package eu.openanalytics.containerproxy.auth.impl;

import eu.openanalytics.containerproxy.auth.IAuthenticationBackend;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Set;
import javax.inject.Inject;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.core.env.Environment;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy;
import org.springframework.ldap.core.support.ExternalTlsDirContextAuthenticationStrategy;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
import org.thymeleaf.spring5.processor.SpringInputGeneralFieldTagProcessor;

/* loaded from: input_file:BOOT-INF/lib/containerproxy-0.5.0.jar:eu/openanalytics/containerproxy/auth/impl/LDAPAuthenticationBackend.class */
public class LDAPAuthenticationBackend implements IAuthenticationBackend {
    public static final String NAME = "ldap";
    private static final String STARTTLS_SIMPLE = "simple";
    private static final String STARTTLS_EXTERNAL = "external";

    @Inject
    private Environment environment;

    /* loaded from: input_file:BOOT-INF/lib/containerproxy-0.5.0.jar:eu/openanalytics/containerproxy/auth/impl/LDAPAuthenticationBackend$CNLdapAuthoritiesPopulator.class */
    private static class CNLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopulator {
        private static final Log logger = LogFactory.getLog((Class<?>) DefaultLdapAuthoritiesPopulator.class);

        public CNLdapAuthoritiesPopulator(ContextSource contextSource, String str) {
            super(contextSource, str);
            setSearchSubtree(true);
        }

        @Override // org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
        public Set<GrantedAuthority> getGroupMembershipRoles(String str, String str2) {
            if (getGroupSearchBase() == null) {
                return new HashSet();
            }
            HashSet hashSet = new HashSet();
            if (logger.isDebugEnabled()) {
                logger.debug("Searching for roles for user '" + str2 + "', DN = '" + str + "', with filter " + getGroupSearchFilter() + " in search base '" + getGroupSearchBase() + "'");
            }
            Set<String> searchForSingleAttributeValues = getLdapTemplate().searchForSingleAttributeValues(getGroupSearchBase(), getGroupSearchFilter(), new String[]{str, str2, getCn(str)}, getGroupRoleAttribute());
            if (logger.isDebugEnabled()) {
                logger.debug("Roles from search: " + searchForSingleAttributeValues);
            }
            for (String str3 : searchForSingleAttributeValues) {
                if (isConvertToUpperCase()) {
                    str3 = str3.toUpperCase();
                }
                hashSet.add(new SimpleGrantedAuthority(getRolePrefix() + str3));
            }
            return hashSet;
        }

        private String getCn(String str) {
            try {
                for (Rdn rdn : new LdapName(str).getRdns()) {
                    if (rdn.getType().equalsIgnoreCase("CN")) {
                        return rdn.getValue().toString();
                    }
                }
                return "";
            } catch (InvalidNameException e) {
                return "";
            }
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/containerproxy-0.5.0.jar:eu/openanalytics/containerproxy/auth/impl/LDAPAuthenticationBackend$LDAPProviderConfig.class */
    private static class LDAPProviderConfig {
        public String url;
        public String startTLS;
        public String userDnPattern;
        public String userSearchBase;
        public String userSearchFilter;
        public String groupSearchBase;
        public String groupSearchFilter;
        public String managerDn;
        public String managerPassword;

        private LDAPProviderConfig() {
        }

        public static LDAPProviderConfig[] loadAll(Environment environment) {
            LDAPProviderConfig load = load(environment, -1);
            if (load != null) {
                return new LDAPProviderConfig[]{load};
            }
            ArrayList arrayList = new ArrayList();
            int i = 0;
            while (true) {
                LDAPProviderConfig load2 = load(environment, i);
                if (load2 == null) {
                    return (LDAPProviderConfig[]) arrayList.toArray(new LDAPProviderConfig[arrayList.size()]);
                }
                arrayList.add(load2);
                i++;
            }
        }

        public static LDAPProviderConfig load(Environment environment, int i) {
            String str = i >= 0 ? String.format("proxy.ldap[%d]", Integer.valueOf(i)) + ".%s" : "proxy.ldap.%s";
            String property = environment.getProperty(String.format(str, SpringInputGeneralFieldTagProcessor.URL_INPUT_TYPE_ATTR_VALUE));
            if (property == null) {
                return null;
            }
            LDAPProviderConfig lDAPProviderConfig = new LDAPProviderConfig();
            lDAPProviderConfig.url = property;
            lDAPProviderConfig.startTLS = environment.getProperty(String.format(str, "starttls"));
            lDAPProviderConfig.userDnPattern = environment.getProperty(String.format(str, "user-dn-pattern"));
            lDAPProviderConfig.userSearchBase = environment.getProperty(String.format(str, LdapUserServiceBeanDefinitionParser.ATT_USER_SEARCH_BASE), "");
            lDAPProviderConfig.userSearchFilter = environment.getProperty(String.format(str, LdapUserServiceBeanDefinitionParser.ATT_USER_SEARCH_FILTER));
            lDAPProviderConfig.groupSearchBase = environment.getProperty(String.format(str, LdapUserServiceBeanDefinitionParser.ATT_GROUP_SEARCH_BASE), "");
            lDAPProviderConfig.groupSearchFilter = environment.getProperty(String.format(str, LdapUserServiceBeanDefinitionParser.ATT_GROUP_SEARCH_FILTER), LdapUserServiceBeanDefinitionParser.DEF_GROUP_SEARCH_FILTER);
            lDAPProviderConfig.managerDn = environment.getProperty(String.format(str, "manager-dn"));
            lDAPProviderConfig.managerPassword = environment.getProperty(String.format(str, "manager-password"));
            return lDAPProviderConfig;
        }
    }

    @Override // eu.openanalytics.containerproxy.auth.IAuthenticationBackend
    public String getName() {
        return NAME;
    }

    @Override // eu.openanalytics.containerproxy.auth.IAuthenticationBackend
    public boolean hasAuthorization() {
        return true;
    }

    @Override // eu.openanalytics.containerproxy.auth.IAuthenticationBackend
    public void configureHttpSecurity(HttpSecurity httpSecurity) throws Exception {
    }

    @Override // eu.openanalytics.containerproxy.auth.IAuthenticationBackend
    public void configureAuthenticationManagerBuilder(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        LDAPProviderConfig[] loadAll = LDAPProviderConfig.loadAll(this.environment);
        if (loadAll.length == 0) {
            throw new RuntimeException("Cannot initialize LDAP backend: no LDAP configuration found");
        }
        for (LDAPProviderConfig lDAPProviderConfig : loadAll) {
            LdapAuthenticationProviderConfigurer ldapAuthenticationProviderConfigurer = new LdapAuthenticationProviderConfigurer();
            String[] strArr = {lDAPProviderConfig.userDnPattern};
            if (strArr[0] == null || strArr[0].isEmpty()) {
                strArr = new String[0];
            }
            if (lDAPProviderConfig.managerDn != null && lDAPProviderConfig.managerDn.isEmpty()) {
                lDAPProviderConfig.managerDn = null;
            }
            DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(lDAPProviderConfig.url);
            if (lDAPProviderConfig.managerDn != null) {
                defaultSpringSecurityContextSource.setUserDn(lDAPProviderConfig.managerDn);
                defaultSpringSecurityContextSource.setPassword(lDAPProviderConfig.managerPassword);
            }
            if (Boolean.valueOf(lDAPProviderConfig.startTLS).booleanValue() || "simple".equalsIgnoreCase(lDAPProviderConfig.startTLS)) {
                defaultSpringSecurityContextSource.setPooled(false);
                defaultSpringSecurityContextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
            } else if (STARTTLS_EXTERNAL.equalsIgnoreCase(lDAPProviderConfig.startTLS)) {
                defaultSpringSecurityContextSource.setAuthenticationStrategy(new ExternalTlsDirContextAuthenticationStrategy());
            }
            defaultSpringSecurityContextSource.afterPropertiesSet();
            CNLdapAuthoritiesPopulator cNLdapAuthoritiesPopulator = new CNLdapAuthoritiesPopulator(defaultSpringSecurityContextSource, lDAPProviderConfig.groupSearchBase);
            cNLdapAuthoritiesPopulator.setGroupRoleAttribute("cn");
            cNLdapAuthoritiesPopulator.setGroupSearchFilter(lDAPProviderConfig.groupSearchFilter);
            ldapAuthenticationProviderConfigurer.userDnPatterns(strArr).userSearchBase(lDAPProviderConfig.userSearchBase).userSearchFilter(lDAPProviderConfig.userSearchFilter).ldapAuthoritiesPopulator(cNLdapAuthoritiesPopulator).contextSource(defaultSpringSecurityContextSource).configure((LdapAuthenticationProviderConfigurer) authenticationManagerBuilder);
        }
    }
}
