package org.acegisecurity.providers.ldap.authenticator;

import java.util.Iterator;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.ldap.InitialDirContextFactory;
import org.acegisecurity.ldap.LdapTemplate;
import org.acegisecurity.ldap.LdapUtils;
import org.acegisecurity.providers.encoding.PasswordEncoder;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.acegisecurity.userdetails.ldap.LdapUserDetails;
import org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/acegi-security-1.0.7.jar:org/acegisecurity/providers/ldap/authenticator/PasswordComparisonAuthenticator.class */
public final class PasswordComparisonAuthenticator extends AbstractLdapAuthenticator {
    private static final Log logger;
    private PasswordEncoder passwordEncoder;
    private String passwordAttributeName;
    static Class class$org$acegisecurity$providers$ldap$authenticator$PasswordComparisonAuthenticator;

    public PasswordComparisonAuthenticator(InitialDirContextFactory initialDirContextFactory) {
        super(initialDirContextFactory);
        this.passwordEncoder = new LdapShaPasswordEncoder();
        this.passwordAttributeName = "userPassword";
    }

    @Override // org.acegisecurity.providers.ldap.LdapAuthenticator
    public LdapUserDetails authenticate(String str, String str2) {
        LdapUserDetails ldapUserDetails = null;
        Iterator it = getUserDns(str).iterator();
        LdapTemplate ldapTemplate = new LdapTemplate(getInitialDirContextFactory());
        while (it.hasNext() && ldapUserDetails == null) {
            String str3 = (String) it.next();
            if (ldapTemplate.nameExists(str3)) {
                LdapUserDetailsImpl.Essence essence = (LdapUserDetailsImpl.Essence) ldapTemplate.retrieveEntry(str3, getUserDetailsMapper(), getUserAttributes());
                essence.setUsername(str);
                ldapUserDetails = essence.createUserDetails();
            }
        }
        if (ldapUserDetails == null && getUserSearch() != null) {
            ldapUserDetails = getUserSearch().searchForUser(str);
        }
        if (ldapUserDetails == null) {
            throw new UsernameNotFoundException(str);
        }
        String password = ldapUserDetails.getPassword();
        if (password != null) {
            if (verifyPassword(str2, password)) {
                return ldapUserDetails;
            }
            throw new BadCredentialsException(this.messages.getMessage("PasswordComparisonAuthenticator.badCredentials", "Bad credentials"));
        }
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("Password attribute wasn't retrieved for user '").append(str).append("' using mapper ").append(getUserDetailsMapper()).append(". Performing LDAP compare of password attribute '").append(this.passwordAttributeName).append("'").toString());
        }
        if (ldapTemplate.compare(ldapUserDetails.getDn(), this.passwordAttributeName, LdapUtils.getUtf8Bytes(this.passwordEncoder.encodePassword(str2, null)))) {
            return ldapUserDetails;
        }
        throw new BadCredentialsException(this.messages.getMessage("PasswordComparisonAuthenticator.badCredentials", "Bad credentials"));
    }

    public void setPasswordAttributeName(String str) {
        Assert.hasLength(str, "passwordAttributeName must not be empty or null");
        this.passwordAttributeName = str;
    }

    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        Assert.notNull(passwordEncoder, "passwordEncoder must not be null.");
        this.passwordEncoder = passwordEncoder;
    }

    private boolean verifyPassword(String str, String str2) {
        return str2.equals(str) || this.passwordEncoder.isPasswordValid(str2, str, null);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$acegisecurity$providers$ldap$authenticator$PasswordComparisonAuthenticator == null) {
            cls = class$("org.acegisecurity.providers.ldap.authenticator.PasswordComparisonAuthenticator");
            class$org$acegisecurity$providers$ldap$authenticator$PasswordComparisonAuthenticator = cls;
        } else {
            cls = class$org$acegisecurity$providers$ldap$authenticator$PasswordComparisonAuthenticator;
        }
        logger = LogFactory.getLog(cls);
    }
}
