package org.sonatype.security.ldap.dao;

import com.google.common.base.Preconditions;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import org.codehaus.plexus.util.StringUtils;
import org.sonatype.security.ldap.LdapEncoder;
import org.sonatype.sisu.goodies.common.ComponentSupport;

@Singleton
@Named
/* loaded from: input_file:org/sonatype/security/ldap/dao/DefaultLdapGroupDAO.class */
public class DefaultLdapGroupDAO extends ComponentSupport implements LdapGroupDAO {
    private final LdapUserDAO ldapUserManager;

    @Inject
    public DefaultLdapGroupDAO(LdapUserDAO ldapUserDAO) {
        this.ldapUserManager = (LdapUserDAO) Preconditions.checkNotNull(ldapUserDAO);
    }

    private static boolean isGroupsEnabled(LdapAuthConfiguration ldapAuthConfiguration) {
        return ldapAuthConfiguration.isLdapGroupsAsRoles();
    }

    @Override // org.sonatype.security.ldap.dao.LdapGroupDAO
    public Set<String> getGroupMembership(String str, LdapContext ldapContext, LdapAuthConfiguration ldapAuthConfiguration) throws LdapDAOException, NoLdapUserRolesFoundException {
        boolean z = !StringUtils.isEmpty(ldapAuthConfiguration.getUserMemberOfAttribute());
        boolean isGroupsEnabled = isGroupsEnabled(ldapAuthConfiguration);
        Set<String> hashSet = new HashSet();
        if (isGroupsEnabled) {
            if (z) {
                try {
                    hashSet = getGroupMembershipFromUser(str, ldapContext, ldapAuthConfiguration);
                } catch (NoSuchLdapUserException e) {
                    throw new NoLdapUserRolesFoundException(str);
                }
            } else {
                hashSet = getGroupMembershipFromGroups(str, ldapContext, ldapAuthConfiguration);
            }
            if ((hashSet == null) | hashSet.isEmpty()) {
                throw new NoLdapUserRolesFoundException(str);
            }
        } else if (z && !isGroupsEnabled) {
            throw new NoLdapUserRolesFoundException(str);
        }
        return hashSet;
    }

    @Override // org.sonatype.security.ldap.dao.LdapGroupDAO
    public Set<String> getAllGroups(LdapContext ldapContext, LdapAuthConfiguration ldapAuthConfiguration) throws LdapDAOException {
        Set<String> hashSet = new HashSet();
        if (isGroupsEnabled(ldapAuthConfiguration)) {
            try {
                if (StringUtils.isEmpty(ldapAuthConfiguration.getUserMemberOfAttribute())) {
                    String groupIdAttribute = ldapAuthConfiguration.getGroupIdAttribute();
                    String defaultString = StringUtils.defaultString(ldapAuthConfiguration.getGroupBaseDn(), "");
                    String str = "(objectClass=" + ldapAuthConfiguration.getGroupObjectClass() + ")";
                    this.log.debug("Searching for groups in group DN: " + defaultString + "\nUsing filter: '" + str + "'");
                    NamingEnumeration search = ldapContext.search(defaultString, str, getBaseSearchControls(new String[]{groupIdAttribute}, ldapAuthConfiguration.isGroupSubtree()));
                    try {
                        hashSet = getGroupIdsFromSearch(search, groupIdAttribute, ldapAuthConfiguration);
                        search.close();
                    } catch (Throwable th) {
                        search.close();
                        throw th;
                    }
                } else {
                    String userMemberOfAttribute = ldapAuthConfiguration.getUserMemberOfAttribute();
                    Iterator<String> it = getGroupIdsFromSearch(ldapContext.search(StringUtils.defaultString(ldapAuthConfiguration.getUserBaseDn(), ""), "(objectClass=" + ldapAuthConfiguration.getUserObjectClass() + ")", getBaseSearchControls(new String[]{userMemberOfAttribute}, true)), userMemberOfAttribute, ldapAuthConfiguration).iterator();
                    while (it.hasNext()) {
                        hashSet.add(getGroupFromString(it.next()));
                    }
                }
            } catch (NamingException e) {
                throw new LdapDAOException("Failed to get list of groups.", e);
            }
        }
        return hashSet;
    }

    private SearchControls getBaseSearchControls(String[] strArr, boolean z) {
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(strArr);
        searchControls.setSearchScope(z ? 2 : 1);
        return searchControls;
    }

    private Set<String> getGroupIdsFromSearch(NamingEnumeration namingEnumeration, String str, LdapAuthConfiguration ldapAuthConfiguration) throws NamingException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        Map<String, Set<String>> groupReverseMappings = ldapAuthConfiguration.getGroupReverseMappings();
        while (namingEnumeration.hasMoreElements()) {
            Attribute attribute = ((SearchResult) namingEnumeration.nextElement()).getAttributes().get(str);
            if (attribute != null) {
                NamingEnumeration all = attribute.getAll();
                while (all.hasMoreElements()) {
                    String valueOf = String.valueOf(all.nextElement());
                    Set<String> set = groupReverseMappings.get(valueOf);
                    if (set == null) {
                        linkedHashSet.add(valueOf);
                    } else {
                        linkedHashSet.addAll(set);
                    }
                }
            }
        }
        return linkedHashSet;
    }

    private Set<String> getGroupMembershipFromUser(String str, LdapContext ldapContext, LdapAuthConfiguration ldapAuthConfiguration) throws LdapDAOException, NoSuchLdapUserException {
        return Collections.unmodifiableSet(this.ldapUserManager.getUser(str, ldapContext, ldapAuthConfiguration).getMembership());
    }

    private Set<String> getGroupMembershipFromGroups(String str, LdapContext ldapContext, LdapAuthConfiguration ldapAuthConfiguration) throws LdapDAOException {
        String str2;
        String groupIdAttribute = ldapAuthConfiguration.getGroupIdAttribute();
        String groupMemberAttribute = ldapAuthConfiguration.getGroupMemberAttribute();
        String defaultString = StringUtils.defaultString(ldapAuthConfiguration.getGroupBaseDn(), "");
        String groupMemberFormat = ldapAuthConfiguration.getGroupMemberFormat();
        ArrayList arrayList = new ArrayList();
        arrayList.add(ldapAuthConfiguration.getGroupObjectClass());
        arrayList.add(groupIdAttribute);
        if (groupMemberFormat != null) {
            String replace = StringUtils.replace(groupMemberFormat, "${username}", "{2}");
            if (groupMemberFormat.contains("${username}")) {
                arrayList.add(LdapEncoder.nameEncode(str));
            }
            if (groupMemberFormat.contains("${dn}")) {
                try {
                    LdapUser user = this.ldapUserManager.getUser(str, ldapContext, ldapAuthConfiguration);
                    replace = StringUtils.replace(replace, "${dn}", "{" + arrayList.size() + "}");
                    arrayList.add(user.getDn());
                } catch (NoSuchLdapUserException e) {
                    throw new LdapDAOException("Failed to retrieve role information from ldap for user: " + str, e);
                }
            }
            str2 = "(&(objectClass={0})(&({1}=*)(" + groupMemberAttribute + "=" + replace + ")))";
        } else {
            arrayList.add(LdapEncoder.nameEncode(str));
            str2 = "(&(objectClass={0})(&({1}=*)(" + groupMemberAttribute + "={2})))";
        }
        this.log.debug("Searching for group membership of: " + str + " in group DN: " + defaultString + "\nUsing filter: '" + str2 + "'");
        try {
            NamingEnumeration search = ldapContext.search(defaultString, str2, arrayList.toArray(), getBaseSearchControls(new String[]{groupIdAttribute}, ldapAuthConfiguration.isGroupSubtree()));
            try {
                Set<String> groupIdsFromSearch = getGroupIdsFromSearch(search, groupIdAttribute, ldapAuthConfiguration);
                search.close();
                return groupIdsFromSearch;
            } catch (Throwable th) {
                search.close();
                throw th;
            }
        } catch (NamingException e2) {
            throw new LdapDAOException("Failed to retrieve role information from ldap for user: " + str, e2);
        }
    }

    private String getGroupFromString(String str) {
        String str2 = str;
        try {
            LdapName ldapName = new LdapName(str);
            str2 = String.valueOf(ldapName.getRdn(ldapName.size() - 1).getValue());
        } catch (InvalidNameException e) {
            this.log.debug("Expected a Group DN but found: " + str);
        }
        return str2;
    }

    @Override // org.sonatype.security.ldap.dao.LdapGroupDAO
    public String getGroupName(String str, LdapContext ldapContext, LdapAuthConfiguration ldapAuthConfiguration) throws LdapDAOException, NoSuchLdapGroupException {
        if (!isGroupsEnabled(ldapAuthConfiguration)) {
            throw new NoSuchLdapGroupException(str, str);
        }
        if (!StringUtils.isEmpty(ldapAuthConfiguration.getUserMemberOfAttribute())) {
            String userMemberOfAttribute = ldapAuthConfiguration.getUserMemberOfAttribute();
            try {
                Iterator<String> it = getGroupIdsFromSearch(ldapContext.search(StringUtils.defaultString(ldapAuthConfiguration.getUserBaseDn(), ""), "(objectClass=" + ldapAuthConfiguration.getUserObjectClass() + ")", getBaseSearchControls(new String[]{userMemberOfAttribute}, true)), userMemberOfAttribute, ldapAuthConfiguration).iterator();
                while (it.hasNext()) {
                    if (str.equals(getGroupFromString(it.next()))) {
                        return str;
                    }
                }
                throw new NoSuchLdapGroupException(str, str);
            } catch (NamingException e) {
                throw new LdapDAOException("Failed to find group: " + str, e);
            }
        }
        String groupIdAttribute = ldapAuthConfiguration.getGroupIdAttribute();
        try {
            NamingEnumeration search = ldapContext.search(StringUtils.defaultString(ldapAuthConfiguration.getGroupBaseDn(), ""), "(&(objectClass=" + ldapAuthConfiguration.getGroupObjectClass() + ") (" + groupIdAttribute + "=" + str + "))", getBaseSearchControls(new String[]{groupIdAttribute}, ldapAuthConfiguration.isGroupSubtree()));
            try {
                Set<String> groupIdsFromSearch = getGroupIdsFromSearch(search, groupIdAttribute, ldapAuthConfiguration);
                search.close();
                if (groupIdsFromSearch.size() <= 0) {
                    throw new NoSuchLdapGroupException(str, str);
                }
                if (groupIdsFromSearch.size() > 1) {
                    throw new NoSuchLdapGroupException(str, "More then one group found for group: " + str);
                }
                return groupIdsFromSearch.iterator().next();
            } catch (Throwable th) {
                search.close();
                throw th;
            }
        } catch (NamingException e2) {
            throw new LdapDAOException("Failed to find group: " + str, e2);
        }
    }
}
