package pro.taskana.common.rest.ldap;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.List;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.PostConstruct;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.AbstractContextMapper;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.filter.OrFilter;
import org.springframework.ldap.filter.WhitespaceWildcardsFilter;
import org.springframework.ldap.support.LdapNameBuilder;
import org.springframework.stereotype.Component;
import pro.taskana.common.api.exceptions.InvalidArgumentException;
import pro.taskana.common.api.exceptions.SystemException;
import pro.taskana.common.rest.models.AccessIdRepresentationModel;

@Component
/* loaded from: input_file:pro/taskana/common/rest/ldap/LdapClient.class */
public class LdapClient {
    private static final Logger LOGGER = LoggerFactory.getLogger(LdapClient.class);
    private static final String CN = "cn";
    private final Environment env;
    private final LdapTemplate ldapTemplate;
    private boolean active = false;
    private int minSearchForLength;
    private int maxNumberOfReturnedAccessIds;
    private String message;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:pro/taskana/common/rest/ldap/LdapClient$DnContextMapper.class */
    public class DnContextMapper extends AbstractContextMapper<AccessIdRepresentationModel> {
        DnContextMapper() {
        }

        /* renamed from: doMapFromContext, reason: merged with bridge method [inline-methods] */
        public AccessIdRepresentationModel m7doMapFromContext(DirContextOperations dirContextOperations) {
            AccessIdRepresentationModel accessIdRepresentationModel = new AccessIdRepresentationModel();
            String stringAttribute = dirContextOperations.getStringAttribute(LdapClient.this.getUserIdAttribute());
            if (stringAttribute != null) {
                accessIdRepresentationModel.setAccessId(stringAttribute);
                accessIdRepresentationModel.setName(String.format("%s, %s", dirContextOperations.getStringAttribute(LdapClient.this.getUserLastnameAttribute()), dirContextOperations.getStringAttribute(LdapClient.this.getUserFirstnameAttribute())));
            } else {
                accessIdRepresentationModel.setAccessId(LdapClient.this.getDnWithBaseDn(dirContextOperations.getDn().toString()));
                accessIdRepresentationModel.setName(dirContextOperations.getStringAttribute(LdapClient.this.getGroupNameAttribute()));
            }
            return accessIdRepresentationModel;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:pro/taskana/common/rest/ldap/LdapClient$GroupContextMapper.class */
    public class GroupContextMapper extends AbstractContextMapper<AccessIdRepresentationModel> {
        GroupContextMapper() {
        }

        /* renamed from: doMapFromContext, reason: merged with bridge method [inline-methods] */
        public AccessIdRepresentationModel m8doMapFromContext(DirContextOperations dirContextOperations) {
            AccessIdRepresentationModel accessIdRepresentationModel = new AccessIdRepresentationModel();
            accessIdRepresentationModel.setAccessId(LdapClient.this.getDnWithBaseDn(dirContextOperations.getDn().toString()));
            accessIdRepresentationModel.setName(dirContextOperations.getStringAttribute(LdapClient.this.getGroupNameAttribute()));
            return accessIdRepresentationModel;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:pro/taskana/common/rest/ldap/LdapClient$UserContextMapper.class */
    public class UserContextMapper extends AbstractContextMapper<AccessIdRepresentationModel> {
        UserContextMapper() {
        }

        /* renamed from: doMapFromContext, reason: merged with bridge method [inline-methods] */
        public AccessIdRepresentationModel m9doMapFromContext(DirContextOperations dirContextOperations) {
            AccessIdRepresentationModel accessIdRepresentationModel = new AccessIdRepresentationModel();
            accessIdRepresentationModel.setAccessId(dirContextOperations.getStringAttribute(LdapClient.this.getUserIdAttribute()));
            accessIdRepresentationModel.setName(String.format("%s, %s", dirContextOperations.getStringAttribute(LdapClient.this.getUserLastnameAttribute()), dirContextOperations.getStringAttribute(LdapClient.this.getUserFirstnameAttribute())));
            return accessIdRepresentationModel;
        }
    }

    @Autowired
    public LdapClient(Environment environment, LdapTemplate ldapTemplate) {
        this.env = environment;
        this.ldapTemplate = ldapTemplate;
    }

    public List<AccessIdRepresentationModel> searchUsersAndGroups(String str) throws InvalidArgumentException {
        LOGGER.debug("entry to searchUsersAndGroups(name = {})", str);
        isInitOrFail();
        testMinSearchForLength(str);
        ArrayList arrayList = new ArrayList();
        if (nameIsDn(str)) {
            AccessIdRepresentationModel searchAccessIdByDn = searchAccessIdByDn(str);
            if (searchAccessIdByDn != null) {
                arrayList.add(searchAccessIdByDn);
            }
        } else {
            arrayList.addAll(searchUsersByNameOrAccessId(str));
            arrayList.addAll(searchGroupsByName(str));
        }
        sortListOfAccessIdResources(arrayList);
        List<AccessIdRepresentationModel> firstPageOfaResultList = getFirstPageOfaResultList(arrayList);
        LOGGER.debug("exit from searchUsersAndGroups(name = {}). Returning {} users and groups: {}", new Object[]{str, Integer.valueOf(arrayList.size()), firstPageOfaResultList});
        return firstPageOfaResultList;
    }

    public List<AccessIdRepresentationModel> searchUsersByNameOrAccessId(String str) throws InvalidArgumentException {
        LOGGER.debug("entry to searchUsersByNameOrAccessId(name = {}).", str);
        isInitOrFail();
        testMinSearchForLength(str);
        AndFilter andFilter = new AndFilter();
        andFilter.and(new EqualsFilter(getUserSearchFilterName(), getUserSearchFilterValue()));
        OrFilter orFilter = new OrFilter();
        orFilter.or(new WhitespaceWildcardsFilter(getUserFirstnameAttribute(), str));
        orFilter.or(new WhitespaceWildcardsFilter(getUserLastnameAttribute(), str));
        orFilter.or(new WhitespaceWildcardsFilter(getUserFullnameAttribute(), str));
        orFilter.or(new WhitespaceWildcardsFilter(getUserIdAttribute(), str));
        andFilter.and(orFilter);
        List<AccessIdRepresentationModel> search = this.ldapTemplate.search(getUserSearchBase(), andFilter.encode(), 2, getLookUpUserAttributesToReturn(), new UserContextMapper());
        LOGGER.debug("exit from searchUsersByNameOrAccessId. Retrieved the following users: {}.", search);
        return search;
    }

    public List<AccessIdRepresentationModel> getUsersByAccessId(String str) {
        LOGGER.debug("entry to searchUsersByAccessId(name = {}).", str);
        isInitOrFail();
        AndFilter andFilter = new AndFilter();
        andFilter.and(new EqualsFilter(getUserSearchFilterName(), getUserSearchFilterValue()));
        andFilter.and(new EqualsFilter(getUserIdAttribute(), str));
        List<AccessIdRepresentationModel> search = this.ldapTemplate.search(getUserSearchBase(), andFilter.encode(), 2, new String[]{getUserFirstnameAttribute(), getUserLastnameAttribute(), getUserIdAttribute()}, new UserContextMapper());
        LOGGER.debug("exit from searchUsersByAccessId. Retrieved the following users: {}.", search);
        return search;
    }

    public List<AccessIdRepresentationModel> searchGroupsByName(String str) throws InvalidArgumentException {
        LOGGER.debug("entry to searchGroupsByName(name = {}).", str);
        isInitOrFail();
        testMinSearchForLength(str);
        AndFilter andFilter = new AndFilter();
        andFilter.and(new EqualsFilter(getGroupSearchFilterName(), getGroupSearchFilterValue()));
        OrFilter orFilter = new OrFilter();
        orFilter.or(new WhitespaceWildcardsFilter(getGroupNameAttribute(), str));
        if (!CN.equals(getGroupNameAttribute())) {
            orFilter.or(new WhitespaceWildcardsFilter(CN, str));
        }
        andFilter.and(orFilter);
        List<AccessIdRepresentationModel> search = this.ldapTemplate.search(getGroupSearchBase(), andFilter.encode(), 2, getLookUpGroupAttributesToReturn(), new GroupContextMapper());
        LOGGER.debug("Exit from searchGroupsByName. Retrieved the following groups: {}", search);
        return search;
    }

    public AccessIdRepresentationModel searchAccessIdByDn(String str) {
        LOGGER.debug("entry to searchGroupByDn(name = {}).", str);
        isInitOrFail();
        String nameWithoutBaseDn = getNameWithoutBaseDn(str);
        LOGGER.debug("Removed baseDN {} from given DN. New DN to be used: {}", getBaseDn(), nameWithoutBaseDn);
        AccessIdRepresentationModel accessIdRepresentationModel = (AccessIdRepresentationModel) this.ldapTemplate.lookup(nameWithoutBaseDn, getLookUpUserAndGroupAttributesToReturn(), new DnContextMapper());
        LOGGER.debug("Exit from searchGroupByDn. Retrieved the following group: {}", accessIdRepresentationModel);
        return accessIdRepresentationModel;
    }

    public List<AccessIdRepresentationModel> searchGroupsAccessIdIsMemberOf(String str) throws InvalidArgumentException {
        LOGGER.debug("entry to searchGroupsAccessIdIsMemberOf(name = {}).", str);
        isInitOrFail();
        testMinSearchForLength(str);
        AndFilter andFilter = new AndFilter();
        andFilter.and(new EqualsFilter(getGroupSearchFilterName(), getGroupSearchFilterValue()));
        OrFilter orFilter = new OrFilter();
        orFilter.or(new EqualsFilter(getGroupsOfUser(), str));
        orFilter.or(new EqualsFilter(getGroupsOfUser(), LdapNameBuilder.newInstance().add(getBaseDn()).add(getUserSearchBase()).add("uid", str).build().toString()));
        andFilter.and(orFilter);
        List<AccessIdRepresentationModel> search = this.ldapTemplate.search(getGroupSearchBase(), andFilter.encode(), 2, new String[]{getUserIdAttribute(), getGroupNameAttribute()}, new GroupContextMapper());
        LOGGER.debug("exit from searchGroupsAccessIdIsMemberOf. Retrieved the following accessIds: {}.", search);
        return search;
    }

    public boolean validateAccessId(String str) {
        LOGGER.debug("entry to validateAccessId(name = {})", str);
        isInitOrFail();
        if (nameIsDn(str)) {
            return searchAccessIdByDn(str) != null;
        }
        AndFilter andFilter = new AndFilter();
        andFilter.and(new EqualsFilter(getUserSearchFilterName(), getUserSearchFilterValue()));
        OrFilter orFilter = new OrFilter();
        orFilter.or(new EqualsFilter(getUserIdAttribute(), str));
        andFilter.and(orFilter);
        return !this.ldapTemplate.search(getUserSearchBase(), andFilter.encode(), 2, getLookUpUserAttributesToReturn(), new UserContextMapper()).isEmpty();
    }

    public String getUserSearchBase() {
        return LdapSettings.TASKANA_LDAP_USER_SEARCH_BASE.getValueFromEnv(this.env);
    }

    public String getUserSearchFilterName() {
        return LdapSettings.TASKANA_LDAP_USER_SEARCH_FILTER_NAME.getValueFromEnv(this.env);
    }

    public String getUserSearchFilterValue() {
        return LdapSettings.TASKANA_LDAP_USER_SEARCH_FILTER_VALUE.getValueFromEnv(this.env);
    }

    public String getUserFirstnameAttribute() {
        return LdapSettings.TASKANA_LDAP_USER_FIRSTNAME_ATTRIBUTE.getValueFromEnv(this.env);
    }

    public String getUserLastnameAttribute() {
        return LdapSettings.TASKANA_LDAP_USER_LASTNAME_ATTRIBUTE.getValueFromEnv(this.env);
    }

    public String getUserIdAttribute() {
        return LdapSettings.TASKANA_LDAP_USER_ID_ATTRIBUTE.getValueFromEnv(this.env);
    }

    public String getGroupSearchBase() {
        return LdapSettings.TASKANA_LDAP_GROUP_SEARCH_BASE.getValueFromEnv(this.env);
    }

    public String getBaseDn() {
        return LdapSettings.TASKANA_LDAP_BASE_DN.getValueFromEnv(this.env);
    }

    public String getGroupSearchFilterName() {
        return LdapSettings.TASKANA_LDAP_GROUP_SEARCH_FILTER_NAME.getValueFromEnv(this.env);
    }

    public String getGroupSearchFilterValue() {
        return LdapSettings.TASKANA_LDAP_GROUP_SEARCH_FILTER_VALUE.getValueFromEnv(this.env);
    }

    public String getGroupNameAttribute() {
        return LdapSettings.TASKANA_LDAP_GROUP_NAME_ATTRIBUTE.getValueFromEnv(this.env);
    }

    public int calcMinSearchForLength(int i) {
        String valueFromEnv = LdapSettings.TASKANA_LDAP_MIN_SEARCH_FOR_LENGTH.getValueFromEnv(this.env);
        return (valueFromEnv == null || valueFromEnv.isEmpty()) ? i : Integer.parseInt(valueFromEnv);
    }

    public int getMinSearchForLength() {
        return this.minSearchForLength;
    }

    public int calcMaxNumberOfReturnedAccessIds(int i) {
        String valueFromEnv = LdapSettings.TASKANA_LDAP_MAX_NUMBER_OF_RETURNED_ACCESS_IDS.getValueFromEnv(this.env);
        return (valueFromEnv == null || valueFromEnv.isEmpty()) ? i : Integer.parseInt(valueFromEnv);
    }

    public int getMaxNumberOfReturnedAccessIds() {
        return this.maxNumberOfReturnedAccessIds;
    }

    public String getGroupsOfUser() {
        return LdapSettings.TASKANA_LDAP_GROUPS_OF_USER.getValueFromEnv(this.env);
    }

    public boolean isUser(String str) {
        return !getUsersByAccessId(str).isEmpty();
    }

    boolean nameIsDn(String str) {
        return str.toLowerCase().endsWith(getBaseDn().toLowerCase());
    }

    List<AccessIdRepresentationModel> getFirstPageOfaResultList(List<AccessIdRepresentationModel> list) {
        return list.subList(0, Math.min(list.size(), this.maxNumberOfReturnedAccessIds));
    }

    void isInitOrFail() {
        if (!this.active) {
            throw new SystemException(String.format("LdapClient was called but is not active due to missing configuration: %s", this.message));
        }
    }

    void sortListOfAccessIdResources(List<AccessIdRepresentationModel> list) {
        list.sort(Comparator.comparing((v0) -> {
            return v0.getAccessId();
        }, String.CASE_INSENSITIVE_ORDER));
    }

    String getNameWithoutBaseDn(String str) {
        return str.replaceAll("(?i)" + Pattern.quote("," + getBaseDn()), "");
    }

    String[] getLookUpGroupAttributesToReturn() {
        return CN.equals(getGroupNameAttribute()) ? new String[]{CN} : new String[]{getGroupNameAttribute(), CN};
    }

    String[] getLookUpUserAndGroupAttributesToReturn() {
        return (String[]) Stream.concat(Arrays.stream(getLookUpUserAttributesToReturn()), Arrays.stream(getLookUpGroupAttributesToReturn())).toArray(i -> {
            return new String[i];
        });
    }

    String[] getLookUpUserAttributesToReturn() {
        return new String[]{getUserFirstnameAttribute(), getUserLastnameAttribute(), getUserIdAttribute()};
    }

    @PostConstruct
    void init() {
        LOGGER.debug("Entry to init()");
        this.minSearchForLength = calcMinSearchForLength(3);
        this.maxNumberOfReturnedAccessIds = calcMaxNumberOfReturnedAccessIds(50);
        this.ldapTemplate.setDefaultCountLimit(this.maxNumberOfReturnedAccessIds);
        List<LdapSettings> checkForMissingConfigurations = checkForMissingConfigurations();
        if (!checkForMissingConfigurations.isEmpty()) {
            this.message = String.format("LDAP configurations are missing: %s", checkForMissingConfigurations);
            throw new SystemException(this.message);
        }
        this.active = true;
        LOGGER.debug("Exit from init()");
    }

    List<LdapSettings> checkForMissingConfigurations() {
        return (List) Arrays.stream(LdapSettings.values()).filter(ldapSettings -> {
            return !ldapSettings.equals(LdapSettings.TASKANA_LDAP_MAX_NUMBER_OF_RETURNED_ACCESS_IDS);
        }).filter(ldapSettings2 -> {
            return !ldapSettings2.equals(LdapSettings.TASKANA_LDAP_MIN_SEARCH_FOR_LENGTH);
        }).filter(ldapSettings3 -> {
            return ldapSettings3.getValueFromEnv(this.env) == null;
        }).collect(Collectors.toList());
    }

    void testMinSearchForLength(String str) throws InvalidArgumentException {
        if (str == null || str.length() < this.minSearchForLength) {
            throw new InvalidArgumentException(String.format("search for string %s is too short. Minimum Length is %s", str, Integer.valueOf(getMinSearchForLength())));
        }
    }

    String getDnWithBaseDn(String str) {
        String str2 = str;
        if (!str2.toLowerCase().endsWith(getBaseDn().toLowerCase())) {
            str2 = str2 + "," + getBaseDn();
        }
        return str2;
    }

    private String getUserFullnameAttribute() {
        return LdapSettings.TASKANA_LDAP_USER_FULLNAME_ATTRIBUTE.getValueFromEnv(this.env);
    }
}
