package org.springframework.security.ui.ntlm.ldap.authenticator;

import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.ldap.NameNotFoundException;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.ldap.SpringSecurityLdapTemplate;
import org.springframework.security.ldap.authentication.BindAuthenticator;
import org.springframework.security.ui.ntlm.NtlmUsernamePasswordAuthenticationToken;

/* loaded from: input_file:org/springframework/security/ui/ntlm/ldap/authenticator/NtlmAwareLdapAuthenticator.class */
public class NtlmAwareLdapAuthenticator extends BindAuthenticator {
    private static final Log logger = LogFactory.getLog(NtlmAwareLdapAuthenticator.class);

    public NtlmAwareLdapAuthenticator(BaseLdapPathContextSource baseLdapPathContextSource) {
        super(baseLdapPathContextSource);
    }

    protected DirContextOperations loadUser(String str, String str2) {
        try {
            return new SpringSecurityLdapTemplate(getContextSource()).retrieveEntry(str, getUserAttributes());
        } catch (NameNotFoundException e) {
            if (!logger.isDebugEnabled()) {
                return null;
            }
            logger.debug("Failed to load user " + str + ": " + e.getMessage(), e);
            return null;
        }
    }

    public DirContextOperations authenticate(Authentication authentication) {
        if (!(authentication instanceof NtlmUsernamePasswordAuthenticationToken)) {
            return super.authenticate(authentication);
        }
        if (!authentication.isAuthenticated()) {
            throw new BadCredentialsException("Unauthenticated NTLM authentication token found");
        }
        if (logger.isDebugEnabled()) {
            logger.debug("authenticate(NtlmUsernamePasswordAuthenticationToken) - start");
        }
        String name = authentication.getName();
        DirContextOperations dirContextOperations = null;
        Iterator it = getUserDns(name).iterator();
        while (it.hasNext() && dirContextOperations == null) {
            dirContextOperations = loadUser((String) it.next(), name);
        }
        if (dirContextOperations == null && getUserSearch() != null) {
            dirContextOperations = loadUser(getUserSearch().searchForUser(name).getDn().toString(), name);
        }
        if (dirContextOperations == null) {
            throw new BadCredentialsException(this.messages.getMessage("BindAuthenticator.badCredentials", "Bad credentials"));
        }
        if (logger.isDebugEnabled()) {
            logger.debug("authenticate(NtlmUsernamePasswordAuthenticationToken) - end");
        }
        return dirContextOperations;
    }
}
