package com.tc.net.core.security;

import com.tc.security.PwProviderUtil;
import com.terracotta.management.security.shiro.realm.LdapRealm;
import com.terracotta.management.security.shiro.realm.TCJndiLdapContextFactory;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:L1/terracotta-l1-ee-4.0.0.jar/com/tc/net/core/security/ShiroLdapRealm.class_terracotta */
public class ShiroLdapRealm extends AbstractShiroRealm implements Realm {
    private final String keychainUrl;
    private final TCJndiLdapContextFactory contextFactory;

    public ShiroLdapRealm(String str) {
        this(str, null);
    }

    public ShiroLdapRealm(String str, String str2) {
        super(new LdapRealm());
        this.contextFactory = new TCJndiLdapContextFactory();
        LdapRealm ldapRealm = (LdapRealm) this.realm;
        ldapRealm.setContextFactory(this.contextFactory);
        RealmUrlParser realmUrlParser = new RealmUrlParser(str);
        this.contextFactory.setUrl(realmUrlParser.getSimplifiedUrl());
        if (realmUrlParser.getUser() != null) {
            ldapRealm.setSystemUsername(realmUrlParser.getUser());
            this.keychainUrl = realmUrlParser.getUrlWithoutQueryString();
        } else {
            this.keychainUrl = null;
        }
        if (str2 != null) {
            this.contextFactory.setSystemPassword(str2);
        }
        if (realmUrlParser.getScheme().equals("ldaps")) {
            this.contextFactory.getEnvironment().put("java.naming.ldap.factory.socket", TSASslSocketFactory.class.getName());
        }
        String str3 = realmUrlParser.getQueryParameters().get("userDnTemplate");
        if (str3 == null) {
            throw new RuntimeException("Missing mandatory 'userDnTemplate' query string parameter in configured LDAP URL");
        }
        ldapRealm.setUserDnTemplate(str3);
        String str4 = realmUrlParser.getQueryParameters().get("groupDnTemplate");
        if (str4 == null) {
            throw new RuntimeException("Missing mandatory 'groupDnTemplate' query string parameter in configured LDAP URL");
        }
        ldapRealm.setGroupDnTemplate(str4);
        String str5 = realmUrlParser.getQueryParameters().get("groupAttribute");
        if (str5 == null) {
            throw new RuntimeException("Missing mandatory 'groupAttribute' query string parameter in configured LDAP URL");
        }
        ldapRealm.setGroupAttributeMatching(str5);
        String str6 = realmUrlParser.getQueryParameters().get("groupBindings");
        if (str6 == null) {
            throw new RuntimeException("Missing mandatory 'groupBindings' query string parameter in configured LDAP URL");
        }
        ldapRealm.setGroupRolesMap(buildGroupRolesMap(str6));
    }

    public ShiroLdapRealm(LdapRealm ldapRealm) {
        super(ldapRealm);
        this.contextFactory = new TCJndiLdapContextFactory();
        this.keychainUrl = null;
    }

    private Map<String, Set<String>> buildGroupRolesMap(String str) {
        HashMap hashMap = new HashMap();
        for (String str2 : str.split("\\,")) {
            String[] split = str2.split("\\=");
            String str3 = split[0];
            String str4 = split[1];
            Set set = (Set) hashMap.get(str3);
            if (set == null) {
                HashSet hashSet = new HashSet();
                set = hashSet;
                hashMap.put(str3, hashSet);
            }
            set.add(str4);
        }
        return hashMap;
    }

    @Override // com.tc.net.core.security.AbstractShiroRealm, com.tc.net.core.security.Realm
    public void initialize() {
        if (this.keychainUrl != null) {
            try {
                this.contextFactory.setSystemPassword(String.valueOf(PwProviderUtil.getPasswordTo(new URI(this.keychainUrl))));
            } catch (URISyntaxException e) {
                throw new RuntimeException(e);
            }
        }
    }
}
