package org.apache.isis.extensions.shirorealmldap.realm.impl;

import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Stream;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import org.apache.isis.commons.internal.base._NullSafe;
import org.apache.isis.commons.internal.collections._Maps;
import org.apache.isis.commons.internal.collections._Sets;
import org.apache.isis.security.shiro.permrolemapper.PermissionToRoleMapper;
import org.apache.isis.security.shiro.permrolemapper.PermissionToRoleMapperFromIni;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.config.Ini;
import org.apache.shiro.realm.ldap.DefaultLdapRealm;
import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.apache.shiro.realm.ldap.LdapUtils;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.StringUtils;

/* loaded from: input_file:org/apache/isis/extensions/shirorealmldap/realm/impl/IsisLdapRealm.class */
public class IsisLdapRealm extends DefaultLdapRealm {
    private static final String UNIQUEMEMBER_SUBSTITUTION_TOKEN = "{0}";
    private static final SearchControls SUBTREE_SCOPE = new SearchControls();
    private String searchBase;
    private String groupObjectClass;
    private String uniqueMemberAttributeValuePrefix;
    private String uniqueMemberAttributeValueSuffix;
    private String userObjectClass;
    private PermissionToRoleMapper permissionToRoleMapper;
    private String uniqueMemberAttribute = "uniqueMember";
    protected Set<String> groupExtractedAttribute = _Sets.newConcurrentHashSet();
    protected Set<String> userExtractedAttribute = _Sets.newConcurrentHashSet();
    protected Set<String> permissionByGroupAttribute = _Sets.newConcurrentHashSet();
    protected Set<String> permissionByUserAttribute = _Sets.newConcurrentHashSet();
    private String searchUserBase = "";
    private final Map<String, String> rolesByGroup = _Maps.newLinkedHashMap();
    private String cnAttribute = "cn";

    public IsisLdapRealm() {
        setGroupObjectClass("groupOfUniqueNames");
        setUniqueMemberAttribute("uniqueMember");
        setUniqueMemberAttributeValueTemplate("uid={0}");
    }

    protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principalCollection, LdapContextFactory ldapContextFactory) throws NamingException {
        Set<String> roles = getRoles(principalCollection, ldapContextFactory);
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(roles);
        Set<String> permsFor = permsFor(roles);
        String str = (String) getAvailablePrincipal(principalCollection);
        LdapContext systemLdapContext = ldapContextFactory.getSystemLdapContext();
        permsFor.addAll(getPermissionForUser(str, systemLdapContext));
        permsFor.addAll(getPermissionForRole(str, systemLdapContext));
        simpleAuthorizationInfo.setStringPermissions(permsFor);
        return simpleAuthorizationInfo;
    }

    private Set<String> getPermissionForRole(String str, LdapContext ldapContext) throws NamingException {
        LinkedHashSet newLinkedHashSet = _Sets.newLinkedHashSet();
        Set<String> groupFor = groupFor(str, ldapContext);
        NamingEnumeration search = ldapContext.search(this.searchBase, "objectClass=" + this.groupObjectClass, SUBTREE_SCOPE);
        while (search.hasMore()) {
            SearchResult searchResult = (SearchResult) search.next();
            if (memberOf(searchResult, groupFor)) {
                addPermIfFound(searchResult, newLinkedHashSet, this.groupExtractedAttribute, this.permissionByGroupAttribute);
            }
        }
        return newLinkedHashSet;
    }

    protected Set<String> groupFor(String str, LdapContext ldapContext) throws NamingException {
        LinkedHashSet newLinkedHashSet = _Sets.newLinkedHashSet();
        NamingEnumeration search = ldapContext.search(this.searchBase, "objectClass=" + this.groupObjectClass, SUBTREE_SCOPE);
        while (search.hasMore()) {
            addRoleIfMember(str, (SearchResult) search.next(), newLinkedHashSet);
        }
        return newLinkedHashSet;
    }

    protected boolean memberOf(SearchResult searchResult, Set<String> set) throws NamingException {
        return set.contains(searchResult.getAttributes().get(this.cnAttribute).get().toString());
    }

    private Collection<String> getPermissionForUser(String str, LdapContext ldapContext) throws NamingException {
        try {
            return permUser(str, ldapContext);
        } catch (AuthenticationException e) {
            return Collections.emptySet();
        }
    }

    private Collection<String> permUser(String str, LdapContext ldapContext) throws NamingException {
        LinkedHashSet newLinkedHashSet = _Sets.newLinkedHashSet();
        NamingEnumeration search = ldapContext.search(this.searchUserBase, "objectClass=" + this.userObjectClass, SUBTREE_SCOPE);
        while (search.hasMore()) {
            addPermIfFound((SearchResult) search.next(), newLinkedHashSet, this.userExtractedAttribute, this.permissionByUserAttribute);
        }
        return newLinkedHashSet;
    }

    private void addPermIfFound(SearchResult searchResult, Set<String> set, Set<String> set2, Set<String> set3) throws NamingException {
        NamingEnumeration all = searchResult.getAttributes().getAll();
        HashMap newHashMap = _Maps.newHashMap();
        while (all.hasMore()) {
            Attribute attribute = (Attribute) all.next();
            if (set2.contains(attribute.getID())) {
                NamingEnumeration all2 = attribute.getAll();
                newHashMap.put(attribute.getID(), new HashSet());
                while (all2.hasMore()) {
                    ((Set) newHashMap.get(attribute.getID())).add(all2.next().toString());
                }
            }
        }
        for (String str : set3) {
            for (String str2 : newHashMap.keySet()) {
                if (str.contains("{" + str2 + "}")) {
                    Iterator it = ((Set) newHashMap.get(str2)).iterator();
                    while (it.hasNext()) {
                        set.add(str.replaceAll("\\{" + str2 + "\\}", (String) it.next()));
                    }
                }
            }
        }
    }

    private Set<String> getRoles(PrincipalCollection principalCollection, LdapContextFactory ldapContextFactory) throws NamingException {
        String str = (String) getAvailablePrincipal(principalCollection);
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = ldapContextFactory.getSystemLdapContext();
                Set<String> rolesFor = rolesFor(str, ldapContext);
                LdapUtils.closeContext(ldapContext);
                return rolesFor;
            } catch (javax.naming.AuthenticationException e) {
                Set<String> emptySet = Collections.emptySet();
                LdapUtils.closeContext(ldapContext);
                return emptySet;
            }
        } catch (Throwable th) {
            LdapUtils.closeContext(ldapContext);
            throw th;
        }
    }

    private Set<String> rolesFor(String str, LdapContext ldapContext) throws NamingException {
        LinkedHashSet newLinkedHashSet = _Sets.newLinkedHashSet();
        NamingEnumeration search = ldapContext.search(this.searchBase, "objectClass=" + this.groupObjectClass, SUBTREE_SCOPE);
        while (search.hasMore()) {
            addRoleIfMember(str, (SearchResult) search.next(), newLinkedHashSet);
        }
        return newLinkedHashSet;
    }

    private void addRoleIfMember(String str, SearchResult searchResult, Set<String> set) throws NamingException {
        NamingEnumeration all = searchResult.getAttributes().getAll();
        while (all.hasMore()) {
            Attribute attribute = (Attribute) all.next();
            if (this.uniqueMemberAttribute.equalsIgnoreCase(attribute.getID())) {
                NamingEnumeration all2 = attribute.getAll();
                while (true) {
                    if (all2.hasMore()) {
                        if ((this.uniqueMemberAttributeValuePrefix + str + this.uniqueMemberAttributeValueSuffix).equals(all2.next().toString())) {
                            String roleNameFor = roleNameFor(searchResult.getAttributes().get("cn").get().toString());
                            if (roleNameFor != null) {
                                set.add(roleNameFor);
                            }
                        }
                    }
                }
            }
        }
    }

    private String roleNameFor(String str) {
        return !this.rolesByGroup.isEmpty() ? this.rolesByGroup.get(str) : str;
    }

    private Set<String> permsFor(Set<String> set) {
        LinkedHashSet newLinkedHashSet = _Sets.newLinkedHashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            Set<String> set2 = getPermissionsByRole().get(it.next());
            if (set2 != null) {
                newLinkedHashSet.addAll(set2);
            }
        }
        return newLinkedHashSet;
    }

    public void setSearchBase(String str) {
        this.searchBase = str;
    }

    public void setGroupObjectClass(String str) {
        this.groupObjectClass = str;
    }

    public void setUniqueMemberAttribute(String str) {
        this.uniqueMemberAttribute = str;
    }

    public void setUniqueMemberAttributeValueTemplate(String str) {
        if (!StringUtils.hasText(str)) {
            throw new IllegalArgumentException("User DN template cannot be null or empty.");
        }
        int indexOf = str.indexOf(UNIQUEMEMBER_SUBSTITUTION_TOKEN);
        if (indexOf < 0) {
            throw new IllegalArgumentException("UniqueMember attribute value template must contain the '{0}' replacement token to understand how to parse the group members.");
        }
        String substring = str.substring(0, indexOf);
        String substring2 = str.substring(substring.length() + UNIQUEMEMBER_SUBSTITUTION_TOKEN.length());
        this.uniqueMemberAttributeValuePrefix = substring;
        this.uniqueMemberAttributeValueSuffix = substring2;
    }

    public void setRolesByGroup(Map<String, String> map) {
        this.rolesByGroup.putAll(map);
    }

    private Map<String, Set<String>> getPermissionsByRole() {
        if (this.permissionToRoleMapper == null) {
            throw new IllegalStateException("Permissions by role not yet set.");
        }
        return this.permissionToRoleMapper.getPermissionsByRole();
    }

    public void setResourcePath(String str) {
        if (this.permissionToRoleMapper != null) {
            throw new IllegalStateException("Permissions already set, " + this.permissionToRoleMapper.getClass().getName());
        }
        this.permissionToRoleMapper = new PermissionToRoleMapperFromIni(Ini.fromResourcePath(str));
    }

    public void setPermissionByUserAttribute(String str) {
        Stream stream = _NullSafe.stream(str.split(","));
        Set<String> set = this.permissionByUserAttribute;
        Objects.requireNonNull(set);
        stream.forEach((v1) -> {
            r1.add(v1);
        });
    }

    public void setPermissionByGroupAttribute(String str) {
        Stream stream = _NullSafe.stream(str.split(","));
        Set<String> set = this.permissionByGroupAttribute;
        Objects.requireNonNull(set);
        stream.forEach((v1) -> {
            r1.add(v1);
        });
    }

    public void setUserExtractedAttribute(String str) {
        Stream stream = _NullSafe.stream(str.split(","));
        Set<String> set = this.userExtractedAttribute;
        Objects.requireNonNull(set);
        stream.forEach((v1) -> {
            r1.add(v1);
        });
    }

    public void setGroupExtractedAttribute(String str) {
        Stream stream = _NullSafe.stream(str.split(","));
        Set<String> set = this.groupExtractedAttribute;
        Objects.requireNonNull(set);
        stream.forEach((v1) -> {
            r1.add(v1);
        });
    }

    public void setSearchUserBase(String str) {
        this.searchUserBase = str;
    }

    public void setUserObjectClass(String str) {
        this.userObjectClass = str;
    }

    public void setCnAttribute(String str) {
        this.cnAttribute = str;
    }

    static {
        SUBTREE_SCOPE.setSearchScope(2);
    }
}
