package com.ghc.permission.ldap.activedirectory;

import com.ghc.ldap.LdapConnection;
import com.ghc.ldap.LdapConnectionException;
import com.ghc.ldap.activedirectory.ActiveDirectoryConstants;
import com.ghc.ldap.activedirectory.ActiveDirectoryUtils;
import com.ghc.permission.api.SecurityObjectMetaData;
import com.ghc.permission.ldap.LdapPermissions;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchResult;

/* loaded from: input_file:com/ghc/permission/ldap/activedirectory/ActiveDirectoryPermissions.class */
public class ActiveDirectoryPermissions extends LdapPermissions {
    private static String[] SECURITY_OBJECT_ATTRIBUTES = {"objectSid", "cn", "objectClass", "userPrincipalName", "description"};
    private final LdapConnection m_ldapConnection;

    private ActiveDirectoryPermissions(LdapConnection ldapConnection) {
        this.m_ldapConnection = ldapConnection;
    }

    public static ActiveDirectoryPermissions create(LdapConnection ldapConnection) throws LdapConnectionException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.ldap.attributes.binary", "objectSid");
        ldapConnection.open(hashtable);
        return new ActiveDirectoryPermissions(ldapConnection);
    }

    public List<String> getMembershipIds() {
        ArrayList arrayList = new ArrayList();
        Iterator it = this.m_ldapConnection.getPrincipals().iterator();
        while (it.hasNext()) {
            String X_extractSAMAccountName = X_extractSAMAccountName((String) it.next());
            try {
                SearchResult X_getUser = X_getUser(this.m_ldapConnection.getRootDirContext(), X_extractSAMAccountName, "objectSid", "memberOf", "primaryGroupId");
                arrayList.add(X_getSid(X_getUser));
                X_addPrimaryGroupMembership(arrayList, X_getUser);
                X_addMemberOfGroupMembership(arrayList, X_getUser.getAttributes());
            } catch (NamingException | NullPointerException e) {
                Logger.getLogger(getClass().getName()).log(Level.WARNING, "Error getting principal attributes: " + X_extractSAMAccountName, e);
            }
        }
        return arrayList;
    }

    public SecurityObjectMetaData getMetaData(String str) {
        try {
            return X_createMetaData(str, getSingleResult(this.m_ldapConnection.getRootDirContext(), "(objectsid=" + str + ")", SECURITY_OBJECT_ATTRIBUTES));
        } catch (NamingException e) {
            Logger.getLogger(getClass().getName()).log(Level.INFO, "Could not get meta data for " + str, e);
            return null;
        }
    }

    public Collection<SecurityObjectMetaData> performUserAndGroupSearch(String... strArr) {
        ArrayList arrayList = new ArrayList();
        String createOrFilter = createOrFilter("groupType", ActiveDirectoryConstants.getSecurityGroupTypes());
        String createOrFilter2 = createOrFilter("cn", Arrays.asList(strArr));
        try {
            for (SearchResult searchResult : getAllResults(this.m_ldapConnection.getRootDirContext(), "(|(" + ("(&(objectClass=group)" + createOrFilter + createOrFilter2 + ")") + ("(&(objectClass=person)(objectClass=user)(|" + createOrFilter2 + createOrFilter("sAMAccountName", Arrays.asList(strArr)) + "))") + "))", SECURITY_OBJECT_ATTRIBUTES)) {
                arrayList.add(X_createMetaData(X_getSid(searchResult), searchResult));
            }
        } catch (NamingException unused) {
        }
        return arrayList;
    }

    private SecurityObjectMetaData X_createMetaData(String str, SearchResult searchResult) throws NamingException {
        String nameInNamespace = searchResult.getNameInNamespace();
        String attributeStringValue = getAttributeStringValue(searchResult.getAttributes(), "cn", "<unknown>");
        return X_isType(searchResult.getAttributes().get("objectClass"), "group") ? SecurityObjectMetaData.createForGroup(str, attributeStringValue, nameInNamespace, getAttributeStringValue(searchResult.getAttributes(), "description", attributeStringValue)) : SecurityObjectMetaData.createForUser(str, attributeStringValue, nameInNamespace, getAttributeStringValue(searchResult.getAttributes(), "userPrincipalName", "<unknown>"));
    }

    private boolean X_isType(Attribute attribute, String str) throws NamingException {
        for (int i = 0; i < attribute.size(); i++) {
            if (str.equalsIgnoreCase((String) attribute.get(i))) {
                return true;
            }
        }
        return false;
    }

    private void X_addPrimaryGroupMembership(List<String> list, SearchResult searchResult) throws NamingException {
        X_addGroupMembership(list, X_findGroup((String) searchResult.getAttributes().get("primaryGroupId").get()).getNameInNamespace());
    }

    private void X_addMemberOfGroupMembership(List<String> list, Attributes attributes) throws NamingException {
        Attribute attribute = attributes.get("memberOf");
        if (attribute != null) {
            for (int i = 0; i < attribute.size(); i++) {
                X_addGroupMembership(list, (String) attribute.get(i));
            }
        }
    }

    private void X_addGroupMembership(List<String> list, String str) throws NamingException {
        Attributes attributes = this.m_ldapConnection.getRootDirContext().getAttributes(str);
        String X_getSid = X_getSid(attributes);
        if (!list.contains(X_getSid) && ActiveDirectoryConstants.isSecurityGroupType((String) attributes.get("groupType").get())) {
            list.add(X_getSid);
            X_addMemberOfGroupMembership(list, attributes);
        }
    }

    private SearchResult X_findGroup(final String str) throws NamingException {
        return getSingleResult(this.m_ldapConnection.getRootDirContext(), "(&(objectClass=group)" + createOrFilter("groupType", ActiveDirectoryConstants.getSecurityGroupTypes()) + ")", new LdapPermissions.PostSearchFilter() { // from class: com.ghc.permission.ldap.activedirectory.ActiveDirectoryPermissions.1
            public boolean include(SearchResult searchResult) {
                try {
                    return str.equals(searchResult.getAttributes().get("primaryGroupToken").get());
                } catch (NamingException unused) {
                    return false;
                }
            }
        }, new String[]{"primaryGroupToken", "objectSid"});
    }

    private String X_getSid(Attributes attributes) throws NamingException {
        return ActiveDirectoryUtils.sidToString((byte[]) attributes.get("objectSid").get());
    }

    private String X_getSid(SearchResult searchResult) throws NamingException {
        return X_getSid(searchResult.getAttributes());
    }

    private SearchResult X_getUser(DirContext dirContext, String str, String... strArr) throws NamingException {
        return getSingleResult(dirContext, "(&(objectClass=person)(sAMAccountName=" + str + "))", strArr);
    }

    protected String getSearchBase(DirContext dirContext) throws NamingException {
        return (String) dirContext.getAttributes("").get("rootDomainNamingContext").get();
    }

    private String X_extractSAMAccountName(String str) {
        String str2 = str;
        int indexOf = str2.indexOf(92);
        if (indexOf != -1) {
            str2 = str2.length() > indexOf ? str2.substring(indexOf + 1) : "";
        }
        int indexOf2 = str2.indexOf(64);
        if (indexOf2 != -1) {
            str2 = str2.substring(0, indexOf2);
        }
        return str2;
    }
}
