package org.acegisecurity.providers.ldap.populator;

import java.util.HashSet;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.providers.ldap.InitialDirContextFactory;
import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator;
import org.acegisecurity.providers.ldap.LdapDataAccessException;
import org.acegisecurity.providers.ldap.LdapUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.util.Assert;

/* loaded from: input_file:org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.class */
public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
    private static final Log logger;
    private GrantedAuthority defaultRole;
    private InitialDirContextFactory initialDirContextFactory;
    private String groupRoleAttribute;
    private String groupSearchBase;
    private String groupSearchFilter;
    private String rolePrefix;
    private String[] userRoleAttributes;
    private boolean convertToUpperCase;
    private int searchScope;
    static Class class$org$acegisecurity$providers$ldap$populator$DefaultLdapAuthoritiesPopulator;

    public DefaultLdapAuthoritiesPopulator() {
        this.defaultRole = null;
        this.initialDirContextFactory = null;
        this.groupRoleAttribute = "cn";
        this.groupSearchBase = null;
        this.groupSearchFilter = "(member={0})";
        this.rolePrefix = "ROLE_";
        this.userRoleAttributes = null;
        this.convertToUpperCase = true;
        this.searchScope = 1;
    }

    public DefaultLdapAuthoritiesPopulator(InitialDirContextFactory initialDirContextFactory, String str) {
        this.defaultRole = null;
        this.initialDirContextFactory = null;
        this.groupRoleAttribute = "cn";
        this.groupSearchBase = null;
        this.groupSearchFilter = "(member={0})";
        this.rolePrefix = "ROLE_";
        this.userRoleAttributes = null;
        this.convertToUpperCase = true;
        this.searchScope = 1;
        Assert.notNull(initialDirContextFactory, "InitialDirContextFactory must not be null");
        Assert.hasLength(str, "The groupSearchBase (name to search under), must be specified.");
        this.initialDirContextFactory = initialDirContextFactory;
        this.groupSearchBase = str;
    }

    @Override // org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator
    public GrantedAuthority[] getGrantedAuthorities(String str, String str2, Attributes attributes) {
        logger.debug(new StringBuffer().append("Getting authorities for user ").append(str2).toString());
        Set rolesFromUserAttributes = getRolesFromUserAttributes(str2, attributes);
        Set groupMembershipRoles = getGroupMembershipRoles(str2, attributes);
        if (groupMembershipRoles != null) {
            rolesFromUserAttributes.addAll(groupMembershipRoles);
        }
        if (this.defaultRole != null) {
            rolesFromUserAttributes.add(this.defaultRole);
        }
        return (GrantedAuthority[]) rolesFromUserAttributes.toArray(new GrantedAuthority[rolesFromUserAttributes.size()]);
    }

    protected Set getRolesFromUserAttributes(String str, Attributes attributes) {
        HashSet hashSet = new HashSet();
        for (int i = 0; this.userRoleAttributes != null && i < this.userRoleAttributes.length; i++) {
            addAttributeValuesToRoleSet(attributes.get(this.userRoleAttributes[i]), hashSet);
        }
        return hashSet;
    }

    protected Set getGroupMembershipRoles(String str, Attributes attributes) {
        HashSet hashSet = new HashSet();
        if (this.groupSearchBase == null) {
            return null;
        }
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("Searching for roles for user '").append(str).append("', with filter ").append(this.groupSearchFilter).append(" in search base '").append(this.groupSearchBase).append("'").toString());
        }
        DirContext newInitialDirContext = this.initialDirContextFactory.newInitialDirContext();
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(this.searchScope);
        searchControls.setReturningAttributes(new String[]{this.groupRoleAttribute});
        try {
            try {
                NamingEnumeration search = newInitialDirContext.search(this.groupSearchBase, this.groupSearchFilter, new String[]{str}, searchControls);
                while (search.hasMore()) {
                    NamingEnumeration all = ((SearchResult) search.next()).getAttributes().getAll();
                    while (all.hasMore()) {
                        addAttributeValuesToRoleSet((Attribute) all.next(), hashSet);
                    }
                }
                if (logger.isDebugEnabled()) {
                    logger.debug(new StringBuffer().append("Roles from search: ").append(hashSet).toString());
                }
                return hashSet;
            } catch (NamingException e) {
                throw new LdapDataAccessException(new StringBuffer().append("Group search failed for user ").append(str).toString(), e);
            }
        } finally {
            LdapUtils.closeContext(newInitialDirContext);
        }
    }

    private void addAttributeValuesToRoleSet(Attribute attribute, Set set) {
        if (attribute == null) {
            return;
        }
        try {
            NamingEnumeration all = attribute.getAll();
            while (all.hasMore()) {
                Object next = all.next();
                if (next instanceof String) {
                    if (this.convertToUpperCase) {
                        next = ((String) next).toUpperCase();
                    }
                    set.add(new GrantedAuthorityImpl(new StringBuffer().append(this.rolePrefix).append(next).toString()));
                } else {
                    logger.warn(new StringBuffer().append("Non-String value found for role attribute ").append(attribute.getID()).toString());
                }
            }
        } catch (NamingException e) {
            throw new LdapDataAccessException(new StringBuffer().append("Error retrieving values for role attribute ").append(attribute.getID()).toString(), e);
        }
    }

    protected String[] getUserRoleAttributes() {
        return this.userRoleAttributes;
    }

    public void setUserRoleAttributes(String[] strArr) {
        this.userRoleAttributes = strArr;
    }

    public void setRolePrefix(String str) {
        Assert.notNull(str, "rolePrefix must not be null");
        this.rolePrefix = str;
    }

    public void setGroupSearchFilter(String str) {
        Assert.notNull(str, "groupSearchFilter must not be null");
        this.groupSearchFilter = str;
    }

    public void setGroupRoleAttribute(String str) {
        Assert.notNull(str, "groupRoleAttribute must not be null");
        this.groupRoleAttribute = str;
    }

    public void setSearchSubtree(boolean z) {
        this.searchScope = z ? 2 : 1;
    }

    public void setConvertToUpperCase(boolean z) {
        this.convertToUpperCase = z;
    }

    public void setDefaultRole(String str) {
        Assert.notNull(str, "The defaultRole property cannot be set to null");
        this.defaultRole = new GrantedAuthorityImpl(str);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$acegisecurity$providers$ldap$populator$DefaultLdapAuthoritiesPopulator == null) {
            cls = class$("org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator");
            class$org$acegisecurity$providers$ldap$populator$DefaultLdapAuthoritiesPopulator = cls;
        } else {
            cls = class$org$acegisecurity$providers$ldap$populator$DefaultLdapAuthoritiesPopulator;
        }
        logger = LogFactory.getLog(cls);
    }
}
