package org.springframework.security.ldap.userdetails;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import javax.naming.directory.SearchControls;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.ldap.SpringSecurityLdapTemplate;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/spring-security-ldap-5.0.3.RELEASE.jar:org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.class */
public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
    private static final Log logger = LogFactory.getLog((Class<?>) DefaultLdapAuthoritiesPopulator.class);
    private GrantedAuthority defaultRole;
    private final SpringSecurityLdapTemplate ldapTemplate;
    private String groupSearchBase;
    private final SearchControls searchControls = new SearchControls();
    private String groupRoleAttribute = "cn";
    private String groupSearchFilter = "(member={0})";
    private String rolePrefix = "ROLE_";
    private boolean convertToUpperCase = true;

    public DefaultLdapAuthoritiesPopulator(ContextSource contextSource, String str) {
        Assert.notNull(contextSource, "contextSource must not be null");
        this.ldapTemplate = new SpringSecurityLdapTemplate(contextSource);
        getLdapTemplate().setSearchControls(getSearchControls());
        this.groupSearchBase = str;
        if (str == null) {
            logger.info("groupSearchBase is null. No group search will be performed.");
        } else if (str.length() == 0) {
            logger.info("groupSearchBase is empty. Searches will be performed from the context source base");
        }
    }

    protected Set<GrantedAuthority> getAdditionalRoles(DirContextOperations dirContextOperations, String str) {
        return null;
    }

    @Override // org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator
    public final Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations dirContextOperations, String str) {
        String nameInNamespace = dirContextOperations.getNameInNamespace();
        if (logger.isDebugEnabled()) {
            logger.debug("Getting authorities for user " + nameInNamespace);
        }
        Set<GrantedAuthority> groupMembershipRoles = getGroupMembershipRoles(nameInNamespace, str);
        Set<GrantedAuthority> additionalRoles = getAdditionalRoles(dirContextOperations, str);
        if (additionalRoles != null) {
            groupMembershipRoles.addAll(additionalRoles);
        }
        if (this.defaultRole != null) {
            groupMembershipRoles.add(this.defaultRole);
        }
        ArrayList arrayList = new ArrayList(groupMembershipRoles.size());
        arrayList.addAll(groupMembershipRoles);
        return arrayList;
    }

    public Set<GrantedAuthority> getGroupMembershipRoles(String str, String str2) {
        if (getGroupSearchBase() == null) {
            return new HashSet();
        }
        HashSet hashSet = new HashSet();
        if (logger.isDebugEnabled()) {
            logger.debug("Searching for roles for user '" + str2 + "', DN = '" + str + "', with filter " + this.groupSearchFilter + " in search base '" + getGroupSearchBase() + "'");
        }
        Set<String> searchForSingleAttributeValues = getLdapTemplate().searchForSingleAttributeValues(getGroupSearchBase(), this.groupSearchFilter, new String[]{str, str2}, this.groupRoleAttribute);
        if (logger.isDebugEnabled()) {
            logger.debug("Roles from search: " + searchForSingleAttributeValues);
        }
        for (String str3 : searchForSingleAttributeValues) {
            if (this.convertToUpperCase) {
                str3 = str3.toUpperCase();
            }
            hashSet.add(new SimpleGrantedAuthority(this.rolePrefix + str3));
        }
        return hashSet;
    }

    protected ContextSource getContextSource() {
        return getLdapTemplate().getContextSource();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getGroupSearchBase() {
        return this.groupSearchBase;
    }

    public void setConvertToUpperCase(boolean z) {
        this.convertToUpperCase = z;
    }

    public void setDefaultRole(String str) {
        Assert.notNull(str, "The defaultRole property cannot be set to null");
        this.defaultRole = new SimpleGrantedAuthority(str);
    }

    public void setGroupRoleAttribute(String str) {
        Assert.notNull(str, "groupRoleAttribute must not be null");
        this.groupRoleAttribute = str;
    }

    public void setGroupSearchFilter(String str) {
        Assert.notNull(str, "groupSearchFilter must not be null");
        this.groupSearchFilter = str;
    }

    public void setRolePrefix(String str) {
        Assert.notNull(str, "rolePrefix must not be null");
        this.rolePrefix = str;
    }

    public void setSearchSubtree(boolean z) {
        this.searchControls.setSearchScope(z ? 2 : 1);
    }

    public void setIgnorePartialResultException(boolean z) {
        getLdapTemplate().setIgnorePartialResultException(z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SpringSecurityLdapTemplate getLdapTemplate() {
        return this.ldapTemplate;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String getGroupRoleAttribute() {
        return this.groupRoleAttribute;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String getGroupSearchFilter() {
        return this.groupSearchFilter;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String getRolePrefix() {
        return this.rolePrefix;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean isConvertToUpperCase() {
        return this.convertToUpperCase;
    }

    private GrantedAuthority getDefaultRole() {
        return this.defaultRole;
    }

    private SearchControls getSearchControls() {
        return this.searchControls;
    }
}
