package org.graylog.security.authservice.backend;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeName;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import com.google.auto.value.AutoValue;
import com.google.common.collect.ImmutableList;
import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPException;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.graylog.security.authservice.AuthServiceBackendConfig;
import org.graylog.security.authservice.backend.AutoValue_ADAuthServiceBackendConfig;
import org.graylog.security.authservice.ldap.LDAPConnectorConfig;
import org.graylog.security.authservice.ldap.LDAPConnectorConfigProvider;
import org.graylog.security.authservice.ldap.LDAPTransportSecurity;
import org.graylog2.plugin.rest.ValidationResult;
import org.graylog2.security.encryption.EncryptedValue;

@AutoValue
@JsonDeserialize(builder = Builder.class)
@JsonTypeName(ADAuthServiceBackend.TYPE_NAME)
/* loaded from: input_file:org/graylog/security/authservice/backend/ADAuthServiceBackendConfig.class */
public abstract class ADAuthServiceBackendConfig implements AuthServiceBackendConfig, LDAPConnectorConfigProvider {
    private static final String FIELD_SERVERS = "servers";
    private static final String FIELD_TRANSPORT_SECURITY = "transport_security";
    private static final String FIELD_VERIFY_CERTIFICATES = "verify_certificates";
    private static final String FIELD_SYSTEM_USER_DN = "system_user_dn";
    private static final String FIELD_SYSTEM_USER_PASSWORD = "system_user_password";
    private static final String FIELD_USER_SEARCH_BASE = "user_search_base";
    private static final String FIELD_USER_SEARCH_PATTERN = "user_search_pattern";
    private static final String FIELD_USER_NAME_ATTRIBUTE = "user_name_attribute";
    private static final String FIELD_USER_FULL_NAME_ATTRIBUTE = "user_full_name_attribute";

    @AutoValue.Builder
    /* loaded from: input_file:org/graylog/security/authservice/backend/ADAuthServiceBackendConfig$Builder.class */
    public static abstract class Builder implements AuthServiceBackendConfig.Builder<Builder> {
        @JsonCreator
        public static Builder create() {
            return new AutoValue_ADAuthServiceBackendConfig.Builder().type(ADAuthServiceBackend.TYPE_NAME).verifyCertificates(true).systemUserDn("").systemUserPassword(EncryptedValue.createUnset()).userSearchPattern(ADAuthServiceBackend.AD_DEFAULT_USER_SEARCH_PATTERN.toNormalizedString()).userNameAttribute(ADAuthServiceBackend.AD_USER_PRINCIPAL_NAME).userFullNameAttribute("displayName");
        }

        @JsonProperty(ADAuthServiceBackendConfig.FIELD_SERVERS)
        public abstract Builder servers(List<HostAndPort> list);

        @JsonProperty(ADAuthServiceBackendConfig.FIELD_TRANSPORT_SECURITY)
        public abstract Builder transportSecurity(LDAPTransportSecurity lDAPTransportSecurity);

        @JsonProperty(ADAuthServiceBackendConfig.FIELD_VERIFY_CERTIFICATES)
        public abstract Builder verifyCertificates(boolean z);

        @JsonProperty(ADAuthServiceBackendConfig.FIELD_SYSTEM_USER_DN)
        public abstract Builder systemUserDn(String str);

        @JsonProperty(ADAuthServiceBackendConfig.FIELD_SYSTEM_USER_PASSWORD)
        public abstract Builder systemUserPassword(EncryptedValue encryptedValue);

        @JsonProperty(ADAuthServiceBackendConfig.FIELD_USER_SEARCH_BASE)
        public abstract Builder userSearchBase(String str);

        @JsonProperty(ADAuthServiceBackendConfig.FIELD_USER_SEARCH_PATTERN)
        public abstract Builder userSearchPattern(String str);

        @JsonProperty(ADAuthServiceBackendConfig.FIELD_USER_NAME_ATTRIBUTE)
        public abstract Builder userNameAttribute(String str);

        @JsonProperty(ADAuthServiceBackendConfig.FIELD_USER_FULL_NAME_ATTRIBUTE)
        public abstract Builder userFullNameAttribute(String str);

        public abstract ADAuthServiceBackendConfig build();
    }

    @AutoValue
    /* loaded from: input_file:org/graylog/security/authservice/backend/ADAuthServiceBackendConfig$HostAndPort.class */
    public static abstract class HostAndPort {
        @JsonProperty("host")
        public abstract String host();

        @JsonProperty("port")
        public abstract int port();

        @JsonCreator
        public static HostAndPort create(@JsonProperty("host") String str, @JsonProperty("port") int i) {
            return new AutoValue_ADAuthServiceBackendConfig_HostAndPort(str, i);
        }

        public String toString() {
            return host() + ":" + port();
        }
    }

    @JsonProperty(FIELD_SERVERS)
    public abstract ImmutableList<HostAndPort> servers();

    @JsonProperty(FIELD_TRANSPORT_SECURITY)
    public abstract LDAPTransportSecurity transportSecurity();

    @JsonProperty(FIELD_VERIFY_CERTIFICATES)
    public abstract boolean verifyCertificates();

    @JsonProperty(FIELD_SYSTEM_USER_DN)
    public abstract String systemUserDn();

    @JsonProperty(FIELD_SYSTEM_USER_PASSWORD)
    public abstract EncryptedValue systemUserPassword();

    @JsonProperty(FIELD_USER_SEARCH_BASE)
    public abstract String userSearchBase();

    @JsonProperty(FIELD_USER_SEARCH_PATTERN)
    public abstract String userSearchPattern();

    @JsonProperty(FIELD_USER_NAME_ATTRIBUTE)
    public abstract String userNameAttribute();

    @JsonProperty(FIELD_USER_FULL_NAME_ATTRIBUTE)
    public abstract String userFullNameAttribute();

    @Override // org.graylog.security.authservice.AuthServiceBackendConfig
    public void validate(ValidationResult validationResult) {
        if (servers().size() > 1) {
            validationResult.addError(FIELD_SERVERS, "Currently only a single server URL is supported.");
        }
        if (StringUtils.isBlank(userSearchBase())) {
            validationResult.addError(FIELD_USER_SEARCH_BASE, "User search base cannot be empty.");
        }
        if (StringUtils.isBlank(userSearchPattern())) {
            validationResult.addError(FIELD_USER_SEARCH_PATTERN, "User search pattern cannot be empty.");
        } else {
            try {
                Filter.create(userSearchPattern());
            } catch (LDAPException e) {
                validationResult.addError(FIELD_USER_SEARCH_PATTERN, "User search pattern cannot be parsed. It must be a valid LDAP filter.");
            }
        }
        if (StringUtils.isBlank(userNameAttribute())) {
            validationResult.addError(FIELD_USER_NAME_ATTRIBUTE, "User name attribute cannot be empty.");
        }
        if (StringUtils.isBlank(userFullNameAttribute())) {
            validationResult.addError(FIELD_USER_FULL_NAME_ATTRIBUTE, "User full name cannot be empty.");
        }
    }

    @Override // org.graylog.security.authservice.ldap.LDAPConnectorConfigProvider
    public LDAPConnectorConfig getLDAPConnectorConfig() {
        return LDAPConnectorConfig.builder().serverList((List) servers().stream().map(hostAndPort -> {
            return LDAPConnectorConfig.LDAPServer.create(hostAndPort.host(), hostAndPort.port());
        }).collect(Collectors.toList())).systemUsername(StringUtils.trimToNull(systemUserDn())).systemPassword(systemUserPassword()).transportSecurity(transportSecurity()).verifyCertificates(verifyCertificates()).build();
    }

    public abstract Builder toBuilder();

    public static Builder builder() {
        return Builder.create();
    }
}
