package org.apereo.cas.adaptors.x509.authentication.handler.support.ldap;

import java.io.IOException;
import java.net.URI;
import java.net.URL;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import org.apereo.cas.adaptors.x509.authentication.handler.support.ResourceCRLFetcher;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.LdapUtils;
import org.apereo.inspektr.aspect.TraceLogAspect;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.reflect.Factory;
import org.ldaptive.ConnectionConfig;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.DefaultConnectionFactory;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.LdapException;
import org.ldaptive.Response;
import org.ldaptive.ResultCode;
import org.ldaptive.SearchExecutor;
import org.ldaptive.SearchResult;
import org.springframework.core.io.ByteArrayResource;
import org.springframework.core.io.Resource;

/* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/handler/support/ldap/LdaptiveResourceCRLFetcher.class */
public class LdaptiveResourceCRLFetcher extends ResourceCRLFetcher {
    protected SearchExecutor searchExecutor;
    protected ConnectionConfig connectionConfig;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;
    private static final JoinPoint.StaticPart ajc$tjp_3 = null;

    /* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/handler/support/ldap/LdaptiveResourceCRLFetcher$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return LdaptiveResourceCRLFetcher.fetch_aroundBody0((LdaptiveResourceCRLFetcher) objArr2[0], (Resource) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/handler/support/ldap/LdaptiveResourceCRLFetcher$AjcClosure3.class */
    public class AjcClosure3 extends AroundClosure {
        public AjcClosure3(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return LdaptiveResourceCRLFetcher.fetch_aroundBody2((LdaptiveResourceCRLFetcher) objArr2[0], (URI) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/handler/support/ldap/LdaptiveResourceCRLFetcher$AjcClosure5.class */
    public class AjcClosure5 extends AroundClosure {
        public AjcClosure5(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return LdaptiveResourceCRLFetcher.fetch_aroundBody4((LdaptiveResourceCRLFetcher) objArr2[0], (URL) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/handler/support/ldap/LdaptiveResourceCRLFetcher$AjcClosure7.class */
    public class AjcClosure7 extends AroundClosure {
        public AjcClosure7(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return LdaptiveResourceCRLFetcher.fetch_aroundBody6((LdaptiveResourceCRLFetcher) objArr2[0], (String) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    public LdaptiveResourceCRLFetcher() {
    }

    public LdaptiveResourceCRLFetcher(ConnectionConfig connectionConfig, SearchExecutor searchExecutor) {
        this.connectionConfig = connectionConfig;
        this.searchExecutor = searchExecutor;
    }

    @Override // org.apereo.cas.adaptors.x509.authentication.handler.support.ResourceCRLFetcher, org.apereo.cas.adaptors.x509.authentication.handler.support.CRLFetcher
    public X509CRL fetch(Resource resource) throws IOException, CRLException, CertificateException {
        return (X509CRL) TraceLogAspect.aspectOf().traceMethod(new AjcClosure1(new Object[]{this, resource, Factory.makeJP(ajc$tjp_0, this, this, resource)}).linkClosureAndJoinPoint(69648));
    }

    @Override // org.apereo.cas.adaptors.x509.authentication.handler.support.ResourceCRLFetcher, org.apereo.cas.adaptors.x509.authentication.handler.support.CRLFetcher
    public X509CRL fetch(URI uri) throws IOException, CRLException, CertificateException {
        return (X509CRL) TraceLogAspect.aspectOf().traceMethod(new AjcClosure3(new Object[]{this, uri, Factory.makeJP(ajc$tjp_1, this, this, uri)}).linkClosureAndJoinPoint(69648));
    }

    @Override // org.apereo.cas.adaptors.x509.authentication.handler.support.ResourceCRLFetcher, org.apereo.cas.adaptors.x509.authentication.handler.support.CRLFetcher
    public X509CRL fetch(URL url) throws IOException, CRLException, CertificateException {
        return (X509CRL) TraceLogAspect.aspectOf().traceMethod(new AjcClosure5(new Object[]{this, url, Factory.makeJP(ajc$tjp_2, this, this, url)}).linkClosureAndJoinPoint(69648));
    }

    @Override // org.apereo.cas.adaptors.x509.authentication.handler.support.ResourceCRLFetcher, org.apereo.cas.adaptors.x509.authentication.handler.support.CRLFetcher
    public X509CRL fetch(String str) throws IOException, CRLException, CertificateException {
        return (X509CRL) TraceLogAspect.aspectOf().traceMethod(new AjcClosure7(new Object[]{this, str, Factory.makeJP(ajc$tjp_3, this, this, str)}).linkClosureAndJoinPoint(69648));
    }

    protected X509CRL fetchCRLFromLdap(Object obj) throws CertificateException, IOException, CRLException {
        try {
            String obj2 = obj.toString();
            this.logger.debug("Fetching CRL from ldap {}", obj2);
            Response<SearchResult> performLdapSearch = performLdapSearch(obj2);
            if (performLdapSearch.getResultCode() != ResultCode.SUCCESS) {
                this.logger.debug("Failed to execute the search [{}]", performLdapSearch);
                throw new CertificateException("Failed to establish a connection ldap and search.");
            }
            LdapEntry entry = ((SearchResult) performLdapSearch.getResult()).getEntry();
            LdapAttribute attribute = entry.getAttribute();
            this.logger.debug("Located entry [{}]. Retrieving first attribute [{}]", entry, attribute);
            return fetchX509CRLFromAttribute(attribute);
        } catch (LdapException e) {
            this.logger.error(e.getMessage(), e);
            throw new CertificateException(e.getMessage());
        }
    }

    protected X509CRL fetchX509CRLFromAttribute(LdapAttribute ldapAttribute) throws CertificateException, IOException, CRLException {
        if (ldapAttribute == null) {
            throw new CertificateException("Attribute not found. Can not retrieve CRL");
        }
        byte[] binaryValue = ldapAttribute.getBinaryValue();
        if (binaryValue == null || binaryValue.length == 0) {
            throw new CertificateException("Empty attribute. Can not download CRL from ldap");
        }
        byte[] decodeBase64 = EncodingUtils.decodeBase64(binaryValue);
        if (decodeBase64 == null) {
            throw new CertificateException("Could not decode the attribute value to base64");
        }
        this.logger.debug("Retrieved CRL from ldap as byte array decoded in base64. Fetching...");
        return super.fetch((Resource) new ByteArrayResource(decodeBase64));
    }

    protected Response<SearchResult> performLdapSearch(String str) throws LdapException {
        return this.searchExecutor.search(prepareConnectionFactory(str));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ConnectionFactory prepareConnectionFactory(String str) {
        ConnectionConfig newConnectionConfig = ConnectionConfig.newConnectionConfig(this.connectionConfig);
        newConnectionConfig.setLdapUrl(str);
        return new DefaultConnectionFactory(newConnectionConfig);
    }

    public void setSearchExecutor(SearchExecutor searchExecutor) {
        this.searchExecutor = searchExecutor;
    }

    public void setConnectionConfig(ConnectionConfig connectionConfig) {
        this.connectionConfig = connectionConfig;
    }

    static {
        ajc$preClinit();
    }

    static final X509CRL fetch_aroundBody0(LdaptiveResourceCRLFetcher ldaptiveResourceCRLFetcher, Resource resource, JoinPoint joinPoint) {
        return LdapUtils.isLdapConnectionUrl(resource.toString()) ? ldaptiveResourceCRLFetcher.fetchCRLFromLdap(resource) : super.fetch(resource);
    }

    static final X509CRL fetch_aroundBody2(LdaptiveResourceCRLFetcher ldaptiveResourceCRLFetcher, URI uri, JoinPoint joinPoint) {
        return LdapUtils.isLdapConnectionUrl(uri) ? ldaptiveResourceCRLFetcher.fetchCRLFromLdap(uri) : super.fetch(uri);
    }

    static final X509CRL fetch_aroundBody4(LdaptiveResourceCRLFetcher ldaptiveResourceCRLFetcher, URL url, JoinPoint joinPoint) {
        return LdapUtils.isLdapConnectionUrl(url) ? ldaptiveResourceCRLFetcher.fetchCRLFromLdap(url) : super.fetch(url);
    }

    static final X509CRL fetch_aroundBody6(LdaptiveResourceCRLFetcher ldaptiveResourceCRLFetcher, String str, JoinPoint joinPoint) {
        return LdapUtils.isLdapConnectionUrl(str) ? ldaptiveResourceCRLFetcher.fetchCRLFromLdap(str) : super.fetch(str);
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("LdaptiveResourceCRLFetcher.java", LdaptiveResourceCRLFetcher.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "fetch", "org.apereo.cas.adaptors.x509.authentication.handler.support.ldap.LdaptiveResourceCRLFetcher", "org.springframework.core.io.Resource", "crl", "java.io.IOException:java.security.cert.CRLException:java.security.cert.CertificateException", "java.security.cert.X509CRL"), 57);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "fetch", "org.apereo.cas.adaptors.x509.authentication.handler.support.ldap.LdaptiveResourceCRLFetcher", "java.net.URI", "crl", "java.io.IOException:java.security.cert.CRLException:java.security.cert.CertificateException", "java.security.cert.X509CRL"), 65);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "fetch", "org.apereo.cas.adaptors.x509.authentication.handler.support.ldap.LdaptiveResourceCRLFetcher", "java.net.URL", "crl", "java.io.IOException:java.security.cert.CRLException:java.security.cert.CertificateException", "java.security.cert.X509CRL"), 73);
        ajc$tjp_3 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "fetch", "org.apereo.cas.adaptors.x509.authentication.handler.support.ldap.LdaptiveResourceCRLFetcher", "java.lang.String", "crl", "java.io.IOException:java.security.cert.CRLException:java.security.cert.CertificateException", "java.security.cert.X509CRL"), 81);
    }
}
