package jp.ikedam.jenkins.plugins.ldap_sasl;

import hudson.Extension;
import hudson.model.Descriptor;
import hudson.util.FormValidation;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:jp/ikedam/jenkins/plugins/ldap_sasl/SearchGroupResolver.class */
public class SearchGroupResolver extends GroupResolver {
    private String searchBase;
    private String prefix;

    @Extension(ordinal = 10.0d)
    /* loaded from: input_file:jp/ikedam/jenkins/plugins/ldap_sasl/SearchGroupResolver$DescriptorImpl.class */
    public static class DescriptorImpl extends Descriptor<GroupResolver> {
        public String getDisplayName() {
            return Messages.SearchGroupResolver_DisplayName();
        }

        public FormValidation doCheckSearchBase(@QueryParameter String str) {
            if (StringUtils.isBlank(str)) {
                return FormValidation.ok();
            }
            try {
                new LdapName(StringUtils.trim(str));
                return FormValidation.ok();
            } catch (InvalidNameException e) {
                return FormValidation.error(Messages.SearchGroupResolver_SearchBase_invalid(e.getMessage()));
            }
        }

        public FormValidation doCheckPrefix(@QueryParameter String str) {
            return FormValidation.ok();
        }
    }

    private Logger getLogger() {
        return Logger.getLogger(getClass().getName());
    }

    public String getSearchBase() {
        return this.searchBase;
    }

    public String getPrefix() {
        return this.prefix;
    }

    @DataBoundConstructor
    public SearchGroupResolver(String str, String str2) {
        this.searchBase = StringUtils.trim(str);
        this.prefix = StringUtils.trim(str2);
    }

    @Override // jp.ikedam.jenkins.plugins.ldap_sasl.GroupResolver
    public List<GrantedAuthority> resolveGroup(LdapContext ldapContext, String str, String str2) {
        ArrayList arrayList = new ArrayList();
        Logger logger = getLogger();
        if (str == null) {
            logger.warning("Group cannot be resolved: DN of the user is not resolved!");
            return arrayList;
        }
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            logger.fine(String.format("Searching groups base=%s, dn=%s", getSearchBase(), str));
            NamingEnumeration search = ldapContext.search(getSearchBase() != null ? getSearchBase() : "", getGroupSearchQuery(str), searchControls);
            while (search.hasMore()) {
                String obj = ((SearchResult) search.next()).getAttributes().get("cn").get().toString();
                if (getPrefix() != null) {
                    obj = getPrefix() + obj;
                }
                arrayList.add(new GrantedAuthorityImpl(obj));
                logger.fine(String.format("group: %s", obj));
            }
            search.close();
        } catch (NamingException e) {
            logger.log(Level.WARNING, "Failed to search groups", (Throwable) e);
        }
        return arrayList;
    }

    protected String getGroupSearchQuery(String str) {
        return MessageFormat.format("(| (& (objectClass=groupOfUniqueNames) (uniqueMember={0}))(& (objectClass=groupOfNames) (member={0})))", str);
    }
}
