package com.nimbusds.openid.connect.provider.userinfo.ldap;

import com.nimbusds.common.ldap.AttributeMapper;
import com.nimbusds.common.ldap.LDAPConnectionPoolFactory;
import com.nimbusds.langtag.LangTag;
import com.nimbusds.oauth2.sdk.id.Subject;
import com.nimbusds.oauth2.sdk.util.JSONObjectUtils;
import com.nimbusds.openid.connect.provider.userinfo.spi.ClaimUtils;
import com.nimbusds.openid.connect.provider.userinfo.spi.UserInfoProvider;
import com.nimbusds.openid.connect.sdk.claims.UserInfo;
import com.unboundid.ldap.sdk.Entry;
import com.unboundid.ldap.sdk.LDAPConnectionPool;
import com.unboundid.ldap.sdk.SearchResult;
import java.io.File;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import net.minidev.json.JSONObject;
import org.apache.commons.io.FileUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/nimbusds/openid/connect/provider/userinfo/ldap/LDAPConnector.class */
public class LDAPConnector implements UserInfoProvider {
    private Configuration config;
    private Map<String, List<String>> claimsMap;
    private AttributeMapper attributeMapper;
    private LDAPConnectionPool ldapConnPool;
    private final Logger log = Logger.getLogger(LDAPConnector.class);

    public void init(Properties properties) throws Exception {
        this.config = new Configuration(properties);
        this.config.log();
        try {
            try {
                JSONObject parseJSONObject = JSONObjectUtils.parseJSONObject(FileUtils.readFileToString(new File(this.config.directory.attributeMap), Charset.forName("UTF-8")));
                this.claimsMap = new HashMap();
                for (String str : parseJSONObject.keySet()) {
                    String[] split = str.split("\\.", 2);
                    List<String> list = this.claimsMap.get(split[0]);
                    if (list == null) {
                        list = new LinkedList();
                    }
                    list.add(str);
                    this.claimsMap.put(split[0], list);
                }
                this.attributeMapper = new AttributeMapper(parseJSONObject);
                if (this.attributeMapper.getLDAPAttributeName("sub") == null) {
                    throw new Exception("Missing LDAP attribute mapping for \"sub\"");
                }
                try {
                    this.ldapConnPool = new LDAPConnectionPoolFactory(this.config.server, this.config.customTrustStore, this.config.customKeyStore, this.config.directory.user).createLDAPConnectionPool();
                } catch (Exception e) {
                    throw new Exception("Couldn't create LDAP connection pool: " + e.getMessage(), e);
                }
            } catch (Exception e2) {
                throw new Exception("Couldn't parse LDAP attribute map: " + e2.getMessage(), e2);
            }
        } catch (Exception e3) {
            throw new Exception("Couldn't open LDAP attribute map file: " + e3.getMessage(), e3);
        }
    }

    public Set<String> supportedClaims() {
        return Collections.unmodifiableSet(this.claimsMap.keySet());
    }

    protected List<String> resolveRequestedClaims(Set<String> set, List<LangTag> list) {
        HashSet hashSet = new HashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            List<String> list2 = this.claimsMap.get(it.next());
            if (list2 != null) {
                hashSet.addAll(list2);
            }
        }
        return new ArrayList(ClaimUtils.applyLangTags(hashSet, list));
    }

    public UserInfo getUserInfo(Subject subject, Set<String> set, List<LangTag> list) throws Exception {
        try {
            SearchResult search = this.ldapConnPool.search(this.config.directory.baseDN.toString(), this.config.directory.scope, this.config.directory.filter.apply(subject.getValue()), (String[]) this.attributeMapper.getLDAPAttributeNames(resolveRequestedClaims(set, list)).toArray(new String[0]));
            int entryCount = search.getEntryCount();
            this.log.debug("Found " + entryCount + " entries for subject \"" + subject + "\"");
            if (entryCount == 0) {
                return null;
            }
            if (entryCount > 1) {
                throw new Exception("Found " + entryCount + " entries for subject \"" + subject + "\"");
            }
            JSONObject transform = this.attributeMapper.transform((Entry) search.getSearchEntries().get(0));
            transform.put("sub", subject.getValue());
            try {
                return new UserInfo(new JSONObject(transform));
            } catch (IllegalArgumentException e) {
                throw new Exception("Couldn't create UserInfo object: " + e.getMessage(), e);
            }
        } catch (Exception e2) {
            throw new Exception("Couldn't get UserInfo for subject \"" + subject + "\": " + e2.getMessage(), e2);
        }
    }

    public void shutdown() throws Exception {
        this.ldapConnPool.close();
    }
}
