package org.opennms.web.springframework.security;

import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.naming.directory.SearchControls;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.ldap.SpringSecurityLdapTemplate;
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;

/* loaded from: input_file:org/opennms/web/springframework/security/UserGroupLdapAuthoritiesPopulator.class */
public class UserGroupLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
    private final Log logger;
    private final SearchControls searchControls;
    private final SpringSecurityLdapTemplate ldapTemplate;
    private String groupRoleAttribute;
    private String groupSearchFilter;
    private Map<String, List<String>> groupToRoleMap;

    public UserGroupLdapAuthoritiesPopulator(ContextSource contextSource, String str) {
        super(contextSource, str);
        this.logger = LogFactory.getLog(UserGroupLdapAuthoritiesPopulator.class);
        this.searchControls = new SearchControls();
        this.groupRoleAttribute = "cn";
        this.groupSearchFilter = "(member={0})";
        this.groupToRoleMap = new HashMap();
        this.ldapTemplate = new SpringSecurityLdapTemplate(contextSource);
        this.ldapTemplate.setSearchControls(this.searchControls);
    }

    protected Set<GrantedAuthority> getAdditionalRoles(DirContextOperations dirContextOperations, String str) {
        String nameInNamespace = dirContextOperations.getNameInNamespace();
        HashSet hashSet = new HashSet();
        if (super.getGroupSearchBase() == null) {
            return hashSet;
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Searching for roles for user '" + str + "', DN = '" + nameInNamespace + "', with filter " + this.groupSearchFilter + " in search base '" + super.getGroupSearchBase() + "'");
        }
        for (String str2 : this.ldapTemplate.searchForSingleAttributeValues(super.getGroupSearchBase(), this.groupSearchFilter, new String[]{nameInNamespace, str}, this.groupRoleAttribute)) {
            List<String> list = this.groupToRoleMap.get(str2);
            this.logger.debug("Checking " + str2 + " for an associated role");
            if (list != null) {
                for (String str3 : list) {
                    hashSet.add(new SimpleGrantedAuthority(str3));
                    this.logger.debug("Added role: " + str3 + " based on group " + str2);
                }
            }
        }
        return hashSet;
    }

    public void setGroupRoleAttribute(String str) {
        super.setGroupRoleAttribute(str);
        this.groupRoleAttribute = str;
    }

    public void setGroupSearchFilter(String str) {
        super.setGroupSearchFilter(str);
        this.groupSearchFilter = str;
    }

    public void setGroupToRoleMap(Map<String, List<String>> map) {
        this.groupToRoleMap = map;
    }

    public void setSearchSubtree(boolean z) {
        super.setSearchSubtree(z);
        this.searchControls.setSearchScope(z ? 2 : 1);
    }
}
