package org.sonatype.security.ldap.realms.connector;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import javax.naming.NamingException;
import javax.naming.ldap.LdapContext;
import org.apache.commons.collections.CollectionUtils;
import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.codehaus.plexus.util.StringUtils;
import org.sonatype.security.ldap.dao.LdapAuthConfiguration;
import org.sonatype.security.ldap.dao.LdapDAOException;
import org.sonatype.security.ldap.dao.LdapGroupDAO;
import org.sonatype.security.ldap.dao.LdapUser;
import org.sonatype.security.ldap.dao.LdapUserDAO;
import org.sonatype.security.ldap.dao.NoLdapUserRolesFoundException;
import org.sonatype.security.ldap.dao.NoSuchLdapGroupException;
import org.sonatype.security.ldap.dao.NoSuchLdapUserException;
import org.sonatype.sisu.goodies.common.ComponentSupport;

/* loaded from: input_file:WEB-INF/plugin-repository/nexus-ldap-realm-plugin-2.14.17-01/dependencies/nexus-ldap-common-2.14.17-01.jar:org/sonatype/security/ldap/realms/connector/DefaultLdapConnector.class */
public class DefaultLdapConnector extends ComponentSupport implements LdapConnector {
    private LdapUserDAO ldapUserManager;
    private LdapGroupDAO ldapGroupManager;
    private LdapContextFactory ldapContextFactory;
    private LdapAuthConfiguration ldapAuthConfiguration;
    private String identifier;

    public DefaultLdapConnector(String str, LdapUserDAO ldapUserDAO, LdapGroupDAO ldapGroupDAO, LdapContextFactory ldapContextFactory, LdapAuthConfiguration ldapAuthConfiguration) {
        this.identifier = str;
        this.ldapUserManager = ldapUserDAO;
        this.ldapGroupManager = ldapGroupDAO;
        this.ldapContextFactory = ldapContextFactory;
        this.ldapAuthConfiguration = ldapAuthConfiguration;
    }

    @Override // org.sonatype.security.ldap.realms.connector.LdapConnector
    public Set<String> getUserRoles(String str) throws LdapDAOException, NoLdapUserRolesFoundException {
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = getLdapContextFactory().getSystemLdapContext();
                Set<String> userRoles = getUserRoles(str, ldapContext, getLdapAuthConfiguration());
                closeContext(ldapContext);
                return userRoles;
            } catch (NamingException e) {
                throw new LdapDAOException("Failed to retrieve ldap user roles for user" + str, e);
            }
        } catch (Throwable th) {
            closeContext(ldapContext);
            throw th;
        }
    }

    private Set<String> getUserRoles(String str, LdapContext ldapContext, LdapAuthConfiguration ldapAuthConfiguration) throws LdapDAOException, NoLdapUserRolesFoundException {
        HashSet hashSet = new HashSet();
        if (getLdapAuthConfiguration().isLdapGroupsAsRoles()) {
            hashSet.addAll(getGroupMembership(str, ldapContext, ldapAuthConfiguration));
        }
        return hashSet;
    }

    @Override // org.sonatype.security.ldap.realms.connector.LdapConnector
    public SortedSet<LdapUser> getAllUsers() throws LdapDAOException {
        return getUsers(-1);
    }

    @Override // org.sonatype.security.ldap.realms.connector.LdapConnector
    public SortedSet<LdapUser> getUsers(int i) throws LdapDAOException {
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = getLdapContextFactory().getSystemLdapContext();
                LdapAuthConfiguration ldapAuthConfiguration = getLdapAuthConfiguration();
                SortedSet<LdapUser> users = this.ldapUserManager.getUsers(ldapContext, ldapAuthConfiguration, i);
                if (isStaticGroupMapping(ldapAuthConfiguration)) {
                    Iterator<LdapUser> it = users.iterator();
                    while (it.hasNext()) {
                        updateGroupMembership(ldapContext, ldapAuthConfiguration, it.next());
                    }
                }
                closeContext(ldapContext);
                return users;
            } catch (NamingException e) {
                throw new LdapDAOException("Failed to retrieve ldap information for users.", e);
            }
        } catch (Throwable th) {
            closeContext(ldapContext);
            throw th;
        }
    }

    @Override // org.sonatype.security.ldap.realms.connector.LdapConnector
    public LdapUser getUser(String str) throws NoSuchLdapUserException, LdapDAOException {
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = getLdapContextFactory().getSystemLdapContext();
                LdapAuthConfiguration ldapAuthConfiguration = getLdapAuthConfiguration();
                LdapUser user = this.ldapUserManager.getUser(str, ldapContext, ldapAuthConfiguration);
                if (isStaticGroupMapping(ldapAuthConfiguration)) {
                    updateGroupMembership(ldapContext, ldapAuthConfiguration, user);
                }
                closeContext(ldapContext);
                return user;
            } catch (NamingException e) {
                throw new LdapDAOException("Failed to retrieve ldap information for users.", e);
            }
        } catch (Throwable th) {
            closeContext(ldapContext);
            throw th;
        }
    }

    @Override // org.sonatype.security.ldap.realms.connector.LdapConnector
    public SortedSet<LdapUser> searchUsers(String str, Set<String> set) throws LdapDAOException {
        try {
            try {
                LdapContext systemLdapContext = getLdapContextFactory().getSystemLdapContext();
                LdapAuthConfiguration ldapAuthConfiguration = getLdapAuthConfiguration();
                if (str == null) {
                    str = "";
                }
                if (set != null && !set.isEmpty()) {
                    if (!ldapAuthConfiguration.isLdapGroupsAsRoles()) {
                        TreeSet treeSet = new TreeSet();
                        closeContext(systemLdapContext);
                        return treeSet;
                    }
                    if (isStaticGroupMapping(ldapAuthConfiguration) && CollectionUtils.intersection(set, this.ldapGroupManager.getAllGroups(systemLdapContext, ldapAuthConfiguration)).isEmpty()) {
                        TreeSet treeSet2 = new TreeSet();
                        closeContext(systemLdapContext);
                        return treeSet2;
                    }
                }
                SortedSet<LdapUser> users = this.ldapUserManager.getUsers(str + "*", systemLdapContext, ldapAuthConfiguration, -1L);
                if (isStaticGroupMapping(ldapAuthConfiguration)) {
                    Iterator<LdapUser> it = users.iterator();
                    while (it.hasNext()) {
                        updateGroupMembership(systemLdapContext, ldapAuthConfiguration, it.next());
                    }
                }
                closeContext(systemLdapContext);
                return users;
            } catch (NamingException e) {
                throw new LdapDAOException("Failed to retrieve ldap information for users.", e);
            }
        } catch (Throwable th) {
            closeContext(null);
            throw th;
        }
    }

    private static boolean isStaticGroupMapping(LdapAuthConfiguration ldapAuthConfiguration) {
        return ldapAuthConfiguration.isLdapGroupsAsRoles() && StringUtils.isEmpty(ldapAuthConfiguration.getUserMemberOfAttribute());
    }

    private void updateGroupMembership(LdapContext ldapContext, LdapAuthConfiguration ldapAuthConfiguration, LdapUser ldapUser) throws LdapDAOException {
        try {
            ldapUser.setMembership(getGroupMembership(ldapUser.getUsername(), ldapContext, ldapAuthConfiguration));
        } catch (NoLdapUserRolesFoundException e) {
            this.log.debug("No roles found for user: " + ldapUser.getUsername());
        }
    }

    private Set<String> getGroupMembership(String str, LdapContext ldapContext, LdapAuthConfiguration ldapAuthConfiguration) throws LdapDAOException, NoLdapUserRolesFoundException {
        return this.ldapGroupManager.getGroupMembership(str, ldapContext, ldapAuthConfiguration);
    }

    @Override // org.sonatype.security.ldap.realms.connector.LdapConnector
    public SortedSet<String> getAllGroups() throws LdapDAOException {
        LdapContext ldapContext = null;
        try {
            try {
                TreeSet treeSet = new TreeSet();
                ldapContext = getLdapContextFactory().getSystemLdapContext();
                treeSet.addAll(this.ldapGroupManager.getAllGroups(ldapContext, getLdapAuthConfiguration()));
                closeContext(ldapContext);
                return treeSet;
            } catch (NamingException e) {
                throw new LdapDAOException("Failed to retrieve ldap information for users.", e);
            }
        } catch (Throwable th) {
            closeContext(ldapContext);
            throw th;
        }
    }

    @Override // org.sonatype.security.ldap.realms.connector.LdapConnector
    public String getGroupName(String str) throws LdapDAOException, NoSuchLdapGroupException {
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = getLdapContextFactory().getSystemLdapContext();
                String groupName = this.ldapGroupManager.getGroupName(str, ldapContext, getLdapAuthConfiguration());
                closeContext(ldapContext);
                return groupName;
            } catch (NamingException e) {
                throw new LdapDAOException("Failed to retrieve ldap information for users.", e);
            }
        } catch (Throwable th) {
            closeContext(ldapContext);
            throw th;
        }
    }

    @Override // org.sonatype.security.ldap.realms.connector.LdapConnector
    public LdapContextFactory getLdapContextFactory() {
        return this.ldapContextFactory;
    }

    private LdapAuthConfiguration getLdapAuthConfiguration() {
        return this.ldapAuthConfiguration;
    }

    @Override // org.sonatype.security.ldap.realms.connector.LdapConnector
    public String getIdentifier() {
        return this.identifier;
    }

    private void closeContext(LdapContext ldapContext) {
        if (ldapContext != null) {
            try {
                ldapContext.close();
            } catch (NamingException e) {
                this.log.debug("Error closing connection: " + e.getMessage(), e);
            }
        }
    }
}
