package org.graylog2.rest.resources.system.ldap;

import com.codahale.metrics.annotation.Timed;
import com.google.common.base.Objects;
import com.google.common.base.Strings;
import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiParam;
import java.io.IOException;
import java.net.URI;
import java.util.Collections;
import java.util.Map;
import javax.inject.Inject;
import javax.net.ssl.TrustManager;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import org.apache.directory.api.ldap.model.cursor.CursorException;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.graylog2.plugin.database.Persisted;
import org.graylog2.plugin.database.ValidationException;
import org.graylog2.rest.models.system.ldap.requests.LdapSettingsRequest;
import org.graylog2.rest.models.system.ldap.requests.LdapTestConfigRequest;
import org.graylog2.rest.models.system.ldap.responses.LdapSettingsResponse;
import org.graylog2.rest.models.system.ldap.responses.LdapTestConfigResponse;
import org.graylog2.security.TrustAllX509TrustManager;
import org.graylog2.security.ldap.LdapConnector;
import org.graylog2.security.ldap.LdapSettingsImpl;
import org.graylog2.security.ldap.LdapSettingsService;
import org.graylog2.security.realm.LdapUserAuthenticator;
import org.graylog2.shared.rest.resources.RestResource;
import org.graylog2.shared.security.ldap.LdapEntry;
import org.graylog2.shared.security.ldap.LdapSettings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RequiresAuthentication
@RequiresPermissions({"ldap:edit"})
@Api(value = "System/LDAP", description = "LDAP settings")
@Path("/system/ldap")
/* loaded from: input_file:org/graylog2/rest/resources/system/ldap/LdapResource.class */
public class LdapResource extends RestResource {
    private static final Logger LOG = LoggerFactory.getLogger(LdapResource.class);

    @Inject
    private LdapSettingsService ldapSettingsService;

    @Inject
    private LdapSettingsImpl.Factory ldapSettingsFactory;

    @Inject
    private LdapConnector ldapConnector;

    @Inject
    private LdapUserAuthenticator ldapAuthenticator;

    @GET
    @Path("/settings")
    @Timed
    @ApiOperation("Get the LDAP configuration if it is configured")
    @Produces({"application/json"})
    public LdapSettingsResponse getLdapSettings() {
        LdapSettings load = this.ldapSettingsService.load();
        if (load == null) {
            throw new NotFoundException();
        }
        return LdapSettingsResponse.create(load.isEnabled(), load.getSystemUserName(), load.getSystemPassword(), load.getUri(), load.isUseStartTls(), load.isTrustAllCertificates(), load.isActiveDirectory(), load.getSearchBase(), load.getSearchPattern(), load.getDisplayNameAttribute(), load.getDefaultGroup());
    }

    @Path("/test")
    @Timed
    @Consumes({"application/json"})
    @ApiOperation("Test LDAP Configuration")
    @POST
    @Produces({"application/json"})
    public LdapTestConfigResponse testLdapConfiguration(@NotNull @ApiParam(name = "Configuration to test", required = true) @Valid LdapTestConfigRequest ldapTestConfigRequest) {
        LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
        URI ldapUri = ldapTestConfigRequest.ldapUri();
        ldapConnectionConfig.setLdapHost(ldapUri.getHost());
        ldapConnectionConfig.setLdapPort(ldapUri.getPort());
        ldapConnectionConfig.setUseSsl(ldapUri.getScheme().startsWith("ldaps"));
        ldapConnectionConfig.setUseTls(ldapTestConfigRequest.useStartTls());
        if (ldapTestConfigRequest.trustAllCertificates()) {
            ldapConnectionConfig.setTrustManagers(new TrustManager[]{new TrustAllX509TrustManager()});
        }
        if (!Strings.isNullOrEmpty(ldapTestConfigRequest.systemUsername()) && !Strings.isNullOrEmpty(ldapTestConfigRequest.systemPassword())) {
            ldapConnectionConfig.setName(ldapTestConfigRequest.systemUsername());
            ldapConnectionConfig.setCredentials(ldapTestConfigRequest.systemPassword());
        }
        LdapNetworkConnection ldapNetworkConnection = null;
        try {
            try {
                ldapNetworkConnection = this.ldapConnector.connect(ldapConnectionConfig);
                if (null == ldapNetworkConnection) {
                    LdapTestConfigResponse create = LdapTestConfigResponse.create(false, false, false, Collections.emptyMap(), "Could not connect to LDAP server");
                    if (ldapNetworkConnection != null) {
                        try {
                            ldapNetworkConnection.close();
                        } catch (IOException e) {
                            LOG.warn("Unable to close LDAP connection.", e);
                        }
                    }
                    return create;
                }
                boolean isConnected = ldapNetworkConnection.isConnected();
                boolean isAuthenticated = ldapNetworkConnection.isAuthenticated();
                if (ldapTestConfigRequest.testConnectOnly()) {
                    LdapTestConfigResponse create2 = LdapTestConfigResponse.create(isConnected, isAuthenticated, false, Collections.emptyMap());
                    if (ldapNetworkConnection != null) {
                        try {
                            ldapNetworkConnection.close();
                        } catch (IOException e2) {
                            LOG.warn("Unable to close LDAP connection.", e2);
                        }
                    }
                    return create2;
                }
                String str = null;
                boolean z = false;
                Map emptyMap = Collections.emptyMap();
                String str2 = null;
                try {
                    LdapEntry search = this.ldapConnector.search(ldapNetworkConnection, ldapTestConfigRequest.searchBase(), ldapTestConfigRequest.searchPattern(), ldapTestConfigRequest.principal(), ldapTestConfigRequest.activeDirectory());
                    if (search != null) {
                        str = search.getDn();
                        emptyMap = search.getAttributes();
                    }
                } catch (CursorException | LdapException e3) {
                    str2 = e3.getMessage();
                }
                try {
                    z = this.ldapConnector.authenticate(ldapNetworkConnection, str, ldapTestConfigRequest.password());
                } catch (Exception e4) {
                    str2 = e4.getMessage();
                }
                LdapTestConfigResponse create3 = LdapTestConfigResponse.create(isConnected, isAuthenticated, z, emptyMap, str2);
                if (ldapNetworkConnection != null) {
                    try {
                        ldapNetworkConnection.close();
                    } catch (IOException e5) {
                        LOG.warn("Unable to close LDAP connection.", e5);
                    }
                }
                return create3;
            } catch (Throwable th) {
                if (ldapNetworkConnection != null) {
                    try {
                        ldapNetworkConnection.close();
                    } catch (IOException e6) {
                        LOG.warn("Unable to close LDAP connection.", e6);
                    }
                }
                throw th;
            }
        } catch (LdapException e7) {
            LdapTestConfigResponse create4 = LdapTestConfigResponse.create(false, false, false, Collections.emptyMap(), e7.getMessage());
            if (ldapNetworkConnection != null) {
                try {
                    ldapNetworkConnection.close();
                } catch (IOException e8) {
                    LOG.warn("Unable to close LDAP connection.", e8);
                }
            }
            return create4;
        }
    }

    @Path("/settings")
    @Timed
    @Consumes({"application/json"})
    @ApiOperation("Update the LDAP configuration")
    @PUT
    public void updateLdapSettings(@NotNull @ApiParam(name = "JSON body", required = true) @Valid LdapSettingsRequest ldapSettingsRequest) throws ValidationException {
        Persisted persisted = (LdapSettings) Objects.firstNonNull(this.ldapSettingsService.load(), this.ldapSettingsFactory.createEmpty());
        persisted.setSystemUsername(ldapSettingsRequest.systemUsername());
        persisted.setSystemPassword(ldapSettingsRequest.systemPassword());
        persisted.setUri(ldapSettingsRequest.ldapUri());
        persisted.setUseStartTls(ldapSettingsRequest.useStartTls());
        persisted.setTrustAllCertificates(ldapSettingsRequest.trustAllCertificates());
        persisted.setActiveDirectory(ldapSettingsRequest.activeDirectory());
        persisted.setSearchPattern(ldapSettingsRequest.searchPattern());
        persisted.setSearchBase(ldapSettingsRequest.searchBase());
        persisted.setEnabled(ldapSettingsRequest.enabled());
        persisted.setDisplayNameAttribute(ldapSettingsRequest.displayNameAttribute());
        persisted.setDefaultGroup(ldapSettingsRequest.defaultGroup());
        this.ldapSettingsService.save(persisted);
    }

    @Path("/settings")
    @Timed
    @DELETE
    @ApiOperation("Remove the LDAP configuration")
    public void deleteLdapSettings() {
        this.ldapSettingsService.delete();
    }
}
