package org.apereo.cas.authorization;

import java.util.List;
import lombok.Generated;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LdapUtils;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.Response;
import org.ldaptive.SearchExecutor;
import org.ldaptive.SearchResult;
import org.pac4j.core.profile.CommonProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-ldap-core-5.3.4.jar:org/apereo/cas/authorization/LdapUserGroupsToRolesAuthorizationGenerator.class */
public class LdapUserGroupsToRolesAuthorizationGenerator extends BaseUseAttributesAuthorizationGenerator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) LdapUserGroupsToRolesAuthorizationGenerator.class);
    private final String groupAttributeName;
    private final String groupPrefix;
    private final SearchExecutor groupSearchExecutor;

    public LdapUserGroupsToRolesAuthorizationGenerator(ConnectionFactory connectionFactory, SearchExecutor searchExecutor, boolean z, String str, String str2, SearchExecutor searchExecutor2) {
        super(connectionFactory, searchExecutor, z);
        this.groupAttributeName = str;
        this.groupPrefix = str2;
        this.groupSearchExecutor = searchExecutor2;
    }

    @Override // org.apereo.cas.authorization.BaseUseAttributesAuthorizationGenerator
    protected CommonProfile generateAuthorizationForLdapEntry(CommonProfile commonProfile, LdapEntry ldapEntry) {
        try {
            LOGGER.debug("Attempting to get roles for user [{}].", ldapEntry.getDn());
            Response<SearchResult> search = this.groupSearchExecutor.search(this.connectionFactory, LdapUtils.newLdaptiveSearchFilter(this.groupSearchExecutor.getSearchFilter().getFilter(), "user", (List<String>) CollectionUtils.wrap(ldapEntry.getDn())));
            LOGGER.debug("LDAP role search response: [{}]", search);
            for (LdapEntry ldapEntry2 : search.getResult().getEntries()) {
                LdapAttribute attribute = ldapEntry2.getAttribute(this.groupAttributeName);
                if (attribute == null) {
                    LOGGER.warn("Role attribute not found on entry [{}]", ldapEntry2);
                } else {
                    addProfileRolesFromAttributes(commonProfile, attribute, this.groupPrefix);
                }
            }
            return commonProfile;
        } catch (Exception e) {
            throw new IllegalArgumentException("LDAP error fetching roles for user.", e);
        }
    }
}
