package org.elasticsearch.xpack.security.authc.ldap;

import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPInterface;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.common.CheckedConsumer;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils;
import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:x-pack-api-5.4.3.jar:org/elasticsearch/xpack/security/authc/ldap/UserAttributeGroupsResolver.class */
public class UserAttributeGroupsResolver implements LdapSession.GroupsResolver {
    private static final Setting<String> ATTRIBUTE = new Setting<>("user_group_attribute", "memberOf", Function.identity(), Setting.Property.NodeScope);
    private final String attribute;
    private final boolean ignoreReferralErrors;

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserAttributeGroupsResolver(Settings settings) {
        this(ATTRIBUTE.get(settings), SessionFactory.IGNORE_REFERRAL_ERRORS_SETTING.get(settings).booleanValue());
    }

    private UserAttributeGroupsResolver(String str, boolean z) {
        this.attribute = (String) Objects.requireNonNull(str);
        this.ignoreReferralErrors = z;
    }

    @Override // org.elasticsearch.xpack.security.authc.ldap.support.LdapSession.GroupsResolver
    public void resolve(LDAPInterface lDAPInterface, String str, TimeValue timeValue, Logger logger, Collection<Attribute> collection, ActionListener<List<String>> actionListener) {
        if (collection != null) {
            actionListener.onResponse(Collections.unmodifiableList((List) collection.stream().filter(attribute -> {
                return attribute.getName().equals(this.attribute);
            }).flatMap(attribute2 -> {
                return Arrays.stream(attribute2.getValues());
            }).collect(Collectors.toList())));
            return;
        }
        SearchScope searchScope = SearchScope.BASE;
        Filter filter = LdapUtils.OBJECT_CLASS_PRESENCE_FILTER;
        int intExact = Math.toIntExact(timeValue.seconds());
        boolean z = this.ignoreReferralErrors;
        CheckedConsumer checkedConsumer = searchResultEntry -> {
            if (searchResultEntry == null || !searchResultEntry.hasAttribute(this.attribute)) {
                actionListener.onResponse(Collections.emptyList());
            } else {
                actionListener.onResponse(Collections.unmodifiableList(Arrays.asList(searchResultEntry.getAttributeValues(this.attribute))));
            }
        };
        actionListener.getClass();
        LdapUtils.searchForEntry(lDAPInterface, str, searchScope, filter, intExact, z, (ActionListener<SearchResultEntry>) ActionListener.wrap(checkedConsumer, actionListener::onFailure), this.attribute);
    }

    @Override // org.elasticsearch.xpack.security.authc.ldap.support.LdapSession.GroupsResolver
    public String[] attributes() {
        return new String[]{this.attribute};
    }

    public static Set<Setting<?>> getSettings() {
        return Collections.singleton(ATTRIBUTE);
    }
}
