package org.xdi.oxauth.service;

import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.gluu.site.ldap.persistence.LdapEntryManager;
import org.gluu.site.ldap.persistence.exception.AuthenticationException;
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.Create;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.Startup;
import org.jboss.seam.log.Log;
import org.xdi.oxauth.model.config.Configuration;
import org.xdi.oxauth.model.config.ConfigurationFactory;
import org.xdi.oxauth.service.BaseAuthFilterService;
import org.xdi.util.StringHelper;

@Name("authenticationFilterService")
@AutoCreate
@Scope(ScopeType.APPLICATION)
@Startup
/* loaded from: input_file:org/xdi/oxauth/service/AuthenticationFilterService.class */
public class AuthenticationFilterService extends BaseAuthFilterService {

    @Logger
    private Log log;

    @In
    private LdapEntryManager ldapEntryManager;

    @Create
    public void init() {
        Configuration configuration = ConfigurationFactory.getConfiguration();
        super.init(configuration.getAuthenticationFilters(), Boolean.TRUE.equals(configuration.getAuthenticationFiltersEnabled()), true);
    }

    @Override // org.xdi.oxauth.service.BaseAuthFilterService
    public String processAuthenticationFilter(BaseAuthFilterService.AuthenticationFilterWithParameters authenticationFilterWithParameters, Map<?, ?> map) {
        if (map == null) {
            return null;
        }
        Map<String, String> normalizeAttributeMap = normalizeAttributeMap(map);
        String loadEntryDN = loadEntryDN(this.ldapEntryManager, authenticationFilterWithParameters, normalizeAttributeMap);
        if (StringUtils.isBlank(loadEntryDN)) {
            return null;
        }
        if (!Boolean.TRUE.equals(authenticationFilterWithParameters.getAuthenticationFilter().getBind())) {
            return loadEntryDN;
        }
        String bindPasswordAttribute = authenticationFilterWithParameters.getAuthenticationFilter().getBindPasswordAttribute();
        if (StringHelper.isEmpty(bindPasswordAttribute)) {
            this.log.error("Skipping authentication filter:\n '{0}'\n. It should contains not empty bind-password-attribute attribute. ", new Object[]{authenticationFilterWithParameters.getAuthenticationFilter()});
            return null;
        }
        try {
            if (this.ldapEntryManager.authenticate(loadEntryDN, normalizeAttributeMap.get(StringHelper.toLowerCase(bindPasswordAttribute)))) {
                return loadEntryDN;
            }
            return null;
        } catch (AuthenticationException e) {
            this.log.error("Invalid password", e, new Object[0]);
            return null;
        }
    }

    public static AuthenticationFilterService instance() {
        return (AuthenticationFilterService) Component.getInstance(AuthenticationFilterService.class);
    }
}
