package org.elasticsearch.shield.authc.ldap;

import com.google.common.primitives.Ints;
import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPInterface;
import com.unboundid.ldap.sdk.SearchRequest;
import com.unboundid.ldap.sdk.SearchScope;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.shield.authc.ldap.support.LdapSession;
import org.elasticsearch.shield.authc.ldap.support.LdapUtils;

/* loaded from: input_file:org/elasticsearch/shield/authc/ldap/UserAttributeGroupsResolver.class */
class UserAttributeGroupsResolver implements LdapSession.GroupsResolver {
    private final String attribute;

    public UserAttributeGroupsResolver(Settings settings) {
        this(settings.get("user_group_attribute", "memberOf"));
    }

    public UserAttributeGroupsResolver(String str) {
        this.attribute = str;
    }

    @Override // org.elasticsearch.shield.authc.ldap.support.LdapSession.GroupsResolver
    public List<String> resolve(LDAPInterface lDAPInterface, String str, TimeValue timeValue, ESLogger eSLogger) {
        try {
            SearchRequest searchRequest = new SearchRequest(str, SearchScope.BASE, LdapUtils.OBJECT_CLASS_PRESENCE_FILTER, new String[]{this.attribute});
            searchRequest.setTimeLimitSeconds(Ints.checkedCast(timeValue.seconds()));
            Attribute attribute = LdapUtils.searchForEntry(lDAPInterface, searchRequest, eSLogger).getAttribute(this.attribute);
            return attribute == null ? Collections.emptyList() : Arrays.asList(attribute.getValues());
        } catch (LDAPException e) {
            throw new ElasticsearchException("could not look up group attributes for DN [{}]", e, new Object[]{str});
        }
    }
}
