package com.nimbusds.openid.connect.provider.spi.claims.ldap;

import com.nimbusds.common.ldap.AttributeMapper;
import com.nimbusds.common.ldap.LDAPConnectionPoolFactory;
import com.nimbusds.langtag.LangTag;
import com.nimbusds.oauth2.sdk.id.Subject;
import com.nimbusds.oauth2.sdk.util.JSONObjectUtils;
import com.nimbusds.openid.connect.provider.spi.InitContext;
import com.nimbusds.openid.connect.provider.spi.claims.ClaimUtils;
import com.nimbusds.openid.connect.provider.spi.claims.ClaimsSource;
import com.nimbusds.openid.connect.sdk.claims.UserInfo;
import com.unboundid.ldap.sdk.Entry;
import com.unboundid.ldap.sdk.LDAPConnectionPool;
import com.unboundid.ldap.sdk.SearchResult;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import net.minidev.json.JSONObject;
import org.apache.commons.io.IOUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/nimbusds/openid/connect/provider/spi/claims/ldap/LDAPClaimsSource.class */
public class LDAPClaimsSource implements ClaimsSource {
    public static final String CONFIG_FILE_PATH = "/WEB-INF/ldapClaimsSource.properties";
    public static final String MAP_FILE_PATH = "/WEB-INF/ldapClaimsMap.json";
    private Configuration config;
    private Map<String, List<String>> claimsMap;
    private AttributeMapper attributeMapper;
    private LDAPConnectionPool ldapConnPool;
    private static final Logger log = LogManager.getLogger("MAIN");

    public static void logOverridingSystemProperties() {
        Properties properties = System.getProperties();
        StringBuilder sb = new StringBuilder();
        for (String str : properties.stringPropertyNames()) {
            if (str.startsWith(Configuration.DEFAULT_PREFIX)) {
                if (sb.length() > 0) {
                    sb.append(" ");
                }
                sb.append(str);
            }
        }
        log.info("[CSLDAP 0002] Overriding system properties: {}", new Object[]{sb});
    }

    private static Configuration loadConfiguration(InitContext initContext) throws Exception {
        InputStream resourceAsStream = initContext.getResourceAsStream(CONFIG_FILE_PATH);
        if (resourceAsStream == null) {
            throw new Exception("Couldn't find LDAP claims source configuration file: /WEB-INF/ldapClaimsSource.properties");
        }
        Properties properties = new Properties();
        properties.load(resourceAsStream);
        logOverridingSystemProperties();
        properties.putAll(System.getProperties());
        return new Configuration(properties);
    }

    private static Map<String, Object> loadLDAPAttributeMap(InitContext initContext) throws Exception {
        InputStream resourceAsStream = initContext.getResourceAsStream(MAP_FILE_PATH);
        if (resourceAsStream == null) {
            throw new Exception("Couldn't find LDAP claims map file: /WEB-INF/ldapClaimsMap.json");
        }
        try {
            return JSONObjectUtils.parseJSONObject(IOUtils.toString(resourceAsStream, Charset.forName("UTF-8")));
        } catch (Exception e) {
            throw new Exception("Couldn't load LDAP claims map: " + e.getMessage(), e);
        }
    }

    private static Map<String, List<String>> composeClaimsMap(Map<String, Object> map) {
        HashMap hashMap = new HashMap();
        for (String str : map.keySet()) {
            String[] split = str.split("\\.", 2);
            List list = (List) hashMap.get(split[0]);
            if (list == null) {
                list = new LinkedList();
            }
            list.add(str);
            hashMap.put(split[0], list);
        }
        return hashMap;
    }

    public void init(InitContext initContext) throws Exception {
        log.info("[CSLDAP 0003] Initializing LDAP claims source...");
        this.config = loadConfiguration(initContext);
        this.config.log();
        if (this.config.enable) {
            Map<String, Object> loadLDAPAttributeMap = loadLDAPAttributeMap(initContext);
            this.attributeMapper = new AttributeMapper(loadLDAPAttributeMap);
            if (this.attributeMapper.getLDAPAttributeName("sub") == null) {
                throw new Exception("Missing LDAP attribute mapping for \"sub\" claim");
            }
            this.claimsMap = composeClaimsMap(loadLDAPAttributeMap);
            try {
                this.ldapConnPool = new LDAPConnectionPoolFactory(this.config.server, this.config.customTrustStore, this.config.customKeyStore, this.config.directory.user).createLDAPConnectionPool();
                this.ldapConnPool.setConnectionPoolName("userinfo-store");
            } catch (Exception e) {
                throw new Exception("Couldn't create LDAP connection pool: " + e.getMessage(), e);
            }
        }
    }

    public boolean isEnabled() {
        return this.config.enable;
    }

    public Set<String> supportedClaims() {
        return !this.config.enable ? Collections.unmodifiableSet(new HashSet()) : Collections.unmodifiableSet(this.claimsMap.keySet());
    }

    protected List<String> resolveRequestedClaims(Set<String> set, List<LangTag> list) {
        HashSet hashSet = new HashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            List<String> list2 = this.claimsMap.get(it.next());
            if (list2 != null) {
                hashSet.addAll(list2);
            }
        }
        return new ArrayList(ClaimUtils.applyLangTags(hashSet, list));
    }

    public UserInfo getClaims(Subject subject, Set<String> set, List<LangTag> list) throws Exception {
        if (!this.config.enable) {
            return null;
        }
        String apply = this.config.directory.filter.apply(subject.getValue());
        List lDAPAttributeNames = this.attributeMapper.getLDAPAttributeNames(resolveRequestedClaims(set, list));
        try {
            SearchResult search = this.ldapConnPool.search(this.config.directory.baseDN.toString(), this.config.directory.scope, apply, (String[]) lDAPAttributeNames.toArray(new String[lDAPAttributeNames.size()]));
            int entryCount = search.getEntryCount();
            if (entryCount == 0) {
                return null;
            }
            if (entryCount > 1) {
                throw new Exception("Found " + entryCount + " entries for subject \"" + subject + "\"");
            }
            JSONObject transform = this.attributeMapper.transform((Entry) search.getSearchEntries().get(0));
            ArrayList arrayList = new ArrayList();
            for (String str : transform.keySet()) {
                if (!set.contains(str)) {
                    arrayList.add(str);
                }
            }
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                transform.remove((String) it.next());
            }
            transform.put("sub", subject.getValue());
            try {
                return new UserInfo(new JSONObject(transform));
            } catch (IllegalArgumentException e) {
                throw new Exception("Couldn't create UserInfo object: " + e.getMessage(), e);
            }
        } catch (Exception e2) {
            throw new Exception("Couldn't get UserInfo for subject \"" + subject + "\": " + e2.getMessage(), e2);
        }
    }

    public void shutdown() throws Exception {
        log.info("[CSLDAP 0004] Shutting down LDAP claims source...");
        if (this.ldapConnPool != null) {
            this.ldapConnPool.close();
        }
    }
}
