package org.opennms.web.springframework.security;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.naming.directory.SearchControls;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.ldap.LdapAuthoritiesPopulator;
import org.springframework.security.ldap.SpringSecurityLdapTemplate;
import org.springframework.util.Assert;

/* loaded from: input_file:org/opennms/web/springframework/security/UserGroupLdapAuthoritiesPopulator.class */
public class UserGroupLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
    private static final Log logger = LogFactory.getLog(UserGroupLdapAuthoritiesPopulator.class);
    private GrantedAuthority defaultRole;
    private SpringSecurityLdapTemplate ldapTemplate;
    private String groupSearchBase;
    private SearchControls searchControls = new SearchControls();
    private String groupRoleAttribute = "cn";
    private String groupSearchFilter = "(member={0})";
    private Map<String, List<String>> groupToRoleMap = new HashMap();

    public UserGroupLdapAuthoritiesPopulator(ContextSource contextSource, String str) {
        Assert.notNull(contextSource, "contextSource must not be null");
        this.ldapTemplate = new SpringSecurityLdapTemplate(contextSource);
        this.ldapTemplate.setSearchControls(this.searchControls);
        setGroupSearchBase(str);
    }

    public final GrantedAuthority[] getGrantedAuthorities(DirContextOperations dirContextOperations, String str) {
        String nameInNamespace = dirContextOperations.getNameInNamespace();
        if (logger.isDebugEnabled()) {
            logger.debug("Getting authorities for user " + nameInNamespace);
        }
        Set<GrantedAuthority> groupMembershipRoles = getGroupMembershipRoles(nameInNamespace, str);
        if (this.defaultRole != null) {
            groupMembershipRoles.add(this.defaultRole);
            logger.debug("Added default role: " + this.defaultRole);
        }
        return (GrantedAuthority[]) groupMembershipRoles.toArray(new GrantedAuthority[groupMembershipRoles.size()]);
    }

    public Set<GrantedAuthority> getGroupMembershipRoles(String str, String str2) {
        HashSet hashSet = new HashSet();
        if (getGroupSearchBase() == null) {
            return hashSet;
        }
        logger.debug("Searching for groups for user '" + str2 + "', DN = '" + str + "', with filter " + this.groupSearchFilter + " in search base '" + getGroupSearchBase() + "'");
        Set<String> searchForSingleAttributeValues = this.ldapTemplate.searchForSingleAttributeValues(getGroupSearchBase(), this.groupSearchFilter, new String[]{str, str2}, this.groupRoleAttribute);
        logger.debug("Groups from search: " + searchForSingleAttributeValues);
        Iterator<String> it = getRolesFromGroups(searchForSingleAttributeValues).iterator();
        while (it.hasNext()) {
            hashSet.add(new GrantedAuthorityImpl(it.next()));
        }
        return hashSet;
    }

    protected Set<String> getRolesFromGroups(Set<String> set) {
        HashSet hashSet = new HashSet();
        for (String str : set) {
            List<String> list = this.groupToRoleMap.get(str);
            logger.debug("Checking " + str + " for an associated role");
            if (list != null) {
                for (String str2 : list) {
                    hashSet.add(str2);
                    logger.debug("Added role: " + str2 + " based on group " + str);
                }
            }
        }
        return hashSet;
    }

    protected ContextSource getContextSource() {
        return this.ldapTemplate.getContextSource();
    }

    private void setGroupSearchBase(String str) {
        Assert.notNull(str, "The groupSearchBase (name to search under), must not be null.");
        this.groupSearchBase = str;
        if (str.length() == 0) {
            logger.info("groupSearchBase is empty. Searches will be performed from the context source base");
        }
    }

    protected String getGroupSearchBase() {
        return this.groupSearchBase;
    }

    public void setGroupToRoleMap(Map<String, List<String>> map) {
        this.groupToRoleMap = map;
    }

    public void setDefaultRole(String str) {
        Assert.notNull(str, "The defaultRole property cannot be set to null");
        this.defaultRole = new GrantedAuthorityImpl(str);
    }

    public void setGroupRoleAttribute(String str) {
        Assert.notNull(str, "groupRoleAttribute must not be null");
        this.groupRoleAttribute = str;
    }

    public void setGroupSearchFilter(String str) {
        Assert.notNull(str, "groupSearchFilter must not be null");
        this.groupSearchFilter = str;
    }

    public void setSearchSubtree(boolean z) {
        this.searchControls.setSearchScope(z ? 2 : 1);
    }
}
