package org.apereo.cas.util;

import com.google.common.collect.Multimap;
import java.net.URI;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.time.Period;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import javax.security.auth.login.AccountNotFoundException;
import lombok.Generated;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationPasswordPolicyHandlingStrategy;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.LdapAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalNameTransformerUtils;
import org.apereo.cas.authentication.support.DefaultLdapAccountStateHandler;
import org.apereo.cas.authentication.support.OptionalWarningLdapAccountStateHandler;
import org.apereo.cas.authentication.support.RejectResultCodeLdapPasswordPolicyHandlingStrategy;
import org.apereo.cas.authentication.support.password.DefaultPasswordPolicyHandlingStrategy;
import org.apereo.cas.authentication.support.password.GroovyPasswordPolicyHandlingStrategy;
import org.apereo.cas.authentication.support.password.PasswordEncoderUtils;
import org.apereo.cas.authentication.support.password.PasswordPolicyContext;
import org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties;
import org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticationProperties;
import org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties;
import org.apereo.cas.configuration.model.support.ldap.CaseChangeSearchEntryHandlersProperties;
import org.apereo.cas.configuration.model.support.ldap.DnAttributeSearchEntryHandlersProperties;
import org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties;
import org.apereo.cas.configuration.model.support.ldap.LdapPasswordPolicyProperties;
import org.apereo.cas.configuration.model.support.ldap.LdapSearchEntryHandlersProperties;
import org.apereo.cas.configuration.model.support.ldap.LdapValidatorProperties;
import org.apereo.cas.configuration.model.support.ldap.MergeAttributesSearchEntryHandlersProperties;
import org.apereo.cas.configuration.model.support.ldap.PrimaryGroupIdSearchEntryHandlersProperties;
import org.apereo.cas.configuration.model.support.ldap.RecursiveSearchEntryHandlersProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.function.FunctionUtils;
import org.jooq.lambda.Unchecked;
import org.ldaptive.ActivePassiveConnectionStrategy;
import org.ldaptive.AddOperation;
import org.ldaptive.AddRequest;
import org.ldaptive.AddResponse;
import org.ldaptive.AttributeModification;
import org.ldaptive.BindConnectionInitializer;
import org.ldaptive.CompareConnectionValidator;
import org.ldaptive.CompareRequest;
import org.ldaptive.ConnectionConfig;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.Credential;
import org.ldaptive.DefaultConnectionFactory;
import org.ldaptive.DeleteOperation;
import org.ldaptive.DeleteRequest;
import org.ldaptive.DeleteResponse;
import org.ldaptive.DerefAliases;
import org.ldaptive.DnsSrvConnectionStrategy;
import org.ldaptive.FilterTemplate;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.LdapException;
import org.ldaptive.ModifyOperation;
import org.ldaptive.ModifyRequest;
import org.ldaptive.ModifyResponse;
import org.ldaptive.PooledConnectionFactory;
import org.ldaptive.RandomConnectionStrategy;
import org.ldaptive.ResultCode;
import org.ldaptive.ReturnAttributes;
import org.ldaptive.RoundRobinConnectionStrategy;
import org.ldaptive.SearchConnectionValidator;
import org.ldaptive.SearchOperation;
import org.ldaptive.SearchRequest;
import org.ldaptive.SearchResponse;
import org.ldaptive.SearchScope;
import org.ldaptive.SimpleBindRequest;
import org.ldaptive.ad.UnicodePwdAttribute;
import org.ldaptive.ad.extended.FastBindConnectionInitializer;
import org.ldaptive.ad.handler.ObjectGuidHandler;
import org.ldaptive.ad.handler.ObjectSidHandler;
import org.ldaptive.ad.handler.PrimaryGroupIdHandler;
import org.ldaptive.ad.handler.RangeEntryHandler;
import org.ldaptive.auth.AuthenticationCriteria;
import org.ldaptive.auth.AuthenticationHandlerResponse;
import org.ldaptive.auth.AuthenticationResponse;
import org.ldaptive.auth.AuthenticationResponseHandler;
import org.ldaptive.auth.Authenticator;
import org.ldaptive.auth.CompareAuthenticationHandler;
import org.ldaptive.auth.DnResolver;
import org.ldaptive.auth.EntryResolver;
import org.ldaptive.auth.FormatDnResolver;
import org.ldaptive.auth.SearchDnResolver;
import org.ldaptive.auth.SearchEntryResolver;
import org.ldaptive.auth.SimpleBindAuthenticationHandler;
import org.ldaptive.auth.User;
import org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler;
import org.ldaptive.auth.ext.EDirectoryAuthenticationResponseHandler;
import org.ldaptive.auth.ext.FreeIPAAuthenticationResponseHandler;
import org.ldaptive.auth.ext.PasswordExpirationAuthenticationResponseHandler;
import org.ldaptive.auth.ext.PasswordPolicyAuthenticationResponseHandler;
import org.ldaptive.control.PasswordPolicyControl;
import org.ldaptive.control.util.PagedResultsClient;
import org.ldaptive.extended.ExtendedOperation;
import org.ldaptive.extended.ExtendedRequest;
import org.ldaptive.extended.ExtendedResponse;
import org.ldaptive.extended.PasswordModifyRequest;
import org.ldaptive.handler.CaseChangeEntryHandler;
import org.ldaptive.handler.DnAttributeEntryHandler;
import org.ldaptive.handler.LdapEntryHandler;
import org.ldaptive.handler.MergeAttributeEntryHandler;
import org.ldaptive.handler.RecursiveResultHandler;
import org.ldaptive.handler.SearchResultHandler;
import org.ldaptive.pool.BindConnectionPassivator;
import org.ldaptive.pool.IdlePruneStrategy;
import org.ldaptive.referral.FollowSearchReferralHandler;
import org.ldaptive.sasl.Mechanism;
import org.ldaptive.sasl.QualityOfProtection;
import org.ldaptive.sasl.SaslConfig;
import org.ldaptive.sasl.SecurityStrength;
import org.ldaptive.ssl.AllowAnyHostnameVerifier;
import org.ldaptive.ssl.AllowAnyTrustManager;
import org.ldaptive.ssl.DefaultHostnameVerifier;
import org.ldaptive.ssl.DefaultTrustManager;
import org.ldaptive.ssl.KeyStoreCredentialConfig;
import org.ldaptive.ssl.SslConfig;
import org.ldaptive.ssl.X509CredentialConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.config.SetFactoryBean;
import org.springframework.context.ApplicationContext;
import org.springframework.core.io.Resource;
import org.thymeleaf.spring5.processor.SpringInputGeneralFieldTagProcessor;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-ldap-core-6.3.7.4.jar:org/apereo/cas/util/LdapUtils.class */
public final class LdapUtils {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) LdapUtils.class);
    public static final String LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME = "user";
    public static final String OBJECT_CLASS_ATTRIBUTE = "objectClass";
    private static final String BASE_DN_DELIMITER = "|";
    private static final String LDAP_PREFIX = "ldap";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/cas-server-support-ldap-core-6.3.7.4.jar:org/apereo/cas/util/LdapUtils$ChainingLdapDnResolver.class */
    public static class ChainingLdapDnResolver implements DnResolver {
        private final List<? extends DnResolver> resolvers;

        @Override // org.ldaptive.auth.DnResolver
        public String resolve(User user) {
            return (String) this.resolvers.stream().map(dnResolver -> {
                return (String) FunctionUtils.doAndHandle(Unchecked.supplier(() -> {
                    return dnResolver.resolve(user);
                }), th -> {
                    LoggingUtils.warn(LdapUtils.LOGGER, th);
                    return null;
                }).get();
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).findFirst().orElseThrow(() -> {
                return new AccountNotFoundException("Unable to resolve user dn for " + user.getIdentifier());
            });
        }

        @Generated
        public ChainingLdapDnResolver(List<? extends DnResolver> list) {
            this.resolvers = list;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/cas-server-support-ldap-core-6.3.7.4.jar:org/apereo/cas/util/LdapUtils$ChainingLdapEntryResolver.class */
    public static class ChainingLdapEntryResolver implements EntryResolver {
        private final List<? extends EntryResolver> resolvers;

        @Override // org.ldaptive.auth.EntryResolver
        public LdapEntry resolve(AuthenticationCriteria authenticationCriteria, AuthenticationHandlerResponse authenticationHandlerResponse) {
            return (LdapEntry) this.resolvers.stream().map(entryResolver -> {
                return (LdapEntry) FunctionUtils.doAndHandle(Unchecked.supplier(() -> {
                    return entryResolver.resolve(authenticationCriteria, authenticationHandlerResponse);
                }), th -> {
                    LoggingUtils.warn(LdapUtils.LOGGER, th);
                    return null;
                }).get();
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).findFirst().orElse(null);
        }

        @Generated
        public ChainingLdapEntryResolver(List<? extends EntryResolver> list) {
            this.resolvers = list;
        }
    }

    public static Boolean getBoolean(LdapEntry ldapEntry, String str, Boolean bool) {
        return Boolean.valueOf(getString(ldapEntry, str, bool.toString()).equalsIgnoreCase(Boolean.TRUE.toString()));
    }

    public static Long getLong(LdapEntry ldapEntry, String str, Long l) {
        return Long.valueOf(getString(ldapEntry, str, l.toString()));
    }

    public static String getString(LdapEntry ldapEntry, String str) {
        return getString(ldapEntry, str, null);
    }

    public static String getString(LdapEntry ldapEntry, String str, String str2) {
        LdapAttribute attribute = ldapEntry.getAttribute(str);
        if (attribute == null) {
            return str2;
        }
        String str3 = attribute.isBinary() ? new String(attribute.getBinaryValue(), StandardCharsets.UTF_8) : attribute.getStringValue();
        return StringUtils.isNotBlank(str3) ? str3 : str2;
    }

    public static SearchResponse executeSearchOperation(ConnectionFactory connectionFactory, String str, FilterTemplate filterTemplate, int i, String... strArr) throws LdapException {
        return executeSearchOperation(connectionFactory, str, filterTemplate, i, null, strArr);
    }

    public static SearchResponse executeSearchOperation(ConnectionFactory connectionFactory, String str, FilterTemplate filterTemplate, int i, String[] strArr, String[] strArr2) throws LdapException {
        SearchRequest newLdaptiveSearchRequest = newLdaptiveSearchRequest(str, filterTemplate, strArr, strArr2);
        if (i > 0) {
            return new PagedResultsClient(connectionFactory, i).executeToCompletion(newLdaptiveSearchRequest);
        }
        SearchOperation searchOperation = new SearchOperation(connectionFactory);
        searchOperation.setSearchResultHandlers(new FollowSearchReferralHandler());
        return searchOperation.execute(newLdaptiveSearchRequest);
    }

    public static SearchResponse executeSearchOperation(ConnectionFactory connectionFactory, String str, FilterTemplate filterTemplate, int i) throws LdapException {
        return executeSearchOperation(connectionFactory, str, filterTemplate, i, ReturnAttributes.ALL_USER.value(), ReturnAttributes.ALL_USER.value());
    }

    public static boolean containsResultEntry(SearchResponse searchResponse) {
        return (searchResponse == null || searchResponse.getEntry() == null) ? false : true;
    }

    public static boolean executePasswordModifyOperation(String str, ConnectionFactory connectionFactory, String str2, String str3, AbstractLdapProperties.LdapType ldapType) {
        try {
            ConnectionConfig connectionConfig = connectionFactory.getConnectionConfig();
            if (connectionConfig.getUseStartTLS() || (connectionConfig.getLdapUrl() != null && !connectionConfig.getLdapUrl().toLowerCase().contains("ldaps://"))) {
                LOGGER.warn("Executing password modification op under a non-secure LDAP connection; To modify password attributes, the connection to the LDAP server {} be secured and/or encrypted.", ldapType == AbstractLdapProperties.LdapType.AD ? "MUST" : "SHOULD");
            }
            if (ldapType != AbstractLdapProperties.LdapType.AD) {
                LOGGER.debug("Executing password modification op for generic LDAP");
                ExtendedResponse execute = new ExtendedOperation(connectionFactory).execute((ExtendedRequest) new PasswordModifyRequest(str, StringUtils.isNotBlank(str2) ? str2 : null, str3));
                LOGGER.debug("Result code [{}], message: [{}]", execute.getResultCode(), execute.getDiagnosticMessage());
                return execute.getResultCode() == ResultCode.SUCCESS;
            }
            LOGGER.debug("Executing password change op for active directory based on [https://support.microsoft.com/en-us/kb/269190]change type: [{}]", StringUtils.isBlank(str2) ? "reset" : "change");
            ModifyOperation modifyOperation = new ModifyOperation(connectionFactory);
            ModifyResponse execute2 = StringUtils.isBlank(str2) ? modifyOperation.execute(new ModifyRequest(str, new AttributeModification(AttributeModification.Type.REPLACE, new UnicodePwdAttribute(str3)))) : modifyOperation.execute(new ModifyRequest(str, new AttributeModification(AttributeModification.Type.DELETE, new UnicodePwdAttribute(str2)), new AttributeModification(AttributeModification.Type.ADD, new UnicodePwdAttribute(str3))));
            LOGGER.debug("Result code [{}], message: [{}]", execute2.getResultCode(), execute2.getDiagnosticMessage());
            return execute2.getResultCode() == ResultCode.SUCCESS;
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
            return false;
        }
    }

    public static boolean executeModifyOperation(String str, ConnectionFactory connectionFactory, Map<String, Set<String>> map) {
        try {
            ModifyResponse execute = new ModifyOperation(connectionFactory).execute(new ModifyRequest(str, (AttributeModification[]) map.entrySet().stream().map(entry -> {
                LdapAttribute ldapAttribute = new LdapAttribute((String) entry.getKey(), (String[]) ((Set) entry.getValue()).toArray(ArrayUtils.EMPTY_STRING_ARRAY));
                LOGGER.debug("Constructed new attribute [{}]", ldapAttribute);
                return new AttributeModification(AttributeModification.Type.REPLACE, ldapAttribute);
            }).toArray(i -> {
                return new AttributeModification[i];
            })));
            LOGGER.debug("Result code [{}], message: [{}]", execute.getResultCode(), execute.getDiagnosticMessage());
            return execute.getResultCode() == ResultCode.SUCCESS;
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
            return false;
        }
    }

    public static boolean executeModifyOperation(String str, ConnectionFactory connectionFactory, LdapEntry ldapEntry) {
        return executeModifyOperation(str, connectionFactory, (Map<String, Set<String>>) ldapEntry.getAttributes().stream().collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, ldapAttribute -> {
            return new HashSet(ldapAttribute.getStringValues());
        })));
    }

    public static boolean executeAddOperation(ConnectionFactory connectionFactory, LdapEntry ldapEntry) {
        try {
            AddResponse execute = new AddOperation(connectionFactory).execute(new AddRequest(ldapEntry.getDn(), ldapEntry.getAttributes()));
            LOGGER.debug("Result code [{}], message: [{}]", execute.getResultCode(), execute.getDiagnosticMessage());
            return execute.getResultCode() == ResultCode.SUCCESS;
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
            return false;
        }
    }

    public static boolean executeDeleteOperation(ConnectionFactory connectionFactory, LdapEntry ldapEntry) {
        try {
            DeleteResponse execute = new DeleteOperation(connectionFactory).execute(new DeleteRequest(ldapEntry.getDn()));
            LOGGER.debug("Result code [{}], message: [{}]", execute.getResultCode(), execute.getDiagnosticMessage());
            return execute.getResultCode() == ResultCode.SUCCESS;
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
            return false;
        }
    }

    public static boolean isLdapConnectionUrl(String str) {
        return str.toLowerCase().startsWith(LDAP_PREFIX);
    }

    public static boolean isLdapConnectionUrl(URI uri) {
        return uri.getScheme().equalsIgnoreCase(LDAP_PREFIX);
    }

    public static boolean isLdapConnectionUrl(URL url) {
        return url.getProtocol().equalsIgnoreCase(LDAP_PREFIX);
    }

    public static SearchRequest newLdaptiveSearchRequest(String str, FilterTemplate filterTemplate, String[] strArr, String[] strArr2) {
        SearchRequest searchRequest = new SearchRequest(str, filterTemplate, new String[0]);
        searchRequest.setBinaryAttributes(strArr);
        searchRequest.setReturnAttributes(strArr2);
        searchRequest.setSearchScope(SearchScope.SUBTREE);
        return searchRequest;
    }

    public static SearchRequest newLdaptiveSearchRequest(String str, String str2, List<String> list, String[] strArr) {
        SearchRequest searchRequest = new SearchRequest();
        searchRequest.setBaseDn(str);
        searchRequest.setFilter(newLdaptiveSearchFilter(str2, list));
        searchRequest.setReturnAttributes(strArr);
        searchRequest.setSearchScope(SearchScope.SUBTREE);
        return searchRequest;
    }

    public static SearchRequest newLdaptiveSearchRequest(String str, FilterTemplate filterTemplate) {
        return newLdaptiveSearchRequest(str, filterTemplate, ReturnAttributes.ALL_USER.value(), ReturnAttributes.ALL_USER.value());
    }

    public static FilterTemplate newLdaptiveSearchFilter(String str) {
        return newLdaptiveSearchFilter(str, new ArrayList(0));
    }

    public static FilterTemplate newLdaptiveSearchFilter(String str, List<String> list) {
        return newLdaptiveSearchFilter(str, "user", list);
    }

    public static FilterTemplate newLdaptiveSearchFilter(String str, String str2, List<String> list) {
        FilterTemplate filterTemplate = new FilterTemplate();
        filterTemplate.setFilter(str);
        if (list != null) {
            IntStream.range(0, list.size()).forEach(i -> {
                if (filterTemplate.getFilter().contains("{" + i + "}")) {
                    filterTemplate.setParameter(i, list.get(i));
                } else {
                    filterTemplate.setParameter(str2, list.get(i));
                }
            });
        }
        LOGGER.debug("Constructed LDAP search filter [{}]", filterTemplate.format());
        return filterTemplate;
    }

    public static FilterTemplate newLdaptiveSearchFilter(String str, List<String> list, List<String> list2) {
        FilterTemplate filterTemplate = new FilterTemplate();
        filterTemplate.setFilter(str);
        if (list2 != null) {
            IntStream.range(0, list2.size()).forEach(i -> {
                String str2 = (String) list2.get(i);
                if (filterTemplate.getFilter().contains("{" + i + "}")) {
                    filterTemplate.setParameter(i, str2);
                }
                String str3 = (String) list.get(i);
                if (filterTemplate.getFilter().contains("{" + str3 + "}")) {
                    filterTemplate.setParameter(str3, str2);
                }
            });
        }
        LOGGER.debug("Constructed LDAP search filter [{}]", filterTemplate.format());
        return filterTemplate;
    }

    public static SearchOperation newLdaptiveSearchOperation(String str, String str2, List<String> list) {
        return newLdaptiveSearchOperation(str, str2, list, List.of((Object[]) ReturnAttributes.ALL.value()));
    }

    public static SearchOperation newLdaptiveSearchOperation(String str, String str2, List<String> list, List<String> list2) {
        SearchOperation searchOperation = new SearchOperation();
        searchOperation.setRequest(newLdaptiveSearchRequest(str, str2, list, (String[]) list2.toArray(ArrayUtils.EMPTY_STRING_ARRAY)));
        searchOperation.setTemplate(newLdaptiveSearchFilter(str2, list));
        return searchOperation;
    }

    public static SearchOperation newLdaptiveSearchOperation(String str, String str2) {
        return newLdaptiveSearchOperation(str, str2, new ArrayList(0));
    }

    public static Authenticator newLdaptiveAuthenticator(AbstractLdapAuthenticationProperties abstractLdapAuthenticationProperties) {
        switch (abstractLdapAuthenticationProperties.getType()) {
            case AD:
                LOGGER.debug("Creating active directory authenticator for [{}]", abstractLdapAuthenticationProperties.getLdapUrl());
                return getActiveDirectoryAuthenticator(abstractLdapAuthenticationProperties);
            case DIRECT:
                LOGGER.debug("Creating direct-bind authenticator for [{}]", abstractLdapAuthenticationProperties.getLdapUrl());
                return getDirectBindAuthenticator(abstractLdapAuthenticationProperties);
            case AUTHENTICATED:
                LOGGER.debug("Creating authenticated authenticator for [{}]", abstractLdapAuthenticationProperties.getLdapUrl());
                return getAuthenticatedOrAnonSearchAuthenticator(abstractLdapAuthenticationProperties);
            default:
                LOGGER.debug("Creating anonymous authenticator for [{}]", abstractLdapAuthenticationProperties.getLdapUrl());
                return getAuthenticatedOrAnonSearchAuthenticator(abstractLdapAuthenticationProperties);
        }
    }

    public static PooledConnectionFactory newLdaptivePooledConnectionFactory(AbstractLdapProperties abstractLdapProperties) {
        ConnectionConfig newLdaptiveConnectionConfig = newLdaptiveConnectionConfig(abstractLdapProperties);
        LOGGER.debug("Creating LDAP connection pool configuration for [{}]", abstractLdapProperties.getLdapUrl());
        PooledConnectionFactory pooledConnectionFactory = new PooledConnectionFactory(newLdaptiveConnectionConfig);
        pooledConnectionFactory.setMinPoolSize(abstractLdapProperties.getMinPoolSize());
        pooledConnectionFactory.setMaxPoolSize(abstractLdapProperties.getMaxPoolSize());
        pooledConnectionFactory.setValidateOnCheckOut(abstractLdapProperties.isValidateOnCheckout());
        pooledConnectionFactory.setValidatePeriodically(abstractLdapProperties.isValidatePeriodically());
        pooledConnectionFactory.setBlockWaitTime(Beans.newDuration(abstractLdapProperties.getBlockWaitTime()));
        IdlePruneStrategy idlePruneStrategy = new IdlePruneStrategy();
        idlePruneStrategy.setIdleTime(Beans.newDuration(abstractLdapProperties.getIdleTime()));
        idlePruneStrategy.setPrunePeriod(Beans.newDuration(abstractLdapProperties.getPrunePeriod()));
        pooledConnectionFactory.setPruneStrategy(idlePruneStrategy);
        LdapValidatorProperties validator = abstractLdapProperties.getValidator();
        String lowerCase = validator.getType().trim().toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -906336856:
                if (lowerCase.equals(SpringInputGeneralFieldTagProcessor.SEARCH_INPUT_TYPE_ATTR_VALUE)) {
                    z = 2;
                    break;
                }
                break;
            case 3387192:
                if (lowerCase.equals("none")) {
                    z = true;
                    break;
                }
                break;
            case 950484197:
                if (lowerCase.equals("compare")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                CompareConnectionValidator compareConnectionValidator = new CompareConnectionValidator(new CompareRequest(validator.getDn(), validator.getAttributeName(), validator.getAttributeValue()));
                compareConnectionValidator.setValidatePeriod(Beans.newDuration(abstractLdapProperties.getValidatePeriod()));
                compareConnectionValidator.setValidateTimeout(Beans.newDuration(abstractLdapProperties.getValidateTimeout()));
                pooledConnectionFactory.setValidator(compareConnectionValidator);
                break;
            case true:
                LOGGER.debug("No validator is configured for the LDAP connection pool of [{}]", abstractLdapProperties.getLdapUrl());
                break;
            case true:
            default:
                SearchRequest searchRequest = new SearchRequest();
                searchRequest.setBaseDn(validator.getBaseDn());
                searchRequest.setFilter(validator.getSearchFilter());
                searchRequest.setReturnAttributes(ReturnAttributes.NONE.value());
                searchRequest.setSearchScope(SearchScope.valueOf(validator.getScope()));
                searchRequest.setSizeLimit(1);
                SearchConnectionValidator searchConnectionValidator = new SearchConnectionValidator(searchRequest);
                searchConnectionValidator.setValidatePeriod(Beans.newDuration(abstractLdapProperties.getValidatePeriod()));
                searchConnectionValidator.setValidateTimeout(Beans.newDuration(abstractLdapProperties.getValidateTimeout()));
                pooledConnectionFactory.setValidator(searchConnectionValidator);
                break;
        }
        pooledConnectionFactory.setFailFastInitialize(abstractLdapProperties.isFailFast());
        if (StringUtils.isNotBlank(abstractLdapProperties.getPoolPassivator())) {
            switch (AbstractLdapProperties.LdapConnectionPoolPassivator.valueOf(abstractLdapProperties.getPoolPassivator().toUpperCase())) {
                case BIND:
                    if (!StringUtils.isNotBlank(abstractLdapProperties.getBindDn()) || !StringUtils.isNoneBlank(abstractLdapProperties.getBindCredential())) {
                        LOGGER.warn("[{}] pool passivator could not be created for [{}] given bind credentials are not specified. If you are dealing with LDAP in such a way that does not require bind credentials, you may need to set the pool passivator setting to one of [{}]", abstractLdapProperties.getPoolPassivator(), abstractLdapProperties.getLdapUrl(), (List) Arrays.stream(AbstractLdapProperties.LdapConnectionPoolPassivator.values()).filter(ldapConnectionPoolPassivator -> {
                            return ldapConnectionPoolPassivator != AbstractLdapProperties.LdapConnectionPoolPassivator.BIND;
                        }).collect(Collectors.toList()));
                        break;
                    } else {
                        pooledConnectionFactory.setPassivator(new BindConnectionPassivator(new SimpleBindRequest(abstractLdapProperties.getBindDn(), abstractLdapProperties.getBindCredential())));
                        LOGGER.debug("Created [{}] passivator for [{}]", abstractLdapProperties.getPoolPassivator(), abstractLdapProperties.getLdapUrl());
                        break;
                    }
                    break;
            }
        }
        LOGGER.debug("Initializing ldap connection pool for [{}] and bindDn [{}]", abstractLdapProperties.getLdapUrl(), abstractLdapProperties.getBindDn());
        pooledConnectionFactory.initialize();
        return pooledConnectionFactory;
    }

    public static ConnectionConfig newLdaptiveConnectionConfig(AbstractLdapProperties abstractLdapProperties) {
        if (StringUtils.isBlank(abstractLdapProperties.getLdapUrl())) {
            throw new IllegalArgumentException("LDAP url cannot be empty/blank");
        }
        LOGGER.debug("Creating LDAP connection configuration for [{}]", abstractLdapProperties.getLdapUrl());
        ConnectionConfig connectionConfig = new ConnectionConfig();
        String ldapUrl = abstractLdapProperties.getLdapUrl().contains(" ") ? abstractLdapProperties.getLdapUrl() : String.join(" ", abstractLdapProperties.getLdapUrl().split(","));
        LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", abstractLdapProperties.getLdapUrl(), ldapUrl);
        connectionConfig.setLdapUrl(ldapUrl);
        connectionConfig.setUseStartTLS(abstractLdapProperties.isUseStartTls());
        connectionConfig.setConnectTimeout(Beans.newDuration(abstractLdapProperties.getConnectTimeout()));
        connectionConfig.setResponseTimeout(Beans.newDuration(abstractLdapProperties.getResponseTimeout()));
        if (StringUtils.isNotBlank(abstractLdapProperties.getConnectionStrategy())) {
            switch (AbstractLdapProperties.LdapConnectionStrategy.valueOf(abstractLdapProperties.getConnectionStrategy())) {
                case RANDOM:
                    connectionConfig.setConnectionStrategy(new RandomConnectionStrategy());
                    break;
                case DNS_SRV:
                    connectionConfig.setConnectionStrategy(new DnsSrvConnectionStrategy());
                    break;
                case ROUND_ROBIN:
                    connectionConfig.setConnectionStrategy(new RoundRobinConnectionStrategy());
                    break;
                case ACTIVE_PASSIVE:
                default:
                    connectionConfig.setConnectionStrategy(new ActivePassiveConnectionStrategy());
                    break;
            }
        }
        if (abstractLdapProperties.getTrustCertificates() != null) {
            LOGGER.debug("Creating LDAP SSL configuration via trust certificates [{}]", abstractLdapProperties.getTrustCertificates());
            X509CredentialConfig x509CredentialConfig = new X509CredentialConfig();
            x509CredentialConfig.setTrustCertificates(abstractLdapProperties.getTrustCertificates());
            connectionConfig.setSslConfig(new SslConfig(x509CredentialConfig));
        } else if (abstractLdapProperties.getTrustStore() == null && abstractLdapProperties.getKeystore() == null) {
            LOGGER.debug("Creating LDAP SSL configuration via the native JVM truststore");
            connectionConfig.setSslConfig(new SslConfig());
        } else {
            KeyStoreCredentialConfig keyStoreCredentialConfig = new KeyStoreCredentialConfig();
            if (abstractLdapProperties.getTrustStore() != null) {
                LOGGER.trace("Creating LDAP SSL configuration with truststore [{}]", abstractLdapProperties.getTrustStore());
                keyStoreCredentialConfig.setTrustStore(abstractLdapProperties.getTrustStore());
                keyStoreCredentialConfig.setTrustStoreType(abstractLdapProperties.getTrustStoreType());
                keyStoreCredentialConfig.setTrustStorePassword(abstractLdapProperties.getTrustStorePassword());
            }
            if (abstractLdapProperties.getKeystore() != null) {
                LOGGER.trace("Creating LDAP SSL configuration via keystore [{}]", abstractLdapProperties.getKeystore());
                keyStoreCredentialConfig.setKeyStore(abstractLdapProperties.getKeystore());
                keyStoreCredentialConfig.setKeyStoreType(abstractLdapProperties.getKeystoreType());
                keyStoreCredentialConfig.setKeyStorePassword(abstractLdapProperties.getKeystorePassword());
            }
            connectionConfig.setSslConfig(new SslConfig(keyStoreCredentialConfig));
        }
        SslConfig sslConfig = connectionConfig.getSslConfig();
        if (sslConfig != null) {
            switch (abstractLdapProperties.getHostnameVerifier()) {
                case ANY:
                    sslConfig.setHostnameVerifier(new AllowAnyHostnameVerifier());
                    break;
                case DEFAULT:
                default:
                    sslConfig.setHostnameVerifier(new DefaultHostnameVerifier());
                    break;
            }
            if (StringUtils.isNotBlank(abstractLdapProperties.getTrustManager())) {
                switch (AbstractLdapProperties.LdapTrustManagerOptions.valueOf(abstractLdapProperties.getTrustManager().trim().toUpperCase())) {
                    case ANY:
                        sslConfig.setTrustManagers(new AllowAnyTrustManager());
                        break;
                    case DEFAULT:
                    default:
                        sslConfig.setTrustManagers(new DefaultTrustManager());
                        break;
                }
            }
        }
        if (StringUtils.isNotBlank(abstractLdapProperties.getSaslMechanism())) {
            LOGGER.debug("Creating LDAP SASL mechanism via [{}]", abstractLdapProperties.getSaslMechanism());
            BindConnectionInitializer bindConnectionInitializer = new BindConnectionInitializer();
            SaslConfig saslConfigFrom = getSaslConfigFrom(abstractLdapProperties);
            if (StringUtils.isNotBlank(abstractLdapProperties.getSaslAuthorizationId())) {
                saslConfigFrom.setAuthorizationId(abstractLdapProperties.getSaslAuthorizationId());
            }
            saslConfigFrom.setMutualAuthentication(abstractLdapProperties.getSaslMutualAuth());
            if (StringUtils.isNotBlank(abstractLdapProperties.getSaslQualityOfProtection())) {
                saslConfigFrom.setQualityOfProtection(QualityOfProtection.valueOf(abstractLdapProperties.getSaslQualityOfProtection()));
            }
            if (StringUtils.isNotBlank(abstractLdapProperties.getSaslSecurityStrength())) {
                saslConfigFrom.setSecurityStrength(SecurityStrength.valueOf(abstractLdapProperties.getSaslSecurityStrength()));
            }
            bindConnectionInitializer.setBindSaslConfig(saslConfigFrom);
            connectionConfig.setConnectionInitializers(bindConnectionInitializer);
        } else if (StringUtils.equals(abstractLdapProperties.getBindCredential(), "*") && StringUtils.equals(abstractLdapProperties.getBindDn(), "*")) {
            LOGGER.debug("Creating LDAP fast-bind connection initializer");
            connectionConfig.setConnectionInitializers(new FastBindConnectionInitializer());
        } else if (StringUtils.isNotBlank(abstractLdapProperties.getBindDn()) && StringUtils.isNotBlank(abstractLdapProperties.getBindCredential())) {
            LOGGER.debug("Creating LDAP bind connection initializer via [{}]", abstractLdapProperties.getBindDn());
            connectionConfig.setConnectionInitializers(new BindConnectionInitializer(abstractLdapProperties.getBindDn(), new Credential(abstractLdapProperties.getBindCredential())));
        }
        return connectionConfig;
    }

    public static ConnectionFactory newLdaptiveConnectionFactory(AbstractLdapProperties abstractLdapProperties) {
        return abstractLdapProperties.isDisablePooling() ? newLdaptiveDefaultConnectionFactory(abstractLdapProperties) : newLdaptivePooledConnectionFactory(abstractLdapProperties);
    }

    public static EntryResolver newLdaptiveSearchEntryResolver(AbstractLdapAuthenticationProperties abstractLdapAuthenticationProperties, ConnectionFactory connectionFactory) {
        return new ChainingLdapEntryResolver((List) Arrays.stream(StringUtils.split(abstractLdapAuthenticationProperties.getBaseDn(), BASE_DN_DELIMITER)).map(str -> {
            SearchEntryResolver searchEntryResolver = new SearchEntryResolver();
            searchEntryResolver.setBaseDn(str.trim());
            searchEntryResolver.setUserFilter(abstractLdapAuthenticationProperties.getSearchFilter());
            searchEntryResolver.setSubtreeSearch(abstractLdapAuthenticationProperties.isSubtreeSearch());
            searchEntryResolver.setConnectionFactory(connectionFactory);
            searchEntryResolver.setAllowMultipleEntries(abstractLdapAuthenticationProperties.isAllowMultipleEntries());
            searchEntryResolver.setBinaryAttributes((String[]) abstractLdapAuthenticationProperties.getBinaryAttributes().toArray(new String[0]));
            if (StringUtils.isNotBlank(abstractLdapAuthenticationProperties.getDerefAliases())) {
                searchEntryResolver.setDerefAliases(DerefAliases.valueOf(abstractLdapAuthenticationProperties.getDerefAliases()));
            }
            List<LdapEntryHandler> newLdaptiveEntryHandlers = newLdaptiveEntryHandlers(abstractLdapAuthenticationProperties.getSearchEntryHandlers());
            List<SearchResultHandler> newLdaptiveSearchResultHandlers = newLdaptiveSearchResultHandlers(abstractLdapAuthenticationProperties.getSearchEntryHandlers());
            if (!newLdaptiveEntryHandlers.isEmpty()) {
                LOGGER.debug("Search entry handlers defined for the entry resolver of [{}] are [{}]", abstractLdapAuthenticationProperties.getLdapUrl(), newLdaptiveEntryHandlers);
                searchEntryResolver.setEntryHandlers((LdapEntryHandler[]) newLdaptiveEntryHandlers.toArray(i -> {
                    return new LdapEntryHandler[i];
                }));
            }
            if (!newLdaptiveSearchResultHandlers.isEmpty()) {
                LOGGER.debug("Search entry handlers defined for the entry resolver of [{}] are [{}]", abstractLdapAuthenticationProperties.getLdapUrl(), newLdaptiveSearchResultHandlers);
                searchEntryResolver.setSearchResultHandlers((SearchResultHandler[]) newLdaptiveSearchResultHandlers.toArray(i2 -> {
                    return new SearchResultHandler[i2];
                }));
            }
            if (abstractLdapAuthenticationProperties.isFollowReferrals()) {
                searchEntryResolver.setSearchResultHandlers(new FollowSearchReferralHandler());
            }
            return searchEntryResolver;
        }).collect(Collectors.toList()));
    }

    public static List<LdapEntryHandler> newLdaptiveEntryHandlers(List<LdapSearchEntryHandlersProperties> list) {
        ArrayList arrayList = new ArrayList();
        list.forEach(ldapSearchEntryHandlersProperties -> {
            switch (ldapSearchEntryHandlersProperties.getType()) {
                case CASE_CHANGE:
                    CaseChangeEntryHandler caseChangeEntryHandler = new CaseChangeEntryHandler();
                    CaseChangeSearchEntryHandlersProperties caseChange = ldapSearchEntryHandlersProperties.getCaseChange();
                    caseChangeEntryHandler.setAttributeNameCaseChange(CaseChangeEntryHandler.CaseChange.valueOf(caseChange.getAttributeNameCaseChange()));
                    caseChangeEntryHandler.setAttributeNames((String[]) caseChange.getAttributeNames().toArray(ArrayUtils.EMPTY_STRING_ARRAY));
                    caseChangeEntryHandler.setAttributeValueCaseChange(CaseChangeEntryHandler.CaseChange.valueOf(caseChange.getAttributeValueCaseChange()));
                    caseChangeEntryHandler.setDnCaseChange(CaseChangeEntryHandler.CaseChange.valueOf(caseChange.getDnCaseChange()));
                    arrayList.add(caseChangeEntryHandler);
                    return;
                case DN_ATTRIBUTE_ENTRY:
                    DnAttributeEntryHandler dnAttributeEntryHandler = new DnAttributeEntryHandler();
                    DnAttributeSearchEntryHandlersProperties dnAttribute = ldapSearchEntryHandlersProperties.getDnAttribute();
                    dnAttributeEntryHandler.setAddIfExists(dnAttribute.isAddIfExists());
                    dnAttributeEntryHandler.setDnAttributeName(dnAttribute.getDnAttributeName());
                    arrayList.add(dnAttributeEntryHandler);
                    return;
                case MERGE:
                    MergeAttributeEntryHandler mergeAttributeEntryHandler = new MergeAttributeEntryHandler();
                    MergeAttributesSearchEntryHandlersProperties mergeAttribute = ldapSearchEntryHandlersProperties.getMergeAttribute();
                    mergeAttributeEntryHandler.setAttributeNames((String[]) mergeAttribute.getAttributeNames().toArray(ArrayUtils.EMPTY_STRING_ARRAY));
                    mergeAttributeEntryHandler.setMergeAttributeName(mergeAttribute.getMergeAttributeName());
                    arrayList.add(mergeAttributeEntryHandler);
                    return;
                case OBJECT_GUID:
                    arrayList.add(new ObjectGuidHandler());
                    return;
                case OBJECT_SID:
                    arrayList.add(new ObjectSidHandler());
                    return;
                default:
                    return;
            }
        });
        return arrayList;
    }

    public static List<SearchResultHandler> newLdaptiveSearchResultHandlers(List<LdapSearchEntryHandlersProperties> list) {
        ArrayList arrayList = new ArrayList();
        list.forEach(ldapSearchEntryHandlersProperties -> {
            switch (ldapSearchEntryHandlersProperties.getType()) {
                case PRIMARY_GROUP:
                    PrimaryGroupIdHandler primaryGroupIdHandler = new PrimaryGroupIdHandler();
                    PrimaryGroupIdSearchEntryHandlersProperties primaryGroupId = ldapSearchEntryHandlersProperties.getPrimaryGroupId();
                    primaryGroupIdHandler.setBaseDn(primaryGroupId.getBaseDn());
                    primaryGroupIdHandler.setGroupFilter(primaryGroupId.getGroupFilter());
                    arrayList.add(primaryGroupIdHandler);
                    return;
                case RANGE_ENTRY:
                    arrayList.add(new RangeEntryHandler());
                    return;
                case RECURSIVE_ENTRY:
                    RecursiveSearchEntryHandlersProperties recursive = ldapSearchEntryHandlersProperties.getRecursive();
                    arrayList.add(new RecursiveResultHandler(recursive.getSearchAttribute(), (String[]) recursive.getMergeAttributes().toArray(ArrayUtils.EMPTY_STRING_ARRAY)));
                    return;
                default:
                    return;
            }
        });
        return arrayList;
    }

    private static Authenticator getAuthenticatedOrAnonSearchAuthenticator(AbstractLdapAuthenticationProperties abstractLdapAuthenticationProperties) {
        if (StringUtils.isBlank(abstractLdapAuthenticationProperties.getBaseDn())) {
            throw new IllegalArgumentException("Base dn cannot be empty/blank for authenticated/anonymous authentication");
        }
        if (StringUtils.isBlank(abstractLdapAuthenticationProperties.getSearchFilter())) {
            throw new IllegalArgumentException("User filter cannot be empty/blank for authenticated/anonymous authentication");
        }
        DnResolver buildAggregateDnResolver = buildAggregateDnResolver(abstractLdapAuthenticationProperties, newLdaptiveConnectionFactory(abstractLdapAuthenticationProperties));
        Authenticator authenticator = StringUtils.isBlank(abstractLdapAuthenticationProperties.getPrincipalAttributePassword()) ? new Authenticator(buildAggregateDnResolver, getBindAuthenticationHandler(newLdaptiveConnectionFactory(abstractLdapAuthenticationProperties))) : new Authenticator(buildAggregateDnResolver, getCompareAuthenticationHandler(abstractLdapAuthenticationProperties, newLdaptiveConnectionFactory(abstractLdapAuthenticationProperties)));
        if (abstractLdapAuthenticationProperties.isEnhanceWithEntryResolver()) {
            authenticator.setEntryResolver(newLdaptiveSearchEntryResolver(abstractLdapAuthenticationProperties, newLdaptiveConnectionFactory(abstractLdapAuthenticationProperties)));
        }
        return authenticator;
    }

    private static Authenticator getDirectBindAuthenticator(AbstractLdapAuthenticationProperties abstractLdapAuthenticationProperties) {
        if (StringUtils.isBlank(abstractLdapAuthenticationProperties.getDnFormat())) {
            throw new IllegalArgumentException("Dn format cannot be empty/blank for direct bind authentication");
        }
        return getAuthenticatorViaDnFormat(abstractLdapAuthenticationProperties);
    }

    private static Authenticator getActiveDirectoryAuthenticator(AbstractLdapAuthenticationProperties abstractLdapAuthenticationProperties) {
        if (StringUtils.isBlank(abstractLdapAuthenticationProperties.getDnFormat())) {
            throw new IllegalArgumentException("Dn format cannot be empty/blank for active directory authentication");
        }
        return getAuthenticatorViaDnFormat(abstractLdapAuthenticationProperties);
    }

    private static Authenticator getAuthenticatorViaDnFormat(AbstractLdapAuthenticationProperties abstractLdapAuthenticationProperties) {
        Authenticator authenticator = new Authenticator(new FormatDnResolver(abstractLdapAuthenticationProperties.getDnFormat()), getBindAuthenticationHandler(newLdaptiveConnectionFactory(abstractLdapAuthenticationProperties)));
        if (abstractLdapAuthenticationProperties.isEnhanceWithEntryResolver()) {
            authenticator.setEntryResolver(newLdaptiveSearchEntryResolver(abstractLdapAuthenticationProperties, newLdaptiveConnectionFactory(abstractLdapAuthenticationProperties)));
        }
        return authenticator;
    }

    private static SimpleBindAuthenticationHandler getBindAuthenticationHandler(ConnectionFactory connectionFactory) {
        SimpleBindAuthenticationHandler simpleBindAuthenticationHandler = new SimpleBindAuthenticationHandler(connectionFactory);
        simpleBindAuthenticationHandler.setAuthenticationControls(new PasswordPolicyControl());
        return simpleBindAuthenticationHandler;
    }

    private static CompareAuthenticationHandler getCompareAuthenticationHandler(AbstractLdapAuthenticationProperties abstractLdapAuthenticationProperties, ConnectionFactory connectionFactory) {
        CompareAuthenticationHandler compareAuthenticationHandler = new CompareAuthenticationHandler(connectionFactory);
        compareAuthenticationHandler.setPasswordAttribute(abstractLdapAuthenticationProperties.getPrincipalAttributePassword());
        return compareAuthenticationHandler;
    }

    private static SaslConfig getSaslConfigFrom(AbstractLdapProperties abstractLdapProperties) {
        if (Mechanism.valueOf(abstractLdapProperties.getSaslMechanism()) == Mechanism.DIGEST_MD5) {
            SaslConfig saslConfig = new SaslConfig();
            saslConfig.setMechanism(Mechanism.DIGEST_MD5);
            saslConfig.setRealm(abstractLdapProperties.getSaslRealm());
            return saslConfig;
        }
        if (Mechanism.valueOf(abstractLdapProperties.getSaslMechanism()) == Mechanism.CRAM_MD5) {
            SaslConfig saslConfig2 = new SaslConfig();
            saslConfig2.setMechanism(Mechanism.CRAM_MD5);
            return saslConfig2;
        }
        if (Mechanism.valueOf(abstractLdapProperties.getSaslMechanism()) == Mechanism.EXTERNAL) {
            SaslConfig saslConfig3 = new SaslConfig();
            saslConfig3.setMechanism(Mechanism.EXTERNAL);
            return saslConfig3;
        }
        SaslConfig saslConfig4 = new SaslConfig();
        saslConfig4.setMechanism(Mechanism.GSSAPI);
        saslConfig4.setRealm(abstractLdapProperties.getSaslRealm());
        return saslConfig4;
    }

    private static DefaultConnectionFactory newLdaptiveDefaultConnectionFactory(AbstractLdapProperties abstractLdapProperties) {
        LOGGER.debug("Creating LDAP connection factory for [{}]", abstractLdapProperties.getLdapUrl());
        return new DefaultConnectionFactory(newLdaptiveConnectionConfig(abstractLdapProperties));
    }

    private static DnResolver buildAggregateDnResolver(AbstractLdapAuthenticationProperties abstractLdapAuthenticationProperties, ConnectionFactory connectionFactory) {
        return new ChainingLdapDnResolver((List) Arrays.stream(StringUtils.split(abstractLdapAuthenticationProperties.getBaseDn(), BASE_DN_DELIMITER)).map(str -> {
            SearchDnResolver searchDnResolver = new SearchDnResolver();
            searchDnResolver.setBaseDn(str);
            searchDnResolver.setSubtreeSearch(abstractLdapAuthenticationProperties.isSubtreeSearch());
            searchDnResolver.setAllowMultipleDns(abstractLdapAuthenticationProperties.isAllowMultipleDns());
            searchDnResolver.setConnectionFactory(connectionFactory);
            searchDnResolver.setUserFilter(abstractLdapAuthenticationProperties.getSearchFilter());
            if (abstractLdapAuthenticationProperties.isFollowReferrals()) {
                searchDnResolver.setSearchResultHandlers(new FollowSearchReferralHandler());
            }
            if (StringUtils.isNotBlank(abstractLdapAuthenticationProperties.getDerefAliases())) {
                searchDnResolver.setDerefAliases(DerefAliases.valueOf(abstractLdapAuthenticationProperties.getDerefAliases()));
            }
            return searchDnResolver;
        }).collect(Collectors.toList()));
    }

    public static SetFactoryBean createLdapAuthenticationFactoryBean() {
        SetFactoryBean setFactoryBean = new SetFactoryBean() { // from class: org.apereo.cas.util.LdapUtils.1
            /* renamed from: destroyInstance, reason: avoid collision after fix types in other method */
            protected void destroyInstance2(Set set) {
                set.forEach(Unchecked.consumer(obj -> {
                    ((DisposableBean) obj).destroy();
                }));
            }

            @Override // org.springframework.beans.factory.config.AbstractFactoryBean
            protected /* bridge */ /* synthetic */ void destroyInstance(Set<Object> set) throws Exception {
                destroyInstance2((Set) set);
            }
        };
        setFactoryBean.setSourceSet(new HashSet());
        return setFactoryBean;
    }

    private static AuthenticationPasswordPolicyHandlingStrategy<AuthenticationResponse, PasswordPolicyContext> createLdapPasswordPolicyHandlingStrategy(LdapAuthenticationProperties ldapAuthenticationProperties, ApplicationContext applicationContext) {
        if (ldapAuthenticationProperties.getPasswordPolicy().getStrategy() == PasswordPolicyProperties.PasswordPolicyHandlingOptions.REJECT_RESULT_CODE) {
            LOGGER.debug("Created LDAP password policy handling strategy based on blocked authentication result codes");
            return new RejectResultCodeLdapPasswordPolicyHandlingStrategy();
        }
        Resource location = ldapAuthenticationProperties.getPasswordPolicy().getGroovy().getLocation();
        if (ldapAuthenticationProperties.getPasswordPolicy().getStrategy() != PasswordPolicyProperties.PasswordPolicyHandlingOptions.GROOVY || location == null) {
            LOGGER.debug("Created default LDAP password policy handling strategy");
            return new DefaultPasswordPolicyHandlingStrategy();
        }
        LOGGER.debug("Created LDAP password policy handling strategy based on Groovy script [{}]", location);
        return new GroovyPasswordPolicyHandlingStrategy(location, applicationContext);
    }

    private static PasswordPolicyContext createLdapPasswordPolicyConfiguration(LdapPasswordPolicyProperties ldapPasswordPolicyProperties, Authenticator authenticator, Multimap<String, Object> multimap) {
        PasswordPolicyContext passwordPolicyContext = new PasswordPolicyContext(ldapPasswordPolicyProperties);
        HashSet hashSet = new HashSet();
        String customPolicyClass = ldapPasswordPolicyProperties.getCustomPolicyClass();
        if (StringUtils.isNotBlank(customPolicyClass)) {
            try {
                LOGGER.debug("Configuration indicates use of a custom password policy handler [{}]", customPolicyClass);
                hashSet.add(Class.forName(customPolicyClass).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]));
            } catch (Exception e) {
                LoggingUtils.warn(LOGGER, "Unable to construct an instance of the password policy handler", e);
            }
        }
        LOGGER.debug("Password policy authentication response handler is set to accommodate directory type: [{}]", ldapPasswordPolicyProperties.getType());
        switch (ldapPasswordPolicyProperties.getType()) {
            case AD:
                hashSet.add(new ActiveDirectoryAuthenticationResponseHandler(Period.ofDays(passwordPolicyContext.getPasswordWarningNumberOfDays())));
                Arrays.stream(ActiveDirectoryAuthenticationResponseHandler.ATTRIBUTES).forEach(str -> {
                    LOGGER.debug("Configuring authentication to retrieve password policy attribute [{}]", str);
                    multimap.put(str, str);
                });
                break;
            case FreeIPA:
                Arrays.stream(FreeIPAAuthenticationResponseHandler.ATTRIBUTES).forEach(str2 -> {
                    LOGGER.debug("Configuring authentication to retrieve password policy attribute [{}]", str2);
                    multimap.put(str2, str2);
                });
                hashSet.add(new FreeIPAAuthenticationResponseHandler(Period.ofDays(passwordPolicyContext.getPasswordWarningNumberOfDays()), passwordPolicyContext.getLoginFailures()));
                break;
            case EDirectory:
                Arrays.stream(EDirectoryAuthenticationResponseHandler.ATTRIBUTES).forEach(str3 -> {
                    LOGGER.debug("Configuring authentication to retrieve password policy attribute [{}]", str3);
                    multimap.put(str3, str3);
                });
                hashSet.add(new EDirectoryAuthenticationResponseHandler(Period.ofDays(passwordPolicyContext.getPasswordWarningNumberOfDays())));
                break;
            default:
                hashSet.add(new PasswordPolicyAuthenticationResponseHandler());
                hashSet.add(new PasswordExpirationAuthenticationResponseHandler());
                break;
        }
        authenticator.setResponseHandlers((AuthenticationResponseHandler[]) hashSet.toArray(i -> {
            return new AuthenticationResponseHandler[i];
        }));
        LOGGER.debug("LDAP authentication response handlers configured are: [{}]", hashSet);
        if (!ldapPasswordPolicyProperties.isAccountStateHandlingEnabled()) {
            passwordPolicyContext.setAccountStateHandler((obj, obj2) -> {
                return new ArrayList(0);
            });
            LOGGER.trace("Handling LDAP account states is disabled via CAS configuration");
        } else if (StringUtils.isNotBlank(ldapPasswordPolicyProperties.getWarningAttributeName()) && StringUtils.isNotBlank(ldapPasswordPolicyProperties.getWarningAttributeValue())) {
            OptionalWarningLdapAccountStateHandler optionalWarningLdapAccountStateHandler = new OptionalWarningLdapAccountStateHandler();
            optionalWarningLdapAccountStateHandler.setDisplayWarningOnMatch(ldapPasswordPolicyProperties.isDisplayWarningOnMatch());
            optionalWarningLdapAccountStateHandler.setWarnAttributeName(ldapPasswordPolicyProperties.getWarningAttributeName());
            optionalWarningLdapAccountStateHandler.setWarningAttributeValue(ldapPasswordPolicyProperties.getWarningAttributeValue());
            optionalWarningLdapAccountStateHandler.setAttributesToErrorMap(ldapPasswordPolicyProperties.getPolicyAttributes());
            passwordPolicyContext.setAccountStateHandler(optionalWarningLdapAccountStateHandler);
            LOGGER.debug("Configuring an warning account state handler for LDAP authentication for warning attribute [{}] and value [{}]", ldapPasswordPolicyProperties.getWarningAttributeName(), ldapPasswordPolicyProperties.getWarningAttributeValue());
        } else {
            DefaultLdapAccountStateHandler defaultLdapAccountStateHandler = new DefaultLdapAccountStateHandler();
            defaultLdapAccountStateHandler.setAttributesToErrorMap(ldapPasswordPolicyProperties.getPolicyAttributes());
            passwordPolicyContext.setAccountStateHandler(defaultLdapAccountStateHandler);
            LOGGER.debug("Configuring the default account state handler for LDAP authentication");
        }
        return passwordPolicyContext;
    }

    public static LdapAuthenticationHandler createLdapAuthenticationHandler(LdapAuthenticationProperties ldapAuthenticationProperties, ApplicationContext applicationContext, ServicesManager servicesManager, PrincipalFactory principalFactory) {
        Multimap<String, Object> transformPrincipalAttributesListIntoMultiMap = CoreAuthenticationUtils.transformPrincipalAttributesListIntoMultiMap(ldapAuthenticationProperties.getPrincipalAttributeList());
        LOGGER.debug("Created and mapped principal attributes [{}] for [{}]...", transformPrincipalAttributesListIntoMultiMap, ldapAuthenticationProperties.getLdapUrl());
        LOGGER.debug("Creating LDAP authenticator for [{}] and baseDn [{}]", ldapAuthenticationProperties.getLdapUrl(), ldapAuthenticationProperties.getBaseDn());
        Authenticator newLdaptiveAuthenticator = newLdaptiveAuthenticator(ldapAuthenticationProperties);
        LOGGER.debug("Ldap authenticator configured with return attributes [{}] for [{}] and baseDn [{}]", transformPrincipalAttributesListIntoMultiMap.keySet(), ldapAuthenticationProperties.getLdapUrl(), ldapAuthenticationProperties.getBaseDn());
        LOGGER.debug("Creating LDAP password policy handling strategy for [{}]", ldapAuthenticationProperties.getLdapUrl());
        AuthenticationPasswordPolicyHandlingStrategy<AuthenticationResponse, PasswordPolicyContext> createLdapPasswordPolicyHandlingStrategy = createLdapPasswordPolicyHandlingStrategy(ldapAuthenticationProperties, applicationContext);
        LOGGER.debug("Creating LDAP authentication handler for [{}]", ldapAuthenticationProperties.getLdapUrl());
        LdapAuthenticationHandler ldapAuthenticationHandler = new LdapAuthenticationHandler(ldapAuthenticationProperties.getName(), servicesManager, principalFactory, ldapAuthenticationProperties.getOrder(), newLdaptiveAuthenticator, createLdapPasswordPolicyHandlingStrategy);
        ldapAuthenticationHandler.setCollectDnAttribute(ldapAuthenticationProperties.isCollectDnAttribute());
        if (!ldapAuthenticationProperties.getAdditionalAttributes().isEmpty()) {
            transformPrincipalAttributesListIntoMultiMap.putAll(CoreAuthenticationUtils.transformPrincipalAttributesListIntoMultiMap(ldapAuthenticationProperties.getAdditionalAttributes()));
        }
        if (StringUtils.isNotBlank(ldapAuthenticationProperties.getPrincipalDnAttributeName())) {
            ldapAuthenticationHandler.setPrincipalDnAttributeName(ldapAuthenticationProperties.getPrincipalDnAttributeName());
        }
        ldapAuthenticationHandler.setAllowMultiplePrincipalAttributeValues(ldapAuthenticationProperties.isAllowMultiplePrincipalAttributeValues());
        ldapAuthenticationHandler.setAllowMissingPrincipalAttributeValue(ldapAuthenticationProperties.isAllowMissingPrincipalAttributeValue());
        ldapAuthenticationHandler.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(ldapAuthenticationProperties.getPasswordEncoder(), applicationContext));
        ldapAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(ldapAuthenticationProperties.getPrincipalTransformation()));
        if (StringUtils.isNotBlank(ldapAuthenticationProperties.getCredentialCriteria())) {
            LOGGER.trace("Ldap authentication for [{}] is filtering credentials by [{}]", ldapAuthenticationProperties.getLdapUrl(), ldapAuthenticationProperties.getCredentialCriteria());
            ldapAuthenticationHandler.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(ldapAuthenticationProperties.getCredentialCriteria()));
        }
        if (StringUtils.isBlank(ldapAuthenticationProperties.getPrincipalAttributeId())) {
            LOGGER.trace("No principal id attribute is found for LDAP authentication via [{}]", ldapAuthenticationProperties.getLdapUrl());
        } else {
            ldapAuthenticationHandler.setPrincipalIdAttribute(ldapAuthenticationProperties.getPrincipalAttributeId());
            LOGGER.trace("Using principal id attribute [{}] for LDAP authentication via [{}]", ldapAuthenticationProperties.getPrincipalAttributeId(), ldapAuthenticationProperties.getLdapUrl());
        }
        LdapPasswordPolicyProperties passwordPolicy = ldapAuthenticationProperties.getPasswordPolicy();
        if (passwordPolicy.isEnabled()) {
            LOGGER.trace("Password policy is enabled for [{}]. Constructing password policy configuration", ldapAuthenticationProperties.getLdapUrl());
            ldapAuthenticationHandler.setPasswordPolicyConfiguration(createLdapPasswordPolicyConfiguration(passwordPolicy, newLdaptiveAuthenticator, transformPrincipalAttributesListIntoMultiMap));
        }
        ldapAuthenticationHandler.setPrincipalAttributeMap(CollectionUtils.wrap((Multimap) transformPrincipalAttributesListIntoMultiMap));
        LOGGER.debug("Initializing LDAP authentication handler for [{}]", ldapAuthenticationProperties.getLdapUrl());
        ldapAuthenticationHandler.initialize();
        return ldapAuthenticationHandler;
    }

    @Generated
    private LdapUtils() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }
}
