package org.cloudfoundry.identity.uaa.authentication.manager;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning;
import org.cloudfoundry.identity.uaa.provider.LdapIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.ldap.ExtendedLdapUserDetails;
import org.cloudfoundry.identity.uaa.provider.ldap.extension.LdapAuthority;
import org.cloudfoundry.identity.uaa.user.UaaUser;
import org.cloudfoundry.identity.uaa.util.ObjectUtils;
import org.cloudfoundry.identity.uaa.util.UaaStringUtils;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.MultiValueMap;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.23.0.jar:org/cloudfoundry/identity/uaa/authentication/manager/LdapLoginAuthenticationManager.class */
public class LdapLoginAuthenticationManager extends ExternalLoginAuthenticationManager {
    protected static Log logger = LogFactory.getLog(LdapLoginAuthenticationManager.class);

    public LdapLoginAuthenticationManager(IdentityProviderProvisioning identityProviderProvisioning) {
        super(identityProviderProvisioning);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.cloudfoundry.identity.uaa.authentication.manager.ExternalLoginAuthenticationManager
    public void populateAuthenticationAttributes(UaaAuthentication uaaAuthentication, Authentication authentication, Object obj) {
        super.populateAuthenticationAttributes(uaaAuthentication, authentication, obj);
        uaaAuthentication.getAuthenticationMethods().add("pwd");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.cloudfoundry.identity.uaa.authentication.manager.ExternalLoginAuthenticationManager
    public MultiValueMap<String, String> getUserAttributes(UserDetails userDetails) {
        MultiValueMap<String, String> userAttributes = super.getUserAttributes(userDetails);
        logger.debug(String.format("Mapping custom attributes for origin:%s and zone:%s", getOrigin(), IdentityZoneHolder.get().getId()));
        if (getProviderProvisioning() != null) {
            IdentityProvider retrieveByOrigin = getProviderProvisioning().retrieveByOrigin(getOrigin(), IdentityZoneHolder.get().getId());
            if (userDetails instanceof ExtendedLdapUserDetails) {
                ExtendedLdapUserDetails extendedLdapUserDetails = (ExtendedLdapUserDetails) userDetails;
                for (Map.Entry<String, Object> entry : ((LdapIdentityProviderDefinition) ObjectUtils.castInstance(retrieveByOrigin.getConfig(), LdapIdentityProviderDefinition.class)).getAttributeMappings().entrySet()) {
                    if (entry.getKey().startsWith("user.attribute.") && entry.getValue() != null) {
                        String substring = entry.getKey().substring("user.attribute.".length());
                        String[] attribute = extendedLdapUserDetails.getAttribute((String) entry.getValue(), false);
                        if (attribute != null && attribute.length > 0) {
                            userAttributes.put(substring, Arrays.asList(attribute));
                            logger.debug(String.format("Mappcustom attribute key:%s and value:%s", substring, userAttributes.get(substring)));
                        }
                    }
                }
            }
        } else {
            logger.debug(String.format("Did not find custom attribute configuration for origin:%s and zone:%s", getOrigin(), IdentityZoneHolder.get().getId()));
        }
        return userAttributes;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.cloudfoundry.identity.uaa.authentication.manager.ExternalLoginAuthenticationManager
    public List<String> getExternalUserAuthorities(UserDetails userDetails) {
        List<String> externalUserAuthorities = super.getExternalUserAuthorities(userDetails);
        if (getProviderProvisioning() != null) {
            externalUserAuthorities = new ArrayList(UaaStringUtils.retainAllMatches(getAuthoritesAsNames(userDetails.getAuthorities()), ((LdapIdentityProviderDefinition) ObjectUtils.castInstance(getProviderProvisioning().retrieveByOrigin(getOrigin(), IdentityZoneHolder.get().getId()).getConfig(), LdapIdentityProviderDefinition.class)).getExternalGroupsWhitelist()));
        }
        return externalUserAuthorities;
    }

    protected Set<String> getAuthoritesAsNames(Collection<? extends GrantedAuthority> collection) {
        String[] attributeValues;
        HashSet hashSet = new HashSet();
        for (GrantedAuthority grantedAuthority : new LinkedList(collection != null ? collection : Collections.EMPTY_LIST)) {
            if ((grantedAuthority instanceof LdapAuthority) && (attributeValues = ((LdapAuthority) grantedAuthority).getAttributeValues(SchemaConstants.CN_AT)) != null) {
                hashSet.addAll(Arrays.asList(attributeValues));
            }
        }
        return hashSet;
    }

    @Override // org.cloudfoundry.identity.uaa.authentication.manager.ExternalLoginAuthenticationManager
    protected UaaUser userAuthenticated(Authentication authentication, UaaUser uaaUser, UaaUser uaaUser2) {
        boolean z = false;
        if (authentication.getPrincipal() != null && (authentication.getPrincipal() instanceof ExtendedLdapUserDetails) && haveUserAttributesChanged(uaaUser2, uaaUser)) {
            uaaUser2 = uaaUser2.modifyAttributes(uaaUser.getEmail(), uaaUser.getGivenName(), uaaUser.getFamilyName(), uaaUser.getPhoneNumber(), uaaUser2.isVerified() || uaaUser.isVerified()).modifyUsername(uaaUser.getUsername());
            z = true;
        }
        publish(new ExternalGroupAuthorizationEvent(uaaUser2, z, authentication.getAuthorities(), isAutoAddAuthorities()));
        return getUserDatabase().retrieveUserById(uaaUser2.getId());
    }

    protected boolean isAutoAddAuthorities() {
        LdapIdentityProviderDefinition ldapIdentityProviderDefinition;
        Boolean bool = true;
        if (getProviderProvisioning() != null && (ldapIdentityProviderDefinition = (LdapIdentityProviderDefinition) ObjectUtils.castInstance(getProviderProvisioning().retrieveByOrigin(getOrigin(), IdentityZoneHolder.get().getId()).getConfig(), LdapIdentityProviderDefinition.class)) != null) {
            bool = ldapIdentityProviderDefinition.isAutoAddGroups();
        }
        if (bool != null) {
            return bool.booleanValue();
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.cloudfoundry.identity.uaa.authentication.manager.ExternalLoginAuthenticationManager
    public boolean isAddNewShadowUser() {
        LdapIdentityProviderDefinition ldapIdentityProviderDefinition;
        Boolean bool = true;
        if (getProviderProvisioning() != null && (ldapIdentityProviderDefinition = (LdapIdentityProviderDefinition) ObjectUtils.castInstance(getProviderProvisioning().retrieveByOrigin(getOrigin(), IdentityZoneHolder.get().getId()).getConfig(), LdapIdentityProviderDefinition.class)) != null) {
            bool = Boolean.valueOf(ldapIdentityProviderDefinition.isAddShadowUserOnLogin());
        }
        if (bool != null) {
            return bool.booleanValue();
        }
        return true;
    }
}
