveSearchFilter);
            LOGGER.debug("LDAP response: [{}]", executeSearchOperation);
            return LdapUtils.containsResultEntry(executeSearchOperation);
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
            return false;
        }
    }

    @Override // org.apereo.cas.authentication.surrogate.SurrogateAuthenticationService
    public Collection<String> getEligibleAccountsForSurrogateToProxy(String str) {
        Response executeSearchOperation;
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        try {
            SearchFilter newLdaptiveSearchFilter = Beans.newLdaptiveSearchFilter(this.ldapProperties.getSearchFilter(), Arrays.asList(str));
            LOGGER.debug("Using search filter: [{}]", newLdaptiveSearchFilter);
            executeSearchOperation = LdapUtils.executeSearchOperation(this.connectionFactory, this.ldapProperties.getBaseDn(), newLdaptiveSearchFilter);
            LOGGER.debug("LDAP response: [{}]", executeSearchOperation);
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
        }
        if (!LdapUtils.containsResultEntry(executeSearchOperation)) {
            return linkedHashSet;
        }
        LdapAttribute attribute = ((SearchResult) executeSearchOperation.getResult()).getEntry().getAttribute(this.ldapProperties.getMemberAttributeName());
        if (attribute == null || attribute.getStringValues().isEmpty()) {
            return linkedHashSet;
        }
        Pattern createPattern = RegexUtils.createPattern(this.ldapProperties.getMemberAttributeValueRegex());
        Stream stream = attribute.getStringValues().stream();
        createPattern.getClass();
        linkedHashSet.addAll((Collection) stream.map((v1) -> {
            return r2.matcher(v1);
        }).filter((v0) -> {
            return v0.matches();
        }).map(matcher -> {
            return matcher.group(1);
        }).collect(Collectors.toList()));
        return linkedHashSet;
    }
}
