package pl.edu.icm.unity.ldap.client;

import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.ObjectFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.engine.api.authn.AbstractCredentialVerificatorFactory;
import pl.edu.icm.unity.engine.api.authn.AuthenticationException;
import pl.edu.icm.unity.engine.api.authn.AuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.CredentialReset;
import pl.edu.icm.unity.engine.api.authn.RemoteAuthenticationException;
import pl.edu.icm.unity.engine.api.authn.RemoteAuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.remote.AuthenticationTriggeringContext;
import pl.edu.icm.unity.engine.api.authn.remote.RemoteAuthnResponseProcessor;
import pl.edu.icm.unity.engine.api.authn.remote.RemoteAuthnResultTranslator;
import pl.edu.icm.unity.engine.api.authn.remote.RemotelyAuthenticatedInput;
import pl.edu.icm.unity.engine.api.utils.PrototypeComponent;
import pl.edu.icm.unity.stdext.credential.NoCredentialResetImpl;
import pl.edu.icm.unity.stdext.credential.pass.PasswordExchange;

@PrototypeComponent
/* loaded from: input_file:pl/edu/icm/unity/ldap/client/LdapPasswordVerificator.class */
public class LdapPasswordVerificator extends LdapBaseVerificator implements PasswordExchange {
    private static final Logger log = Log.getLogger("unity.server.ldap", LdapPasswordVerificator.class);
    public static final String NAME = "ldap";
    public static final String DESCRIPTION = "Verifies password using LDAPv3 protocol";

    @Component
    /* loaded from: input_file:pl/edu/icm/unity/ldap/client/LdapPasswordVerificator$Factory.class */
    public static class Factory extends AbstractCredentialVerificatorFactory {
        @Autowired
        public Factory(ObjectFactory<LdapPasswordVerificator> objectFactory) {
            super("ldap", LdapPasswordVerificator.DESCRIPTION, objectFactory);
        }
    }

    @Autowired
    public LdapPasswordVerificator(RemoteAuthnResultTranslator remoteAuthnResultTranslator, PKIManagement pKIManagement, RemoteAuthnResponseProcessor remoteAuthnResponseProcessor) {
        super("ldap", DESCRIPTION, remoteAuthnResultTranslator, pKIManagement, "password exchange", remoteAuthnResponseProcessor);
    }

    public AuthenticationResult checkPassword(String str, String str2, String str3, boolean z, AuthenticationTriggeringContext authenticationTriggeringContext) throws AuthenticationException {
        return this.remoteAuthnProcessor.executeVerificator(() -> {
            return authenticateWithPassword(str, str2, str3, z, authenticationTriggeringContext);
        }, authenticationTriggeringContext);
    }

    private AuthenticationResult authenticateWithPassword(String str, String str2, String str3, boolean z, AuthenticationTriggeringContext authenticationTriggeringContext) {
        try {
            return addGenericMessageIfError(getResult(getRemotelyAuthenticatedInput(str, str2), this.translationProfile, authenticationTriggeringContext.isSandboxTriggered(), str3, z), new AuthenticationResult.ResolvableError("WebPasswordRetrieval.wrongPassword", new Object[0]));
        } catch (Exception e) {
            log.debug("LDAP authentication with password failed", e);
            return RemoteAuthenticationResult.failed(e);
        }
    }

    private RemotelyAuthenticatedInput getRemotelyAuthenticatedInput(String str, String str2) throws RemoteAuthenticationException {
        try {
            return this.client.bindAndSearch(str, str2, this.clientConfiguration);
        } catch (LdapAuthenticationException e) {
            log.debug("LDAP authentication failed", e);
            throw new RemoteAuthenticationException("Authentication has failed", e);
        } catch (Exception e2) {
            throw new RemoteAuthenticationException("Problem when authenticating against the LDAP server", e2);
        }
    }

    public CredentialReset getCredentialResetBackend() {
        return new NoCredentialResetImpl();
    }
}
