package org.apache.isis.security.shiro;

import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import org.apache.isis.security.shiro.util.Util;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.ldap.JndiLdapRealm;
import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.apache.shiro.realm.ldap.LdapUtils;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.StringUtils;

/* loaded from: input_file:org/apache/isis/security/shiro/IsisLdapRealm.class */
public class IsisLdapRealm extends JndiLdapRealm {
    private static final String UNIQUEMEMBER_SUBSTITUTION_TOKEN = "{0}";
    private static final SearchControls SUBTREE_SCOPE = new SearchControls();
    private String searchBase;
    private String groupObjectClass;
    private String uniqueMemberAttributeValuePrefix;
    private String uniqueMemberAttributeValueSuffix;
    private String uniqueMemberAttribute = "uniqueMember";
    private final Map<String, String> rolesByGroup = Maps.newLinkedHashMap();
    private final Map<String, List<String>> permissionsByRole = Maps.newLinkedHashMap();

    public IsisLdapRealm() {
        setGroupObjectClass("groupOfUniqueNames");
        setUniqueMemberAttribute("uniqueMember");
        setUniqueMemberAttributeValueTemplate("uid={0}");
    }

    protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principalCollection, LdapContextFactory ldapContextFactory) throws NamingException {
        Set<String> roles = getRoles(principalCollection, ldapContextFactory);
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(roles);
        simpleAuthorizationInfo.setStringPermissions(permsFor(roles));
        return simpleAuthorizationInfo;
    }

    private Set<String> getRoles(PrincipalCollection principalCollection, LdapContextFactory ldapContextFactory) throws NamingException {
        String str = (String) getAvailablePrincipal(principalCollection);
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = ldapContextFactory.getSystemLdapContext();
                Set<String> rolesFor = rolesFor(str, ldapContext);
                LdapUtils.closeContext(ldapContext);
                return rolesFor;
            } catch (AuthenticationException e) {
                Set<String> emptySet = Collections.emptySet();
                LdapUtils.closeContext(ldapContext);
                return emptySet;
            }
        } catch (Throwable th) {
            LdapUtils.closeContext(ldapContext);
            throw th;
        }
    }

    private Set<String> rolesFor(String str, LdapContext ldapContext) throws NamingException {
        LinkedHashSet newLinkedHashSet = Sets.newLinkedHashSet();
        NamingEnumeration search = ldapContext.search(this.searchBase, "objectClass=" + this.groupObjectClass, SUBTREE_SCOPE);
        while (search.hasMore()) {
            addRoleIfMember(str, (SearchResult) search.next(), newLinkedHashSet);
        }
        return newLinkedHashSet;
    }

    private void addRoleIfMember(String str, SearchResult searchResult, Set<String> set) throws NamingException {
        NamingEnumeration all = searchResult.getAttributes().getAll();
        while (all.hasMore()) {
            Attribute attribute = (Attribute) all.next();
            if (this.uniqueMemberAttribute.equalsIgnoreCase(attribute.getID())) {
                NamingEnumeration all2 = attribute.getAll();
                while (true) {
                    if (all2.hasMore()) {
                        if ((this.uniqueMemberAttributeValuePrefix + str + this.uniqueMemberAttributeValueSuffix).equals(all2.next().toString())) {
                            String roleNameFor = roleNameFor(searchResult.getAttributes().get("cn").get().toString());
                            if (roleNameFor != null) {
                                set.add(roleNameFor);
                            }
                        }
                    }
                }
            }
        }
    }

    private String roleNameFor(String str) {
        return !this.rolesByGroup.isEmpty() ? this.rolesByGroup.get(str) : str;
    }

    private Set<String> permsFor(Set<String> set) {
        LinkedHashSet newLinkedHashSet = Sets.newLinkedHashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            List<String> list = this.permissionsByRole.get(it.next());
            if (list != null) {
                newLinkedHashSet.addAll(list);
            }
        }
        return newLinkedHashSet;
    }

    public void setSearchBase(String str) {
        this.searchBase = str;
    }

    public void setGroupObjectClass(String str) {
        this.groupObjectClass = str;
    }

    public void setUniqueMemberAttribute(String str) {
        this.uniqueMemberAttribute = str;
    }

    public void setUniqueMemberAttributeValueTemplate(String str) {
        if (!StringUtils.hasText(str)) {
            throw new IllegalArgumentException("User DN template cannot be null or empty.");
        }
        int indexOf = str.indexOf(UNIQUEMEMBER_SUBSTITUTION_TOKEN);
        if (indexOf < 0) {
            throw new IllegalArgumentException("UniqueMember attribute value template must contain the '{0}' replacement token to understand how to parse the group members.");
        }
        String substring = str.substring(0, indexOf);
        String substring2 = str.substring(substring.length() + UNIQUEMEMBER_SUBSTITUTION_TOKEN.length());
        this.uniqueMemberAttributeValuePrefix = substring;
        this.uniqueMemberAttributeValueSuffix = substring2;
    }

    public void setRolesByGroup(Map<String, String> map) {
        this.rolesByGroup.putAll(map);
    }

    public void setPermissionsByRole(String str) {
        this.permissionsByRole.putAll(Util.parse(str));
    }

    static {
        SUBTREE_SCOPE.setSearchScope(2);
    }
}
