package org.jsecurity.realm.activedirectory;

import java.util.Collection;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import org.jsecurity.authc.Account;
import org.jsecurity.authc.AuthenticationToken;
import org.jsecurity.authc.UsernamePasswordToken;
import org.jsecurity.authz.AuthorizingAccount;
import org.jsecurity.authz.Permission;
import org.jsecurity.authz.SimpleAuthorizingAccount;
import org.jsecurity.realm.ldap.AbstractLdapRealm;
import org.jsecurity.realm.ldap.LdapContextFactory;
import org.jsecurity.realm.ldap.LdapUtils;
import org.jsecurity.subject.PrincipalCollection;

/* loaded from: input_file:org/jsecurity/realm/activedirectory/ActiveDirectoryRealm.class */
public class ActiveDirectoryRealm extends AbstractLdapRealm {
    private static final String ROLE_NAMES_DELIMETER = ",";
    private Map<String, String> groupRolesMap;

    public void setGroupRolesMap(Map<String, String> map) {
        this.groupRolesMap = map;
    }

    @Override // org.jsecurity.realm.ldap.AbstractLdapRealm
    protected Account queryForLdapAccount(AuthenticationToken authenticationToken, LdapContextFactory ldapContextFactory) throws NamingException {
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
        LdapContext ldapContext = null;
        try {
            ldapContext = ldapContextFactory.getLdapContext(usernamePasswordToken.getUsername(), String.valueOf(usernamePasswordToken.getPassword()));
            LdapUtils.closeContext(ldapContext);
            return createAccount(usernamePasswordToken.getUsername(), usernamePasswordToken.getPassword());
        } catch (Throwable th) {
            LdapUtils.closeContext(ldapContext);
            throw th;
        }
    }

    protected Account createAccount(String str, char[] cArr) {
        return new SimpleAuthorizingAccount(str, cArr, getName());
    }

    @Override // org.jsecurity.realm.ldap.AbstractLdapRealm
    protected AuthorizingAccount queryForLdapAccount(PrincipalCollection principalCollection, LdapContextFactory ldapContextFactory) throws NamingException {
        String str = (String) principalCollection.fromRealm(getName()).iterator().next();
        LdapContext systemLdapContext = ldapContextFactory.getSystemLdapContext();
        try {
            Set<String> roleNamesForUser = getRoleNamesForUser(str, systemLdapContext);
            LdapUtils.closeContext(systemLdapContext);
            return new SimpleAuthorizingAccount(str, (Object) null, getName(), roleNamesForUser, (Set<Permission>) null);
        } catch (Throwable th) {
            LdapUtils.closeContext(systemLdapContext);
            throw th;
        }
    }

    private Set<String> getRoleNamesForUser(String str, LdapContext ldapContext) throws NamingException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search = ldapContext.search(this.searchBase, "(&(objectClass=*)(userPrincipalName=" + str + "))", searchControls);
        while (search.hasMoreElements()) {
            SearchResult searchResult = (SearchResult) search.next();
            if (this.log.isDebugEnabled()) {
                this.log.debug("Retrieving group names for user [" + searchResult.getName() + "]");
            }
            Attributes attributes = searchResult.getAttributes();
            if (attributes != null) {
                NamingEnumeration all = attributes.getAll();
                while (all.hasMore()) {
                    Attribute attribute = (Attribute) all.next();
                    if (attribute.getID().equals("memberOf")) {
                        Collection<String> allAttributeValues = LdapUtils.getAllAttributeValues(attribute);
                        if (this.log.isDebugEnabled()) {
                            this.log.debug("Groups found for user [" + str + "]: " + allAttributeValues);
                        }
                        linkedHashSet.addAll(getRoleNamesForGroups(allAttributeValues));
                    }
                }
            }
        }
        return linkedHashSet;
    }

    protected Collection<String> getRoleNamesForGroups(Collection<String> collection) {
        HashSet hashSet = new HashSet(collection.size());
        if (this.groupRolesMap != null) {
            for (String str : collection) {
                String str2 = this.groupRolesMap.get(str);
                if (str2 != null) {
                    for (String str3 : str2.split(ROLE_NAMES_DELIMETER)) {
                        if (this.log.isDebugEnabled()) {
                            this.log.debug("User is member of group [" + str + "] so adding role [" + str3 + "]");
                        }
                        hashSet.add(str3);
                    }
                }
            }
        }
        return hashSet;
    }
}
