package org.apache.cxf.sts.claims;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.x500.X500Principal;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.rt.security.claims.Claim;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.sts.token.realm.RealmSupport;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.LdapTemplate;

/* loaded from: input_file:org/apache/cxf/sts/claims/LdapClaimsHandler.class */
public class LdapClaimsHandler implements ClaimsHandler, RealmSupport {
    private static final Logger LOG = LogUtils.getL7dLogger(LdapClaimsHandler.class);
    private LdapTemplate ldap;
    private Map<String, String> claimMapping;
    private String userBaseDn;
    private String delimiter = ";";
    private boolean x500FilterEnabled = true;
    private String objectClass = "person";
    private String userNameAttribute = "cn";
    private List<String> supportedRealms;
    private String realm;

    public void setSupportedRealms(List<String> list) {
        this.supportedRealms = list;
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    public String getObjectClass() {
        return this.objectClass;
    }

    public void setObjectClass(String str) {
        this.objectClass = str;
    }

    public String getUserNameAttribute() {
        return this.userNameAttribute;
    }

    public void setUserNameAttribute(String str) {
        this.userNameAttribute = str;
    }

    public void setLdapTemplate(LdapTemplate ldapTemplate) {
        this.ldap = ldapTemplate;
    }

    public LdapTemplate getLdapTemplate() {
        return this.ldap;
    }

    public void setClaimsLdapAttributeMapping(Map<String, String> map) {
        this.claimMapping = map;
    }

    public Map<String, String> getClaimsLdapAttributeMapping() {
        return this.claimMapping;
    }

    public void setUserBaseDN(String str) {
        this.userBaseDn = str;
    }

    public String getUserBaseDN() {
        return this.userBaseDn;
    }

    public void setDelimiter(String str) {
        this.delimiter = str;
    }

    public String getDelimiter() {
        return this.delimiter;
    }

    public boolean isX500FilterEnabled() {
        return this.x500FilterEnabled;
    }

    public void setX500FilterEnabled(boolean z) {
        this.x500FilterEnabled = z;
    }

    @Override // org.apache.cxf.sts.claims.ClaimsHandler
    public List<URI> getSupportedClaimTypes() {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = getClaimsLdapAttributeMapping().keySet().iterator();
        while (it.hasNext()) {
            try {
                arrayList.add(new URI(it.next()));
            } catch (URISyntaxException e) {
                e.printStackTrace();
            }
        }
        return arrayList;
    }

    @Override // org.apache.cxf.sts.claims.ClaimsHandler
    public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claimCollection, ClaimsParameters claimsParameters) {
        String name;
        Map<String, Attribute> attributesOfEntry;
        boolean z = false;
        KerberosPrincipal principal = claimsParameters.getPrincipal();
        if (principal instanceof KerberosPrincipal) {
            name = new StringTokenizer(principal.getName(), "@").nextToken();
        } else {
            if (principal instanceof X500Principal) {
                LOG.warning("Unsupported principal type X500: " + ((X500Principal) principal).getName());
                return new ProcessedClaimCollection();
            }
            if (principal == null) {
                LOG.warning("Principal is null");
                return new ProcessedClaimCollection();
            }
            name = principal.getName();
            if (name == null) {
                LOG.warning("User must not be null");
                return new ProcessedClaimCollection();
            }
            z = LdapUtils.isDN(name);
        }
        if (LOG.isLoggable(Level.FINEST)) {
            LOG.finest("Retrieve claims for user " + name);
        }
        if (z) {
            attributesOfEntry = CastUtils.cast((Map) this.ldap.lookup(name, new AttributesMapper() { // from class: org.apache.cxf.sts.claims.LdapClaimsHandler.1
                public Object mapFromAttributes(Attributes attributes) throws NamingException {
                    HashMap hashMap = new HashMap();
                    NamingEnumeration all = attributes.getAll();
                    while (all.hasMore()) {
                        Attribute attribute = (Attribute) all.next();
                        hashMap.put(attribute.getID(), attribute);
                    }
                    return hashMap;
                }
            }));
        } else {
            ArrayList arrayList = new ArrayList();
            Iterator it = claimCollection.iterator();
            while (it.hasNext()) {
                Claim claim = (Claim) it.next();
                if (getClaimsLdapAttributeMapping().keySet().contains(claim.getClaimType().toString())) {
                    arrayList.add(getClaimsLdapAttributeMapping().get(claim.getClaimType().toString()));
                } else if (LOG.isLoggable(Level.FINER)) {
                    LOG.finer("Unsupported claim: " + claim.getClaimType());
                }
            }
            attributesOfEntry = LdapUtils.getAttributesOfEntry(this.ldap, this.userBaseDn, getObjectClass(), getUserNameAttribute(), name, (String[]) arrayList.toArray(new String[arrayList.size()]));
        }
        if (attributesOfEntry == null || attributesOfEntry.size() == 0) {
            if (LOG.isLoggable(Level.INFO)) {
                LOG.finest("User '" + name + "' not found");
            }
            return new ProcessedClaimCollection();
        }
        ProcessedClaimCollection processedClaimCollection = new ProcessedClaimCollection();
        Iterator it2 = claimCollection.iterator();
        while (it2.hasNext()) {
            Claim claim2 = (Claim) it2.next();
            URI claimType = claim2.getClaimType();
            String str = getClaimsLdapAttributeMapping().get(claimType.toString());
            Attribute attribute = attributesOfEntry.get(str);
            if (attribute != null) {
                ProcessedClaim processedClaim = new ProcessedClaim();
                processedClaim.setClaimType(claimType);
                processedClaim.setPrincipal(principal);
                StringBuilder sb = new StringBuilder();
                try {
                    NamingEnumeration all = attribute.getAll();
                    while (true) {
                        if (!all.hasMore()) {
                            break;
                        }
                        Object next = all.next();
                        if (!(next instanceof String)) {
                            LOG.warning("LDAP attribute '" + str + "' has got an unsupported value type");
                            break;
                        }
                        String str2 = (String) next;
                        if (isX500FilterEnabled()) {
                            try {
                                String name2 = new X500Principal(str2).getName();
                                int indexOf = name2.indexOf(61);
                                str2 = name2.substring(indexOf + 1, name2.indexOf(44, indexOf));
                            } catch (Exception e) {
                            }
                        }
                        sb.append(str2);
                        if (all.hasMore()) {
                            sb.append(getDelimiter());
                        }
                    }
                } catch (NamingException e2) {
                    LOG.warning("Failed to read value of LDAP attribute '" + str + "'");
                }
                processedClaim.addValue(sb.toString());
                processedClaimCollection.add(processedClaim);
            } else if (LOG.isLoggable(Level.FINEST)) {
                LOG.finest("Claim '" + claim2.getClaimType() + "' is null");
            }
        }
        return processedClaimCollection;
    }

    @Override // org.apache.cxf.sts.token.realm.RealmSupport
    public List<String> getSupportedRealms() {
        return this.supportedRealms;
    }

    @Override // org.apache.cxf.sts.token.realm.RealmSupport
    public String getHandlerRealm() {
        return this.realm;
    }
}
