package com.terracotta.management.security.shiro.realm;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import net.sf.ehcache.config.TimeoutBehaviorConfiguration;
import org.apache.shiro.config.Ini;
import org.apache.shiro.realm.ldap.LdapUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:ehcache/ehcache-ee-2.10.2.2.15.jar/rest-management-private-classpath/com/terracotta/management/security/shiro/realm/ActiveDirectoryRealm.class_terracotta
 */
/* loaded from: input_file:rest-management-private-classpath/com/terracotta/management/security/shiro/realm/ActiveDirectoryRealm.class_terracotta */
public class ActiveDirectoryRealm extends LdapRealm {
    private static final Logger log = LoggerFactory.getLogger(ActiveDirectoryRealm.class);
    protected static final String CN = "CN";

    @Override // com.terracotta.management.security.shiro.realm.LdapRealm
    protected Set<String> getRoleNamesForUser(String str, LdapContext ldapContext) throws NamingException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search = ldapContext.search(this.searchBase, "(&(objectClass=*)(CN={0}))", new Object[]{str}, searchControls);
        while (search.hasMoreElements()) {
            SearchResult searchResult = (SearchResult) search.next();
            if (log.isDebugEnabled()) {
                log.debug("Retrieving group names for user [" + searchResult.getName() + Ini.SECTION_SUFFIX);
            }
            Attributes attributes = searchResult.getAttributes();
            if (attributes != null) {
                NamingEnumeration all = attributes.getAll();
                while (all.hasMore()) {
                    Attribute attribute = (Attribute) all.next();
                    if (attribute.getID().equals("memberOf")) {
                        Collection<String> allAttributeValues = LdapUtils.getAllAttributeValues(attribute);
                        if (log.isDebugEnabled()) {
                            log.debug("Groups found for user [" + str + "]: " + allAttributeValues);
                        }
                        linkedHashSet.addAll(getRoleNamesForGroups(allAttributeValues));
                    }
                }
            }
        }
        return linkedHashSet;
    }

    @Override // com.terracotta.management.security.shiro.realm.LdapRealm
    protected Collection<String> getRoleNamesForGroups(Collection<String> collection) {
        HashSet hashSet = new HashSet();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            hashSet.addAll(processGroup(it.next()));
        }
        return translateGroups(hashSet);
    }

    private Collection<String> processGroup(String str) {
        HashSet hashSet = new HashSet();
        List<String> parseDomainsInSearchBase = parseDomainsInSearchBase();
        for (String str2 : str.split(TimeoutBehaviorConfiguration.DEFAULT_PROPERTY_SEPARATOR)) {
            String[] split = str2.split("=");
            String str3 = split[0];
            String str4 = split[1];
            if (str3.equalsIgnoreCase("DC")) {
                if (parseDomainsInSearchBase.isEmpty() || !parseDomainsInSearchBase.get(0).equals(str4)) {
                    return Collections.emptySet();
                }
                parseDomainsInSearchBase.remove(0);
            } else if (str3.equalsIgnoreCase(CN)) {
                hashSet.add(str4);
            }
        }
        return !parseDomainsInSearchBase.isEmpty() ? Collections.emptySet() : hashSet;
    }

    private List<String> parseDomainsInSearchBase() {
        ArrayList arrayList = new ArrayList();
        for (String str : this.searchBase.split(TimeoutBehaviorConfiguration.DEFAULT_PROPERTY_SEPARATOR)) {
            arrayList.add(str.split("=")[1]);
        }
        return arrayList;
    }

    private Collection<String> translateGroups(Collection<String> collection) {
        if (this.groupRolesMap == null) {
            return collection;
        }
        HashSet hashSet = new HashSet();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            Set<String> set = this.groupRolesMap.get(it.next());
            if (set != null) {
                Iterator<String> it2 = set.iterator();
                while (it2.hasNext()) {
                    hashSet.add(it2.next());
                }
            }
        }
        return hashSet;
    }

    @Override // com.terracotta.management.security.shiro.realm.LdapRealm
    public void setSystemUsername(String str) {
        ((TCJndiLdapContextFactory) getContextFactory()).setSystemUsername(str);
        ((TCJndiLdapContextFactory) getContextFactory()).setSimpleSystemUsername(str);
    }
}
