package org.cloudfoundry.identity.uaa.authorization;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.provider.ldap.extension.LdapAuthority;
import org.cloudfoundry.identity.uaa.scim.ScimGroupExternalMember;
import org.cloudfoundry.identity.uaa.scim.ScimGroupExternalMembershipManager;
import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.20.0.jar:org/cloudfoundry/identity/uaa/authorization/LdapGroupMappingAuthorizationManager.class */
public class LdapGroupMappingAuthorizationManager implements ExternalGroupMappingAuthorizationManager {
    private ScimGroupExternalMembershipManager extMbrMgr;
    private ScimGroupProvisioning scimGroupProvisioning;
    private static final Log logger = LogFactory.getLog(LdapGroupMappingAuthorizationManager.class);

    @Override // org.cloudfoundry.identity.uaa.authorization.ExternalGroupMappingAuthorizationManager
    public Set<? extends GrantedAuthority> findScopesFromAuthorities(Set<? extends GrantedAuthority> set) {
        HashSet hashSet = new HashSet();
        for (GrantedAuthority grantedAuthority : set) {
            if (grantedAuthority instanceof LdapAuthority) {
                LdapAuthority ldapAuthority = (LdapAuthority) grantedAuthority;
                Iterator<ScimGroupExternalMember> it = this.extMbrMgr.getExternalGroupMapsByExternalGroup(ldapAuthority.getDn(), "ldap", IdentityZoneHolder.get().getId()).iterator();
                while (it.hasNext()) {
                    SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(it.next().getDisplayName());
                    hashSet.add(simpleGrantedAuthority);
                    if (logger.isDebugEnabled()) {
                        logger.debug("Ldap Group Mapped[dn=" + ldapAuthority.getDn() + " scope:" + simpleGrantedAuthority.getAuthority());
                    }
                }
            } else {
                hashSet.add(grantedAuthority);
            }
        }
        return hashSet;
    }

    public void setExternalMembershipManager(ScimGroupExternalMembershipManager scimGroupExternalMembershipManager) {
        this.extMbrMgr = scimGroupExternalMembershipManager;
    }

    public void setScimGroupProvisioning(ScimGroupProvisioning scimGroupProvisioning) {
        this.scimGroupProvisioning = scimGroupProvisioning;
    }
}
