package org.geoserver.security.ldap;

import java.io.IOException;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.naming.Name;
import javax.naming.directory.DirContext;
import org.apache.commons.lang3.StringUtils;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geoserver.security.impl.AbstractGeoServerSecurityService;
import org.geoserver.security.xml.XMLConstants;
import org.springframework.beans.factory.support.PropertiesBeanDefinitionReader;
import org.springframework.ldap.core.AuthenticatedLdapEntryContextCallback;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.LdapEntryIdentification;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.support.LdapUtils;
import org.springframework.security.ldap.SpringSecurityLdapTemplate;

/* loaded from: input_file:WEB-INF/lib/gs-sec-ldap-2.18.7.jar:org/geoserver/security/ldap/LDAPBaseSecurityService.class */
public abstract class LDAPBaseSecurityService extends AbstractGeoServerSecurityService {
    protected static final Pattern lookForMembershipAttribute = Pattern.compile("^\\(*([a-z]+)=(.*?)\\{([01])\\}(.*?)\\)*$", 2);
    protected LdapContextSource ldapContext;
    protected SpringSecurityLdapTemplate template;
    protected String user;
    protected String password;
    protected Pattern userNamePattern = Pattern.compile("^(.*)$");
    protected Pattern userMembershipPattern = Pattern.compile("^(.*)$");
    protected String groupSearchBase = "ou=groups";
    protected String groupNameFilter = "cn={0}";
    protected String allGroupsSearchFilter = "cn=*";
    protected String groupNameAttribute = "cn";
    protected String groupMembershipFilter = "member={0}";
    protected String groupMembershipAttribute = XMLConstants.E_MEMBER_UR;
    protected String userSearchBase = "ou=people";
    protected String userNameFilter = "uid={0}";
    protected String allUsersSearchFilter = "uid=*";
    protected String userNameAttribute = "uid";
    protected boolean lookupUserForDn = false;
    protected boolean useNestedGroups = true;
    protected int maxGroupSearchLevel = 10;
    protected String nestedGroupSearchFilter = "member={0}";

    @Override // org.geoserver.security.impl.AbstractGeoServerSecurityService, org.geoserver.security.GeoServerSecurityService
    public void initializeFromConfig(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        super.initializeFromConfig(securityNamedServiceConfig);
        LDAPBaseSecurityServiceConfig lDAPBaseSecurityServiceConfig = (LDAPBaseSecurityServiceConfig) securityNamedServiceConfig;
        this.ldapContext = LDAPUtils.createLdapContext(lDAPBaseSecurityServiceConfig);
        if (lDAPBaseSecurityServiceConfig.isBindBeforeGroupSearch().booleanValue()) {
            this.user = lDAPBaseSecurityServiceConfig.getUser();
            this.password = lDAPBaseSecurityServiceConfig.getPassword();
            this.template = new BindingLdapTemplate(this.ldapContext);
        } else {
            this.template = new SpringSecurityLdapTemplate(this.ldapContext);
        }
        if (!isEmpty(lDAPBaseSecurityServiceConfig.getGroupSearchBase())) {
            this.groupSearchBase = lDAPBaseSecurityServiceConfig.getGroupSearchBase();
        }
        if (!isEmpty(lDAPBaseSecurityServiceConfig.getUserSearchBase())) {
            this.userSearchBase = lDAPBaseSecurityServiceConfig.getUserSearchBase();
        }
        if (!isEmpty(lDAPBaseSecurityServiceConfig.getGroupSearchFilter())) {
            this.groupMembershipFilter = lDAPBaseSecurityServiceConfig.getGroupSearchFilter();
            Matcher matcher = lookForMembershipAttribute.matcher(this.groupMembershipFilter);
            if (matcher.matches()) {
                if (isEmpty(lDAPBaseSecurityServiceConfig.getGroupMembershipAttribute())) {
                    this.groupMembershipAttribute = matcher.group(1);
                }
                this.lookupUserForDn = matcher.group(3).equals("1");
                this.userMembershipPattern = Pattern.compile("^" + Pattern.quote(matcher.group(2)) + "(.*)" + Pattern.quote(matcher.group(4)) + PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX);
            }
        }
        if (!isEmpty(lDAPBaseSecurityServiceConfig.getGroupMembershipAttribute())) {
            this.groupMembershipAttribute = lDAPBaseSecurityServiceConfig.getGroupMembershipAttribute();
            if (isEmpty(lDAPBaseSecurityServiceConfig.getGroupSearchFilter())) {
                this.groupMembershipFilter = this.groupMembershipAttribute + "={0}";
            }
        }
        if (!isEmpty(lDAPBaseSecurityServiceConfig.getGroupFilter())) {
            this.groupNameFilter = lDAPBaseSecurityServiceConfig.getGroupFilter();
            if (isEmpty(lDAPBaseSecurityServiceConfig.getGroupNameAttribute())) {
                Matcher matcher2 = lookForMembershipAttribute.matcher(this.groupNameFilter);
                if (matcher2.matches()) {
                    this.groupNameAttribute = matcher2.group(1);
                }
            }
        }
        if (!isEmpty(lDAPBaseSecurityServiceConfig.getGroupNameAttribute())) {
            this.groupNameAttribute = lDAPBaseSecurityServiceConfig.getGroupNameAttribute();
            if (isEmpty(lDAPBaseSecurityServiceConfig.getGroupFilter())) {
                this.groupNameFilter = this.groupNameAttribute + "={0}";
            }
        }
        if (isEmpty(lDAPBaseSecurityServiceConfig.getAllGroupsSearchFilter())) {
            this.allGroupsSearchFilter = this.groupNameAttribute + "=*";
        } else {
            this.allGroupsSearchFilter = lDAPBaseSecurityServiceConfig.getAllGroupsSearchFilter();
        }
        if (!isEmpty(lDAPBaseSecurityServiceConfig.getUserFilter())) {
            this.userNameFilter = lDAPBaseSecurityServiceConfig.getUserFilter();
            Matcher matcher3 = lookForMembershipAttribute.matcher(this.userNameFilter);
            if (matcher3.matches()) {
                if (isEmpty(lDAPBaseSecurityServiceConfig.getUserNameAttribute())) {
                    this.userNameAttribute = matcher3.group(1);
                }
                this.userNamePattern = Pattern.compile("^" + Pattern.quote(matcher3.group(2)) + "(.*)" + Pattern.quote(matcher3.group(4)) + PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX);
            }
        }
        if (!isEmpty(lDAPBaseSecurityServiceConfig.getUserNameAttribute())) {
            this.userNameAttribute = lDAPBaseSecurityServiceConfig.getUserNameAttribute();
            if (isEmpty(lDAPBaseSecurityServiceConfig.getUserFilter())) {
                this.userNameFilter = this.userNameAttribute + "={0}";
            }
        }
        if (isEmpty(lDAPBaseSecurityServiceConfig.getAllUsersSearchFilter())) {
            this.allUsersSearchFilter = this.userNameAttribute + "=*";
        } else {
            this.allUsersSearchFilter = lDAPBaseSecurityServiceConfig.getAllUsersSearchFilter();
        }
        this.useNestedGroups = lDAPBaseSecurityServiceConfig.isUseNestedParentGroups();
        if (isEmpty(lDAPBaseSecurityServiceConfig.getNestedGroupSearchFilter())) {
            this.nestedGroupSearchFilter = "member= {0}";
        } else {
            this.nestedGroupSearchFilter = lDAPBaseSecurityServiceConfig.getNestedGroupSearchFilter();
        }
        if (lDAPBaseSecurityServiceConfig.getMaxGroupSearchLevel() >= 0) {
            this.maxGroupSearchLevel = lDAPBaseSecurityServiceConfig.getMaxGroupSearchLevel();
        } else {
            this.maxGroupSearchLevel = 10;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void authenticateIfNeeded(AuthenticatedLdapEntryContextCallback authenticatedLdapEntryContextCallback) {
        if (this.user == null || this.password == null) {
            authenticatedLdapEntryContextCallback.executeWithContext(null, null);
        } else {
            this.template.authenticate((Name) LdapUtils.emptyLdapName(), this.user, this.password, authenticatedLdapEntryContextCallback);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean isEmpty(String str) {
        return str == null || str.isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getUserNameFromMembership(final String str) {
        final AtomicReference atomicReference = new AtomicReference(str);
        if (this.lookupUserForDn) {
            authenticateIfNeeded(new AuthenticatedLdapEntryContextCallback() { // from class: org.geoserver.security.ldap.LDAPBaseSecurityService.1
                @Override // org.springframework.ldap.core.AuthenticatedLdapEntryContextCallback
                public void executeWithContext(DirContext dirContext, LdapEntryIdentification ldapEntryIdentification) {
                    Object objectAttribute = ((DirContextOperations) LDAPUtils.getLdapTemplateInContext(dirContext, LDAPBaseSecurityService.this.template).lookup(str)).getObjectAttribute(LDAPBaseSecurityService.this.userNameAttribute);
                    if (objectAttribute != null) {
                        String obj = objectAttribute.toString();
                        Matcher matcher = LDAPBaseSecurityService.this.userNamePattern.matcher(obj);
                        if (matcher.matches()) {
                            obj = matcher.group(1);
                        }
                        atomicReference.set(obj);
                    }
                }
            });
        }
        return (String) atomicReference.get();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String lookupDn(final String str) {
        final AtomicReference atomicReference = new AtomicReference(str);
        if (this.lookupUserForDn) {
            authenticateIfNeeded(new AuthenticatedLdapEntryContextCallback() { // from class: org.geoserver.security.ldap.LDAPBaseSecurityService.2
                @Override // org.springframework.ldap.core.AuthenticatedLdapEntryContextCallback
                public void executeWithContext(DirContext dirContext, LdapEntryIdentification ldapEntryIdentification) {
                    try {
                        atomicReference.set(LDAPUtils.getLdapTemplateInContext(dirContext, LDAPBaseSecurityService.this.template).searchForSingleEntry("", LDAPBaseSecurityService.this.userNameFilter, new String[]{str}).getDn().toString());
                    } catch (Exception e) {
                    }
                }
            });
        }
        return (String) atomicReference.get();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ContextMapper counter(AtomicInteger atomicInteger) {
        return obj -> {
            atomicInteger.set(atomicInteger.get() + 1);
            return null;
        };
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String extractGroupCnFromDn(String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        for (String str2 : str.split(Pattern.quote(","))) {
            if (str2.startsWith(this.groupNameAttribute + org.apache.batik.constants.XMLConstants.XML_EQUAL_SIGN)) {
                return str2.substring(str2.indexOf(org.apache.batik.constants.XMLConstants.XML_EQUAL_SIGN) + 1);
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isOutOfDepthBounds(int i) {
        return this.maxGroupSearchLevel != -1 && i >= this.maxGroupSearchLevel;
    }
}
