package net.shibboleth.idp.authn.config;

import com.google.common.base.MoreObjects;
import java.security.GeneralSecurityException;
import java.time.Duration;
import java.time.Period;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.PooledTemplateSearchDnResolver;
import net.shibboleth.idp.authn.TemplateSearchDnResolver;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.primitive.DeprecationSupport;
import org.apache.velocity.app.VelocityEngine;
import org.ldaptive.ActivePassiveConnectionStrategy;
import org.ldaptive.BindConnectionInitializer;
import org.ldaptive.BindRequest;
import org.ldaptive.ConnectionConfig;
import org.ldaptive.ConnectionInitializer;
import org.ldaptive.Credential;
import org.ldaptive.DefaultConnectionFactory;
import org.ldaptive.LdapURL;
import org.ldaptive.RandomConnectionStrategy;
import org.ldaptive.RoundRobinConnectionStrategy;
import org.ldaptive.SearchFilter;
import org.ldaptive.SearchRequest;
import org.ldaptive.SearchScope;
import org.ldaptive.auth.Authenticator;
import org.ldaptive.auth.BindAuthenticationHandler;
import org.ldaptive.auth.FormatDnResolver;
import org.ldaptive.auth.PooledBindAuthenticationHandler;
import org.ldaptive.auth.PooledSearchEntryResolver;
import org.ldaptive.auth.SearchEntryResolver;
import org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler;
import org.ldaptive.auth.ext.EDirectoryAuthenticationResponseHandler;
import org.ldaptive.auth.ext.FreeIPAAuthenticationResponseHandler;
import org.ldaptive.auth.ext.PasswordExpirationAuthenticationResponseHandler;
import org.ldaptive.auth.ext.PasswordPolicyAuthenticationRequestHandler;
import org.ldaptive.auth.ext.PasswordPolicyAuthenticationResponseHandler;
import org.ldaptive.pool.BindPassivator;
import org.ldaptive.pool.BlockingConnectionPool;
import org.ldaptive.pool.IdlePruneStrategy;
import org.ldaptive.pool.Passivator;
import org.ldaptive.pool.PoolConfig;
import org.ldaptive.pool.PooledConnectionFactory;
import org.ldaptive.pool.SearchValidator;
import org.ldaptive.ssl.AllowAnyHostnameVerifier;
import org.ldaptive.ssl.CredentialConfig;
import org.ldaptive.ssl.SslConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.config.AbstractFactoryBean;

/* loaded from: input_file:WEB-INF/lib/idp-authn-api-4.3.1.jar:net/shibboleth/idp/authn/config/LDAPAuthenticationFactoryBean.class */
public class LDAPAuthenticationFactoryBean extends AbstractFactoryBean<Authenticator> {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) LDAPAuthenticationFactoryBean.class);
    private AuthenticatorType authenticatorType;
    private TrustType trustType;
    private ConnectionStrategyType connectionStrategyType;
    private String ldapUrl;
    private boolean useStartTLS;
    private boolean useSSL;
    private boolean disableHostnameVerification;
    private Duration connectTimeout;
    private Duration responseTimeout;
    private CredentialConfig trustCertificatesCredentialConfig;
    private CredentialConfig truststoreCredentialConfig;
    private boolean disablePooling;
    private Duration blockWaitTime;
    private int minPoolSize;
    private int maxPoolSize;
    private boolean validateOnCheckout;
    private boolean validatePeriodically;
    private Duration validatePeriod;
    private String validateDn;
    private String validateFilter;
    private PassivatorType bindPoolPassivatorType;
    private Duration prunePeriod;
    private Duration idleTime;
    private String dnFormat;
    private String baseDn;
    private String userFilter;
    private boolean subtreeSearch;
    private boolean resolveEntryOnFailure;
    private boolean resolveEntryWithBindDn;
    private VelocityEngine velocityEngine;
    private String bindDn;
    private String bindDnCredential;
    private boolean usePasswordPolicy;
    private boolean usePasswordExpiration;
    private boolean isActiveDirectory;
    private boolean isFreeIPA;
    private boolean isEDirectory;
    private Period accountStateExpirationPeriod;
    private Period accountStateWarningPeriod;
    private int accountStateLoginFailures;

    /* loaded from: input_file:WEB-INF/lib/idp-authn-api-4.3.1.jar:net/shibboleth/idp/authn/config/LDAPAuthenticationFactoryBean$AuthenticatorType.class */
    public enum AuthenticatorType {
        ANON_SEARCH("anonSearchAuthenticator"),
        BIND_SEARCH("bindSearchAuthenticator"),
        DIRECT("directAuthenticator"),
        AD("adAuthenticator");

        private final String label;

        AuthenticatorType(String str) {
            this.label = str;
        }

        public String label() {
            return this.label;
        }

        public static AuthenticatorType fromLabel(String str) {
            for (AuthenticatorType authenticatorType : values()) {
                if (authenticatorType.label().equals(str)) {
                    return authenticatorType;
                }
            }
            return null;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/idp-authn-api-4.3.1.jar:net/shibboleth/idp/authn/config/LDAPAuthenticationFactoryBean$ConnectionStrategyType.class */
    public enum ConnectionStrategyType {
        ACTIVE_PASSIVE("ACTIVE_PASSIVE"),
        ROUND_ROBIN("ROUND_ROBIN"),
        RANDOM("RANDOM");

        private final String label;

        ConnectionStrategyType(String str) {
            this.label = str;
        }

        public String label() {
            return this.label;
        }

        public static ConnectionStrategyType fromLabel(String str) {
            for (ConnectionStrategyType connectionStrategyType : values()) {
                if (connectionStrategyType.label().equals(str)) {
                    return connectionStrategyType;
                }
            }
            return null;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/idp-authn-api-4.3.1.jar:net/shibboleth/idp/authn/config/LDAPAuthenticationFactoryBean$PassivatorType.class */
    public enum PassivatorType {
        NONE("none"),
        BIND("bind"),
        ANONYMOUS_BIND("anonymousBind");

        private final String label;

        PassivatorType(String str) {
            this.label = str;
        }

        public String label() {
            return this.label;
        }

        public static PassivatorType fromLabel(String str) {
            for (PassivatorType passivatorType : values()) {
                if (passivatorType.label().equals(str)) {
                    return passivatorType;
                }
            }
            return null;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/idp-authn-api-4.3.1.jar:net/shibboleth/idp/authn/config/LDAPAuthenticationFactoryBean$TrustType.class */
    public enum TrustType {
        JVM("jvmTrust"),
        CERTIFICATE("certificateTrust"),
        KEYSTORE("keyStoreTrust"),
        DISABLED("disabled");

        private final String label;

        TrustType(String str) {
            this.label = str;
        }

        public String label() {
            return this.label;
        }

        public static TrustType fromLabel(String str) {
            for (TrustType trustType : values()) {
                if (trustType.label().equals(str)) {
                    return trustType;
                }
            }
            return null;
        }
    }

    public void setAuthenticatorType(@NotEmpty @Nonnull String str) {
        this.authenticatorType = AuthenticatorType.fromLabel(str);
        if (this.authenticatorType == null) {
            throw new IllegalArgumentException("authenticatorType property did not have a valid value");
        }
    }

    public void setTrustType(@NotEmpty @Nonnull String str) {
        this.trustType = TrustType.fromLabel(str);
        if (this.trustType == null) {
            throw new IllegalArgumentException("trustType property did not have a valid value");
        }
    }

    public void setConnectionStrategyType(@NotEmpty @Nonnull String str) {
        this.connectionStrategyType = ConnectionStrategyType.fromLabel(str);
        if (this.connectionStrategyType == null) {
            throw new IllegalArgumentException("connectionStrategyType property did not have a valid value");
        }
    }

    public void setLdapUrl(@NotEmpty @Nullable String str) {
        this.ldapUrl = str;
    }

    public void setUseStartTLS(boolean z) {
        this.useStartTLS = z;
    }

    public void setUseSSL(boolean z) {
        this.useSSL = z;
    }

    public void setDisableHostnameVerification(boolean z) {
        this.disableHostnameVerification = z;
    }

    public void setConnectTimeout(@Nullable Duration duration) {
        this.connectTimeout = duration;
    }

    public void setResponseTimeout(@Nullable Duration duration) {
        this.responseTimeout = duration;
    }

    public void setTrustCertificatesCredentialConfig(CredentialConfig credentialConfig) {
        this.trustCertificatesCredentialConfig = credentialConfig;
    }

    public void setTruststoreCredentialConfig(CredentialConfig credentialConfig) {
        this.truststoreCredentialConfig = credentialConfig;
    }

    public void setDisablePooling(boolean z) {
        this.disablePooling = z;
    }

    public void setBlockWaitTime(@Nullable Duration duration) {
        this.blockWaitTime = duration;
    }

    public void setMinPoolSize(int i) {
        this.minPoolSize = i;
    }

    public void setMaxPoolSize(int i) {
        this.maxPoolSize = i;
    }

    public void setValidateOnCheckout(boolean z) {
        this.validateOnCheckout = z;
    }

    public void setValidatePeriodically(boolean z) {
        this.validatePeriodically = z;
    }

    public void setValidatePeriod(@Nullable Duration duration) {
        this.validatePeriod = duration;
    }

    public void setValidateDn(String str) {
        this.validateDn = str;
    }

    public void setValidateFilter(String str) {
        this.validateFilter = str;
    }

    public void setBindPoolPassivatorType(@NotEmpty @Nonnull String str) {
        this.bindPoolPassivatorType = PassivatorType.fromLabel(str);
        if (this.bindPoolPassivatorType == null) {
            throw new IllegalArgumentException("bindPoolPassivatorType property did not have a valid value");
        }
    }

    public void setPrunePeriod(@Nullable Duration duration) {
        this.prunePeriod = duration;
    }

    public void setIdleTime(@Nullable Duration duration) {
        this.idleTime = duration;
    }

    public void setDnFormat(String str) {
        this.dnFormat = str;
    }

    public void setBaseDn(String str) {
        this.baseDn = str;
    }

    public void setUserFilter(String str) {
        this.userFilter = str;
    }

    public void setSubtreeSearch(boolean z) {
        this.subtreeSearch = z;
    }

    public void setResolveEntryOnFailure(boolean z) {
        this.resolveEntryOnFailure = z;
    }

    public void setResolveEntryWithBindDn(boolean z) {
        this.resolveEntryWithBindDn = z;
    }

    public void setVelocityEngine(VelocityEngine velocityEngine) {
        this.velocityEngine = velocityEngine;
    }

    public void setBindDn(String str) {
        this.bindDn = str;
    }

    public void setBindDnCredential(String str) {
        this.bindDnCredential = str;
    }

    public void setUsePasswordPolicy(boolean z) {
        this.usePasswordPolicy = z;
    }

    public void setUsePasswordExpiration(boolean z) {
        this.usePasswordExpiration = z;
    }

    public void setActiveDirectory(boolean z) {
        this.isActiveDirectory = z;
    }

    public void setFreeIPA(boolean z) {
        this.isFreeIPA = z;
    }

    public void setEDirectory(boolean z) {
        this.isEDirectory = z;
    }

    public void setAccountStateExpirationPeriod(@Nullable Period period) {
        this.accountStateExpirationPeriod = period;
    }

    public void setAccountStateWarningPeriod(@Nullable Period period) {
        this.accountStateWarningPeriod = period;
    }

    public void setAccountStateLoginFailures(int i) {
        this.accountStateLoginFailures = i;
    }

    protected SslConfig createSslConfig() {
        SslConfig sslConfig = new SslConfig();
        switch (this.trustType) {
            case CERTIFICATE:
                sslConfig.setCredentialConfig(this.trustCertificatesCredentialConfig);
                break;
            case KEYSTORE:
                sslConfig.setCredentialConfig(this.truststoreCredentialConfig);
                break;
            case DISABLED:
                sslConfig.setCredentialConfig(() -> {
                    throw new GeneralSecurityException("SSL/startTLS is disabled");
                });
                break;
        }
        if (this.disableHostnameVerification) {
            this.log.warn("LDAP Authenticator configured to bypass TLS hostname checking!");
            sslConfig.setHostnameVerifier(new AllowAnyHostnameVerifier());
        }
        return sslConfig;
    }

    protected ConnectionConfig createConnectionConfig() {
        return createConnectionConfig(null);
    }

    protected ConnectionConfig createConnectionConfig(@Nullable ConnectionInitializer connectionInitializer) {
        ConnectionConfig connectionConfig = new ConnectionConfig();
        connectionConfig.setLdapUrl(this.ldapUrl);
        connectionConfig.setUseStartTLS(this.useStartTLS);
        connectionConfig.setConnectTimeout(this.connectTimeout);
        connectionConfig.setResponseTimeout(this.responseTimeout);
        switch (this.connectionStrategyType) {
            case ROUND_ROBIN:
                connectionConfig.setConnectionStrategy(new RoundRobinConnectionStrategy());
                break;
            case RANDOM:
                connectionConfig.setConnectionStrategy(new RandomConnectionStrategy());
                break;
            case ACTIVE_PASSIVE:
            default:
                connectionConfig.setConnectionStrategy(new ActivePassiveConnectionStrategy());
                break;
        }
        connectionConfig.setSslConfig(createSslConfig());
        if (connectionInitializer != null) {
            connectionConfig.setConnectionInitializer(connectionInitializer);
        }
        return connectionConfig;
    }

    protected BlockingConnectionPool createConnectionPool(String str, ConnectionConfig connectionConfig) {
        return createConnectionPool(str, connectionConfig, new SearchValidator());
    }

    protected BlockingConnectionPool createConnectionPool(String str, ConnectionConfig connectionConfig, SearchValidator searchValidator) {
        return createConnectionPool(str, connectionConfig, searchValidator, null);
    }

    protected BlockingConnectionPool createConnectionPool(String str, ConnectionConfig connectionConfig, SearchValidator searchValidator, Passivator passivator) {
        PoolConfig poolConfig = new PoolConfig();
        poolConfig.setMinPoolSize(this.minPoolSize);
        poolConfig.setMaxPoolSize(this.maxPoolSize);
        poolConfig.setValidateOnCheckOut(this.validateOnCheckout);
        poolConfig.setValidatePeriodically(this.validatePeriodically);
        poolConfig.setValidatePeriod(this.validatePeriod);
        BlockingConnectionPool blockingConnectionPool = new BlockingConnectionPool();
        blockingConnectionPool.setName(str);
        blockingConnectionPool.setBlockWaitTime(this.blockWaitTime);
        blockingConnectionPool.setPoolConfig(poolConfig);
        blockingConnectionPool.setPruneStrategy(new IdlePruneStrategy(this.prunePeriod, this.idleTime));
        blockingConnectionPool.setValidator(searchValidator);
        blockingConnectionPool.setPassivator(passivator);
        blockingConnectionPool.setFailFastInitialize(false);
        blockingConnectionPool.setConnectionFactory(new DefaultConnectionFactory(connectionConfig));
        blockingConnectionPool.initialize();
        return blockingConnectionPool;
    }

    protected SearchValidator createSearchValidator(String str, String str2) {
        SearchRequest searchRequest = new SearchRequest();
        searchRequest.setReturnAttributes(com.unboundid.ldap.sdk.SearchRequest.NO_ATTRIBUTES);
        searchRequest.setSearchScope(SearchScope.OBJECT);
        searchRequest.setSizeLimit(1L);
        if (str != null) {
            searchRequest.setBaseDn(str);
        } else {
            searchRequest.setBaseDn("");
        }
        SearchFilter searchFilter = new SearchFilter();
        if (str2 != null) {
            searchFilter.setFilter(str2);
        } else {
            searchFilter.setFilter("(objectClass=*)");
        }
        searchRequest.setSearchFilter(searchFilter);
        return new SearchValidator(searchRequest);
    }

    protected Passivator createPoolPassivator(PassivatorType passivatorType) {
        switch (passivatorType) {
            case BIND:
                return new BindPassivator(new BindRequest(this.bindDn, new Credential(this.bindDnCredential)));
            case ANONYMOUS_BIND:
                return new BindPassivator();
            case NONE:
            default:
                return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.springframework.beans.factory.config.AbstractFactoryBean
    /* renamed from: createInstance */
    public Authenticator createInstance2() throws Exception {
        if (this.useSSL) {
            DeprecationSupport.warn(DeprecationSupport.ObjectType.PROPERTY, "useSSL", "LDAP authentication", "use of ldaps:// scheme in connection URL");
            for (String str : new LdapURL(this.ldapUrl).getHostnamesWithSchemeAndPort()) {
                if (!str.startsWith("ldaps://")) {
                    throw new IllegalArgumentException("useSSL property specified but URL scheme is not ldaps:// for " + str);
                }
            }
        }
        Authenticator authenticator = new Authenticator();
        if (this.disablePooling) {
            authenticator.setAuthenticationHandler(new BindAuthenticationHandler(new DefaultConnectionFactory(createConnectionConfig())));
        } else {
            authenticator.setAuthenticationHandler(new PooledBindAuthenticationHandler(new PooledConnectionFactory(createConnectionPool("bind-pool", createConnectionConfig(), createSearchValidator(this.validateDn, this.validateFilter), createPoolPassivator(this.bindPoolPassivatorType)))));
        }
        switch (this.authenticatorType) {
            case BIND_SEARCH:
                if (this.disablePooling) {
                    TemplateSearchDnResolver templateSearchDnResolver = new TemplateSearchDnResolver(this.velocityEngine, this.userFilter);
                    templateSearchDnResolver.setBaseDn(this.baseDn);
                    templateSearchDnResolver.setSubtreeSearch(this.subtreeSearch);
                    templateSearchDnResolver.setConnectionFactory(new DefaultConnectionFactory(createConnectionConfig(new BindConnectionInitializer(this.bindDn, new Credential(this.bindDnCredential)))));
                    authenticator.setDnResolver(templateSearchDnResolver);
                } else {
                    PooledTemplateSearchDnResolver pooledTemplateSearchDnResolver = new PooledTemplateSearchDnResolver(this.velocityEngine, this.userFilter);
                    pooledTemplateSearchDnResolver.setBaseDn(this.baseDn);
                    pooledTemplateSearchDnResolver.setSubtreeSearch(this.subtreeSearch);
                    pooledTemplateSearchDnResolver.setConnectionFactory(new PooledConnectionFactory(createConnectionPool("dn-search-pool", createConnectionConfig(new BindConnectionInitializer(this.bindDn, new Credential(this.bindDnCredential))), createSearchValidator(this.validateDn, this.validateFilter))));
                    authenticator.setDnResolver(pooledTemplateSearchDnResolver);
                }
                authenticator.setResolveEntryOnFailure(this.resolveEntryOnFailure);
                break;
            case DIRECT:
                authenticator.setDnResolver(new FormatDnResolver(this.dnFormat));
                authenticator.setResolveEntryOnFailure(this.resolveEntryOnFailure);
                break;
            case AD:
                authenticator.setDnResolver(new FormatDnResolver(this.dnFormat));
                authenticator.setResolveEntryOnFailure(this.resolveEntryOnFailure);
                authenticator.setAuthenticationResponseHandlers(new ActiveDirectoryAuthenticationResponseHandler());
                break;
            case ANON_SEARCH:
                if (this.disablePooling) {
                    TemplateSearchDnResolver templateSearchDnResolver2 = new TemplateSearchDnResolver(this.velocityEngine, this.userFilter);
                    templateSearchDnResolver2.setBaseDn(this.baseDn);
                    templateSearchDnResolver2.setSubtreeSearch(this.subtreeSearch);
                    templateSearchDnResolver2.setConnectionFactory(new DefaultConnectionFactory(createConnectionConfig()));
                    authenticator.setDnResolver(templateSearchDnResolver2);
                } else {
                    PooledTemplateSearchDnResolver pooledTemplateSearchDnResolver2 = new PooledTemplateSearchDnResolver(this.velocityEngine, this.userFilter);
                    pooledTemplateSearchDnResolver2.setBaseDn(this.baseDn);
                    pooledTemplateSearchDnResolver2.setSubtreeSearch(this.subtreeSearch);
                    pooledTemplateSearchDnResolver2.setConnectionFactory(new PooledConnectionFactory(createConnectionPool("dn-search-pool", createConnectionConfig(), createSearchValidator(this.validateDn, this.validateFilter))));
                    authenticator.setDnResolver(pooledTemplateSearchDnResolver2);
                }
                authenticator.setResolveEntryOnFailure(this.resolveEntryOnFailure);
                break;
        }
        if (this.resolveEntryWithBindDn) {
            if (this.disablePooling) {
                SearchEntryResolver searchEntryResolver = new SearchEntryResolver();
                searchEntryResolver.setConnectionFactory(new DefaultConnectionFactory(createConnectionConfig(new BindConnectionInitializer(this.bindDn, new Credential(this.bindDnCredential)))));
                authenticator.setEntryResolver(searchEntryResolver);
            } else {
                PooledSearchEntryResolver pooledSearchEntryResolver = new PooledSearchEntryResolver();
                pooledSearchEntryResolver.setConnectionFactory(new PooledConnectionFactory(createConnectionPool("entry-search-pool", createConnectionConfig(new BindConnectionInitializer(this.bindDn, new Credential(this.bindDnCredential))), createSearchValidator(this.validateDn, this.validateFilter))));
                authenticator.setEntryResolver(pooledSearchEntryResolver);
            }
        }
        if (this.usePasswordPolicy) {
            authenticator.setAuthenticationRequestHandlers(new PasswordPolicyAuthenticationRequestHandler());
            authenticator.setAuthenticationResponseHandlers(new PasswordPolicyAuthenticationResponseHandler());
        } else if (this.usePasswordExpiration) {
            authenticator.setAuthenticationResponseHandlers(new PasswordExpirationAuthenticationResponseHandler());
        } else if (this.isActiveDirectory) {
            authenticator.setAuthenticationResponseHandlers(new ActiveDirectoryAuthenticationResponseHandler(this.accountStateExpirationPeriod, this.accountStateWarningPeriod));
        } else if (this.isEDirectory) {
            authenticator.setAuthenticationResponseHandlers(new EDirectoryAuthenticationResponseHandler(this.accountStateWarningPeriod));
        } else if (this.isFreeIPA) {
            authenticator.setAuthenticationResponseHandlers(new FreeIPAAuthenticationResponseHandler(this.accountStateExpirationPeriod, this.accountStateWarningPeriod, this.accountStateLoginFailures));
        }
        this.log.debug("Created {} from {}", authenticator, this);
        return authenticator;
    }

    public String toString() {
        return MoreObjects.toStringHelper(this).add("authenticatorType", this.authenticatorType).add("trustType", this.trustType).add("connectionStrategyType", this.connectionStrategyType).add("ldapUrl", this.ldapUrl).add("useStartTLS", this.useStartTLS).add("useSSL", this.useSSL).add("disableHostnameVerification", this.disableHostnameVerification).add("connectTimeout", this.connectTimeout).add("responseTimeout", this.responseTimeout).add("trustCertificatesCredentialConfig", this.trustCertificatesCredentialConfig).add("truststoreCredentialConfig", this.truststoreCredentialConfig).add("disablePooling", this.disablePooling).add("blockWaitTime", this.blockWaitTime).add("minPoolSize", this.minPoolSize).add("maxPoolSize", this.maxPoolSize).add("validateOnCheckout", this.validateOnCheckout).add("validatePeriodically", this.validatePeriodically).add("validatePeriod", this.validatePeriod).add("validateDn", this.validateDn).add("validateFilter", this.validateFilter).add("bindPoolPassivatorType", this.bindPoolPassivatorType).add("prunePeriod", this.prunePeriod).add("idleTime", this.idleTime).add("dnFormat", this.dnFormat).add("baseDn", this.baseDn).add("userFilter", this.userFilter).add("subtreeSearch", this.subtreeSearch).add("resolveEntryOnFailure", this.resolveEntryOnFailure).add("resolveEntryWithBindDn", this.resolveEntryWithBindDn).add("velocityEngine", this.velocityEngine).add("bindDn", this.bindDn).add("bindDnCredential", this.bindDnCredential != null ? "suppressed" : null).add("usePasswordPolicy", this.usePasswordPolicy).add("usePasswordExpiration", this.usePasswordExpiration).add("isActiveDirectory", this.isActiveDirectory).add("isFreeIPA", this.isFreeIPA).add("isEDirectory", this.isEDirectory).add("accountStateExpirationPeriod", this.accountStateExpirationPeriod).add("accountStateWarningPeriod", this.accountStateWarningPeriod).add("accountStateLoginFailures", this.accountStateLoginFailures).toString();
    }

    @Override // org.springframework.beans.factory.config.AbstractFactoryBean, org.springframework.beans.factory.FactoryBean
    public Class<?> getObjectType() {
        return Authenticator.class;
    }
}
