package org.jboss.as.domain.management.security;

import java.io.IOException;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.Stack;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.security.auth.Subject;
import org.jboss.as.core.security.RealmGroup;
import org.jboss.as.core.security.RealmUser;
import org.jboss.as.domain.management.SecurityRealm;
import org.jboss.as.domain.management.connections.ConnectionManager;
import org.jboss.as.domain.management.security.BaseLdapGroupSearchResource;
import org.jboss.msc.inject.Injector;
import org.jboss.msc.service.Service;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.jboss.msc.value.InjectedValue;

/* loaded from: input_file:org/jboss/as/domain/management/security/LdapSubjectSupplementalService.class */
public class LdapSubjectSupplementalService implements Service<SubjectSupplementalService>, SubjectSupplementalService {
    private LdapUserSearcher userSearcher;
    private LdapGroupSearcher groupSearcher;
    private final String realmName;
    private final boolean shareConnection;
    private final boolean forceUserDnSearch;
    private final boolean iterative;
    private final BaseLdapGroupSearchResource.GroupName groupName;
    private final InjectedValue<ConnectionManager> connectionManager = new InjectedValue<>();
    private final InjectedValue<LdapUserSearcher> userSearcherInjector = new InjectedValue<>();
    private final InjectedValue<LdapGroupSearcher> groupSearcherInjector = new InjectedValue<>();
    protected final int searchTimeLimit = 10000;

    /* loaded from: input_file:org/jboss/as/domain/management/security/LdapSubjectSupplementalService$LdapSubjectSupplemental.class */
    public class LdapSubjectSupplemental implements SubjectSupplemental {
        private final Map<String, Object> sharedState;
        private final Set<LdapEntry> searchedPerformed = new HashSet();
        private DirContext dirContext = null;

        protected LdapSubjectSupplemental(Map<String, Object> map) {
            this.sharedState = map;
        }

        @Override // org.jboss.as.domain.management.security.SubjectSupplemental
        public void supplementSubject(Subject subject) throws IOException {
            Set principals = subject.getPrincipals(RealmUser.class);
            Set<Principal> principals2 = subject.getPrincipals();
            try {
                try {
                    this.dirContext = getSearchContext();
                    Iterator it = principals.iterator();
                    while (it.hasNext()) {
                        principals2.addAll(loadGroups((RealmUser) it.next()));
                    }
                } catch (Exception e) {
                    if (!(e instanceof IOException)) {
                        throw new IOException(e);
                    }
                    throw ((IOException) e);
                }
            } finally {
                LdapSubjectSupplementalService.this.safeClose(this.dirContext);
                this.dirContext = null;
            }
        }

        private Set<RealmGroup> loadGroups(RealmUser realmUser) throws IOException, NamingException {
            LdapEntry ldapEntry = null;
            if (!LdapSubjectSupplementalService.this.forceUserDnSearch && this.sharedState.containsKey(LdapEntry.class.getName())) {
                ldapEntry = (LdapEntry) this.sharedState.get(LdapEntry.class.getName());
            }
            if (ldapEntry == null || !realmUser.getName().equals(ldapEntry.getSimpleName())) {
                ldapEntry = LdapSubjectSupplementalService.this.userSearcher.userSearch(this.dirContext, realmUser.getName());
            }
            return loadGroups(ldapEntry);
        }

        private Set<RealmGroup> loadGroups(LdapEntry ldapEntry) throws IOException, NamingException {
            HashSet hashSet = new HashSet();
            Stack stack = new Stack();
            stack.push(loadGroupEntries(ldapEntry));
            while (!stack.isEmpty()) {
                for (LdapEntry ldapEntry2 : (LdapEntry[]) stack.pop()) {
                    hashSet.add(new RealmGroup(LdapSubjectSupplementalService.this.realmName, LdapSubjectSupplementalService.this.groupName == BaseLdapGroupSearchResource.GroupName.SIMPLE ? ldapEntry2.getSimpleName() : ldapEntry2.getDistinguishedName()));
                    if (LdapSubjectSupplementalService.this.iterative) {
                        stack.push(loadGroupEntries(ldapEntry2));
                    }
                }
            }
            return hashSet;
        }

        private LdapEntry[] loadGroupEntries(LdapEntry ldapEntry) throws IOException, NamingException {
            return !this.searchedPerformed.add(ldapEntry) ? new LdapEntry[0] : LdapSubjectSupplementalService.this.groupSearcher.groupSearch(this.dirContext, ldapEntry);
        }

        private DirContext getSearchContext() throws Exception {
            return (LdapSubjectSupplementalService.this.shareConnection && this.sharedState.containsKey(DirContext.class.getName())) ? (DirContext) this.sharedState.remove(DirContext.class.getName()) : (DirContext) ((ConnectionManager) LdapSubjectSupplementalService.this.connectionManager.getValue()).getConnection();
        }
    }

    /* loaded from: input_file:org/jboss/as/domain/management/security/LdapSubjectSupplementalService$ServiceUtil.class */
    public static final class ServiceUtil {
        private static final String SERVICE_SUFFIX = "ldap-authorization";

        private ServiceUtil() {
        }

        public static ServiceName createServiceName(String str) {
            return SecurityRealm.ServiceUtil.createServiceName(str).append(new String[]{SERVICE_SUFFIX});
        }
    }

    public LdapSubjectSupplementalService(String str, boolean z, boolean z2, boolean z3, BaseLdapGroupSearchResource.GroupName groupName) {
        this.realmName = str;
        this.shareConnection = z;
        this.forceUserDnSearch = z2;
        this.iterative = z3;
        this.groupName = groupName;
    }

    /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
    public SubjectSupplementalService m81getValue() throws IllegalStateException, IllegalArgumentException {
        return this;
    }

    public void start(StartContext startContext) throws StartException {
        this.userSearcher = (LdapUserSearcher) this.userSearcherInjector.getOptionalValue();
        this.groupSearcher = (LdapGroupSearcher) this.groupSearcherInjector.getValue();
    }

    public void stop(StopContext stopContext) {
    }

    public Injector<ConnectionManager> getConnectionManagerInjector() {
        return this.connectionManager;
    }

    public Injector<LdapUserSearcher> getLdapUserSearcherInjector() {
        return this.userSearcherInjector;
    }

    public Injector<LdapGroupSearcher> getLdapGroupSearcherInjector() {
        return this.groupSearcherInjector;
    }

    @Override // org.jboss.as.domain.management.security.SubjectSupplementalService
    public SubjectSupplemental getSubjectSupplemental(Map<String, Object> map) {
        return new LdapSubjectSupplemental(map);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void safeClose(Context context) {
        if (context != null) {
            try {
                context.close();
            } catch (Exception e) {
            }
        }
    }
}
