package org.apereo.cas.web.security;

import java.util.Arrays;
import java.util.Collections;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authorization.LdapUserAttributesToRolesAuthorizationGenerator;
import org.apereo.cas.authorization.LdapUserGroupsToRolesAuthorizationGenerator;
import org.apereo.cas.configuration.model.core.web.security.AdminPagesSecurityProperties;
import org.apereo.cas.configuration.model.support.ldap.LdapAuthorizationProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.web.ldap.LdapAuthenticationProvider;
import org.ldaptive.SearchExecutor;
import org.ldaptive.pool.PooledConnectionFactory;
import org.pac4j.core.authorization.generator.AuthorizationGenerator;
import org.pac4j.core.profile.CommonProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.authentication.ProviderManagerBuilder;

/* loaded from: input_file:org/apereo/cas/web/security/CasLdapUserDetailsManagerConfigurer.class */
public class CasLdapUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>> extends SecurityConfigurerAdapter<AuthenticationManager, B> {
    private static final Logger LOGGER = LoggerFactory.getLogger(CasLdapUserDetailsManagerConfigurer.class);
    private final AdminPagesSecurityProperties adminPagesSecurityProperties;

    public CasLdapUserDetailsManagerConfigurer(AdminPagesSecurityProperties adminPagesSecurityProperties) {
        this.adminPagesSecurityProperties = adminPagesSecurityProperties;
    }

    private AuthenticationProvider buildLdapAuthenticationProvider() {
        return new LdapAuthenticationProvider(build(), this.adminPagesSecurityProperties);
    }

    private AuthorizationGenerator<CommonProfile> build() {
        LdapAuthorizationProperties ldapAuthz = this.adminPagesSecurityProperties.getLdap().getLdapAuthz();
        PooledConnectionFactory newLdaptivePooledConnectionFactory = Beans.newLdaptivePooledConnectionFactory(this.adminPagesSecurityProperties.getLdap());
        if (isGroupBasedAuthorization()) {
            LOGGER.debug("Handling LDAP authorization based on groups");
            return new LdapUserGroupsToRolesAuthorizationGenerator(newLdaptivePooledConnectionFactory, ldapAuthorizationGeneratorUserSearchExecutor(), ldapAuthz.isAllowMultipleResults(), ldapAuthz.getGroupAttribute(), ldapAuthz.getGroupPrefix(), ldapAuthorizationGeneratorGroupSearchExecutor());
        }
        LOGGER.debug("Handling LDAP authorization based on attributes and roles");
        return new LdapUserAttributesToRolesAuthorizationGenerator(newLdaptivePooledConnectionFactory, ldapAuthorizationGeneratorUserSearchExecutor(), ldapAuthz.isAllowMultipleResults(), ldapAuthz.getRoleAttribute(), ldapAuthz.getRolePrefix());
    }

    private boolean isGroupBasedAuthorization() {
        LdapAuthorizationProperties ldapAuthz = this.adminPagesSecurityProperties.getLdap().getLdapAuthz();
        return StringUtils.isNotBlank(ldapAuthz.getGroupFilter()) && StringUtils.isNotBlank(ldapAuthz.getGroupAttribute());
    }

    private SearchExecutor ldapAuthorizationGeneratorUserSearchExecutor() {
        LdapAuthorizationProperties ldapAuthz = this.adminPagesSecurityProperties.getLdap().getLdapAuthz();
        return Beans.newLdaptiveSearchExecutor(ldapAuthz.getBaseDn(), ldapAuthz.getSearchFilter(), Collections.emptyList(), Arrays.asList(ldapAuthz.getRoleAttribute()));
    }

    private SearchExecutor ldapAuthorizationGeneratorGroupSearchExecutor() {
        LdapAuthorizationProperties ldapAuthz = this.adminPagesSecurityProperties.getLdap().getLdapAuthz();
        return Beans.newLdaptiveSearchExecutor(ldapAuthz.getGroupBaseDn(), ldapAuthz.getGroupFilter(), Collections.emptyList(), Arrays.asList(ldapAuthz.getGroupAttribute()));
    }

    public void configure(B b) throws Exception {
        b.authenticationProvider((AuthenticationProvider) postProcess(buildLdapAuthenticationProvider()));
    }
}
