package org.springframework.security.ldap.userdetails;

import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.ListIterator;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.LdapContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.directory.shared.ldap.constants.JndiPropertyConstants;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.springframework.dao.DataAccessException;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.AttributesMapperCallbackHandler;
import org.springframework.ldap.core.ContextExecutor;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.SearchExecutor;
import org.springframework.ldap.core.support.AbstractContextSource;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.ldap.DefaultLdapUsernameToDnMapper;
import org.springframework.security.ldap.LdapUsernameToDnMapper;
import org.springframework.security.ldap.LdapUtils;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-ldap-3.0.3.RELEASE.jar:org/springframework/security/ldap/userdetails/LdapUserDetailsManager.class */
public class LdapUserDetailsManager implements UserDetailsManager {
    private LdapTemplate template;
    private String[] attributesToRetrieve;
    private final Log logger = LogFactory.getLog(LdapUserDetailsManager.class);
    LdapUsernameToDnMapper usernameMapper = new DefaultLdapUsernameToDnMapper("cn=users", SchemaConstants.UID_AT);
    private DistinguishedName groupSearchBase = new DistinguishedName("cn=groups");
    private String passwordAttributeName = SchemaConstants.USER_PASSWORD_AT;
    private String groupRoleAttributeName = SchemaConstants.CN_AT;
    private String groupMemberAttributeName = "uniquemember";
    private String rolePrefix = "ROLE_";
    private String groupSearchFilter = "(uniquemember={0})";
    private UserDetailsContextMapper userDetailsMapper = new InetOrgPersonContextMapper();
    private AttributesMapper roleMapper = new AttributesMapper() { // from class: org.springframework.security.ldap.userdetails.LdapUserDetailsManager.1
        @Override // org.springframework.ldap.core.AttributesMapper
        public Object mapFromAttributes(Attributes attributes) throws NamingException {
            return new GrantedAuthorityImpl(LdapUserDetailsManager.this.rolePrefix + attributes.get(LdapUserDetailsManager.this.groupRoleAttributeName).getAll().next().toString().toUpperCase());
        }
    };

    public LdapUserDetailsManager(ContextSource contextSource) {
        this.template = new LdapTemplate(contextSource);
    }

    @Override // org.springframework.security.core.userdetails.UserDetailsService
    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        DistinguishedName buildDn = this.usernameMapper.buildDn(str);
        List<GrantedAuthority> userAuthorities = getUserAuthorities(buildDn, str);
        this.logger.debug("Loading user '" + str + "' with DN '" + buildDn + "'");
        return this.userDetailsMapper.mapUserFromContext(loadUserAsContext(buildDn, str), str, userAuthorities);
    }

    private DirContextAdapter loadUserAsContext(final DistinguishedName distinguishedName, final String str) {
        return (DirContextAdapter) this.template.executeReadOnly(new ContextExecutor() { // from class: org.springframework.security.ldap.userdetails.LdapUserDetailsManager.2
            @Override // org.springframework.ldap.core.ContextExecutor
            public Object executeWithContext(DirContext dirContext) throws NamingException {
                try {
                    return new DirContextAdapter(dirContext.getAttributes(distinguishedName, LdapUserDetailsManager.this.attributesToRetrieve), LdapUtils.getFullDn(distinguishedName, dirContext));
                } catch (NameNotFoundException e) {
                    throw new UsernameNotFoundException("User " + str + " not found", (Throwable) e);
                }
            }
        });
    }

    @Override // org.springframework.security.provisioning.UserDetailsManager
    public void changePassword(final String str, String str2) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Assert.notNull(authentication, "No authentication object found in security context. Can't change current user's password!");
        String name = authentication.getName();
        this.logger.debug("Changing password for user '" + name);
        final DistinguishedName buildDn = this.usernameMapper.buildDn(name);
        final ModificationItem[] modificationItemArr = {new ModificationItem(2, new BasicAttribute(this.passwordAttributeName, str2))};
        if (str == null) {
            this.template.modifyAttributes(buildDn, modificationItemArr);
        } else {
            this.template.executeReadWrite(new ContextExecutor() { // from class: org.springframework.security.ldap.userdetails.LdapUserDetailsManager.3
                @Override // org.springframework.ldap.core.ContextExecutor
                public Object executeWithContext(DirContext dirContext) throws NamingException {
                    LdapContext ldapContext = (LdapContext) dirContext;
                    ldapContext.removeFromEnvironment(AbstractContextSource.SUN_LDAP_POOLING_FLAG);
                    ldapContext.addToEnvironment(JndiPropertyConstants.JNDI_SECURITY_PRINCIPAL, LdapUtils.getFullDn(buildDn, ldapContext).toString());
                    ldapContext.addToEnvironment(JndiPropertyConstants.JNDI_SECURITY_CREDENTIALS, str);
                    try {
                        ldapContext.reconnect((Control[]) null);
                        ldapContext.modifyAttributes(buildDn, modificationItemArr);
                        return null;
                    } catch (AuthenticationException e) {
                        throw new BadCredentialsException("Authentication for password change failed.");
                    }
                }
            });
        }
    }

    List<GrantedAuthority> getUserAuthorities(final DistinguishedName distinguishedName, final String str) {
        SearchExecutor searchExecutor = new SearchExecutor() { // from class: org.springframework.security.ldap.userdetails.LdapUserDetailsManager.4
            @Override // org.springframework.ldap.core.SearchExecutor
            public NamingEnumeration<SearchResult> executeSearch(DirContext dirContext) throws NamingException {
                DistinguishedName fullDn = LdapUtils.getFullDn(distinguishedName, dirContext);
                SearchControls searchControls = new SearchControls();
                searchControls.setReturningAttributes(new String[]{LdapUserDetailsManager.this.groupRoleAttributeName});
                return dirContext.search(LdapUserDetailsManager.this.groupSearchBase, LdapUserDetailsManager.this.groupSearchFilter, new String[]{fullDn.toUrl(), str}, searchControls);
            }
        };
        AttributesMapperCallbackHandler attributesMapperCallbackHandler = new AttributesMapperCallbackHandler(this.roleMapper);
        this.template.search(searchExecutor, attributesMapperCallbackHandler);
        return attributesMapperCallbackHandler.getList();
    }

    @Override // org.springframework.security.provisioning.UserDetailsManager
    public void createUser(UserDetails userDetails) {
        DirContextAdapter dirContextAdapter = new DirContextAdapter();
        copyToContext(userDetails, dirContextAdapter);
        DistinguishedName buildDn = this.usernameMapper.buildDn(userDetails.getUsername());
        this.logger.debug("Creating new user '" + userDetails.getUsername() + "' with DN '" + buildDn + "'");
        this.template.bind(buildDn, dirContextAdapter, (Attributes) null);
        List<GrantedAuthority> userAuthorities = getUserAuthorities(buildDn, userDetails.getUsername());
        if (userAuthorities.size() > 0) {
            removeAuthorities(buildDn, userAuthorities);
        }
        addAuthorities(buildDn, userDetails.getAuthorities());
    }

    @Override // org.springframework.security.provisioning.UserDetailsManager
    public void updateUser(UserDetails userDetails) {
        DistinguishedName buildDn = this.usernameMapper.buildDn(userDetails.getUsername());
        this.logger.debug("Updating user '" + userDetails.getUsername() + "' with DN '" + buildDn + "'");
        List<GrantedAuthority> userAuthorities = getUserAuthorities(buildDn, userDetails.getUsername());
        DirContextAdapter loadUserAsContext = loadUserAsContext(buildDn, userDetails.getUsername());
        loadUserAsContext.setUpdateMode(true);
        copyToContext(userDetails, loadUserAsContext);
        LinkedList linkedList = new LinkedList(Arrays.asList(loadUserAsContext.getModificationItems()));
        ListIterator listIterator = linkedList.listIterator();
        while (listIterator.hasNext()) {
            if ("objectclass".equalsIgnoreCase(((ModificationItem) listIterator.next()).getAttribute().getID())) {
                listIterator.remove();
            }
        }
        this.template.modifyAttributes(buildDn, (ModificationItem[]) linkedList.toArray(new ModificationItem[linkedList.size()]));
        removeAuthorities(buildDn, userAuthorities);
        addAuthorities(buildDn, userDetails.getAuthorities());
    }

    @Override // org.springframework.security.provisioning.UserDetailsManager
    public void deleteUser(String str) {
        DistinguishedName buildDn = this.usernameMapper.buildDn(str);
        removeAuthorities(buildDn, getUserAuthorities(buildDn, str));
        this.template.unbind(buildDn);
    }

    @Override // org.springframework.security.provisioning.UserDetailsManager
    public boolean userExists(String str) {
        try {
            Object lookup = this.template.lookup(this.usernameMapper.buildDn(str));
            if (!(lookup instanceof Context)) {
                return true;
            }
            LdapUtils.closeContext((Context) lookup);
            return true;
        } catch (org.springframework.ldap.NameNotFoundException e) {
            return false;
        }
    }

    protected DistinguishedName buildGroupDn(String str) {
        DistinguishedName distinguishedName = new DistinguishedName(this.groupSearchBase);
        distinguishedName.add(this.groupRoleAttributeName, str.toLowerCase());
        return distinguishedName;
    }

    protected void copyToContext(UserDetails userDetails, DirContextAdapter dirContextAdapter) {
        this.userDetailsMapper.mapUserToContext(userDetails, dirContextAdapter);
    }

    protected void addAuthorities(DistinguishedName distinguishedName, Collection<GrantedAuthority> collection) {
        modifyAuthorities(distinguishedName, collection, 1);
    }

    protected void removeAuthorities(DistinguishedName distinguishedName, List<GrantedAuthority> list) {
        modifyAuthorities(distinguishedName, list, 3);
    }

    private void modifyAuthorities(final DistinguishedName distinguishedName, final Collection<GrantedAuthority> collection, final int i) {
        this.template.executeReadWrite(new ContextExecutor() { // from class: org.springframework.security.ldap.userdetails.LdapUserDetailsManager.5
            @Override // org.springframework.ldap.core.ContextExecutor
            public Object executeWithContext(DirContext dirContext) throws NamingException {
                Iterator it = collection.iterator();
                while (it.hasNext()) {
                    dirContext.modifyAttributes(LdapUserDetailsManager.this.buildGroupDn(LdapUserDetailsManager.this.convertAuthorityToGroup((GrantedAuthority) it.next())), new ModificationItem[]{new ModificationItem(i, new BasicAttribute(LdapUserDetailsManager.this.groupMemberAttributeName, LdapUtils.getFullDn(distinguishedName, dirContext).toUrl()))});
                }
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String convertAuthorityToGroup(GrantedAuthority grantedAuthority) {
        String authority = grantedAuthority.getAuthority();
        if (authority.startsWith(this.rolePrefix)) {
            authority = authority.substring(this.rolePrefix.length());
        }
        return authority;
    }

    public void setUsernameMapper(LdapUsernameToDnMapper ldapUsernameToDnMapper) {
        this.usernameMapper = ldapUsernameToDnMapper;
    }

    public void setPasswordAttributeName(String str) {
        this.passwordAttributeName = str;
    }

    public void setGroupSearchBase(String str) {
        this.groupSearchBase = new DistinguishedName(str);
    }

    public void setGroupRoleAttributeName(String str) {
        this.groupRoleAttributeName = str;
    }

    public void setAttributesToRetrieve(String[] strArr) {
        Assert.notNull(strArr);
        this.attributesToRetrieve = strArr;
    }

    public void setUserDetailsMapper(UserDetailsContextMapper userDetailsContextMapper) {
        this.userDetailsMapper = userDetailsContextMapper;
    }

    public void setGroupMemberAttributeName(String str) {
        Assert.hasText(str);
        this.groupMemberAttributeName = str;
        this.groupSearchFilter = "(" + str + "={0})";
    }

    public void setRoleMapper(AttributesMapper attributesMapper) {
        this.roleMapper = attributesMapper;
    }
}
