package com.cloudera.nav.auth;

import com.cloudera.nav.auth.model.Group;
import com.cloudera.nav.server.LdapOptions;
import com.cloudera.nav.server.NavOptions;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.base.Throwables;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.HashSet;
import javax.naming.NamingException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.SpringSecurityLdapTemplate;

/* loaded from: input_file:com/cloudera/nav/auth/LdapGroupSearch.class */
public class LdapGroupSearch {
    private static final Logger LOG = LoggerFactory.getLogger(LdapGroupSearch.class);
    private NavOptions navOptions;

    public LdapGroupSearch(NavOptions navOptions) {
        this.navOptions = navOptions;
    }

    public Collection<Group> getGroups(String str) {
        return getLdapGroups(str, this.navOptions.getExternalAuthType());
    }

    public Collection<Group> getLdapGroups(String str, NavOptions.ExternalAuthType externalAuthType) {
        LdapOptions ldapOptions = this.navOptions.getLdapOptions();
        String ldapUrl = ldapOptions.getLdapUrl();
        String ldapBindDn = ldapOptions.getLdapBindDn();
        String ldapBindPw = ldapOptions.getLdapBindPw();
        String ldapGroupSearchBase = ldapOptions.getLdapGroupSearchBase();
        String ldapGroupsSearchFilter = ldapOptions.getLdapGroupsSearchFilter();
        LOG.debug("ldap url: {}, bind dn: {}, group search base: {}, group search filter: {}", new Object[]{ldapUrl, ldapBindDn, ldapGroupSearchBase, ldapGroupsSearchFilter});
        if (externalAuthType == NavOptions.ExternalAuthType.ACTIVE_DIRECTORY) {
            ldapBindDn = getAdBindDn(ldapOptions);
            ldapGroupsSearchFilter = ldapOptions.getAdGroupsSearchFilter();
            LOG.debug("For AD using bind dn: {}, group search filter: {}", ldapBindDn, ldapGroupsSearchFilter);
        }
        Preconditions.checkNotNull(ldapUrl);
        Preconditions.checkNotNull(ldapBindDn);
        Preconditions.checkNotNull(ldapBindPw);
        Preconditions.checkNotNull(ldapGroupsSearchFilter);
        DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(ldapUrl);
        defaultSpringSecurityContextSource.setUserDn(ldapBindDn);
        defaultSpringSecurityContextSource.setPassword(ldapBindPw);
        try {
            defaultSpringSecurityContextSource.afterPropertiesSet();
        } catch (Exception e) {
            Throwables.propagate(e);
        }
        SpringSecurityLdapTemplate springSecurityLdapTemplate = new SpringSecurityLdapTemplate(defaultSpringSecurityContextSource);
        springSecurityLdapTemplate.setIgnorePartialResultException(true);
        String formattedFilter = LdapAuthenticationProvider.getFormattedFilter(ldapGroupsSearchFilter, new String[]{str});
        final HashSet newHashSet = Sets.newHashSet();
        springSecurityLdapTemplate.search(Strings.nullToEmpty(ldapGroupSearchBase), formattedFilter, new ContextMapper() { // from class: com.cloudera.nav.auth.LdapGroupSearch.1
            public Object mapFromContext(Object obj) {
                DirContextAdapter dirContextAdapter = (DirContextAdapter) obj;
                String nameInNamespace = dirContextAdapter.getNameInNamespace();
                String str2 = null;
                try {
                    str2 = dirContextAdapter.getAttributes().get("cn").get().toString();
                } catch (NamingException e2) {
                    Throwables.propagate(e2);
                }
                newHashSet.add(new Group(-1L, str2, nameInNamespace.toLowerCase()));
                return null;
            }
        });
        return newHashSet;
    }

    @VisibleForTesting
    String getAdBindDn(LdapOptions ldapOptions) {
        String ldapBindDn = ldapOptions.getLdapBindDn();
        String str = ldapBindDn;
        try {
            str = new DistinguishedName(ldapBindDn).getValue("cn");
        } catch (Exception e) {
            LOG.debug("Error when parsing groups search dn: {}", ldapBindDn, e);
        }
        String ntDomain = ldapOptions.getNtDomain();
        if (ntDomain != null && !str.toLowerCase().endsWith(ntDomain)) {
            str = str + "@" + ntDomain;
        }
        return str;
    }
}
