package com.cloudera.nav.auth;

import com.cloudera.nav.auth.model.Role;
import com.cloudera.nav.persistence.relational.dao.GroupDAO;
import com.cloudera.nav.persistence.relational.dao.impl.GroupDAOImpl;
import com.cloudera.nav.server.NavOptions;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import javax.sql.DataSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;

/* loaded from: input_file:com/cloudera/nav/auth/NavUserDetailsContextMapper.class */
class NavUserDetailsContextMapper implements UserDetailsContextMapper {
    private static final Logger LOG = LoggerFactory.getLogger(NavUserDetailsContextMapper.class);
    private LdapUserDetailsMapper udm = new LdapUserDetailsMapper();
    private GroupDAO groupDAO;
    private boolean isActiveDirectory;

    public NavUserDetailsContextMapper(DataSource dataSource, NavOptions navOptions) {
        this.groupDAO = new GroupDAOImpl(dataSource, navOptions);
        if (NavOptions.ExternalAuthType.ACTIVE_DIRECTORY.equals(navOptions.getExternalAuthType())) {
            this.isActiveDirectory = true;
        }
    }

    public UserDetails mapUserFromContext(DirContextOperations dirContextOperations, String str, Collection<? extends GrantedAuthority> collection) {
        if (this.isActiveDirectory) {
            collection = loadAdUserAuthorities(dirContextOperations);
        }
        LinkedList newLinkedList = Lists.newLinkedList();
        LinkedList newLinkedList2 = Lists.newLinkedList();
        HashSet newHashSet = Sets.newHashSet();
        Iterator<? extends GrantedAuthority> it = collection.iterator();
        while (it.hasNext()) {
            String authority = it.next().getAuthority();
            newLinkedList2.add(authority);
            Collection roles = this.groupDAO.getRoles(authority);
            Iterator it2 = roles.iterator();
            while (it2.hasNext()) {
                newLinkedList.addAll(((Role) it2.next()).getUserRole().getGrantedAuthorities());
            }
            newHashSet.addAll(roles);
        }
        UserDetails mapUserFromContext = this.udm.mapUserFromContext(dirContextOperations, str, collection);
        NavigatorUser navigatorUser = new NavigatorUser(mapUserFromContext.getUsername(), mapUserFromContext.getPassword() == null ? "" : mapUserFromContext.getPassword(), mapUserFromContext.isEnabled(), mapUserFromContext.isAccountNonExpired(), mapUserFromContext.isCredentialsNonExpired(), mapUserFromContext.isAccountNonLocked(), newLinkedList);
        navigatorUser.setGroupDistinguishedNames(newLinkedList2);
        navigatorUser.setRoles(newHashSet);
        return navigatorUser;
    }

    public void mapUserToContext(UserDetails userDetails, DirContextAdapter dirContextAdapter) {
        this.udm.mapUserToContext(userDetails, dirContextAdapter);
    }

    private Collection<? extends GrantedAuthority> loadAdUserAuthorities(DirContextOperations dirContextOperations) {
        String[] stringAttributes = dirContextOperations.getStringAttributes("memberOf");
        if (stringAttributes == null) {
            LOG.debug("No values for 'memberOf' attribute.");
            return AuthorityUtils.NO_AUTHORITIES;
        }
        LOG.debug("'memberOf' attribute values: " + Arrays.asList(stringAttributes));
        ArrayList newArrayListWithExpectedSize = Lists.newArrayListWithExpectedSize(stringAttributes.length);
        for (String str : stringAttributes) {
            newArrayListWithExpectedSize.add(new SimpleGrantedAuthority(str.toLowerCase()));
        }
        return newArrayListWithExpectedSize;
    }
}
