package org.opencastproject.userdirectory.ldap;

import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.opencastproject.security.api.JaxbOrganization;
import org.opencastproject.security.api.JaxbRole;
import org.opencastproject.security.api.JaxbUser;
import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.Role;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.userdirectory.JpaGroupRoleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;

/* loaded from: input_file:org/opencastproject/userdirectory/ldap/OpencastLdapAuthoritiesPopulator.class */
public class OpencastLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
    public static final String ROLE_CLEAN_REGEXP = "[\\s_]+";
    public static final String ROLE_CLEAN_REPLACEMENT = "_";
    private Set<String> attributeNames;
    private String[] additionalAuthorities;
    private String prefix;
    private Set<String> excludedPrefixes = new HashSet();
    private boolean uppercase;
    private Organization organization;
    private SecurityService securityService;
    private JpaGroupRoleProvider groupRoleProvider;
    private static final Logger logger = LoggerFactory.getLogger(OpencastLdapAuthoritiesPopulator.class);

    public OpencastLdapAuthoritiesPopulator(String str, String str2, String[] strArr, boolean z, Organization organization, SecurityService securityService, JpaGroupRoleProvider jpaGroupRoleProvider, String... strArr2) {
        this.prefix = "";
        this.uppercase = true;
        debug("Creating new instance", new Object[0]);
        if (str == null) {
            throw new IllegalArgumentException("The attribute list cannot be null");
        }
        if (securityService == null) {
            throw new IllegalArgumentException("The security service cannot be null");
        }
        this.securityService = securityService;
        if (organization == null) {
            throw new IllegalArgumentException("The organization cannot be null");
        }
        this.organization = organization;
        this.attributeNames = new HashSet();
        for (String str3 : str.split(",")) {
            String trim = str3.trim();
            if (!trim.isEmpty()) {
                this.attributeNames.add(trim);
            }
        }
        if (this.attributeNames.size() == 0) {
            throw new IllegalArgumentException("At least one valid attribute must be provided");
        }
        if (logger.isDebugEnabled()) {
            debug("Roles will be read from the LDAP attributes:", new Object[0]);
            Iterator<String> it = this.attributeNames.iterator();
            while (it.hasNext()) {
                logger.debug("\t* {}", it.next());
            }
        }
        if (jpaGroupRoleProvider == null) {
            info("Provided GroupRoleProvider was null. Group roles will therefore not be expanded", new Object[0]);
        }
        this.groupRoleProvider = jpaGroupRoleProvider;
        this.uppercase = z;
        if (z) {
            debug("Roles will be converted to uppercase", new Object[0]);
        } else {
            debug("Roles will NOT be converted to uppercase", new Object[0]);
        }
        if (z) {
            this.prefix = StringUtils.trimToEmpty(str2).replaceAll(ROLE_CLEAN_REGEXP, ROLE_CLEAN_REPLACEMENT).toUpperCase();
        } else {
            this.prefix = StringUtils.trimToEmpty(str2).replaceAll(ROLE_CLEAN_REGEXP, ROLE_CLEAN_REPLACEMENT);
        }
        debug("Role prefix set to: {}", this.prefix);
        if (strArr != null) {
            for (String str4 : strArr) {
                String upperCase = z ? StringUtils.trimToEmpty(str4).toUpperCase() : StringUtils.trimToEmpty(str4);
                if (!upperCase.isEmpty()) {
                    this.excludedPrefixes.add(upperCase);
                }
            }
        }
        if (strArr2 == null) {
            this.additionalAuthorities = new String[0];
        } else {
            this.additionalAuthorities = strArr2;
        }
        if (logger.isDebugEnabled()) {
            debug("Authenticated users will receive the following extra roles:", new Object[0]);
            for (String str5 : this.additionalAuthorities) {
                logger.debug("\t* {}", str5);
            }
        }
    }

    public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations dirContextOperations, String str) {
        Set<GrantedAuthority> hashSet = new HashSet<>();
        for (String str2 : this.attributeNames) {
            try {
                String[] stringAttributes = dirContextOperations.getStringAttributes(str2);
                if (stringAttributes != null) {
                    for (String str3 : stringAttributes) {
                        addAuthorities(hashSet, str3.split(","));
                    }
                } else {
                    debug("({}) Could not find any attribute named '{}' in user '{}'", str2, dirContextOperations.getDn());
                }
            } catch (ClassCastException e) {
                error("Specified attribute containing user roles ('{}') was not of expected type String: {}", str2, e);
            }
        }
        addAuthorities(hashSet, this.additionalAuthorities);
        if (logger.isDebugEnabled()) {
            debug("Returning user {} with authorities:", str);
            Iterator<GrantedAuthority> it = hashSet.iterator();
            while (it.hasNext()) {
                logger.debug("\t{}", it.next());
            }
        }
        if (this.securityService.getOrganization().equals(this.organization) && (this.securityService.getUser() == null || this.securityService.getUser().getUsername().equals(str))) {
            HashSet hashSet2 = new HashSet();
            Iterator it2 = this.securityService.getUser().getRoles().iterator();
            while (it2.hasNext()) {
                hashSet.add(new SimpleGrantedAuthority(((Role) it2.next()).getName()));
            }
            Iterator<GrantedAuthority> it3 = hashSet.iterator();
            while (it3.hasNext()) {
                hashSet2.add(new JaxbRole(it3.next().getAuthority(), JaxbOrganization.fromOrganization(this.organization)));
            }
            this.securityService.setUser(new JaxbUser(str, LdapUserProviderInstance.PROVIDER_NAME, JaxbOrganization.fromOrganization(this.organization), (JaxbRole[]) hashSet2.toArray(new JaxbRole[0])));
        }
        return hashSet;
    }

    public Collection<String> getAttributeNames() {
        return new HashSet(this.attributeNames);
    }

    public String getRolePrefix() {
        return this.prefix;
    }

    public String[] getExcludePrefixes() {
        return (String[]) this.excludedPrefixes.toArray(new String[0]);
    }

    public boolean getConvertToUpperCase() {
        return this.uppercase;
    }

    public String[] getAdditionalAuthorities() {
        return (String[]) this.additionalAuthorities.clone();
    }

    private void addAuthorities(Set<GrantedAuthority> set, String[] strArr) {
        if (strArr != null) {
            Organization organization = this.securityService.getOrganization();
            if (!this.organization.equals(organization)) {
                throw new SecurityException(String.format("Current request belongs to the organization \"%s\". Expected \"%s\"", organization.getId(), this.organization.getId()));
            }
            for (String str : strArr) {
                String upperCase = this.uppercase ? StringUtils.trimToEmpty(str).replaceAll(ROLE_CLEAN_REGEXP, ROLE_CLEAN_REPLACEMENT).toUpperCase() : StringUtils.trimToEmpty(str).replaceAll(ROLE_CLEAN_REGEXP, ROLE_CLEAN_REPLACEMENT);
                if (upperCase.isEmpty()) {
                    debug("Found empty authority. Ignoring...", new Object[0]);
                } else {
                    List<Role> rolesForGroup = this.groupRoleProvider != null ? this.groupRoleProvider.getRolesForGroup(upperCase) : Collections.emptyList();
                    String str2 = this.prefix;
                    if (!str2.isEmpty()) {
                        boolean z = false;
                        Iterator<String> it = this.excludedPrefixes.iterator();
                        while (true) {
                            if (it.hasNext()) {
                                if (upperCase.startsWith(it.next())) {
                                    z = true;
                                    break;
                                }
                            } else {
                                break;
                            }
                        }
                        if (z) {
                            str2 = "";
                        }
                    }
                    String replaceAll = (str2 + upperCase).replaceAll(ROLE_CLEAN_REGEXP, ROLE_CLEAN_REPLACEMENT);
                    debug("Parsed LDAP role \"{}\" to role \"{}\"", str, replaceAll);
                    if (!rolesForGroup.isEmpty()) {
                        debug("Found group for the group with group role \"{}\"", replaceAll);
                        for (Role role : rolesForGroup) {
                            set.add(new SimpleGrantedAuthority(role.getName()));
                            logger.debug("\tAdded role from role \"{}\"'s group: {}", replaceAll, role);
                        }
                    }
                    set.add(new SimpleGrantedAuthority(replaceAll));
                }
            }
        }
    }

    private void debug(String str, Object... objArr) {
        logger.debug(String.format("(%s) %s", Integer.valueOf(hashCode()), str), objArr);
    }

    private void error(String str, Object... objArr) {
        logger.error(String.format("(%s) %s", Integer.valueOf(hashCode()), str), objArr);
    }

    private void info(String str, Object... objArr) {
        logger.info(String.format("(%s) %s", Integer.valueOf(hashCode()), str), objArr);
    }

    public void setOrgDirectory(JpaGroupRoleProvider jpaGroupRoleProvider) {
        this.groupRoleProvider = jpaGroupRoleProvider;
    }

    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }
}
