package org.jboss.security.negotiation;

import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.util.Map;
import java.util.Properties;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.jboss.forge.roaster._shade.org.eclipse.jdt.internal.core.JavadocConstants;
import org.picketbox.commons.cipher.Base64;

/* loaded from: input_file:m2repo/org/jboss/security/jboss-negotiation-extras/3.0.2.Final/jboss-negotiation-extras-3.0.2.Final.jar:org/jboss/security/negotiation/AdvancedADLoginModule.class */
public class AdvancedADLoginModule extends AdvancedLdapLoginModule {
    private static final String PRIMARY_GROUP_ID = "primaryGroupID";
    private static final String OBJECT_SID = "objectSid";
    private boolean skipPrimaryGroupSearch = false;

    @Override // org.jboss.security.negotiation.AdvancedLdapLoginModule, org.jboss.security.auth.spi.AbstractServerLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map, map2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.jboss.security.negotiation.AdvancedLdapLoginModule
    public Properties createBaseProperties() {
        Properties createBaseProperties = super.createBaseProperties();
        createBaseProperties.put("java.naming.ldap.attributes.binary", OBJECT_SID);
        return createBaseProperties;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.jboss.security.negotiation.AdvancedLdapLoginModule
    public void rolesSearch(LdapContext ldapContext, String str) throws LoginException {
        boolean isTraceEnabled = this.log.isTraceEnabled();
        if (this.skipPrimaryGroupSearch) {
            super.rolesSearch(ldapContext, str);
            return;
        }
        this.skipPrimaryGroupSearch = true;
        try {
            try {
                Attributes attributes = ldapContext.getAttributes(str, new String[]{OBJECT_SID, PRIMARY_GROUP_ID});
                Attribute attribute = attributes.get(PRIMARY_GROUP_ID);
                Attribute attribute2 = attributes.get(OBJECT_SID);
                if (attribute == null || attribute2 == null) {
                    this.log.trace("primaryGroupIdAttribute or objectSidAttribute was null, skipping primary group search.");
                } else {
                    int parseInt = Integer.parseInt((String) attribute.get());
                    byte[] bArr = (byte[]) attribute2.get();
                    byte[] bArr2 = new byte[bArr.length];
                    System.arraycopy(bArr, 0, bArr2, 0, bArr.length - 4);
                    ByteBuffer wrap = ByteBuffer.wrap(bArr2, bArr.length - 4, 4);
                    wrap.order(ByteOrder.LITTLE_ENDIAN);
                    wrap.putInt(parseInt);
                    if (isTraceEnabled) {
                        this.log.trace("Using base objectSid " + Base64.encodeBytes(bArr) + " and replaced with primary group id " + parseInt + " to create new search objectSid " + Base64.encodeBytes(bArr2));
                    }
                    NamingEnumeration search = ldapContext.search(this.baseCtxDN, "(objectSid={0})", new Object[]{bArr2}, this.roleSearchControls);
                    if (search.hasMore()) {
                        String canonicalize = canonicalize(((SearchResult) search.next()).getName());
                        String str2 = JavadocConstants.ANCHOR_PREFIX_END + canonicalize + JavadocConstants.ANCHOR_PREFIX_END;
                        if (isTraceEnabled) {
                            this.log.trace("Search found primary group " + str2);
                        }
                        loadRoleByRoleNameAttributeID(ldapContext, str2);
                        recurseRolesSearch(ldapContext, canonicalize);
                    }
                }
                super.rolesSearch(ldapContext, str);
                this.skipPrimaryGroupSearch = false;
            } catch (NamingException e) {
                if (isTraceEnabled) {
                    this.log.trace("Failed to load primary group", e);
                }
                this.skipPrimaryGroupSearch = false;
            }
        } catch (Throwable th) {
            this.skipPrimaryGroupSearch = false;
            throw th;
        }
    }
}
