package org.springframework.security.providers.ldap.authenticator;

import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.ldap.NameNotFoundException;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.security.Authentication;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.ldap.LdapUtils;
import org.springframework.security.ldap.SpringSecurityLdapTemplate;
import org.springframework.security.providers.encoding.PasswordEncoder;
import org.springframework.security.userdetails.UsernameNotFoundException;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-core-2.0-M2.jar:org/springframework/security/providers/ldap/authenticator/PasswordComparisonAuthenticator.class */
public final class PasswordComparisonAuthenticator extends AbstractLdapAuthenticator {
    private static final Log logger;
    private PasswordEncoder passwordEncoder;
    private String passwordAttributeName;
    static Class class$org$springframework$security$providers$ldap$authenticator$PasswordComparisonAuthenticator;
    static Class class$org$springframework$security$providers$UsernamePasswordAuthenticationToken;

    public PasswordComparisonAuthenticator(BaseLdapPathContextSource baseLdapPathContextSource) {
        super(baseLdapPathContextSource);
        this.passwordEncoder = new LdapShaPasswordEncoder();
        this.passwordAttributeName = "userPassword";
    }

    @Override // org.springframework.security.providers.ldap.authenticator.AbstractLdapAuthenticator, org.springframework.security.providers.ldap.LdapAuthenticator
    public DirContextOperations authenticate(Authentication authentication) {
        Class cls;
        if (class$org$springframework$security$providers$UsernamePasswordAuthenticationToken == null) {
            cls = class$("org.springframework.security.providers.UsernamePasswordAuthenticationToken");
            class$org$springframework$security$providers$UsernamePasswordAuthenticationToken = cls;
        } else {
            cls = class$org$springframework$security$providers$UsernamePasswordAuthenticationToken;
        }
        Assert.isInstanceOf(cls, authentication, "Can only process UsernamePasswordAuthenticationToken objects");
        DirContextOperations dirContextOperations = null;
        String name = authentication.getName();
        String str = (String) authentication.getCredentials();
        Iterator it = getUserDns(name).iterator();
        SpringSecurityLdapTemplate springSecurityLdapTemplate = new SpringSecurityLdapTemplate(getContextSource());
        while (it.hasNext() && dirContextOperations == null) {
            try {
                dirContextOperations = springSecurityLdapTemplate.retrieveEntry((String) it.next(), getUserAttributes());
            } catch (NameNotFoundException e) {
            }
        }
        if (dirContextOperations == null && getUserSearch() != null) {
            dirContextOperations = getUserSearch().searchForUser(name);
        }
        if (dirContextOperations == null) {
            throw new UsernameNotFoundException(name);
        }
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("Performing LDAP compare of password attribute '").append(this.passwordAttributeName).append("' for user '").append(dirContextOperations.getDn()).append("'").toString());
        }
        if (springSecurityLdapTemplate.compare(dirContextOperations.getDn().toString(), this.passwordAttributeName, LdapUtils.getUtf8Bytes(this.passwordEncoder.encodePassword(str, null)))) {
            return dirContextOperations;
        }
        throw new BadCredentialsException(this.messages.getMessage("PasswordComparisonAuthenticator.badCredentials", "Bad credentials"));
    }

    public void setPasswordAttributeName(String str) {
        Assert.hasLength(str, "passwordAttributeName must not be empty or null");
        this.passwordAttributeName = str;
    }

    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        Assert.notNull(passwordEncoder, "passwordEncoder must not be null.");
        this.passwordEncoder = passwordEncoder;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$springframework$security$providers$ldap$authenticator$PasswordComparisonAuthenticator == null) {
            cls = class$("org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator");
            class$org$springframework$security$providers$ldap$authenticator$PasswordComparisonAuthenticator = cls;
        } else {
            cls = class$org$springframework$security$providers$ldap$authenticator$PasswordComparisonAuthenticator;
        }
        logger = LogFactory.getLog(cls);
    }
}
