package org.gluu.oxauth.service;

import java.util.Map;
import javax.annotation.PostConstruct;
import javax.ejb.DependsOn;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.lang.StringUtils;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.oxauth.service.BaseAuthFilterService;
import org.gluu.persist.PersistenceEntryManager;
import org.gluu.persist.exception.AuthenticationException;
import org.gluu.persist.exception.operation.SearchException;
import org.gluu.util.StringHelper;

@DependsOn({"appInitializer"})
@ApplicationScoped
@Named
/* loaded from: input_file:org/gluu/oxauth/service/AuthenticationFilterService.class */
public class AuthenticationFilterService extends BaseAuthFilterService {

    @Inject
    private PersistenceEntryManager ldapEntryManager;

    @Inject
    private AppConfiguration appConfiguration;

    @PostConstruct
    public void init() {
        super.init(this.appConfiguration.getAuthenticationFilters(), Boolean.TRUE.equals(this.appConfiguration.getAuthenticationFiltersEnabled()), true);
    }

    @Override // org.gluu.oxauth.service.BaseAuthFilterService
    public String processAuthenticationFilter(BaseAuthFilterService.AuthenticationFilterWithParameters authenticationFilterWithParameters, Map<?, ?> map) throws SearchException {
        if (map == null) {
            return null;
        }
        Map<String, String> normalizeAttributeMap = normalizeAttributeMap(map);
        String loadEntryDN = loadEntryDN(this.ldapEntryManager, authenticationFilterWithParameters, normalizeAttributeMap);
        if (StringUtils.isBlank(loadEntryDN)) {
            return null;
        }
        if (!Boolean.TRUE.equals(authenticationFilterWithParameters.getAuthenticationFilter().getBind())) {
            return loadEntryDN;
        }
        String bindPasswordAttribute = authenticationFilterWithParameters.getAuthenticationFilter().getBindPasswordAttribute();
        if (StringHelper.isEmpty(bindPasswordAttribute)) {
            this.log.error("Skipping authentication filter:\n '{}'\n. It should contains not empty bind-password-attribute attribute. ", authenticationFilterWithParameters.getAuthenticationFilter());
            return null;
        }
        try {
            if (this.ldapEntryManager.authenticate(loadEntryDN, normalizeAttributeMap.get(StringHelper.toLowerCase(bindPasswordAttribute)))) {
                return loadEntryDN;
            }
            return null;
        } catch (AuthenticationException e) {
            this.log.error("Invalid password", e);
            return null;
        }
    }
}
