package org.squashtest.tm.plugin.security.ad.ldap;

import javax.inject.Inject;
import javax.inject.Named;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.core.annotation.Order;
import org.springframework.core.env.Environment;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.squashtest.tm.api.security.authentication.ConditionalOnAuthProviderProperty;
import org.squashtest.tm.plugin.security.ad.ldap.ActiveDirectoryLdapAuthenticationProperties;
import org.squashtest.tm.plugin.security.ad.ldap.licensevalidator.com.license4j.LicenseText;
import org.squashtest.tm.service.internal.security.SquashUserDetailsManager;
import org.squashtest.tm.service.user.UserManagerService;

@ConditionalOnAuthProviderProperty("ad.ldap-multi")
@EnableConfigurationProperties({ActiveDirectoryLdapAuthenticationProperties.class})
@Configuration
/* loaded from: input_file:org/squashtest/tm/plugin/security/ad/ldap/MultiActiveDirectoryLdapSecurityConfig.class */
public class MultiActiveDirectoryLdapSecurityConfig {
    private static final Logger LOGGER = LoggerFactory.getLogger(MultiActiveDirectoryLdapSecurityConfig.class);

    @Inject
    @Named("squashtest.core.security.JdbcUserDetailsManager")
    @Lazy
    private SquashUserDetailsManager userDetailsManager;

    @Inject
    @Named("caseAwareUserDetailsMapper.ad.ldap")
    private CaseAwareUserDetailsMapper userDetailsMapper;

    @Value("${authentication.ad.multi.root.names}")
    private String[] adRootNames;

    @Inject
    private Environment environment;

    @Inject
    @Lazy
    private UserManagerService userManagerService;

    @ConditionalOnAuthProviderProperty("ad.ldap-multi")
    @Configuration
    @Order(LicenseText.TYPE_FLOATING_LICENSE_FILE)
    /* loaded from: input_file:org/squashtest/tm/plugin/security/ad/ldap/MultiActiveDirectoryLdapSecurityConfig$ActiveDirectoryLdapAuthenticationConfig.class */
    public class ActiveDirectoryLdapAuthenticationConfig extends GlobalAuthenticationConfigurerAdapter {
        private static final String SERVER_URL_KEY = "authentication.ad.server.url";
        private static final String SERVER_DOMAIN = "authentication.ad.server.domain";
        private static final String SERVER_MANAGER_DN_KEY = "authentication.ad.server.managerDn";
        private static final String SERVER_MANAGER_PASSWORD_KEY = "authentication.ad.server.managerPassword";
        private static final String USER_SEARCH_FILTER_KEY = "authentication.ad.user.searchFilter";
        private static final String USER_SEARCH_BASE_KEY = "authentication.ad.user.searchBase";

        public ActiveDirectoryLdapAuthenticationConfig() {
        }

        public void init(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
            MultiActiveDirectoryLdapSecurityConfig.LOGGER.info("Multi AD configuration is enabled - Begin configuration ");
            checkAdRootNames();
            for (String str : MultiActiveDirectoryLdapSecurityConfig.this.adRootNames) {
                MultiActiveDirectoryLdapSecurityConfig.LOGGER.info("Begin LDAP Configuration : " + str);
                ActiveDirectoryLdapAuthenticationProperties propertiesForOneAd = getPropertiesForOneAd(str);
                authenticationManagerBuilder.authenticationProvider(createActiveDirectoryLdapAuthenticationProvider(propertiesForOneAd, createSpringSecurityContextSource(propertiesForOneAd)).m2getObject());
                MultiActiveDirectoryLdapSecurityConfig.LOGGER.info("Ending LDAP Configuration : " + str);
            }
            authenticationManagerBuilder.eraseCredentials(false);
        }

        @Bean
        public MultiActiveDirectoryLdapAuthenticationProviderFeatures multiActiveDirectoryLdapAuthenticationProviderFeatures() {
            return MultiActiveDirectoryLdapAuthenticationProviderFeatures.INSTANCE;
        }

        private DefaultSpringSecurityContextSource createSpringSecurityContextSource(ActiveDirectoryLdapAuthenticationProperties activeDirectoryLdapAuthenticationProperties) throws Exception {
            ActiveDirectoryLdapAuthenticationProperties.Server server = activeDirectoryLdapAuthenticationProperties.getServer();
            DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(server.getUrl());
            defaultSpringSecurityContextSource.setUserDn(server.getManagerDn());
            defaultSpringSecurityContextSource.setPassword(server.getManagerPassword());
            defaultSpringSecurityContextSource.afterPropertiesSet();
            return defaultSpringSecurityContextSource;
        }

        private ActiveDirectoryLdapAuthenticationProviderFactoryBean createActiveDirectoryLdapAuthenticationProvider(ActiveDirectoryLdapAuthenticationProperties activeDirectoryLdapAuthenticationProperties, DefaultSpringSecurityContextSource defaultSpringSecurityContextSource) throws Exception {
            ActiveDirectoryLdapAuthenticationProviderFactoryBean activeDirectoryLdapAuthenticationProviderFactoryBean = new ActiveDirectoryLdapAuthenticationProviderFactoryBean();
            activeDirectoryLdapAuthenticationProviderFactoryBean.setActiveAuthenticationProvider("ad.ldap-multi");
            activeDirectoryLdapAuthenticationProviderFactoryBean.setContextSource(defaultSpringSecurityContextSource);
            ActiveDirectoryLdapAuthenticationProperties.User user = activeDirectoryLdapAuthenticationProperties.getUser();
            activeDirectoryLdapAuthenticationProviderFactoryBean.setUserSearchBase(user.getSearchBase());
            activeDirectoryLdapAuthenticationProviderFactoryBean.setUserSearchFilter(user.getSearchFilter());
            ActiveDirectoryLdapAuthenticationProperties.Server server = activeDirectoryLdapAuthenticationProperties.getServer();
            activeDirectoryLdapAuthenticationProviderFactoryBean.setUrl(server.getUrl());
            activeDirectoryLdapAuthenticationProviderFactoryBean.setDomain(server.getDomain());
            activeDirectoryLdapAuthenticationProviderFactoryBean.setAuthoritiesPopulator(new UserDetailsServiceActiveDirectoryLdapAuthoritiesPopulator(MultiActiveDirectoryLdapSecurityConfig.this.userDetailsManager));
            activeDirectoryLdapAuthenticationProviderFactoryBean.setUserDetailsMapper(MultiActiveDirectoryLdapSecurityConfig.this.userDetailsMapper);
            activeDirectoryLdapAuthenticationProviderFactoryBean.setFeatures(multiActiveDirectoryLdapAuthenticationProviderFeatures());
            activeDirectoryLdapAuthenticationProviderFactoryBean.setUserManagerService(MultiActiveDirectoryLdapSecurityConfig.this.userManagerService);
            activeDirectoryLdapAuthenticationProviderFactoryBean.afterPropertiesSet();
            return activeDirectoryLdapAuthenticationProviderFactoryBean;
        }

        private void logConfigurationParameter(String str, String str2, Object obj) {
            if (obj != null) {
                MultiActiveDirectoryLdapSecurityConfig.LOGGER.info("Loading conf for {}. Key: {}. Value in squash configuration: {}", new Object[]{str, str2, obj});
            } else {
                MultiActiveDirectoryLdapSecurityConfig.LOGGER.info("Loading conf for {}. Key: {}. Value in squash configuration is null. Default value will be used.", str, str2);
            }
        }

        private <T> T getBaseNamedProperty(String str, String str2, Class<T> cls) {
            return (T) MultiActiveDirectoryLdapSecurityConfig.this.environment.getProperty(str + "." + str2, cls);
        }

        private void checkAdRootNames() {
            if (MultiActiveDirectoryLdapSecurityConfig.this.adRootNames == null || MultiActiveDirectoryLdapSecurityConfig.this.adRootNames.length == 0) {
                throw new IllegalArgumentException("The property authentication.ldap.multi.root.names is mandatory when using ldap plugin in multi ldap mode.");
            }
        }

        private ActiveDirectoryLdapAuthenticationProperties getPropertiesForOneAd(String str) {
            ActiveDirectoryLdapAuthenticationProperties activeDirectoryLdapAuthenticationProperties = new ActiveDirectoryLdapAuthenticationProperties();
            String str2 = (String) getBaseNamedProperty(str, SERVER_URL_KEY, String.class);
            logConfigurationParameter(str, SERVER_URL_KEY, str2);
            activeDirectoryLdapAuthenticationProperties.getServer().setUrl(str2);
            String str3 = (String) getBaseNamedProperty(str, SERVER_MANAGER_DN_KEY, String.class);
            logConfigurationParameter(str, SERVER_MANAGER_DN_KEY, str3);
            activeDirectoryLdapAuthenticationProperties.getServer().setManagerDn(str3);
            String str4 = (String) getBaseNamedProperty(str, SERVER_MANAGER_PASSWORD_KEY, String.class);
            logConfigurationParameter(str, SERVER_MANAGER_PASSWORD_KEY, str4);
            activeDirectoryLdapAuthenticationProperties.getServer().setManagerPassword(str4);
            String str5 = (String) getBaseNamedProperty(str, SERVER_DOMAIN, String.class);
            logConfigurationParameter(str, SERVER_DOMAIN, str5);
            activeDirectoryLdapAuthenticationProperties.getServer().setDomain(str5);
            String str6 = (String) getBaseNamedProperty(str, USER_SEARCH_BASE_KEY, String.class);
            logConfigurationParameter(str, USER_SEARCH_BASE_KEY, str6);
            activeDirectoryLdapAuthenticationProperties.getUser().setSearchBase(str6);
            String str7 = (String) getBaseNamedProperty(str, USER_SEARCH_FILTER_KEY, String.class);
            logConfigurationParameter(str, USER_SEARCH_FILTER_KEY, str7);
            activeDirectoryLdapAuthenticationProperties.getUser().setSearchFilter(str7);
            return activeDirectoryLdapAuthenticationProperties;
        }
    }
}
