package io.imunity.otp.ldap;

import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPException;
import eu.unicore.util.configuration.ConfigurationException;
import io.imunity.otp.HashFunction;
import io.imunity.otp.OTPRetrievalProperties;
import java.io.IOException;
import java.io.StringReader;
import java.util.Properties;
import pl.edu.icm.unity.base.exceptions.InternalException;
import pl.edu.icm.unity.base.i18n.I18nString;
import pl.edu.icm.unity.base.message.MessageSource;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.ldap.client.LdapUtils;
import pl.edu.icm.unity.ldap.client.config.SearchSpecification;
import pl.edu.icm.unity.ldap.client.config.common.LDAPCommonConfiguration;
import pl.edu.icm.unity.ldap.client.config.common.LDAPConnectionProperties;

/* loaded from: input_file:io/imunity/otp/ldap/OTPWithLDAPConfiguration.class */
public class OTPWithLDAPConfiguration extends LDAPCommonConfiguration {
    private String secretAttribute;
    private int codeLength;
    private HashFunction hashFunction;
    private int timeStepSeconds;
    private int allowedTimeDriftSteps = 3;
    private I18nString retrievalName = new I18nString();

    public OTPWithLDAPConfiguration() {
        setCodeLength(6);
        setHashFunction(OTPWithLDAPProperties.DEFAULT_OTP_HASH_FUNCTION);
        setAllowedTimeDriftSteps(3);
        setTimeStepSeconds(30);
    }

    public void fromProperties(OTPWithLDAPProperties oTPWithLDAPProperties) {
        super.fromProperties(oTPWithLDAPProperties);
        if (oTPWithLDAPProperties.getValue("userDNTemplate") == null) {
            setUserDNResolving(LDAPCommonConfiguration.UserDNResolving.ldapSearch);
            setLdapSearchBaseName(oTPWithLDAPProperties.getValue(OTPWithLDAPProperties.LDAP_SEARCH_BASENAME));
            setLdapSearchFilter(oTPWithLDAPProperties.getValue(OTPWithLDAPProperties.LDAP_SEARCH_FILTER));
            if (oTPWithLDAPProperties.getEnumValue(OTPWithLDAPProperties.LDAP_SEARCH_SCOPE, LDAPConnectionProperties.SearchScope.class) != null) {
                setLdapSearchScope((LDAPConnectionProperties.SearchScope) oTPWithLDAPProperties.getEnumValue(OTPWithLDAPProperties.LDAP_SEARCH_SCOPE, LDAPConnectionProperties.SearchScope.class));
            }
        } else {
            setUserDNResolving(LDAPCommonConfiguration.UserDNResolving.template);
            setUserDNTemplate(oTPWithLDAPProperties.getValue("userDNTemplate"));
        }
        setCodeLength(oTPWithLDAPProperties.getIntValue(OTPWithLDAPProperties.OTP_CODE_LENGHT).intValue());
        setTimeStepSeconds(oTPWithLDAPProperties.getIntValue(OTPWithLDAPProperties.OTP_TIME_STEP_SECODS).intValue());
        setHashFunction((HashFunction) oTPWithLDAPProperties.getEnumValue(OTPWithLDAPProperties.OTP_HASH_FUNCTION, HashFunction.class));
        setSecretAttribute(oTPWithLDAPProperties.getValue(OTPWithLDAPProperties.OTP_SECRET_URI_ATTRIBUTE));
        setAllowedTimeDriftSteps(oTPWithLDAPProperties.getIntValue(OTPWithLDAPProperties.OTP_ALLOWED_TIME_DRIFT_STEPS).intValue());
    }

    public void fromProperties(String str, MessageSource messageSource) {
        Properties properties = new Properties();
        try {
            properties.load(new StringReader(str));
            fromProperties(new OTPWithLDAPProperties(properties));
            setRetrievalName(new OTPRetrievalProperties(properties).getLocalizedStringWithoutFallbackToDefault(messageSource, "name"));
        } catch (IOException e) {
            throw new InternalException("Invalid configuration of the ldap verificator", e);
        }
    }

    public String toProperties(MessageSource messageSource) throws ConfigurationException {
        Properties properties = new Properties();
        super.toProperties(OTPWithLDAPProperties.PREFIX, properties, messageSource);
        if (getSystemDN() != null) {
            properties.put("otpldap.systemDN", getSystemDN());
        }
        if (getSystemPassword() != null) {
            properties.put("otpldap.systemPassword", getSystemPassword());
        }
        if (getUserDNResolving().equals(LDAPCommonConfiguration.UserDNResolving.template)) {
            properties.put("otpldap.userDNTemplate", getUserDNTemplate());
        } else {
            properties.put("otpldap.searchBaseName", getLdapSearchBaseName());
            properties.put("otpldap.searchFilter", getLdapSearchFilter());
            properties.put("otpldap.searchScope", getLdapSearchScope().toString());
        }
        properties.put("otpldap.otpCodeLenght", String.valueOf(this.codeLength));
        properties.put("otpldap.otpAllowedTimeDriftSteps", String.valueOf(this.allowedTimeDriftSteps));
        properties.put("otpldap.otpHashFunction", this.hashFunction.toString());
        properties.put("otpldap.otpSecretURIAttribute", this.secretAttribute);
        properties.put("otpldap.otpTimeStepSeconds", String.valueOf(this.timeStepSeconds));
        if (getRetrievalName() != null && !getRetrievalName().isEmpty()) {
            getRetrievalName().toProperties(properties, "otp.name", messageSource);
        }
        return new OTPWithLDAPProperties(properties).getAsString();
    }

    public void validateConfiguration(PKIManagement pKIManagement) throws ConfigurationException {
        super.validateConfiguration(pKIManagement);
        validateDNResolving();
        validateUserDNTemplate();
        validateUserDNSearch();
        validateBindAs();
        validateValidUserFilter();
    }

    private void validateUserDNTemplate() throws ConfigurationException {
        String userDNTemplate = getUserDNTemplate();
        if (LdapUtils.nonEmpty(userDNTemplate) && !userDNTemplate.contains("{USERNAME}")) {
            throw new ConfigurationException("DN template doesn't contain the mandatory token {USERNAME}: " + userDNTemplate);
        }
    }

    private void validateDNResolving() throws ConfigurationException {
        if (LdapUtils.nonEmpty(getUserDNTemplate()) && LdapUtils.nonEmpty(getLdapSearchBaseName())) {
            throw new ConfigurationException("One and only one of 'searchBaseName' and 'userDNTemplate' must be defined");
        }
    }

    private void validateUserDNSearch() throws ConfigurationException {
        if (!getUserDNResolving().equals(LDAPCommonConfiguration.UserDNResolving.ldapSearch)) {
            if (!LdapUtils.nonEmpty(getUserDNTemplate()) || !getUserDNTemplate().contains("{USERNAME}")) {
                throw new ConfigurationException("DN template doesn't contain the mandatory token {USERNAME}: " + getUserDNTemplate());
            }
        } else {
            if (!LdapUtils.nonEmpty(getLdapSearchBaseName()) || !LdapUtils.nonEmpty(getLdapSearchFilter()) || getLdapSearchScope() == null) {
                throw new ConfigurationException("A search used for searching users is not correctly defined");
            }
            try {
                SearchSpecification.createFilter(getLdapSearchFilter(), "test");
            } catch (LDAPException e) {
                throw new ConfigurationException("A search filter " + getLdapSearchFilter() + "is invalid");
            }
        }
    }

    private void validateBindAs() throws ConfigurationException {
        if (getSystemDN() == null || getSystemPassword() == null) {
            throw new ConfigurationException("When binding as system all system DN and password name must be configured.");
        }
    }

    private void validateValidUserFilter() throws ConfigurationException {
        if (getValidUserFilter() != null) {
            try {
                Filter.create(getValidUserFilter());
            } catch (LDAPException e) {
                throw new ConfigurationException("Valid users filter is invalid.", e);
            }
        }
    }

    public I18nString getRetrievalName() {
        return this.retrievalName;
    }

    public void setRetrievalName(I18nString i18nString) {
        this.retrievalName = i18nString;
    }

    public String getSecretAttribute() {
        return this.secretAttribute;
    }

    public void setSecretAttribute(String str) {
        this.secretAttribute = str;
    }

    public int getCodeLength() {
        return this.codeLength;
    }

    public void setCodeLength(int i) {
        this.codeLength = i;
    }

    public HashFunction getHashFunction() {
        return this.hashFunction;
    }

    public void setHashFunction(HashFunction hashFunction) {
        this.hashFunction = hashFunction;
    }

    public int getTimeStepSeconds() {
        return this.timeStepSeconds;
    }

    public void setTimeStepSeconds(int i) {
        this.timeStepSeconds = i;
    }

    public int getAllowedTimeDriftSteps() {
        return this.allowedTimeDriftSteps;
    }

    public void setAllowedTimeDriftSteps(int i) {
        this.allowedTimeDriftSteps = i;
    }
}
