package org.apereo.cas.authorization;

import java.util.List;
import java.util.Optional;
import lombok.Generated;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LdapUtils;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.SearchOperation;
import org.ldaptive.SearchResponse;
import org.pac4j.core.authorization.generator.AuthorizationGenerator;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.profile.UserProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-ldap-core-6.5.9.4.jar:org/apereo/cas/authorization/BaseUseAttributesAuthorizationGenerator.class */
public abstract class BaseUseAttributesAuthorizationGenerator implements AuthorizationGenerator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) BaseUseAttributesAuthorizationGenerator.class);
    private final SearchOperation userSearchOperation;
    private final boolean allowMultipleResults;

    /* JADX INFO: Access modifiers changed from: protected */
    public void addProfileRoles(LdapEntry ldapEntry, UserProfile userProfile, LdapAttribute ldapAttribute, String str) {
        addProfileRolesFromAttributes(userProfile, ldapAttribute, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addProfileRolesFromAttributes(UserProfile userProfile, LdapAttribute ldapAttribute, String str) {
        ldapAttribute.getStringValues().forEach(str2 -> {
            userProfile.addRole(str.concat(str2.toUpperCase()));
        });
    }

    @Override // org.pac4j.core.authorization.generator.AuthorizationGenerator
    public Optional<UserProfile> generate(WebContext webContext, SessionStore sessionStore, UserProfile userProfile) {
        String id = userProfile.getId();
        LOGGER.debug("Attempting to get details for user [{}].", id);
        SearchResponse execute = this.userSearchOperation.execute(LdapUtils.newLdaptiveSearchFilter(this.userSearchOperation.getTemplate().getFilter(), "user", (List<String>) CollectionUtils.wrap(id)));
        LOGGER.debug("LDAP user search response: [{}]", execute);
        if (this.allowMultipleResults || execute.entrySize() <= 1) {
            return execute.entrySize() > 0 ? generateAuthorizationForLdapEntry(userProfile, execute.getEntry()) : Optional.of(userProfile);
        }
        throw new IllegalStateException("Found multiple results for user which is not allowed.");
    }

    protected abstract Optional<UserProfile> generateAuthorizationForLdapEntry(UserProfile userProfile, LdapEntry ldapEntry);

    /* JADX INFO: Access modifiers changed from: protected */
    @Generated
    public BaseUseAttributesAuthorizationGenerator(SearchOperation searchOperation, boolean z) {
        this.userSearchOperation = searchOperation;
        this.allowMultipleResults = z;
    }

    @Generated
    public SearchOperation getUserSearchOperation() {
        return this.userSearchOperation;
    }

    @Generated
    public boolean isAllowMultipleResults() {
        return this.allowMultipleResults;
    }
}
