package com.floragunn.searchguard.enterprise.auth.ldap;

import com.floragunn.codova.config.net.CacheConfig;
import com.floragunn.codova.config.templates.AttributeSource;
import com.floragunn.codova.config.templates.ExpressionEvaluationException;
import com.floragunn.codova.config.text.Pattern;
import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Parser;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidatingDocNode;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.fluent.collections.ImmutableSet;
import com.floragunn.searchsupport.cstate.metrics.Meter;
import com.google.common.cache.Cache;
import com.unboundid.ldap.sdk.DereferencePolicy;
import com.unboundid.ldap.sdk.Entry;
import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.SearchRequest;
import com.unboundid.ldap.sdk.SearchScope;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/auth/ldap/GroupSearch.class */
public class GroupSearch {
    private final String searchBaseDn;
    private final SearchScope searchScope;
    private final SearchFilter searchFilter;
    private final boolean recursive;
    private final Pattern recursivePattern;
    private final SearchFilter recursiveSearchFilter;
    private final int maxRecusionDepth;
    private final String roleNameAttribute;
    private final Cache<Filter, Set<Entry>> searchCache;

    /* loaded from: input_file:com/floragunn/searchguard/enterprise/auth/ldap/GroupSearch$SearchState.class */
    class SearchState {
        private final LDAPConnection connection;
        private final AttributeSource attributeSource;
        private final Meter meter;
        private Map<String, Entry> foundEntries = new HashMap();

        SearchState(LDAPConnection lDAPConnection, AttributeSource attributeSource, Meter meter) {
            this.connection = lDAPConnection;
            this.attributeSource = attributeSource;
            this.meter = meter;
        }

        Set<Entry> search(String str) throws LDAPException, ExpressionEvaluationException {
            Set<Entry> set;
            Filter filter = GroupSearch.this.searchFilter.toFilter(str != null ? AttributeSource.joined(new AttributeSource[]{AttributeSource.of("dn", str), this.attributeSource}) : this.attributeSource);
            if (GroupSearch.this.searchCache != null && (set = (Set) GroupSearch.this.searchCache.getIfPresent(filter)) != null) {
                return set;
            }
            SearchRequest searchRequest = new SearchRequest(GroupSearch.this.searchBaseDn, GroupSearch.this.searchScope, filter, new String[]{"+", "*"});
            searchRequest.setDerefPolicy(DereferencePolicy.ALWAYS);
            HashSet hashSet = new HashSet();
            for (Entry entry : this.connection.search(searchRequest).getSearchEntries()) {
                this.foundEntries.put(entry.getDN(), entry);
                if (GroupSearch.this.recursivePattern == null || GroupSearch.this.recursivePattern.matches(entry.getDN())) {
                    hashSet.add(entry.getDN());
                }
            }
            if (GroupSearch.this.recursive && hashSet.size() != 0) {
                searchNested(hashSet, 0);
            }
            ImmutableSet of = ImmutableSet.of(this.foundEntries.values());
            if (GroupSearch.this.searchCache != null) {
                GroupSearch.this.searchCache.put(filter, of);
            }
            return of;
        }

        void searchNested(Set<String> set, int i) throws LDAPException, ExpressionEvaluationException {
            HashSet hashSet = new HashSet();
            Meter detail = this.meter.detail("recursive_search");
            try {
                ArrayList arrayList = new ArrayList(set.size());
                Iterator<String> it = set.iterator();
                while (it.hasNext()) {
                    arrayList.add(GroupSearch.this.recursiveSearchFilter.toFilter(AttributeSource.joined(new AttributeSource[]{AttributeSource.of("dn", it.next()), this.attributeSource})));
                }
                SearchRequest searchRequest = new SearchRequest(GroupSearch.this.searchBaseDn, GroupSearch.this.searchScope, Filter.createORFilter(arrayList), new String[]{"+", "*"});
                searchRequest.setDerefPolicy(DereferencePolicy.ALWAYS);
                for (Entry entry : this.connection.search(searchRequest).getSearchEntries()) {
                    if (!this.foundEntries.containsKey(entry.getDN())) {
                        this.foundEntries.put(entry.getDN(), entry);
                        if (GroupSearch.this.recursivePattern == null || GroupSearch.this.recursivePattern.matches(entry.getDN())) {
                            hashSet.add(entry.getDN());
                        }
                    }
                }
                if (detail != null) {
                    detail.close();
                }
                if (hashSet.size() == 0 || i >= GroupSearch.this.maxRecusionDepth) {
                    return;
                }
                searchNested(hashSet, i + 1);
            } catch (Throwable th) {
                if (detail != null) {
                    try {
                        detail.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GroupSearch(DocNode docNode, Parser.Context context) throws ConfigValidationException {
        ValidationErrors validationErrors = new ValidationErrors();
        ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors, context);
        this.searchBaseDn = validatingDocNode.get("base_dn").required().asString();
        this.searchScope = (SearchScope) validatingDocNode.get("scope").withDefault(SearchScope.SUB).byString(LDAP::getSearchScope);
        this.searchFilter = (SearchFilter) validatingDocNode.get("filter").withDefault(SearchFilter.DEFAULT_GROUP_SEARCH).by(SearchFilter::parseForGroupSearch);
        this.roleNameAttribute = validatingDocNode.get("role_name_attribute").withDefault("dn").asString();
        this.recursive = validatingDocNode.get("recursive.enabled").withDefault(false).asBoolean();
        this.recursiveSearchFilter = (SearchFilter) validatingDocNode.get("recursive.filter").withDefault(this.searchFilter).by(SearchFilter::parseForGroupSearch);
        this.recursivePattern = (Pattern) validatingDocNode.get("recursive.enabled_for").by(Pattern::parse);
        this.maxRecusionDepth = validatingDocNode.get("recursive.max_depth").withDefault(30).asInt();
        this.searchCache = ((CacheConfig) validatingDocNode.get("cache").withDefault(CacheConfig.DEFAULT).by(CacheConfig::new)).build();
        validationErrors.throwExceptionForPresentErrors();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<Entry> search(LDAPConnection lDAPConnection, String str, AttributeSource attributeSource, Meter meter) throws LDAPException, ExpressionEvaluationException {
        return new SearchState(lDAPConnection, attributeSource, meter).search(str);
    }

    public String getRoleNameAttribute() {
        return this.roleNameAttribute;
    }
}
