package com.cloudera.nav.auth;

import com.cloudera.nav.server.LdapOptions;
import com.cloudera.nav.server.NavOptions;
import com.google.common.base.Throwables;
import com.google.common.collect.Sets;
import java.text.MessageFormat;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.naming.directory.SearchControls;
import javax.sql.DataSource;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.support.LdapEncoder;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.SpringSecurityLdapTemplate;
import org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider;
import org.springframework.security.ldap.authentication.BindAuthenticator;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;

/* loaded from: input_file:com/cloudera/nav/auth/LdapAuthenticationProvider.class */
public class LdapAuthenticationProvider implements AuthenticationProvider {
    private static final Logger LOG = LoggerFactory.getLogger(LdapAuthenticationProvider.class);
    private AbstractLdapAuthenticationProvider ldapAuthProvider;
    private final NavUserDetailsContextMapper ctxMapper;

    /* loaded from: input_file:com/cloudera/nav/auth/LdapAuthenticationProvider$LdapAuthoritiesPopulator.class */
    private static class LdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopulator {
        SpringSecurityLdapTemplate ldapTemplate;
        String groupSearchFilter;
        SearchControls searchControls;

        public LdapAuthoritiesPopulator(ContextSource contextSource, String str, String str2) {
            super(contextSource, str);
            this.groupSearchFilter = "(member={0})";
            this.ldapTemplate = new SpringSecurityLdapTemplate(contextSource);
            if (StringUtils.isNotEmpty(str2)) {
                this.groupSearchFilter = str2;
            }
        }

        public Set<GrantedAuthority> getGroupMembershipRoles(String str, String str2) {
            if (getGroupSearchBase() == null) {
                return Collections.emptySet();
            }
            final HashSet newHashSet = Sets.newHashSet();
            ContextMapper contextMapper = new ContextMapper() { // from class: com.cloudera.nav.auth.LdapAuthenticationProvider.LdapAuthoritiesPopulator.1
                public Object mapFromContext(Object obj) {
                    newHashSet.add(new SimpleGrantedAuthority(((DirContextAdapter) obj).getNameInNamespace().toLowerCase()));
                    return null;
                }
            };
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(this.searchControls.getSearchScope());
            searchControls.setReturningAttributes(new String[]{"cn"});
            LdapAuthenticationProvider.LOG.debug("Searching for roles for user '" + str2 + "', DN = '" + str + "', with filter " + this.groupSearchFilter + " in search base '" + getGroupSearchBase() + "'");
            this.ldapTemplate.search(getGroupSearchBase(), LdapAuthenticationProvider.getFormattedFilter(this.groupSearchFilter, new String[]{str, str2}), searchControls, contextMapper);
            return newHashSet;
        }

        public void setSearchSubtree(boolean z) {
            int i = z ? 2 : 1;
            this.searchControls = new SearchControls();
            this.searchControls.setSearchScope(i);
            this.ldapTemplate.setSearchControls(this.searchControls);
            super.setSearchSubtree(z);
        }
    }

    public LdapAuthenticationProvider(NavOptions navOptions, DataSource dataSource) {
        this.ctxMapper = new NavUserDetailsContextMapper(dataSource, navOptions);
        LdapOptions ldapOptions = navOptions.getLdapOptions();
        String ldapUrl = ldapOptions.getLdapUrl();
        String ldapBindDn = ldapOptions.getLdapBindDn();
        String ldapBindPw = ldapOptions.getLdapBindPw();
        String ldapUserSearchBase = ldapOptions.getLdapUserSearchBase();
        String ldapUserSearchFilter = ldapOptions.getLdapUserSearchFilter();
        String ldapGroupSearchBase = ldapOptions.getLdapGroupSearchBase();
        String ldapGroupSearchFilter = ldapOptions.getLdapGroupSearchFilter();
        String ldapDnPattern = ldapOptions.getLdapDnPattern();
        DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(ldapUrl);
        if (!StringUtils.isEmpty(ldapBindDn)) {
            defaultSpringSecurityContextSource.setUserDn(ldapBindDn);
        }
        if (!StringUtils.isEmpty(ldapBindPw)) {
            defaultSpringSecurityContextSource.setPassword(ldapBindPw);
        }
        try {
            defaultSpringSecurityContextSource.afterPropertiesSet();
        } catch (Exception e) {
            Throwables.propagate(e);
        }
        BindAuthenticator bindAuthenticator = new BindAuthenticator(defaultSpringSecurityContextSource);
        if (!StringUtils.isEmpty(ldapUserSearchBase) && !StringUtils.isEmpty(ldapUserSearchFilter)) {
            bindAuthenticator.setUserSearch(new FilterBasedLdapUserSearch(ldapUserSearchBase, ldapUserSearchFilter, defaultSpringSecurityContextSource));
        }
        if (!StringUtils.isEmpty(ldapDnPattern)) {
            bindAuthenticator.setUserDnPatterns(new String[]{ldapDnPattern});
        }
        try {
            bindAuthenticator.afterPropertiesSet();
        } catch (Exception e2) {
            Throwables.propagate(e2);
        }
        LdapAuthoritiesPopulator ldapAuthoritiesPopulator = new LdapAuthoritiesPopulator(defaultSpringSecurityContextSource, ldapGroupSearchBase != null ? ldapGroupSearchBase : "", ldapGroupSearchFilter);
        ldapAuthoritiesPopulator.setIgnorePartialResultException(true);
        if (!StringUtils.isEmpty(ldapGroupSearchFilter)) {
            ldapAuthoritiesPopulator.setGroupSearchFilter(ldapGroupSearchFilter);
        }
        ldapAuthoritiesPopulator.setSearchSubtree(true);
        this.ldapAuthProvider = new org.springframework.security.ldap.authentication.LdapAuthenticationProvider(bindAuthenticator, ldapAuthoritiesPopulator);
        this.ldapAuthProvider.setUserDetailsContextMapper(this.ctxMapper);
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        return this.ldapAuthProvider.authenticate(authentication);
    }

    public boolean supports(Class<?> cls) {
        return this.ldapAuthProvider.supports(cls);
    }

    public static String getFormattedFilter(String str, Object[] objArr) {
        String[] strArr = new String[objArr.length];
        for (int i = 0; i < objArr.length; i++) {
            strArr[i] = LdapEncoder.filterEncode(objArr[i].toString());
        }
        return MessageFormat.format(str, strArr);
    }
}
