package org.springframework.security.ldap.authentication;

import java.util.Collection;
import org.springframework.ldap.NamingException;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.ldap.ppolicy.PasswordPolicyException;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-ldap-5.4.6.jar:org/springframework/security/ldap/authentication/LdapAuthenticationProvider.class */
public class LdapAuthenticationProvider extends AbstractLdapAuthenticationProvider {
    private LdapAuthenticator authenticator;
    private LdapAuthoritiesPopulator authoritiesPopulator;
    private boolean hideUserNotFoundExceptions = true;

    public LdapAuthenticationProvider(LdapAuthenticator ldapAuthenticator, LdapAuthoritiesPopulator ldapAuthoritiesPopulator) {
        setAuthenticator(ldapAuthenticator);
        setAuthoritiesPopulator(ldapAuthoritiesPopulator);
    }

    public LdapAuthenticationProvider(LdapAuthenticator ldapAuthenticator) {
        setAuthenticator(ldapAuthenticator);
        setAuthoritiesPopulator(new NullLdapAuthoritiesPopulator());
    }

    private void setAuthenticator(LdapAuthenticator ldapAuthenticator) {
        Assert.notNull(ldapAuthenticator, "An LdapAuthenticator must be supplied");
        this.authenticator = ldapAuthenticator;
    }

    private LdapAuthenticator getAuthenticator() {
        return this.authenticator;
    }

    private void setAuthoritiesPopulator(LdapAuthoritiesPopulator ldapAuthoritiesPopulator) {
        Assert.notNull(ldapAuthoritiesPopulator, "An LdapAuthoritiesPopulator must be supplied");
        this.authoritiesPopulator = ldapAuthoritiesPopulator;
    }

    protected LdapAuthoritiesPopulator getAuthoritiesPopulator() {
        return this.authoritiesPopulator;
    }

    public void setHideUserNotFoundExceptions(boolean z) {
        this.hideUserNotFoundExceptions = z;
    }

    @Override // org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
    protected DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        try {
            return getAuthenticator().authenticate(usernamePasswordAuthenticationToken);
        } catch (NamingException e) {
            throw new InternalAuthenticationServiceException(e.getMessage(), e);
        } catch (UsernameNotFoundException e2) {
            if (this.hideUserNotFoundExceptions) {
                throw new BadCredentialsException(this.messages.getMessage("LdapAuthenticationProvider.badCredentials", "Bad credentials"));
            }
            throw e2;
        } catch (PasswordPolicyException e3) {
            throw new LockedException(this.messages.getMessage(e3.getStatus().getErrorCode(), e3.getStatus().getDefaultMessage()));
        }
    }

    @Override // org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
    protected Collection<? extends GrantedAuthority> loadUserAuthorities(DirContextOperations dirContextOperations, String str, String str2) {
        return getAuthoritiesPopulator().getGrantedAuthorities(dirContextOperations, str);
    }
}
