package com.google.gerrit.server.auth.ldap;

import com.google.common.cache.LoadingCache;
import com.google.common.collect.Sets;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.common.data.GroupDescription;
import com.google.gerrit.common.data.GroupReference;
import com.google.gerrit.common.data.ParameterizedString;
import com.google.gerrit.reviewdb.client.AccountExternalId;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.GroupBackend;
import com.google.gerrit.server.account.GroupBackends;
import com.google.gerrit.server.account.GroupMembership;
import com.google.gerrit.server.auth.ldap.Helper;
import com.google.gerrit.server.auth.ldap.LdapQuery;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectControl;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.name.Named;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.ExecutionException;
import javax.naming.InvalidNameException;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.security.auth.login.LoginException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/google/gerrit/server/auth/ldap/LdapGroupBackend.class */
public class LdapGroupBackend implements GroupBackend {
    static final Logger log = LoggerFactory.getLogger(LdapGroupBackend.class);
    private static final String LDAP_NAME = "ldap/";
    private static final String GROUPNAME = "groupname";
    private final Helper helper;
    private final LoadingCache<String, Set<AccountGroup.UUID>> membershipCache;
    private final LoadingCache<String, Boolean> existsCache;
    private final ProjectCache projectCache;
    private final Provider<CurrentUser> userProvider;

    @Inject
    LdapGroupBackend(Helper helper, @Named("ldap_groups") LoadingCache<String, Set<AccountGroup.UUID>> loadingCache, @Named("ldap_group_existence") LoadingCache<String, Boolean> loadingCache2, ProjectCache projectCache, Provider<CurrentUser> provider) {
        this.helper = helper;
        this.membershipCache = loadingCache;
        this.projectCache = projectCache;
        this.existsCache = loadingCache2;
        this.userProvider = provider;
    }

    private boolean isLdapUUID(AccountGroup.UUID uuid) {
        return uuid.get().startsWith("ldap:");
    }

    private static GroupReference groupReference(ParameterizedString parameterizedString, LdapQuery.Result result) throws NamingException {
        return new GroupReference(new AccountGroup.UUID("ldap:" + result.getDN()), LDAP_NAME + LdapRealm.apply(parameterizedString, result));
    }

    private static String cnFor(String str) {
        try {
            LdapName ldapName = new LdapName(str);
            if (!ldapName.isEmpty()) {
                String str2 = ldapName.get(ldapName.size() - 1);
                int indexOf = str2.indexOf(61);
                if (indexOf >= 0) {
                    str2 = str2.substring(indexOf + 1);
                }
                return str2;
            }
        } catch (InvalidNameException e) {
            log.warn("Cannot parse LDAP dn for cn", e);
        }
        return str;
    }

    @Override // com.google.gerrit.server.account.GroupBackend
    public boolean handles(AccountGroup.UUID uuid) {
        return isLdapUUID(uuid);
    }

    @Override // com.google.gerrit.server.account.GroupBackend
    public GroupDescription.Basic get(final AccountGroup.UUID uuid) {
        if (!handles(uuid)) {
            return null;
        }
        String substring = uuid.get().substring("ldap:".length());
        CurrentUser currentUser = this.userProvider.get();
        if (!currentUser.isIdentifiedUser() || !membershipsOf((IdentifiedUser) currentUser).contains(uuid)) {
            try {
                if (!this.existsCache.get(substring).booleanValue()) {
                    return null;
                }
            } catch (ExecutionException e) {
                log.warn(String.format("Cannot lookup group %s in LDAP", substring), (Throwable) e);
                return null;
            }
        }
        final String str = LDAP_NAME + cnFor(substring);
        return new GroupDescription.Basic() { // from class: com.google.gerrit.server.auth.ldap.LdapGroupBackend.1
            @Override // com.google.gerrit.common.data.GroupDescription.Basic
            public AccountGroup.UUID getGroupUUID() {
                return uuid;
            }

            @Override // com.google.gerrit.common.data.GroupDescription.Basic
            public String getName() {
                return str;
            }

            @Override // com.google.gerrit.common.data.GroupDescription.Basic
            @Nullable
            public String getEmailAddress() {
                return null;
            }

            @Override // com.google.gerrit.common.data.GroupDescription.Basic
            @Nullable
            public String getUrl() {
                return null;
            }
        };
    }

    @Override // com.google.gerrit.server.account.GroupBackend
    public Collection<GroupReference> suggest(String str, ProjectControl projectControl) {
        AccountGroup.UUID uuid = new AccountGroup.UUID(str);
        if (!isLdapUUID(uuid)) {
            return str.startsWith(LDAP_NAME) ? suggestLdap(str.substring(LDAP_NAME.length())) : Collections.emptySet();
        }
        GroupDescription.Basic basic = get(uuid);
        return basic == null ? Collections.emptySet() : Collections.singleton(GroupReference.forGroup(basic));
    }

    @Override // com.google.gerrit.server.account.GroupBackend
    public GroupMembership membershipsOf(IdentifiedUser identifiedUser) {
        String findId = findId(identifiedUser.state().getExternalIds());
        return findId == null ? GroupMembership.EMPTY : new LdapGroupMembership(this.membershipCache, this.projectCache, findId);
    }

    private static String findId(Collection<AccountExternalId> collection) {
        for (AccountExternalId accountExternalId : collection) {
            if (accountExternalId.isScheme(AccountExternalId.SCHEME_GERRIT)) {
                return accountExternalId.getSchemeRest();
            }
        }
        return null;
    }

    /* JADX WARN: Finally extract failed */
    private Set<GroupReference> suggestLdap(String str) {
        if (str.isEmpty()) {
            return Collections.emptySet();
        }
        TreeSet newTreeSet = Sets.newTreeSet(GroupBackends.GROUP_REF_NAME_COMPARATOR);
        try {
            DirContext open = this.helper.open();
            try {
                String str2 = Rdn.escapeValue(str) + (str.length() >= 3 ? "*" : "");
                Helper.LdapSchema schema = this.helper.getSchema(open);
                ParameterizedString asis = ParameterizedString.asis(schema.groupPattern.replace(GROUPNAME, str2).toString());
                HashSet hashSet = new HashSet(schema.groupName.getParameterNames());
                Map<String, String> emptyMap = Collections.emptyMap();
                Iterator<String> it = schema.groupBases.iterator();
                while (it.hasNext()) {
                    Iterator<LdapQuery.Result> it2 = new LdapQuery(it.next(), schema.groupScope, asis, hashSet).query(open, emptyMap).iterator();
                    while (it2.hasNext()) {
                        newTreeSet.add(groupReference(schema.groupName, it2.next()));
                    }
                }
                try {
                    open.close();
                } catch (NamingException e) {
                    log.warn("Cannot close LDAP query handle", e);
                }
            } catch (Throwable th) {
                try {
                    open.close();
                } catch (NamingException e2) {
                    log.warn("Cannot close LDAP query handle", e2);
                }
                throw th;
            }
        } catch (LoginException e3) {
            log.warn("Cannot query LDAP for groups matching requested name", (Throwable) e3);
        } catch (NamingException e4) {
            log.warn("Cannot query LDAP for groups matching requested name", e4);
        }
        return newTreeSet;
    }

    @Override // com.google.gerrit.server.account.GroupBackend
    public boolean isVisibleToAll(AccountGroup.UUID uuid) {
        return handles(uuid) && this.helper.groupsVisibleToAll();
    }
}
