package com.networknt.oauth.auth;

import com.networknt.ldap.LdapUtil;
import com.networknt.oauth.security.LdapCredential;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import java.security.Principal;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/oauth/auth/LdapAuthenticator.class */
public class LdapAuthenticator extends AuthenticatorBase<LdapAuth> {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) LdapAuthenticator.class);

    public LdapAuthenticator() {
        LOGGER.info("LdapAuthenticator is constructed.");
    }

    @Override // com.networknt.oauth.auth.Authenticator
    public Account authenticate(final String str, Credential credential) {
        if (!(credential instanceof LdapCredential)) {
            return null;
        }
        final LdapCredential ldapCredential = (LdapCredential) credential;
        try {
            try {
                if (!LdapUtil.authenticate(ldapCredential.getUsername(), new String(ldapCredential.getPassword()))) {
                    return null;
                }
                Account account = new Account() { // from class: com.networknt.oauth.auth.LdapAuthenticator.1
                    private final Set<String> roles;
                    private final Principal principal;

                    {
                        this.roles = LdapUtil.authorize(ldapCredential.getUsername());
                        String str2 = str;
                        this.principal = () -> {
                            return str2;
                        };
                    }

                    @Override // io.undertow.security.idm.Account
                    public Principal getPrincipal() {
                        return this.principal;
                    }

                    @Override // io.undertow.security.idm.Account
                    public Set<String> getRoles() {
                        return this.roles != null ? this.roles : Set.of();
                    }
                };
                ldapCredential.clearPassword();
                return account;
            } catch (Exception e) {
                LOGGER.error("LDAP authentication failed", (Throwable) e);
                ldapCredential.clearPassword();
                return null;
            }
        } finally {
            ldapCredential.clearPassword();
        }
    }
}
