package org.apereo.cas.authorization;

import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LdapUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.ldaptive.LdapEntry;
import org.ldaptive.SearchOperation;
import org.ldaptive.SearchResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:org/apereo/cas/authorization/LdapUserGroupsToRolesAuthorizationGenerator.class */
public class LdapUserGroupsToRolesAuthorizationGenerator extends BaseUseAttributesAuthorizationGenerator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(LdapUserGroupsToRolesAuthorizationGenerator.class);
    private final String groupAttributeName;
    private final String groupPrefix;
    private final SearchOperation groupSearchOperation;

    public LdapUserGroupsToRolesAuthorizationGenerator(SearchOperation searchOperation, boolean z, String str, String str2, SearchOperation searchOperation2) {
        super(searchOperation, z);
        this.groupAttributeName = str;
        this.groupPrefix = str2;
        this.groupSearchOperation = searchOperation2;
    }

    @Override // org.apereo.cas.authorization.BaseUseAttributesAuthorizationGenerator
    protected List<SimpleGrantedAuthority> generateAuthorizationForLdapEntry(Principal principal, LdapEntry ldapEntry) {
        LOGGER.debug("Attempting to get roles for user [{}].", ldapEntry.getDn());
        SearchResponse searchResponse = (SearchResponse) FunctionUtils.doUnchecked(() -> {
            return this.groupSearchOperation.execute(LdapUtils.newLdaptiveSearchFilter(this.groupSearchOperation.getTemplate().getFilter(), LdapUtils.LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME, (List<String>) CollectionUtils.wrap(ldapEntry.getDn())));
        });
        LOGGER.debug("LDAP role search response: [{}]", searchResponse);
        return (List) searchResponse.getEntries().stream().map(ldapEntry2 -> {
            return ldapEntry2.getAttribute(this.groupAttributeName);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(ldapAttribute -> {
            return (List) ldapAttribute.getStringValues().stream().map(str -> {
                return str.toUpperCase(Locale.ENGLISH);
            }).map(str2 -> {
                return StringUtils.prependIfMissing(str2, this.groupPrefix, new CharSequence[0]);
            }).collect(Collectors.toList());
        }).flatMap((v0) -> {
            return v0.stream();
        }).map(SimpleGrantedAuthority::new).collect(Collectors.toList());
    }
}
