package com.xdev.security.authentication.ldap;

import com.xdev.security.authentication.CredentialsUsernamePassword;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm;
import org.apache.shiro.realm.ldap.JndiLdapContextFactory;
import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.apache.shiro.realm.ldap.LdapUtils;
import org.apache.shiro.subject.PrincipalCollection;

/* loaded from: input_file:com/xdev/security/authentication/ldap/LDAPRealm.class */
public class LDAPRealm extends ActiveDirectoryRealm implements AutoCloseable {
    private final LdapContext ldapContext;

    public LDAPRealm(LDAPConfiguration lDAPConfiguration, CredentialsUsernamePassword credentialsUsernamePassword) throws NamingException {
        String providerUrl = lDAPConfiguration.getProviderUrl();
        String suffix = lDAPConfiguration.getSuffix();
        String username = credentialsUsernamePassword.username();
        String str = new String(credentialsUsernamePassword.password());
        String str2 = String.valueOf(username) + suffix;
        setUrl(providerUrl);
        setSystemUsername(username);
        setSystemPassword(str);
        setPrincipalSuffix(suffix);
        String searchbase = lDAPConfiguration.getSearchbase();
        if (searchbase != null) {
            setSearchBase(searchbase);
        }
        JndiLdapContextFactory jndiLdapContextFactory = new JndiLdapContextFactory();
        jndiLdapContextFactory.setUrl(providerUrl);
        jndiLdapContextFactory.getEnvironment().put("java.naming.security.principal", str2);
        jndiLdapContextFactory.getEnvironment().put("java.naming.security.credentials", str);
        String securityAuthentication = lDAPConfiguration.getSecurityAuthentication();
        if (securityAuthentication != null) {
            jndiLdapContextFactory.getEnvironment().put("java.naming.security.authentication", securityAuthentication);
        }
        String securityProtocol = lDAPConfiguration.getSecurityProtocol();
        if (securityProtocol != null) {
            jndiLdapContextFactory.getEnvironment().put("java.naming.security.protocol", securityProtocol);
        }
        setLdapContextFactory(jndiLdapContextFactory);
        this.ldapContext = jndiLdapContextFactory.getSystemLdapContext();
    }

    protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principalCollection, LdapContextFactory ldapContextFactory) throws NamingException {
        return buildAuthorizationInfo(getGroupNamesForUser((String) getAvailablePrincipal(principalCollection)));
    }

    public Set<String> getGroupNamesForUser(String str) throws NamingException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        String str2 = str;
        if (this.principalSuffix != null) {
            str2 = String.valueOf(str2) + this.principalSuffix;
        }
        NamingEnumeration search = this.ldapContext.search(this.searchBase, "(&(objectClass=person)(userPrincipalName={0}))", new Object[]{str2}, searchControls);
        while (search.hasMoreElements()) {
            Attributes attributes = ((SearchResult) search.next()).getAttributes();
            if (attributes != null) {
                NamingEnumeration all = attributes.getAll();
                while (all.hasMore()) {
                    Attribute attribute = (Attribute) all.next();
                    if (attribute.getID().equals("memberOf")) {
                        for (String str3 : LdapUtils.getAllAttributeValues(attribute)) {
                            linkedHashSet.add(str3.split(",")[0].substring(3));
                            getMembersOf(str3.split(",")[0].substring(3), linkedHashSet, getSearchBase(str3));
                        }
                    }
                }
            }
        }
        return linkedHashSet;
    }

    private void getMembersOf(String str, Set<String> set, String str2) throws NamingException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search = this.ldapContext.search(str2, "(&(objectClass=group)(CN={0}))", new Object[]{str}, searchControls);
        while (search.hasMoreElements()) {
            Attributes attributes = ((SearchResult) search.next()).getAttributes();
            if (attributes != null) {
                NamingEnumeration all = attributes.getAll();
                while (all.hasMore()) {
                    Attribute attribute = (Attribute) all.next();
                    if (attribute.getID().equals("memberOf")) {
                        for (String str3 : LdapUtils.getAllAttributeValues(attribute)) {
                            set.add(str3.split(",")[0].substring(3));
                            getMembersOf(str3.split(",")[0].substring(3), set, getSearchBase(str3));
                        }
                    }
                }
            }
        }
    }

    private String getSearchBase(String str) {
        String str2 = "";
        String[] split = str.split(",");
        for (int i = 1; i < split.length - 2; i++) {
            str2 = String.valueOf(str2) + split[i];
            if (i != split.length - 3) {
                str2 = String.valueOf(str2) + ",";
            }
        }
        return str2;
    }

    public LdapContext getLdapContext() {
        return this.ldapContext;
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        LdapUtils.closeContext(this.ldapContext);
    }
}
