package org.acegisecurity.providers.ldap.authenticator;

import java.util.Iterator;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import net.sf.acegisecurity.BadCredentialsException;
import net.sf.acegisecurity.providers.dao.UsernameNotFoundException;
import net.sf.acegisecurity.providers.encoding.PasswordEncoder;
import org.acegisecurity.providers.ldap.InitialDirContextFactory;
import org.acegisecurity.providers.ldap.LdapUserInfo;
import org.acegisecurity.providers.ldap.LdapUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.util.Assert;

/* loaded from: input_file:org/acegisecurity/providers/ldap/authenticator/PasswordComparisonAuthenticator.class */
public final class PasswordComparisonAuthenticator extends AbstractLdapAuthenticator {
    private static final Log logger;
    private static final String[] NO_ATTRS;
    private String passwordAttributeName;
    private String passwordCompareFilter;
    private PasswordEncoder passwordEncoder;
    static Class class$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    static {
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("org.acegisecurity.providers.ldap.authenticator.PasswordComparisonAuthenticator");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        logger = LogFactory.getLog(cls);
        NO_ATTRS = new String[0];
    }

    public PasswordComparisonAuthenticator(InitialDirContextFactory initialDirContextFactory) {
        super(initialDirContextFactory);
        this.passwordAttributeName = "userPassword";
        this.passwordCompareFilter = "(userPassword={0})";
        this.passwordEncoder = new LdapShaPasswordEncoder();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r14v0 */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // org.acegisecurity.providers.ldap.LdapAuthenticator
    public LdapUserInfo authenticate(String str, String str2) {
        LdapUserInfo ldapUserInfo = null;
        DirContext newInitialDirContext = getInitialDirContextFactory().newInitialDirContext();
        Iterator it = getUserDns(str).iterator();
        try {
            while (it.hasNext() && ldapUserInfo == null) {
                try {
                    String str3 = (String) it.next();
                    ldapUserInfo = new LdapUserInfo(str3, newInitialDirContext.getAttributes(LdapUtils.getRelativeName(str3, newInitialDirContext), getUserAttributes()));
                } catch (NamingException e) {
                    throw new BadCredentialsException("Authentication failed due to exception ", e);
                }
            }
            if (ldapUserInfo == null && getUserSearch() != null) {
                ldapUserInfo = getUserSearch().searchForUser(str);
            }
            if (ldapUserInfo == null) {
                throw new UsernameNotFoundException(str);
            }
            Attribute attribute = ldapUserInfo.getAttributes().get(this.passwordAttributeName);
            if (attribute != null) {
                ?? r14 = attribute.get();
                boolean z = r14 instanceof String;
                String str4 = r14;
                if (!z) {
                    str4 = new String((byte[]) r14);
                }
                if (!verifyPassword(str2, str4)) {
                    throw new BadCredentialsException(this.messages.getMessage("PasswordComparisonAuthenticator.badCredentials", "Bad credentials"));
                }
            } else {
                if (logger.isDebugEnabled()) {
                    logger.debug(new StringBuffer("Password attribute ").append(this.passwordAttributeName).append(" wasn't retrieved for user ").append(str).toString());
                }
                doPasswordCompare(newInitialDirContext, ldapUserInfo.getRelativeName(newInitialDirContext), str2);
            }
            return ldapUserInfo;
        } finally {
            LdapUtils.closeContext(newInitialDirContext);
        }
    }

    private boolean verifyPassword(String str, String str2) {
        return str2.equals(str) || this.passwordEncoder.isPasswordValid(str2, str, (Object) null);
    }

    private void doPasswordCompare(DirContext dirContext, String str, String str2) throws NamingException {
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer("Performing LDAP compare of password for ").append(str).toString());
        }
        byte[] utf8Bytes = LdapUtils.getUtf8Bytes(this.passwordEncoder.encodePassword(str2, (Object) null));
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(NO_ATTRS);
        searchControls.setSearchScope(0);
        if (!dirContext.search(str, this.passwordCompareFilter, new Object[]{utf8Bytes}, searchControls).hasMore()) {
            throw new BadCredentialsException(this.messages.getMessage("PasswordComparisonAuthenticator.badCredentials", "Bad credentials"));
        }
    }

    public void setPasswordAttributeName(String str) {
        Assert.hasLength(str, "passwordAttributeName must not be empty or null");
        this.passwordAttributeName = str;
        this.passwordCompareFilter = new StringBuffer("(").append(this.passwordAttributeName).append("={0})").toString();
    }

    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        Assert.notNull(passwordEncoder, "passwordEncoder must not be null.");
        this.passwordEncoder = passwordEncoder;
    }
}
