package com.atlassian.confluence.user.tokengroups;

import com.atlassian.crowd.directory.MicrosoftActiveDirectory;
import com.atlassian.crowd.directory.ldap.LDAPPropertiesMapper;
import com.atlassian.crowd.model.group.LDAPGroupWithAttributes;
import com.atlassian.crowd.model.user.LDAPUserWithAttributes;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.naming.directory.SearchControls;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.NamingException;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.filter.OrFilter;

/* loaded from: input_file:com/atlassian/confluence/user/tokengroups/TokenGroupsSearcher.class */
public class TokenGroupsSearcher {
    private static final Logger log = LoggerFactory.getLogger(TokenGroupsSearcher.class);
    private final TokenGroupsGroupContextMapper groupContextMapper;
    private final ContextSource contextSource;
    private final LdapTemplate ldapTemplate;
    private final String userObjectClass;
    private final String baseDn;
    private final boolean pagingEnabled;
    private final int pageSize;
    private final String tokenGroupsAttribute;
    private final String additionalGroupDn;
    private final String groupObjectClass;

    public TokenGroupsSearcher(MicrosoftActiveDirectory microsoftActiveDirectory, TokenGroupsGroupContextMapper tokenGroupsGroupContextMapper, TokenGroupsSettingsManager tokenGroupsSettingsManager) {
        this.groupContextMapper = tokenGroupsGroupContextMapper;
        this.contextSource = microsoftActiveDirectory.getContextSource();
        this.ldapTemplate = new LdapTemplate(this.contextSource);
        LDAPPropertiesMapper ldapPropertiesMapper = microsoftActiveDirectory.getLdapPropertiesMapper();
        this.userObjectClass = ldapPropertiesMapper.getUserObjectClass();
        this.baseDn = ldapPropertiesMapper.getAttribute("ldap.basedn");
        this.pagingEnabled = ldapPropertiesMapper.isPagedResultsControl();
        this.pageSize = ldapPropertiesMapper.getPagedResultsSize();
        this.tokenGroupsAttribute = tokenGroupsSettingsManager.getTokenGroupsAttribute();
        this.additionalGroupDn = tokenGroupsSettingsManager.getAdditionalGroupDn();
        this.groupObjectClass = tokenGroupsSettingsManager.getGroupObjectClass();
    }

    public List<LDAPGroupWithAttributes> findTokenGroups(LDAPUserWithAttributes lDAPUserWithAttributes) {
        try {
            List<String> findTokenGroupSids = findTokenGroupSids(lDAPUserWithAttributes.getDn());
            if (findTokenGroupSids.isEmpty()) {
                return Collections.emptyList();
            }
            log.debug("Found {} group SIDs in tokenGroups attribute of user [ {} ]. Looking up these groups.", Integer.valueOf(findTokenGroupSids.size()), lDAPUserWithAttributes.getDn());
            return findGroupsWithSids(findTokenGroupSids);
        } catch (NamingException e) {
            log.error("Failed to retrieve tokenGroups for user: " + lDAPUserWithAttributes.getDn(), e);
            return Collections.emptyList();
        }
    }

    private List<String> findTokenGroupSids(String str) {
        return (List) this.ldapTemplate.executeReadOnly(new TokenGroupsSidSearch(str, this.userObjectClass, this.tokenGroupsAttribute));
    }

    private List<LDAPGroupWithAttributes> findGroupsWithSids(List<String> list) {
        String groupFilter = getGroupFilter(this.groupObjectClass, list);
        String groupBaseDn = getGroupBaseDn();
        SearchControls searchControls = getSearchControls();
        if (this.pagingEnabled) {
            return new PagedLdapSearcher(this.contextSource, this.pageSize).pageSearchResults(groupBaseDn, groupFilter, searchControls, this.groupContextMapper, -1);
        }
        log.warn("LDAP result paging is not enabled. Token groups plugin may not work properly.");
        return this.ldapTemplate.search(groupBaseDn, groupFilter, searchControls, this.groupContextMapper);
    }

    static String getGroupFilter(String str, List<String> list) {
        OrFilter orFilter = new OrFilter();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            orFilter.or(new EqualsFilter("objectSid", it.next()));
        }
        AndFilter andFilter = new AndFilter();
        andFilter.and(new EqualsFilter("objectClass", str));
        andFilter.and(orFilter);
        return andFilter.encode();
    }

    private SearchControls getSearchControls() {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningObjFlag(true);
        searchControls.setReturningAttributes(this.groupContextMapper.getRequiredAttributes());
        return searchControls;
    }

    private String getGroupBaseDn() {
        if (StringUtils.isBlank(this.additionalGroupDn)) {
            return this.baseDn;
        }
        return this.additionalGroupDn + (StringUtils.isBlank(this.baseDn) ? "" : "," + this.baseDn);
    }
}
