package net.nemerosa.ontrack.extension.ldap;

import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.NoSuchElementException;
import java.util.stream.Collectors;
import javax.naming.ldap.LdapName;
import org.apache.commons.lang3.StringUtils;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.support.LdapUtils;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.SpringSecurityLdapTemplate;
import org.springframework.security.ldap.userdetails.LdapUserDetails;
import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;

/* loaded from: input_file:net/nemerosa/ontrack/extension/ldap/ConfigurableUserDetailsContextMapper.class */
public class ConfigurableUserDetailsContextMapper extends LdapUserDetailsMapper {
    private final LDAPSettings settings;
    private final SpringSecurityLdapTemplate ldapTemplate;

    public ConfigurableUserDetailsContextMapper(LDAPSettings lDAPSettings, SpringSecurityLdapTemplate springSecurityLdapTemplate) {
        this.settings = lDAPSettings;
        this.ldapTemplate = springSecurityLdapTemplate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConfigurableUserDetailsContextMapper(LDAPSettings lDAPSettings, ContextSource contextSource) {
        this(lDAPSettings, new SpringSecurityLdapTemplate(contextSource));
    }

    public UserDetails mapUserFromContext(DirContextOperations dirContextOperations, String str, Collection<? extends GrantedAuthority> collection) {
        return extendUserDetails(dirContextOperations, (LdapUserDetails) super.mapUserFromContext(dirContextOperations, str, collection), str);
    }

    protected UserDetails extendUserDetails(DirContextOperations dirContextOperations, LdapUserDetails ldapUserDetails, String str) {
        String fullNameAttribute = this.settings.getFullNameAttribute();
        if (StringUtils.isBlank(fullNameAttribute)) {
            fullNameAttribute = "cn";
        }
        String stringAttribute = dirContextOperations.getStringAttribute(fullNameAttribute);
        String emailAttribute = this.settings.getEmailAttribute();
        if (StringUtils.isBlank(emailAttribute)) {
            emailAttribute = "email";
        }
        String stringAttribute2 = dirContextOperations.getStringAttribute(emailAttribute);
        HashSet hashSet = new HashSet();
        hashSet.addAll(getGroupsFromUser(dirContextOperations));
        hashSet.addAll(getGroups(ldapUserDetails, str));
        return new ExtendedLDAPUserDetails(ldapUserDetails, stringAttribute, stringAttribute2, hashSet);
    }

    private Collection<String> getGroups(LdapUserDetails ldapUserDetails, String str) {
        String groupSearchBase = this.settings.getGroupSearchBase();
        if (!StringUtils.isNotBlank(groupSearchBase)) {
            return Collections.emptySet();
        }
        String groupSearchFilter = this.settings.getGroupSearchFilter();
        if (StringUtils.isBlank(groupSearchFilter)) {
            groupSearchFilter = "(member={0})";
        }
        String groupNameAttribute = this.settings.getGroupNameAttribute();
        if (StringUtils.isBlank(groupNameAttribute)) {
            groupNameAttribute = "cn";
        }
        return this.ldapTemplate.searchForSingleAttributeValues(groupSearchBase, groupSearchFilter, new String[]{ldapUserDetails.getDn()}, groupNameAttribute);
    }

    private Collection<String> getGroupsFromUser(DirContextOperations dirContextOperations) {
        String groupNameAttribute = this.settings.getGroupNameAttribute();
        String str = StringUtils.isBlank(groupNameAttribute) ? "cn" : groupNameAttribute;
        String groupAttribute = this.settings.getGroupAttribute();
        if (StringUtils.isBlank(groupAttribute)) {
            groupAttribute = "memberOf";
        }
        String groupFilter = this.settings.getGroupFilter();
        String[] stringAttributes = dirContextOperations.getStringAttributes(groupAttribute);
        if (stringAttributes == null || stringAttributes.length <= 0) {
            return Collections.emptySet();
        }
        String str2 = str;
        return (Collection) Arrays.stream(stringAttributes).map(LdapUtils::newLdapName).filter(ldapName -> {
            return StringUtils.isBlank(groupFilter) || StringUtils.equalsIgnoreCase(getValue(ldapName, "OU"), groupFilter);
        }).map(ldapName2 -> {
            return getValue(ldapName2, str2);
        }).filter((v0) -> {
            return StringUtils.isNotBlank(v0);
        }).collect(Collectors.toSet());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getValue(LdapName ldapName, String str) {
        try {
            return LdapUtils.getStringValue(ldapName, StringUtils.upperCase(str));
        } catch (IllegalArgumentException | NoSuchElementException e) {
            try {
                return LdapUtils.getStringValue(ldapName, StringUtils.lowerCase(str));
            } catch (IllegalArgumentException | NoSuchElementException e2) {
                return null;
            }
        }
    }
}
