package com.greenhat.server.container.server.security.ldap;

import com.greenhat.server.container.server.security.Pair;
import com.greenhat.server.container.shared.datamodel.Role;
import java.util.Collections;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Map;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;

/* loaded from: input_file:security-config.jar:com/greenhat/server/container/server/security/ldap/ADAuthenticator.class */
public class ADAuthenticator extends BaseLDAPAuthenticator implements ADConfigurationAttributes {
    public ADAuthenticator(Map<String, String> map, Map<String, Set<Role>> map2) {
        super(map, map2);
    }

    @Override // com.greenhat.server.container.server.security.ldap.BaseLDAPAuthenticator
    protected Set<String> getGroups(String str) {
        LdapContext adminContext = getAdminContext();
        try {
            try {
                String userDN = getUserDN(adminContext, str);
                if (userDN == null) {
                    Set<String> emptySet = Collections.emptySet();
                    adminContext.close();
                    return emptySet;
                }
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(0);
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append("(|");
                searchControls.setReturningAttributes(new String[]{"tokenGroups"});
                NamingEnumeration search = adminContext.search(userDN, "(objectClass=user)", searchControls);
                while (search.hasMoreElements()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    if (attributes != null) {
                        try {
                            NamingEnumeration all = attributes.getAll();
                            while (all.hasMore()) {
                                NamingEnumeration all2 = ((Attribute) all.next()).getAll();
                                while (all2.hasMore()) {
                                    stringBuffer.append("(objectSid=" + binarySidToStringSid((byte[]) all2.next()) + ")");
                                }
                                stringBuffer.append(")");
                            }
                        } catch (NamingException e) {
                            throw new RuntimeException((Throwable) e);
                        }
                    }
                }
                SearchControls searchControls2 = new SearchControls();
                searchControls2.setSearchScope(2);
                String searchBase = getSearchBase();
                String groupIdentifier = getGroupIdentifier();
                searchControls2.setReturningAttributes(new String[]{groupIdentifier});
                NamingEnumeration search2 = adminContext.search(searchBase, stringBuffer.toString(), searchControls2);
                HashSet hashSet = new HashSet();
                while (search2.hasMoreElements()) {
                    Attributes attributes2 = ((SearchResult) search2.next()).getAttributes();
                    if (attributes2 != null) {
                        hashSet.add(String.valueOf(attributes2.get(groupIdentifier).get()));
                    }
                }
                return hashSet;
            } finally {
                adminContext.close();
            }
        } catch (NamingException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.greenhat.server.container.server.security.ldap.BaseLDAPAuthenticator
    public String getUserDN(LdapContext ldapContext, String str) throws NamingException {
        return super.getUserDN(ldapContext, getUsernameParts(str).getFirst());
    }

    private final String binarySidToStringSid(byte[] bArr) {
        String str = "S-" + Long.toString(bArr[0]);
        long j = bArr[4];
        for (int i = 0; i < 4; i++) {
            j = (j << 8) + (bArr[4 + i] & 255);
        }
        String str2 = str + "-" + Long.toString(j);
        long j2 = (bArr[2] << 8) + (bArr[1] & 255);
        for (int i2 = 0; i2 < j2; i2++) {
            long j3 = bArr[11 + (i2 * 4)] & 255;
            for (int i3 = 1; i3 < 4; i3++) {
                j3 = (j3 << 8) + (bArr[(11 - i3) + (i2 * 4)] & 255);
            }
            str2 = str2 + "-" + Long.toString(j3);
        }
        return str2;
    }

    @Override // com.greenhat.server.container.server.security.ldap.BaseLDAPAuthenticator
    protected String makeQualifiedUsername(String str) {
        Pair<String, String> usernameParts = getUsernameParts(str);
        return usernameParts.getFirst() + "@" + usernameParts.getSecond();
    }

    private Pair<String, String> getUsernameParts(String str) {
        if (!str.contains("\\")) {
            return new Pair<>(str, getDomain());
        }
        String[] split = str.split("\\\\");
        return new Pair<>(split[1], split[0]);
    }

    @Override // com.greenhat.server.container.server.security.ldap.BaseLDAPAuthenticator
    protected void addCustomContextAttributes(Hashtable<String, String> hashtable) {
        hashtable.put("java.naming.ldap.attributes.binary", "tokenGroups");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.greenhat.server.container.server.security.ldap.BaseLDAPAuthenticator
    public String getGroupIdentifier() {
        return getWithDefault(CommonLDAPConfigurationAttributes.GROUP_IDENTIFIER, "cn");
    }

    @Override // com.greenhat.server.container.server.security.ldap.BaseLDAPAuthenticator
    protected String getUserFilter() {
        return getWithDefault(CommonLDAPConfigurationAttributes.USER_FILTER, "(&(objectClass=user)(sAMAccountName={0}))");
    }

    protected String getDomain() {
        return this.config.get(ADConfigurationAttributes.DOMAIN);
    }

    @Override // com.greenhat.server.container.server.security.Authenticator
    public Set<String> getAllGroups() {
        return Collections.unmodifiableSet(new HashSet(getAllGroups(getAdminContext(), getAllGroupsFilter()).values()));
    }
}
