package org.springframework.security.ldap.userdetails;

import java.util.Collection;
import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.core.log.LogMessage;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl;
import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-ldap-5.5.1.jar:org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.class */
public class LdapUserDetailsMapper implements UserDetailsContextMapper {
    private final Log logger = LogFactory.getLog((Class<?>) LdapUserDetailsMapper.class);
    private String passwordAttributeName = "userPassword";
    private String rolePrefix = "ROLE_";
    private String[] roleAttributes = null;
    private boolean convertToUpperCase = true;

    @Override // org.springframework.security.ldap.userdetails.UserDetailsContextMapper
    public UserDetails mapUserFromContext(DirContextOperations dirContextOperations, String str, Collection<? extends GrantedAuthority> collection) {
        String nameInNamespace = dirContextOperations.getNameInNamespace();
        this.logger.debug(LogMessage.format("Mapping user details from context with DN: %s", nameInNamespace));
        LdapUserDetailsImpl.Essence essence = new LdapUserDetailsImpl.Essence();
        essence.setDn(nameInNamespace);
        Object objectAttribute = dirContextOperations.getObjectAttribute(this.passwordAttributeName);
        if (objectAttribute != null) {
            essence.setPassword(mapPassword(objectAttribute));
        }
        essence.setUsername(str);
        for (int i = 0; this.roleAttributes != null && i < this.roleAttributes.length; i++) {
            String[] stringAttributes = dirContextOperations.getStringAttributes(this.roleAttributes[i]);
            if (stringAttributes == null) {
                this.logger.debug(LogMessage.format("Couldn't read role attribute '%s' for user $s", this.roleAttributes[i], nameInNamespace));
            } else {
                for (String str2 : stringAttributes) {
                    GrantedAuthority createAuthority = createAuthority(str2);
                    if (createAuthority != null) {
                        essence.addAuthority(createAuthority);
                    }
                }
            }
        }
        Iterator<? extends GrantedAuthority> it = collection.iterator();
        while (it.hasNext()) {
            essence.addAuthority(it.next());
        }
        PasswordPolicyResponseControl passwordPolicyResponseControl = (PasswordPolicyResponseControl) dirContextOperations.getObjectAttribute("1.3.6.1.4.1.42.2.27.8.5.1");
        if (passwordPolicyResponseControl != null) {
            essence.setTimeBeforeExpiration(passwordPolicyResponseControl.getTimeBeforeExpiration());
            essence.setGraceLoginsRemaining(passwordPolicyResponseControl.getGraceLoginsRemaining());
        }
        return essence.createUserDetails();
    }

    @Override // org.springframework.security.ldap.userdetails.UserDetailsContextMapper
    public void mapUserToContext(UserDetails userDetails, DirContextAdapter dirContextAdapter) {
        throw new UnsupportedOperationException("LdapUserDetailsMapper only supports reading from a context. Please use a subclass if mapUserToContext() is required.");
    }

    protected String mapPassword(Object obj) {
        if (!(obj instanceof String)) {
            obj = new String((byte[]) obj);
        }
        return (String) obj;
    }

    protected GrantedAuthority createAuthority(Object obj) {
        if (!(obj instanceof String)) {
            return null;
        }
        if (this.convertToUpperCase) {
            obj = ((String) obj).toUpperCase();
        }
        return new SimpleGrantedAuthority(this.rolePrefix + obj);
    }

    public void setConvertToUpperCase(boolean z) {
        this.convertToUpperCase = z;
    }

    public void setPasswordAttributeName(String str) {
        this.passwordAttributeName = str;
    }

    public void setRoleAttributes(String[] strArr) {
        Assert.notNull(strArr, "roleAttributes array cannot be null");
        this.roleAttributes = strArr;
    }

    public void setRolePrefix(String str) {
        this.rolePrefix = str;
    }
}
