package org.opencastproject.userdirectory.ldap;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.util.concurrent.UncheckedExecutionException;
import java.lang.management.ManagementFactory;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicLong;
import javax.management.InstanceNotFoundException;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import org.apache.commons.lang3.StringUtils;
import org.opencastproject.security.api.CachingUserProviderMXBean;
import org.opencastproject.security.api.JaxbOrganization;
import org.opencastproject.security.api.JaxbRole;
import org.opencastproject.security.api.JaxbUser;
import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.security.api.User;
import org.opencastproject.security.api.UserProvider;
import org.opencastproject.util.ConfigurationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
import org.springframework.security.ldap.userdetails.LdapUserDetailsService;

/* loaded from: input_file:org/opencastproject/userdirectory/ldap/LdapUserProviderInstance.class */
public class LdapUserProviderInstance implements UserProvider, CachingUserProviderMXBean {
    private static final Logger logger = LoggerFactory.getLogger(LdapUserProviderInstance.class);
    public static final String PROVIDER_NAME = "ldap";
    private LdapUserDetailsService delegate;
    private Organization organization;
    private LoadingCache<String, Object> cache;
    private SecurityService securityService;
    private String rolePrefix;
    private AtomicLong requests = null;
    private AtomicLong ldapLoads = null;
    protected Object nullToken = new Object();
    private Set<GrantedAuthority> setExtraRoles = new HashSet();
    private Set<String> setExcludePrefixes = new HashSet();

    /* JADX INFO: Access modifiers changed from: package-private */
    public LdapUserProviderInstance(String str, Organization organization, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String[] strArr, String[] strArr2, boolean z, int i, int i2, SecurityService securityService) {
        this.delegate = null;
        this.organization = null;
        this.cache = null;
        this.organization = organization;
        this.securityService = securityService;
        logger.debug("Creating LdapUserProvider instance with pid=" + str + ", and organization=" + organization + ", to LDAP server at url:  " + str4);
        DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(str4);
        if (StringUtils.isNotBlank(str5)) {
            defaultSpringSecurityContextSource.setPassword(str6);
            defaultSpringSecurityContextSource.setUserDn(str5);
            defaultSpringSecurityContextSource.setAnonymousReadOnly(false);
        } else {
            defaultSpringSecurityContextSource.setAnonymousReadOnly(true);
        }
        try {
            defaultSpringSecurityContextSource.afterPropertiesSet();
            FilterBasedLdapUserSearch filterBasedLdapUserSearch = new FilterBasedLdapUserSearch(str2, str3, defaultSpringSecurityContextSource);
            filterBasedLdapUserSearch.setReturningAttributes(str7.split(","));
            this.delegate = new LdapUserDetailsService(filterBasedLdapUserSearch);
            if (StringUtils.isNotBlank(str7)) {
                LdapUserDetailsMapper ldapUserDetailsMapper = new LdapUserDetailsMapper();
                ldapUserDetailsMapper.setConvertToUpperCase(z);
                ldapUserDetailsMapper.setRoleAttributes(str7.split(","));
                if (z) {
                    this.rolePrefix = StringUtils.trimToEmpty(str8).toUpperCase();
                } else {
                    this.rolePrefix = StringUtils.trimToEmpty(str8);
                }
                logger.debug("Role prefix set to: \"{}\"", this.rolePrefix);
                ldapUserDetailsMapper.setRolePrefix("");
                this.delegate.setUserDetailsMapper(ldapUserDetailsMapper);
                if (!this.rolePrefix.isEmpty() && strArr2 != null) {
                    for (String str9 : strArr2) {
                        String trim = str9.trim();
                        if (!trim.isEmpty()) {
                            if (z) {
                                this.setExcludePrefixes.add(trim.toUpperCase());
                            } else {
                                this.setExcludePrefixes.add(trim);
                            }
                        }
                    }
                    if (logger.isDebugEnabled()) {
                        if (this.setExcludePrefixes.size() > 0) {
                            logger.debug("Exclude prefixes set to:");
                            for (String str10 : strArr2) {
                                logger.debug("\t* {}", str10);
                            }
                        } else {
                            logger.debug("No exclude prefixes defined");
                        }
                    }
                }
            }
            if (strArr != null) {
                for (String str11 : strArr) {
                    String trimToEmpty = StringUtils.trimToEmpty(str11);
                    if (!trimToEmpty.isEmpty()) {
                        if (z) {
                            this.setExtraRoles.add(new SimpleGrantedAuthority(trimToEmpty.toUpperCase()));
                        } else {
                            this.setExtraRoles.add(new SimpleGrantedAuthority(trimToEmpty));
                        }
                    }
                }
            }
            this.cache = CacheBuilder.newBuilder().maximumSize(i).expireAfterWrite(i2, TimeUnit.MINUTES).build(new CacheLoader<String, Object>() { // from class: org.opencastproject.userdirectory.ldap.LdapUserProviderInstance.1
                public Object load(String str12) throws Exception {
                    User loadUserFromLdap = LdapUserProviderInstance.this.loadUserFromLdap(str12);
                    return loadUserFromLdap == null ? LdapUserProviderInstance.this.nullToken : loadUserFromLdap;
                }
            });
            registerMBean(str);
        } catch (Exception e) {
            throw new ConfigurationException("Unable to create a spring context source", e);
        }
    }

    public String getName() {
        return PROVIDER_NAME;
    }

    protected void registerMBean(String str) {
        this.requests = new AtomicLong();
        this.ldapLoads = new AtomicLong();
        try {
            ObjectName objectName = LdapUserProviderFactory.getObjectName(str);
            MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
            try {
                platformMBeanServer.unregisterMBean(objectName);
            } catch (InstanceNotFoundException e) {
                logger.debug(objectName + " was not registered");
            }
            platformMBeanServer.registerMBean(this, objectName);
        } catch (Exception e2) {
            logger.warn("Unable to register {} as an mbean: {}", this, e2);
        }
    }

    public String getOrganization() {
        return this.organization.getId();
    }

    public User loadUser(String str) {
        logger.debug("LdapUserProvider is loading user " + str);
        this.requests.incrementAndGet();
        try {
            Object unchecked = this.cache.getUnchecked(str);
            if (unchecked == this.nullToken) {
                return null;
            }
            return (JaxbUser) unchecked;
        } catch (UncheckedExecutionException e) {
            logger.warn("Exception while loading user " + str, e);
            return null;
        }
    }

    protected User loadUserFromLdap(String str) {
        if (this.delegate == null || this.cache == null) {
            throw new IllegalStateException("The LDAP user detail service has not yet been configured");
        }
        this.ldapLoads.incrementAndGet();
        Thread currentThread = Thread.currentThread();
        ClassLoader contextClassLoader = currentThread.getContextClassLoader();
        try {
            currentThread.setContextClassLoader(LdapUserProviderFactory.class.getClassLoader());
            try {
                UserDetails loadUserByUsername = this.delegate.loadUserByUsername(str);
                JaxbOrganization fromOrganization = JaxbOrganization.fromOrganization(this.organization);
                HashSet hashSet = new HashSet();
                hashSet.addAll(loadUserByUsername.getAuthorities());
                hashSet.addAll(this.setExtraRoles);
                HashSet hashSet2 = new HashSet();
                if (hashSet != null) {
                    Iterator it = hashSet.iterator();
                    while (it.hasNext()) {
                        String authority = ((GrantedAuthority) it.next()).getAuthority();
                        boolean z = false;
                        Iterator<String> it2 = this.setExcludePrefixes.iterator();
                        while (true) {
                            if (!it2.hasNext()) {
                                break;
                            }
                            if (authority.startsWith(it2.next())) {
                                z = true;
                                break;
                            }
                        }
                        if (!z) {
                            authority = this.rolePrefix + authority;
                        }
                        hashSet2.add(new JaxbRole(authority, fromOrganization));
                    }
                }
                JaxbUser jaxbUser = new JaxbUser(loadUserByUsername.getUsername(), PROVIDER_NAME, fromOrganization, hashSet2);
                this.cache.put(str, jaxbUser);
                currentThread.setContextClassLoader(contextClassLoader);
                return jaxbUser;
            } catch (UsernameNotFoundException e) {
                this.cache.put(str, this.nullToken);
                currentThread.setContextClassLoader(contextClassLoader);
                return null;
            }
        } catch (Throwable th) {
            currentThread.setContextClassLoader(contextClassLoader);
            throw th;
        }
    }

    public float getCacheHitRatio() {
        if (this.requests.get() == 0) {
            return 0.0f;
        }
        return ((float) (this.requests.get() - this.ldapLoads.get())) / ((float) this.requests.get());
    }

    public Iterator<User> findUsers(String str, int i, int i2) {
        if (str == null) {
            throw new IllegalArgumentException("Query must be set");
        }
        if (loadUser(this.securityService.getUser().getUsername()) == null) {
            return Collections.emptyList().iterator();
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.securityService.getUser());
        return arrayList.iterator();
    }

    public Iterator<User> getUsers() {
        if (loadUser(this.securityService.getUser().getUsername()) == null) {
            return Collections.emptyList().iterator();
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.securityService.getUser());
        return arrayList.iterator();
    }

    public long countUsers() {
        return loadUser(this.securityService.getUser().getUsername()) != null ? 1L : 0L;
    }

    public void invalidate(String str) {
        this.cache.invalidate(str);
    }
}
