package pl.edu.icm.unity.ldap.client.config;

import com.unboundid.ldap.sdk.LDAPException;
import eu.unicore.util.configuration.ConfigurationException;
import java.io.IOException;
import java.io.StringReader;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import java.util.stream.Collectors;
import pl.edu.icm.unity.Constants;
import pl.edu.icm.unity.MessageSource;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.engine.api.translation.TranslationProfileGenerator;
import pl.edu.icm.unity.exceptions.InternalException;
import pl.edu.icm.unity.ldap.client.LdapUtils;
import pl.edu.icm.unity.ldap.client.config.LdapProperties;
import pl.edu.icm.unity.ldap.client.config.common.LDAPCommonConfiguration;
import pl.edu.icm.unity.ldap.client.config.common.LDAPConnectionProperties;
import pl.edu.icm.unity.types.I18nString;
import pl.edu.icm.unity.types.translation.TranslationProfile;
import pl.edu.icm.unity.webui.authn.extensions.PasswordRetrievalProperties;
import pl.edu.icm.unity.webui.authn.extensions.TLSRetrievalProperties;

/* loaded from: input_file:pl/edu/icm/unity/ldap/client/config/LdapConfiguration.class */
public class LdapConfiguration extends LDAPCommonConfiguration {
    private boolean bindOnly;
    private LdapProperties.BindAs bindAs;
    private TranslationProfile translationProfile;
    private boolean delegateGroupFiltering;
    private String groupsBaseName;
    private String memberOfAttribute;
    private String memberOfGroupAttribute;
    private List<GroupSpecification> groupSpecifications;
    private List<String> retrievalLdapAttributes;
    private List<SearchSpecification> searchSpecifications;
    private String userDNSearchKey;
    private I18nString retrievalName;
    private boolean accountAssociation;
    private String registrationForm;

    public LdapConfiguration() {
        setBindOnly(false);
        setBindAs(LdapProperties.DEFAULT_BIND_AS);
        setTranslationProfile(TranslationProfileGenerator.generateIncludeInputProfile(LdapProperties.DEFAULT_TRANSLATION_PROFILE));
        this.searchSpecifications = new ArrayList();
        this.groupSpecifications = new ArrayList();
        setDelegateGroupFiltering(true);
        setResultEntriesLimit(LDAPConnectionProperties.DEFAULT_RESULT_ENTRIES_LIMIT);
    }

    public void fromProperties(LdapProperties ldapProperties) {
        super.fromProperties((LDAPConnectionProperties) ldapProperties);
        if (ldapProperties.isSet(LdapProperties.BIND_ONLY)) {
            setBindOnly(ldapProperties.getBooleanValue(LdapProperties.BIND_ONLY).booleanValue());
        }
        if (ldapProperties.isSet(LdapProperties.BIND_AS)) {
            setBindAs((LdapProperties.BindAs) ldapProperties.getEnumValue(LdapProperties.BIND_AS, LdapProperties.BindAs.class));
        }
        if (ldapProperties.isSet(LdapProperties.GROUPS_SEARCH_IN_LDAP)) {
            setDelegateGroupFiltering(ldapProperties.getBooleanValue(LdapProperties.GROUPS_SEARCH_IN_LDAP).booleanValue());
        }
        setGroupsBaseName(ldapProperties.getValue(LdapProperties.GROUPS_BASE_NAME));
        setMemberOfAttribute(ldapProperties.getValue(LdapProperties.MEMBER_OF_ATTRIBUTE));
        setMemberOfGroupAttribute(ldapProperties.getValue(LdapProperties.MEMBER_OF_GROUP_ATTRIBUTE));
        for (String str : ldapProperties.getStructuredListKeys(LdapProperties.GROUP_DEFINITION_PFX)) {
            GroupSpecification groupSpecification = new GroupSpecification();
            groupSpecification.setGroupNameAttribute(ldapProperties.getValue(str + "nameAttribute"));
            groupSpecification.setMatchByMemberAttribute(ldapProperties.getValue(str + "matchByMemberAttribute"));
            groupSpecification.setMemberAttribute(ldapProperties.getValue(str + "memberAttribute"));
            groupSpecification.setObjectClass(ldapProperties.getValue(str + "objectClass"));
            this.groupSpecifications.add(groupSpecification);
        }
        Set structuredListKeys = ldapProperties.getStructuredListKeys(LdapProperties.ADV_SEARCH_PFX);
        this.userDNSearchKey = ldapProperties.getValue(LdapProperties.USER_DN_SEARCH_KEY);
        for (String str2 : (List) structuredListKeys.stream().filter(str3 -> {
            return this.userDNSearchKey == null || !str3.equals("additionalSearch." + this.userDNSearchKey + ".");
        }).collect(Collectors.toList())) {
            SearchSpecification searchSpecification = new SearchSpecification();
            searchSpecification.setFilter(ldapProperties.getValue(str2 + "filter"));
            searchSpecification.setBaseDN(ldapProperties.getValue(str2 + "baseName"));
            searchSpecification.setAttributes(ldapProperties.getValue(str2 + "selectedAttributes"));
            searchSpecification.setScope((LDAPConnectionProperties.SearchScope) ldapProperties.getEnumValue(str2 + "scope", LDAPConnectionProperties.SearchScope.class));
            this.searchSpecifications.add(searchSpecification);
        }
        setRetrievalLdapAttributes(ldapProperties.getListOfValues(LdapProperties.ATTRIBUTES));
        if (this.userDNSearchKey != null) {
            setUserDNResolving(LDAPCommonConfiguration.UserDNResolving.ldapSearch);
            this.userDNSearchKey = ldapProperties.getValue(LdapProperties.USER_DN_SEARCH_KEY);
            setLdapSearchBaseName(ldapProperties.getValue("additionalSearch." + this.userDNSearchKey + ".baseName"));
            setLdapSearchFilter(ldapProperties.getValue("additionalSearch." + this.userDNSearchKey + ".filter"));
            if (ldapProperties.getEnumValue("additionalSearch." + this.userDNSearchKey + ".scope", LDAPConnectionProperties.SearchScope.class) != null) {
                setLdapSearchScope((LDAPConnectionProperties.SearchScope) ldapProperties.getEnumValue("additionalSearch." + this.userDNSearchKey + ".scope", LDAPConnectionProperties.SearchScope.class));
            }
        } else {
            setUserDNResolving(LDAPCommonConfiguration.UserDNResolving.template);
            setUserDNTemplate(ldapProperties.getValue(LDAPConnectionProperties.USER_DN_TEMPLATE));
        }
        if (ldapProperties.isSet("embeddedTranslationProfile")) {
            setTranslationProfile(TranslationProfileGenerator.getProfileFromString(ldapProperties.getValue("embeddedTranslationProfile")));
        } else {
            setTranslationProfile(TranslationProfileGenerator.generateIncludeInputProfile(ldapProperties.getValue("translationProfile")));
        }
    }

    public void fromProperties(String str, String str2, MessageSource messageSource) {
        Properties properties = new Properties();
        try {
            properties.load(new StringReader(str));
            fromProperties(new LdapProperties(properties));
            if (str2.equals("ldap")) {
                fromPasswordRetrievalProperties(properties, messageSource);
            } else {
                fromTLSRetrievalProperties(properties, messageSource);
            }
        } catch (IOException e) {
            throw new InternalException("Invalid configuration of the ldap verificator", e);
        }
    }

    private void fromPasswordRetrievalProperties(Properties properties, MessageSource messageSource) {
        PasswordRetrievalProperties passwordRetrievalProperties = new PasswordRetrievalProperties(properties);
        setRetrievalName(passwordRetrievalProperties.getLocalizedStringWithoutFallbackToDefault(messageSource, "name"));
        setAccountAssociation(passwordRetrievalProperties.getBooleanValue("enableAssociation").booleanValue());
        setRegistrationForm(passwordRetrievalProperties.getValue("registrationFormForUnknown"));
    }

    private void fromTLSRetrievalProperties(Properties properties, MessageSource messageSource) {
        TLSRetrievalProperties tLSRetrievalProperties = new TLSRetrievalProperties(properties);
        setRetrievalName(tLSRetrievalProperties.getLocalizedStringWithoutFallbackToDefault(messageSource, "name"));
        setAccountAssociation(tLSRetrievalProperties.getBooleanValue("enableAssociation").booleanValue());
        setRegistrationForm(tLSRetrievalProperties.getValue("registrationFormForUnknown"));
    }

    public String toProperties(String str, MessageSource messageSource) throws ConfigurationException {
        Properties properties = new Properties();
        super.toProperties(LdapProperties.PREFIX, properties, messageSource);
        properties.put("ldap.bindAs", this.bindAs.toString());
        properties.put("ldap.authenticateOnly", String.valueOf(this.bindOnly));
        if (this.bindAs.equals(LdapProperties.BindAs.system) || getUserDNResolving().equals(LDAPCommonConfiguration.UserDNResolving.ldapSearch)) {
            if (getSystemDN() != null) {
                properties.put("ldap.systemDN", getSystemDN());
            }
            if (getSystemPassword() != null) {
                properties.put("ldap.systemPassword", getSystemPassword());
            }
        }
        if (!this.bindOnly) {
            properties.put("ldap.delegateGroupFiltering", String.valueOf(isDelegateGroupFiltering()));
            if (getGroupsBaseName() != null) {
                properties.put("ldap.groupsBaseName", getGroupsBaseName());
            }
            if (getMemberOfAttribute() != null) {
                properties.put("ldap.memberOfAttribute", getMemberOfAttribute());
            }
            if (getMemberOfGroupAttribute() != null) {
                properties.put("ldap.memberOfGroupAttribute", getMemberOfGroupAttribute());
            }
            if (this.groupSpecifications != null) {
                this.groupSpecifications.stream().forEach(groupSpecification -> {
                    String str2 = "ldap.groups." + (this.groupSpecifications.indexOf(groupSpecification) + 1) + ".";
                    if (groupSpecification.getGroupNameAttribute() != null) {
                        properties.put(str2 + "nameAttribute", groupSpecification.getGroupNameAttribute());
                    }
                    properties.put(str2 + "memberAttribute", groupSpecification.getMemberAttribute());
                    properties.put(str2 + "objectClass", groupSpecification.getObjectClass());
                    if (groupSpecification.getMatchByMemberAttribute() != null) {
                        properties.put(str2 + "matchByMemberAttribute", groupSpecification.getMatchByMemberAttribute());
                    }
                });
            }
            if (this.retrievalLdapAttributes != null) {
                this.retrievalLdapAttributes.stream().forEach(str2 -> {
                    properties.put("ldap.attributes." + (this.retrievalLdapAttributes.indexOf(str2) + 1), str2);
                });
            }
            if (this.searchSpecifications != null) {
                this.searchSpecifications.stream().forEach(searchSpecification -> {
                    String str3 = "ldap.additionalSearch." + (this.searchSpecifications.indexOf(searchSpecification) + 1) + ".";
                    properties.put(str3 + "baseName", searchSpecification.getBaseDN());
                    properties.put(str3 + "filter", searchSpecification.getFilter());
                    properties.put(str3 + "scope", searchSpecification.getScope().toString());
                    if (searchSpecification.getAttributes() != null) {
                        properties.put(str3 + "selectedAttributes", String.join(" ", searchSpecification.getAttributes()));
                    }
                });
            }
            try {
                properties.put("ldap.embeddedTranslationProfile", Constants.MAPPER.writeValueAsString(getTranslationProfile().toJsonObject()));
            } catch (Exception e) {
                throw new InternalException("Can't serialize ldap translation profile to JSON", e);
            }
        }
        if (getUserDNResolving().equals(LDAPCommonConfiguration.UserDNResolving.template)) {
            properties.put("ldap.userDNTemplate", getUserDNTemplate());
        } else {
            properties.put("ldap.userDNSearchKey", LDAPCommonConfiguration.USER_DN_SEARCH_KEY);
            properties.put("ldap.additionalSearch.searchUserDN." + "baseName", getLdapSearchBaseName());
            properties.put("ldap.additionalSearch.searchUserDN." + "filter", getLdapSearchFilter());
            properties.put("ldap.additionalSearch.searchUserDN." + "scope", getLdapSearchScope().toString());
        }
        if (str.equals("ldap")) {
            toPasswordRetrievalProperties(properties, messageSource);
        } else {
            toTLSRetrievalProperties(properties, messageSource);
        }
        return new LdapProperties(properties).getAsString();
    }

    private void toPasswordRetrievalProperties(Properties properties, MessageSource messageSource) {
        if (getRetrievalName() != null && !getRetrievalName().isEmpty()) {
            getRetrievalName().toProperties(properties, "retrieval.password.name", messageSource);
        }
        properties.put("retrieval.password.enableAssociation", String.valueOf(isAccountAssociation()));
        if (getRegistrationForm() != null) {
            properties.put("retrieval.password.registrationFormForUnknown", getRegistrationForm());
        }
    }

    private void toTLSRetrievalProperties(Properties properties, MessageSource messageSource) {
        if (getRetrievalName() != null && !getRetrievalName().isEmpty()) {
            getRetrievalName().toProperties(properties, "retrieval.tls.name", messageSource);
        }
        properties.put("retrieval.tls.enableAssociation", String.valueOf(isAccountAssociation()));
        if (getRegistrationForm() != null) {
            properties.put("retrieval.tls.registrationFormForUnknown", getRegistrationForm());
        }
    }

    @Override // pl.edu.icm.unity.ldap.client.config.common.LDAPCommonConfiguration
    public void validateConfiguration(PKIManagement pKIManagement) throws ConfigurationException {
        super.validateConfiguration(pKIManagement);
        validateDNResolving();
        validateUserDNSearch();
        validateBindAs();
        validateSearchSpecifications();
    }

    private void validateDNResolving() throws ConfigurationException {
        if (LdapUtils.nonEmpty(getUserDNTemplate()) && LdapUtils.nonEmpty(this.userDNSearchKey)) {
            throw new ConfigurationException("One and only one of 'userDNSearchKey' and 'userDNTemplate' must be defined");
        }
    }

    private void validateUserDNSearch() throws ConfigurationException {
        if (!getUserDNResolving().equals(LDAPCommonConfiguration.UserDNResolving.ldapSearch)) {
            if (!LdapUtils.nonEmpty(getUserDNTemplate()) || !getUserDNTemplate().contains(LDAPCommonConfiguration.USERNAME_TOKEN)) {
                throw new ConfigurationException("DN template doesn't contain the mandatory token {USERNAME}: " + getUserDNTemplate());
            }
        } else {
            if ((!LdapUtils.nonEmpty(getSystemDN()) || !LdapUtils.nonEmpty(getSystemPassword())) && this.bindAs != LdapProperties.BindAs.none) {
                throw new ConfigurationException("To search for users with 'userDNSearchKey' system credentials must be defined or bindAs must be set to 'none'.");
            }
            if (!LdapUtils.nonEmpty(getLdapSearchBaseName()) || !LdapUtils.nonEmpty(getLdapSearchFilter()) || getLdapSearchScope() == null) {
                throw new ConfigurationException("A search with the key " + this.userDNSearchKey + " used for searching users is not correctly defined");
            }
            try {
                SearchSpecification.createFilter(getLdapSearchFilter(), "test");
            } catch (LDAPException e) {
                throw new ConfigurationException("A search filter " + getLdapSearchFilter() + "is invalid");
            }
        }
    }

    private void validateBindAs() throws ConfigurationException {
        if (this.bindAs == LdapProperties.BindAs.system) {
            if (getSystemDN() == null || getSystemPassword() == null) {
                throw new ConfigurationException("When binding as system all system DN and password name must be configured.");
            }
        }
    }

    private void validateSearchSpecifications() throws ConfigurationException {
        for (SearchSpecification searchSpecification : this.searchSpecifications) {
            try {
                searchSpecification.getFilter("test");
            } catch (LDAPException e) {
                throw new ConfigurationException("The additional search query filter is invalid: " + searchSpecification.getFilter(), e);
            }
        }
    }

    public boolean isBindOnly() {
        return this.bindOnly;
    }

    public void setBindOnly(boolean z) {
        this.bindOnly = z;
    }

    public LdapProperties.BindAs getBindAs() {
        return this.bindAs;
    }

    public void setBindAs(LdapProperties.BindAs bindAs) {
        this.bindAs = bindAs;
    }

    public TranslationProfile getTranslationProfile() {
        return this.translationProfile;
    }

    public void setTranslationProfile(TranslationProfile translationProfile) {
        this.translationProfile = translationProfile;
    }

    public boolean isDelegateGroupFiltering() {
        return this.delegateGroupFiltering;
    }

    public void setDelegateGroupFiltering(boolean z) {
        this.delegateGroupFiltering = z;
    }

    public String getGroupsBaseName() {
        return this.groupsBaseName;
    }

    public void setGroupsBaseName(String str) {
        this.groupsBaseName = str;
    }

    public String getMemberOfAttribute() {
        return this.memberOfAttribute;
    }

    public void setMemberOfAttribute(String str) {
        this.memberOfAttribute = str;
    }

    public String getMemberOfGroupAttribute() {
        return this.memberOfGroupAttribute;
    }

    public void setMemberOfGroupAttribute(String str) {
        this.memberOfGroupAttribute = str;
    }

    public List<GroupSpecification> getGroupSpecifications() {
        return this.groupSpecifications;
    }

    public void setGroupSpecifications(List<GroupSpecification> list) {
        this.groupSpecifications = list;
    }

    public List<String> getRetrievalLdapAttributes() {
        return this.retrievalLdapAttributes;
    }

    public void setRetrievalLdapAttributes(List<String> list) {
        this.retrievalLdapAttributes = list;
    }

    public List<SearchSpecification> getSearchSpecifications() {
        return this.searchSpecifications;
    }

    public void setSearchSpecifications(List<SearchSpecification> list) {
        this.searchSpecifications = list;
    }

    public String getUserDNSearchKey() {
        return this.userDNSearchKey;
    }

    public I18nString getRetrievalName() {
        return this.retrievalName;
    }

    public void setRetrievalName(I18nString i18nString) {
        this.retrievalName = i18nString;
    }

    public boolean isAccountAssociation() {
        return this.accountAssociation;
    }

    public void setAccountAssociation(boolean z) {
        this.accountAssociation = z;
    }

    public String getRegistrationForm() {
        return this.registrationForm;
    }

    public void setRegistrationForm(String str) {
        this.registrationForm = str;
    }
}
