package jenkins.security.plugins.ldap;

import hudson.Extension;
import hudson.security.LDAPSecurityRealm;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.LogRecord;
import java.util.logging.Logger;
import javax.naming.InvalidNameException;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.ldap.LdapName;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/lib/ldap.jar:jenkins/security/plugins/ldap/FromUserRecordLDAPGroupMembershipStrategy.class */
public class FromUserRecordLDAPGroupMembershipStrategy extends LDAPGroupMembershipStrategy {
    private static final Logger LOGGER = Logger.getLogger(FromUserRecordLDAPGroupMembershipStrategy.class.getName());
    private static final String USER_SEARCH_FILTER = "({0}={1})";
    private final String attributeName;

    @Extension
    /* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/lib/ldap.jar:jenkins/security/plugins/ldap/FromUserRecordLDAPGroupMembershipStrategy$DescriptorImpl.class */
    public static class DescriptorImpl extends LDAPGroupMembershipStrategyDescriptor {
        @Override // hudson.model.Descriptor
        public String getDisplayName() {
            return Messages.FromUserRecordLDAPGroupMembershipStrategy_DisplayName();
        }
    }

    /* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/lib/ldap.jar:jenkins/security/plugins/ldap/FromUserRecordLDAPGroupMembershipStrategy$UserRecordMapper.class */
    private static class UserRecordMapper implements LdapEntryMapper<String> {
        private UserRecordMapper() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // jenkins.security.plugins.ldap.LdapEntryMapper
        public String mapAttributes(String str, Attributes attributes) throws NamingException {
            LdapName ldapName = new LdapName(str);
            return String.valueOf(ldapName.getRdn(ldapName.size() - 1).getValue());
        }
    }

    @DataBoundConstructor
    public FromUserRecordLDAPGroupMembershipStrategy(String str) {
        this.attributeName = str;
    }

    public String getAttributeName() {
        return StringUtils.defaultIfEmpty(this.attributeName, "memberOf");
    }

    @Override // jenkins.security.plugins.ldap.LDAPGroupMembershipStrategy
    public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations dirContextOperations, String str) {
        ArrayList arrayList = new ArrayList();
        Attributes attributes = dirContextOperations.getAttributes();
        String attributeName = getAttributeName();
        Attribute attribute = attributes == null ? null : attributes.get(attributeName);
        if (attribute != null) {
            try {
                Iterator it = Collections.list(attribute.getAll()).iterator();
                while (it.hasNext()) {
                    String valueOf = String.valueOf(it.next());
                    try {
                        LdapName ldapName = new LdapName(valueOf);
                        valueOf = String.valueOf(ldapName.getRdn(ldapName.size() - 1).getValue());
                    } catch (InvalidNameException e) {
                        LOGGER.log(Level.FINEST, "Expected a Group DN but found: {0}", valueOf);
                    }
                    arrayList.add(new SimpleGrantedAuthority(valueOf));
                }
            } catch (NamingException e2) {
                LogRecord logRecord = new LogRecord(Level.FINE, "Failed to retrieve member of attribute ({0}) from LDAP user details");
                logRecord.setThrown(e2);
                logRecord.setParameters(new Object[]{attributeName});
                LOGGER.log(logRecord);
            }
        }
        if (getAuthoritiesPopulator() instanceof LDAPSecurityRealm.AuthoritiesPopulatorImpl) {
            LDAPSecurityRealm.AuthoritiesPopulatorImpl authoritiesPopulatorImpl = (LDAPSecurityRealm.AuthoritiesPopulatorImpl) getAuthoritiesPopulator();
            if (authoritiesPopulatorImpl.isGeneratingPrefixRoles()) {
                Iterator it2 = new ArrayList(arrayList).iterator();
                while (it2.hasNext()) {
                    String authority = ((GrantedAuthority) it2.next()).getAuthority();
                    if (authoritiesPopulatorImpl._isConvertToUpperCase()) {
                        authority = authority.toUpperCase();
                    }
                    arrayList.add(new SimpleGrantedAuthority(authoritiesPopulatorImpl._getRolePrefix() + authority));
                }
            }
            arrayList.addAll(authoritiesPopulatorImpl.getAdditionalRoles(dirContextOperations, str));
            GrantedAuthority defaultRole = authoritiesPopulatorImpl.getDefaultRole();
            if (defaultRole != null) {
                arrayList.add(defaultRole);
            }
        }
        return arrayList;
    }

    @Override // jenkins.security.plugins.ldap.LDAPGroupMembershipStrategy
    public Set<String> getGroupMembers(String str, LDAPConfiguration lDAPConfiguration) {
        return new HashSet(lDAPConfiguration.getLdapTemplate().searchForAllEntries(lDAPConfiguration.getUserSearchBase() != null ? lDAPConfiguration.getUserSearchBase() : "", USER_SEARCH_FILTER, new String[]{getAttributeName(), str}, new String[0], new UserRecordMapper()));
    }
}
