package pl.edu.icm.unity.ldap.client;

import java.security.cert.X509Certificate;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.ObjectFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.engine.api.authn.AbstractCredentialVerificatorFactory;
import pl.edu.icm.unity.engine.api.authn.AuthenticationException;
import pl.edu.icm.unity.engine.api.authn.AuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.RemoteAuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.remote.AuthenticationTriggeringContext;
import pl.edu.icm.unity.engine.api.authn.remote.RemoteAuthnResponseProcessor;
import pl.edu.icm.unity.engine.api.authn.remote.RemoteAuthnResultTranslator;
import pl.edu.icm.unity.engine.api.authn.remote.RemotelyAuthenticatedInput;
import pl.edu.icm.unity.engine.api.utils.PrototypeComponent;
import pl.edu.icm.unity.stdext.credential.cert.CertificateExchange;

@PrototypeComponent
/* loaded from: input_file:pl/edu/icm/unity/ldap/client/LdapCertVerificator.class */
public class LdapCertVerificator extends LdapBaseVerificator implements CertificateExchange {
    private static final Logger log = Log.getLogger("unity.server.ldap", LdapCertVerificator.class);
    public static final String NAME = "ldap-cert";
    public static final String DESCRIPTION = "Resolves certificate subject's information using LDAPv3 protocol";

    @Component
    /* loaded from: input_file:pl/edu/icm/unity/ldap/client/LdapCertVerificator$Factory.class */
    public static class Factory extends AbstractCredentialVerificatorFactory {
        @Autowired
        public Factory(ObjectFactory<LdapCertVerificator> objectFactory) {
            super(LdapCertVerificator.NAME, LdapCertVerificator.DESCRIPTION, objectFactory);
        }
    }

    @Autowired
    public LdapCertVerificator(RemoteAuthnResultTranslator remoteAuthnResultTranslator, PKIManagement pKIManagement, RemoteAuthnResponseProcessor remoteAuthnResponseProcessor) {
        super(NAME, DESCRIPTION, remoteAuthnResultTranslator, pKIManagement, "certificate exchange", remoteAuthnResponseProcessor);
    }

    public AuthenticationResult checkCertificate(X509Certificate[] x509CertificateArr, String str, boolean z, AuthenticationTriggeringContext authenticationTriggeringContext) {
        return this.remoteAuthnProcessor.executeVerificator(() -> {
            return authenticateWithCertificate(x509CertificateArr, str, z, authenticationTriggeringContext);
        }, authenticationTriggeringContext);
    }

    private AuthenticationResult authenticateWithCertificate(X509Certificate[] x509CertificateArr, String str, boolean z, AuthenticationTriggeringContext authenticationTriggeringContext) {
        try {
            return getResult(searchRemotelyAuthenticatedInput(x509CertificateArr[0].getSubjectX500Principal().getName()), this.translationProfile, authenticationTriggeringContext.isSandboxTriggered(), str, z);
        } catch (Exception e) {
            log.debug("LDAP authentication with certificate failed", e);
            return RemoteAuthenticationResult.failed(e);
        }
    }

    private RemotelyAuthenticatedInput searchRemotelyAuthenticatedInput(String str) throws AuthenticationException, LdapAuthenticationException {
        try {
            return this.client.search(str, this.clientConfiguration);
        } catch (LdapAuthenticationException e) {
            log.debug("LDAP authentication failed", e);
            throw new AuthenticationException("Authentication has failed", e);
        } catch (Exception e2) {
            throw new AuthenticationException("Problem when authenticating against the LDAP server", e2);
        }
    }
}
