package it.geosolutions.geostore.services.rest.security;

import it.geosolutions.geostore.core.security.GrantedAuthoritiesMapper;
import java.text.MessageFormat;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.naming.directory.SearchControls;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.support.AbstractContextMapper;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.ldap.SpringSecurityLdapTemplate;
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
import org.springframework.util.Assert;

/* loaded from: input_file:it/geosolutions/geostore/services/rest/security/GeoStoreLdapAuthoritiesPopulator.class */
public class GeoStoreLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopulator implements GroupsRolesService {
    private static final Log logger = LogFactory.getLog(GeoStoreLdapAuthoritiesPopulator.class);
    private final SpringSecurityLdapTemplate ldapTemplate;
    private final SearchControls searchControls;
    private String groupRoleAttribute;
    private String groupSearchBase;
    private String roleSearchBase;
    private String groupSearchFilter;
    private String roleSearchFilter;
    private String allGroupsSearchFilter;
    private String allRolesSearchFilter;
    private String rolePrefix;
    private boolean searchSubtree;
    private boolean enableHierarchicalGroups;
    private String groupInGroupSearchFilter;
    private int maxLevelGroupsSearch;
    private boolean convertToUpperCase;
    private GrantedAuthoritiesMapper authoritiesMapper;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:it/geosolutions/geostore/services/rest/security/GeoStoreLdapAuthoritiesPopulator$Authority.class */
    public static class Authority {
        private String name;
        private String dn;

        public String getName() {
            return this.name;
        }

        public String getDn() {
            return this.dn;
        }

        public Authority(String str, String str2) {
            this.name = str;
            this.dn = str2;
        }
    }

    public GeoStoreLdapAuthoritiesPopulator(ContextSource contextSource, String str, String str2) {
        super(contextSource, str);
        this.searchControls = new SearchControls();
        this.groupRoleAttribute = "cn";
        this.groupSearchFilter = "(member={0})";
        this.roleSearchFilter = "(member={0})";
        this.allGroupsSearchFilter = "(objectClass=group)";
        this.allRolesSearchFilter = "(objectClass=group)";
        this.rolePrefix = "ROLE_";
        this.searchSubtree = false;
        this.enableHierarchicalGroups = false;
        this.groupInGroupSearchFilter = "(member={0})";
        this.maxLevelGroupsSearch = Integer.MAX_VALUE;
        this.convertToUpperCase = true;
        this.authoritiesMapper = null;
        Assert.notNull(contextSource, "contextSource must not be null");
        this.ldapTemplate = new SpringSecurityLdapTemplate(contextSource);
        this.ldapTemplate.setSearchControls(this.searchControls);
        this.groupSearchBase = str;
        if (str == null) {
            logger.info("groupSearchBase is null. No group search will be performed.");
        } else if (str.length() == 0) {
            logger.info("groupSearchBase is empty. Searches will be performed from the context source base");
        }
        this.roleSearchBase = str2;
        if (str2 == null) {
            logger.info("roleSearchBase is null. No group search will be performed.");
        } else if (str2.length() == 0) {
            logger.info("roleSearchBase is empty. Searches will be performed from the context source base");
        }
    }

    public void setAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
        this.authoritiesMapper = grantedAuthoritiesMapper;
    }

    public Set<GrantedAuthority> getGroupMembershipRoles(String str, String str2) {
        return getGroupsOrRoles(str, str2, true, true);
    }

    private Set<GrantedAuthority> getGroupsOrRoles(String str, String str2, boolean z, boolean z2) {
        if (this.roleSearchBase == null && this.groupSearchBase == null) {
            return new HashSet();
        }
        HashSet hashSet = new HashSet();
        String[] strArr = str2 == null ? new String[0] : new String[]{str, str2};
        if (z2) {
            if (logger.isDebugEnabled()) {
                logger.debug("Searching for roles for user '" + str2 + "', DN = '" + str + "', with filter " + this.roleSearchFilter + " in search base '" + this.roleSearchBase + "'");
            }
            String[] split = this.roleSearchBase.split(";");
            String str3 = str2 == null ? this.allRolesSearchFilter : this.roleSearchFilter;
            for (String str4 : split) {
                addAuthorities(strArr, hashSet, str4, str3, this.rolePrefix, false);
            }
        }
        if (z) {
            if (logger.isDebugEnabled()) {
                logger.debug("Searching for groups for user '" + str2 + "', DN = '" + str + "', with filter " + this.groupSearchFilter + " in search base '" + this.groupSearchBase + "'");
            }
            String[] split2 = this.groupSearchBase.split(";");
            String str5 = str2 == null ? this.allGroupsSearchFilter : this.groupSearchFilter;
            for (String str6 : split2) {
                addAuthorities(strArr, hashSet, str6, str5, null, this.enableHierarchicalGroups);
            }
        }
        return this.authoritiesMapper != null ? new HashSet(this.authoritiesMapper.mapAuthorities(hashSet)) : hashSet;
    }

    @Override // it.geosolutions.geostore.services.rest.security.GroupsRolesService
    public Set<GrantedAuthority> getAllGroups() {
        return getGroupsOrRoles(null, null, true, false);
    }

    @Override // it.geosolutions.geostore.services.rest.security.GroupsRolesService
    public Set<GrantedAuthority> getAllRoles() {
        return getGroupsOrRoles(null, null, false, true);
    }

    private void addAuthorities(String[] strArr, Set<GrantedAuthority> set, String str, String str2, String str3, boolean z) {
        addAuthorities(strArr, set, str, str2, str3, z, 0);
    }

    private void addAuthorities(String[] strArr, Set<GrantedAuthority> set, String str, String str2, String str3, boolean z, int i) {
        List<Authority> search = this.ldapTemplate.search(str, MessageFormat.format(str2, strArr), new AbstractContextMapper() { // from class: it.geosolutions.geostore.services.rest.security.GeoStoreLdapAuthoritiesPopulator.1
            protected Object doMapFromContext(DirContextOperations dirContextOperations) {
                return new Authority(dirContextOperations.getStringAttribute(GeoStoreLdapAuthoritiesPopulator.this.groupRoleAttribute), dirContextOperations.getNameInNamespace());
            }
        });
        if (logger.isDebugEnabled()) {
            logger.debug("Authorities from search: " + search);
        }
        for (Authority authority : search) {
            if (addAuthority(set, str3, authority.getName()) && z && i < this.maxLevelGroupsSearch) {
                addAuthorities(new String[]{authority.getDn(), authority.getName()}, set, str, this.groupInGroupSearchFilter, str3, z, i + 1);
            }
        }
    }

    private boolean addAuthority(Set<GrantedAuthority> set, String str, String str2) {
        if (this.convertToUpperCase) {
            str2 = str2.toUpperCase();
        }
        SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(((str == null || str2.startsWith(str)) ? "" : str) + str2);
        if (set.contains(simpleGrantedAuthority)) {
            return false;
        }
        set.add(simpleGrantedAuthority);
        return true;
    }

    public void setConvertToUpperCase(boolean z) {
        super.setConvertToUpperCase(z);
        this.convertToUpperCase = z;
    }

    public void setGroupRoleAttribute(String str) {
        super.setGroupRoleAttribute(str);
        this.groupRoleAttribute = str;
    }

    public void setGroupSearchFilter(String str) {
        super.setGroupSearchFilter(str);
        this.groupSearchFilter = str;
    }

    public void setRoleSearchFilter(String str) {
        this.roleSearchFilter = str;
    }

    public void setRolePrefix(String str) {
        super.setRolePrefix(str);
        this.rolePrefix = str;
    }

    public void setSearchSubtree(boolean z) {
        if (z) {
            this.searchControls.setSearchScope(2);
        } else {
            this.searchControls.setSearchScope(1);
        }
        this.searchSubtree = z;
    }

    public void setEnableHierarchicalGroups(boolean z) {
        this.enableHierarchicalGroups = z;
    }

    public void setGroupInGroupSearchFilter(String str) {
        this.groupInGroupSearchFilter = str;
    }

    public void setMaxLevelGroupsSearch(int i) {
        this.maxLevelGroupsSearch = i;
    }
}
