package jenkins.security.plugins.ldap;

import hudson.Extension;
import hudson.security.LDAPSecurityRealm;
import java.util.Collection;
import java.util.Collections;
import java.util.Set;
import java.util.TreeSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.ldap.LdapName;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.ldap.LdapUtils;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;

/* loaded from: input_file:jenkins/security/plugins/ldap/FromGroupSearchLDAPGroupMembershipStrategy.class */
public class FromGroupSearchLDAPGroupMembershipStrategy extends LDAPGroupMembershipStrategy {
    private static final Logger LOGGER = Logger.getLogger(FromGroupSearchLDAPGroupMembershipStrategy.class.getName());
    private final String filter;

    @Extension
    /* loaded from: input_file:jenkins/security/plugins/ldap/FromGroupSearchLDAPGroupMembershipStrategy$DescriptorImpl.class */
    public static class DescriptorImpl extends LDAPGroupMembershipStrategyDescriptor {
        public String getDisplayName() {
            return Messages.FromGroupSearchLDAPGroupMembershipStrategy_DisplayName();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jenkins/security/plugins/ldap/FromGroupSearchLDAPGroupMembershipStrategy$GroupMembersMapper.class */
    public static class GroupMembersMapper implements LdapEntryMapper<Set<String>> {
        private GroupMembersMapper() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // jenkins.security.plugins.ldap.LdapEntryMapper
        public Set<String> mapAttributes(String str, Attributes attributes) throws NamingException {
            NamingEnumeration all;
            boolean z = false;
            if (attributes.get("member") != null) {
                all = attributes.get("member").getAll();
            } else if (attributes.get("uniqueMember") != null) {
                all = attributes.get("uniqueMember").getAll();
            } else {
                if (attributes.get("memberUid") == null) {
                    FromGroupSearchLDAPGroupMembershipStrategy.LOGGER.log(Level.FINEST, "No members for {0}", str);
                    return Collections.emptySet();
                }
                all = attributes.get("memberUid").getAll();
                z = true;
            }
            TreeSet treeSet = new TreeSet();
            while (all.hasMore()) {
                String valueOf = String.valueOf(all.next());
                if (z) {
                    treeSet.add(valueOf);
                } else {
                    try {
                        LdapName ldapName = new LdapName(valueOf);
                        treeSet.add(String.valueOf(ldapName.getRdn(ldapName.size() - 1).getValue()));
                    } catch (InvalidNameException e) {
                        FromGroupSearchLDAPGroupMembershipStrategy.LOGGER.log(Level.FINEST, "Expecting DN but found {0}", valueOf);
                    }
                }
            }
            return treeSet;
        }
    }

    @DataBoundConstructor
    public FromGroupSearchLDAPGroupMembershipStrategy(String str) {
        this.filter = str;
    }

    public String getFilter() {
        return this.filter;
    }

    @Override // jenkins.security.plugins.ldap.LDAPGroupMembershipStrategy
    public void setAuthoritiesPopulator(LdapAuthoritiesPopulator ldapAuthoritiesPopulator) {
        if ((ldapAuthoritiesPopulator instanceof LDAPSecurityRealm.AuthoritiesPopulatorImpl) && StringUtils.isNotBlank(this.filter)) {
            ((LDAPSecurityRealm.AuthoritiesPopulatorImpl) ldapAuthoritiesPopulator).setGroupSearchFilter(this.filter);
        }
        super.setAuthoritiesPopulator(ldapAuthoritiesPopulator);
    }

    @Override // jenkins.security.plugins.ldap.LDAPGroupMembershipStrategy
    public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations dirContextOperations, String str) {
        return getAuthoritiesPopulator().getGrantedAuthorities(dirContextOperations, str);
    }

    @Override // jenkins.security.plugins.ldap.LDAPGroupMembershipStrategy
    public Set<String> getGroupMembers(String str, LDAPConfiguration lDAPConfiguration) {
        String[] strArr = {"member", "uniqueMember", "memberUid"};
        return (Set) lDAPConfiguration.getLdapTemplate().executeReadOnly(dirContext -> {
            return new GroupMembersMapper().mapAttributes(str, dirContext.getAttributes(LdapUtils.getRelativeName(str, dirContext), strArr));
        });
    }
}
