package org.apereo.cas.pm;

import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.validator.routines.EmailValidator;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LdapUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.Response;
import org.ldaptive.SearchFilter;
import org.ldaptive.SearchResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/pm/LdapPasswordManagementService.class */
public class LdapPasswordManagementService extends BasePasswordManagementService {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(LdapPasswordManagementService.class);
    private final ConnectionFactory ldapConnectionFactory;

    public LdapPasswordManagementService(CipherExecutor<Serializable, String> cipherExecutor, String str, PasswordManagementProperties passwordManagementProperties, PasswordHistoryService passwordHistoryService) {
        super(passwordManagementProperties, cipherExecutor, str, passwordHistoryService);
        this.ldapConnectionFactory = LdapUtils.newLdaptivePooledConnectionFactory(passwordManagementProperties.getLdap());
    }

    public String findEmail(String str) {
        String findAttribute = findAttribute(str, this.properties.getReset().getMail().getAttributeName());
        if (EmailValidator.getInstance().isValid(findAttribute)) {
            LOGGER.debug("Email address [{}] for [{}] appears valid", findAttribute, str);
            return findAttribute;
        }
        LOGGER.warn("Email address [{}] for [{}] is not valid", findAttribute, str);
        return null;
    }

    public String findPhone(String str) {
        return findAttribute(str, this.properties.getReset().getSms().getAttributeName());
    }

    public String findUsername(String str) {
        return findAttribute(str, this.properties.getLdap().getUsernameAttribute());
    }

    public Map<String, String> getSecurityQuestions(String str) {
        HashMap hashMap = new HashMap();
        try {
            PasswordManagementProperties.Ldap ldap = this.properties.getLdap();
            SearchFilter newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter(ldap.getSearchFilter(), "user", CollectionUtils.wrap(str));
            LOGGER.debug("Constructed LDAP filter [{}] to locate security questions", newLdaptiveSearchFilter);
            Response executeSearchOperation = LdapUtils.executeSearchOperation(this.ldapConnectionFactory, ldap.getBaseDn(), newLdaptiveSearchFilter, ldap.getPageSize());
            LOGGER.debug("LDAP response for security questions [{}]", executeSearchOperation);
            if (LdapUtils.containsResultEntry(executeSearchOperation)) {
                LdapEntry entry = ((SearchResult) executeSearchOperation.getResult()).getEntry();
                LOGGER.debug("Located LDAP entry [{}] in the response", entry);
                Map securityQuestionsAttributes = this.properties.getLdap().getSecurityQuestionsAttributes();
                LOGGER.debug("Security question attributes are defined to be [{}]", securityQuestionsAttributes);
                securityQuestionsAttributes.forEach((str2, str3) -> {
                    LdapAttribute attribute = entry.getAttribute(str2);
                    LdapAttribute attribute2 = entry.getAttribute(str3);
                    String stringValue = attribute.getStringValue();
                    String stringValue2 = attribute2.getStringValue();
                    if (attribute == null || attribute2 == null || !StringUtils.isNotBlank(stringValue) || !StringUtils.isNotBlank(stringValue2)) {
                        return;
                    }
                    LOGGER.debug("Added security question [{}] with answer [{}]", stringValue, stringValue2);
                    hashMap.put(stringValue, stringValue2);
                });
            } else {
                LOGGER.debug("LDAP response did not contain a result for security questions");
            }
        } catch (Exception e) {
            LOGGER.error("Error getting security questions: {}", e.getMessage(), e);
        }
        return hashMap;
    }

    private String findAttribute(String str, String str2) {
        try {
            PasswordManagementProperties.Ldap ldap = this.properties.getLdap();
            SearchFilter newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter(ldap.getSearchFilter(), "user", CollectionUtils.wrap(str));
            LOGGER.debug("Constructed LDAP filter [{}] to locate account [{}]", newLdaptiveSearchFilter, str2);
            Response executeSearchOperation = LdapUtils.executeSearchOperation(this.ldapConnectionFactory, ldap.getBaseDn(), newLdaptiveSearchFilter, ldap.getPageSize());
            LOGGER.debug("LDAP response to locate [{}] is [{}]", str2, executeSearchOperation);
            if (!LdapUtils.containsResultEntry(executeSearchOperation)) {
                LOGGER.warn("Could not locate an LDAP entry for [{}] and base DN [{}]", newLdaptiveSearchFilter.format(), ldap.getBaseDn());
                return null;
            }
            LdapEntry entry = ((SearchResult) executeSearchOperation.getResult()).getEntry();
            LOGGER.debug("Found LDAP entry [{}] to use for [{}]", entry, str2);
            LdapAttribute attribute = entry.getAttribute(str2);
            if (attribute == null) {
                LOGGER.warn("Could not locate LDAP attribute [{}] for [{}] and base DN [{}]", new Object[]{str2, newLdaptiveSearchFilter.format(), ldap.getBaseDn()});
                return null;
            }
            String stringValue = attribute.getStringValue();
            LOGGER.debug("Found [{}] [{}] for user [{}].", new Object[]{str2, stringValue, str});
            return stringValue;
        } catch (Exception e) {
            LOGGER.error("Error finding phone: {}", e.getMessage(), e);
            return null;
        }
    }

    public boolean changeInternal(Credential credential, PasswordChangeRequest passwordChangeRequest) {
        try {
            PasswordManagementProperties.Ldap ldap = this.properties.getLdap();
            UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) credential;
            SearchFilter newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter(ldap.getSearchFilter(), "user", CollectionUtils.wrap(usernamePasswordCredential.getId()));
            LOGGER.debug("Constructed LDAP filter [{}] to update account password", newLdaptiveSearchFilter);
            Response executeSearchOperation = LdapUtils.executeSearchOperation(this.ldapConnectionFactory, ldap.getBaseDn(), newLdaptiveSearchFilter, ldap.getPageSize());
            LOGGER.debug("LDAP response to update password is [{}]", executeSearchOperation);
            if (LdapUtils.containsResultEntry(executeSearchOperation)) {
                String dn = ((SearchResult) executeSearchOperation.getResult()).getEntry().getDn();
                LOGGER.debug("Updating account password for [{}]", dn);
                if (LdapUtils.executePasswordModifyOperation(dn, this.ldapConnectionFactory, usernamePasswordCredential.getPassword(), passwordChangeRequest.getPassword(), this.properties.getLdap().getType())) {
                    LOGGER.debug("Successfully updated the account password for [{}]", dn);
                    return true;
                }
                LOGGER.error("Could not update the LDAP entry's password for [{}] and base DN [{}]", newLdaptiveSearchFilter.format(), ldap.getBaseDn());
            } else {
                LOGGER.error("Could not locate an LDAP entry for [{}] and base DN [{}]", newLdaptiveSearchFilter.format(), ldap.getBaseDn());
            }
            return false;
        } catch (Exception e) {
            LOGGER.error("Error changing password: {}", e.getMessage(), e);
            return false;
        }
    }
}
