package com.greenhat.server.container.server.security.ldap;

import com.greenhat.server.container.shared.datamodel.Role;
import java.text.MessageFormat;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.naming.Name;
import javax.naming.NameParser;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;

/* loaded from: input_file:security-config.jar:com/greenhat/server/container/server/security/ldap/GenericLDAPAuthenticator.class */
public class GenericLDAPAuthenticator extends BaseLDAPAuthenticator implements GenericLDAPConfigurationAttributes {
    public GenericLDAPAuthenticator(Map<String, String> map, Map<String, Set<Role>> map2) {
        super(map, map2);
    }

    @Override // com.greenhat.server.container.server.security.ldap.BaseLDAPAuthenticator
    protected Set<String> getGroups(String str) {
        LdapContext adminContext = getAdminContext();
        try {
            String[] strArr = {getGroupIdentifier()};
            String format = MessageFormat.format(getUserGroupFilter(), getUserDN(adminContext, str));
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(strArr);
            searchControls.setSearchScope(2);
            Map<String, String> allGroups = getAllGroups(adminContext);
            NameParser nameParser = adminContext.getNameParser(getSearchBase());
            HashSet hashSet = new HashSet();
            NamingEnumeration search = adminContext.search(getSearchBase(), format, searchControls);
            while (search.hasMoreElements()) {
                SearchResult searchResult = (SearchResult) search.next();
                String nameInNamespace = searchResult.getNameInNamespace();
                Attributes attributes = searchResult.getAttributes();
                if (attributes != null) {
                    NamingEnumeration all = attributes.getAll();
                    while (all.hasMore()) {
                        hashSet.add(((Attribute) all.next()).get().toString());
                    }
                    all.close();
                }
                addParentGroup(nameInNamespace, hashSet, allGroups, nameParser);
            }
            return hashSet;
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private Map<String, String> getAllGroups(LdapContext ldapContext) {
        return getAllGroups(ldapContext, getParentGroupFilter());
    }

    protected void addParentGroup(String str, Set<String> set, Map<String, String> map, NameParser nameParser) throws NamingException {
        Name parse = nameParser.parse(str);
        String obj = parse.getPrefix(parse.size() - 1).toString();
        String str2 = map.get(obj);
        if (str2 == null || set.contains(str2)) {
            return;
        }
        set.add(str2);
        addParentGroup(obj, set, map, nameParser);
    }

    @Override // com.greenhat.server.container.server.security.ldap.BaseLDAPAuthenticator
    protected String makeQualifiedUsername(String str) {
        try {
            return getUserDN(getAdminContext(), str);
        } catch (NamingException e) {
            return str;
        }
    }

    protected String getParentGroupFilter() {
        return this.config.get(GenericLDAPConfigurationAttributes.PARENT_GROUP_FILTER);
    }

    protected String getUserGroupFilter() {
        return this.config.get(GenericLDAPConfigurationAttributes.USER_GROUP_FILTER);
    }

    @Override // com.greenhat.server.container.server.security.Authenticator
    public Set<String> getAllGroups() {
        return Collections.unmodifiableSet(new HashSet(getAllGroups(getAdminContext()).values()));
    }
}
