package org.graylog2.security.ldap;

import com.google.common.base.Function;
import com.google.common.base.Strings;
import com.google.common.collect.Collections2;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import com.google.inject.assistedinject.Assisted;
import com.google.inject.assistedinject.AssistedInject;
import com.mongodb.BasicDBList;
import com.mongodb.DBObject;
import java.net.URI;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.shiro.codec.Hex;
import org.bson.types.ObjectId;
import org.graylog2.Configuration;
import org.graylog2.configuration.HttpConfiguration;
import org.graylog2.database.CollectionName;
import org.graylog2.database.NotFoundException;
import org.graylog2.database.PersistedImpl;
import org.graylog2.plugin.database.validators.Validator;
import org.graylog2.security.AESTools;
import org.graylog2.shared.security.ldap.LdapSettings;
import org.graylog2.shared.users.Role;
import org.graylog2.shared.users.Roles;
import org.graylog2.users.RoleService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@CollectionName("ldap_settings")
/* loaded from: input_file:org/graylog2/security/ldap/LdapSettingsImpl.class */
public class LdapSettingsImpl extends PersistedImpl implements LdapSettings {
    private static final Logger LOG = LoggerFactory.getLogger(LdapSettingsImpl.class);
    public static final String ENABLED = "enabled";
    public static final String SYSTEM_USERNAME = "system_username";
    public static final String SYSTEM_PASSWORD = "system_password";
    public static final String SYSTEM_PASSWORD_SALT = "system_password_salt";
    public static final String LDAP_URI = "ldap_uri";
    public static final String SEARCH_PATTERN = "principal_search_pattern";
    public static final String SEARCH_BASE = "search_base";
    public static final String DISPLAY_NAME_ATTRIBUTE = "username_attribute";
    public static final String USE_START_TLS = "use_start_tls";
    public static final String ACTIVE_DIRECTORY = "active_directory";
    public static final String DEFAULT_GROUP = "default_group";
    public static final String TRUST_ALL_CERTS = "trust_all_certificates";
    public static final String GROUP_MAPPING = "group_role_mapping";
    public static final String GROUP_MAPPING_LIST = "group_role_mapping_list";
    public static final String GROUP_SEARCH_BASE = "group_search_base";
    public static final String GROUP_ID_ATTRIBUTE = "group_id_attribute";
    public static final String GROUP_SEARCH_PATTERN = "group_search_pattern";
    public static final String ADDITIONAL_DEFAULT_GROUPS = "additional_default_groups";
    public static final String LDAP_GROUP_MAPPING_NAMEKEY = "group";
    public static final String LDAP_GROUP_MAPPING_ROLEKEY = "role_id";
    protected Configuration configuration;
    private final RoleService roleService;

    /* loaded from: input_file:org/graylog2/security/ldap/LdapSettingsImpl$Factory.class */
    public interface Factory {
        LdapSettingsImpl createEmpty();

        LdapSettingsImpl create(ObjectId objectId, Map<String, Object> map);
    }

    @AssistedInject
    public LdapSettingsImpl(Configuration configuration, RoleService roleService) {
        super(Maps.newHashMap());
        this.configuration = configuration;
        this.roleService = roleService;
    }

    @AssistedInject
    public LdapSettingsImpl(Configuration configuration, RoleService roleService, @Assisted ObjectId objectId, @Assisted Map<String, Object> map) {
        super(objectId, map);
        this.configuration = configuration;
        this.roleService = roleService;
    }

    @Override // org.graylog2.plugin.database.Persisted
    public Map<String, Validator> getValidations() {
        return null;
    }

    @Override // org.graylog2.plugin.database.Persisted
    public Map<String, Validator> getEmbeddedValidations(String str) {
        return null;
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public String getSystemUserName() {
        return Strings.nullToEmpty((String) this.fields.get(SYSTEM_USERNAME));
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public void setSystemUsername(String str) {
        this.fields.put(SYSTEM_USERNAME, str);
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public String getSystemPassword() {
        Object obj = this.fields.get(SYSTEM_PASSWORD);
        if (obj == null) {
            return HttpConfiguration.PATH_WEB;
        }
        if (!getSystemPasswordSalt().isEmpty()) {
            return AESTools.decrypt(obj.toString(), this.configuration.getPasswordSecret().substring(0, 16), getSystemPasswordSalt());
        }
        LOG.debug("Old database version does not have salted, encrypted password. Please save the LDAP settings again.");
        return obj.toString();
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public boolean isSystemPasswordSet() {
        return this.fields.get(SYSTEM_PASSWORD) != null;
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public void setSystemPassword(String str) {
        if (str == null || str.isEmpty()) {
            return;
        }
        if (getSystemPasswordSalt().isEmpty()) {
            LOG.debug("Generating new salt for LDAP system password.");
            byte[] bArr = new byte[8];
            new SecureRandom().nextBytes(bArr);
            setSystemPasswordSalt(Hex.encodeToString(bArr));
        }
        this.fields.put(SYSTEM_PASSWORD, AESTools.encrypt(str, this.configuration.getPasswordSecret().substring(0, 16), getSystemPasswordSalt()));
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public String getSystemPasswordSalt() {
        return Strings.nullToEmpty((String) this.fields.get(SYSTEM_PASSWORD_SALT));
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public void setSystemPasswordSalt(String str) {
        this.fields.put(SYSTEM_PASSWORD_SALT, str);
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public URI getUri() {
        Object obj = this.fields.get(LDAP_URI);
        if (obj != null) {
            return URI.create(obj.toString());
        }
        return null;
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public void setUri(URI uri) {
        this.fields.put(LDAP_URI, uri.toString());
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public String getSearchBase() {
        return Strings.nullToEmpty((String) this.fields.get(SEARCH_BASE));
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public void setSearchBase(String str) {
        this.fields.put(SEARCH_BASE, str);
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public String getSearchPattern() {
        return Strings.nullToEmpty((String) this.fields.get(SEARCH_PATTERN));
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public void setSearchPattern(String str) {
        this.fields.put(SEARCH_PATTERN, str);
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public String getDisplayNameAttribute() {
        return Strings.nullToEmpty((String) this.fields.get(DISPLAY_NAME_ATTRIBUTE));
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public void setDisplayNameAttribute(String str) {
        this.fields.put(DISPLAY_NAME_ATTRIBUTE, str);
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public boolean isEnabled() {
        Object obj = this.fields.get(ENABLED);
        if (obj != null) {
            return Boolean.valueOf(obj.toString()).booleanValue();
        }
        return false;
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public void setEnabled(boolean z) {
        this.fields.put(ENABLED, Boolean.valueOf(z));
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public void setUseStartTls(boolean z) {
        this.fields.put(USE_START_TLS, Boolean.valueOf(z));
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public boolean isUseStartTls() {
        Object obj = this.fields.get(USE_START_TLS);
        if (obj != null) {
            return Boolean.valueOf(obj.toString()).booleanValue();
        }
        return false;
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public void setActiveDirectory(boolean z) {
        this.fields.put(ACTIVE_DIRECTORY, Boolean.valueOf(z));
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public boolean isActiveDirectory() {
        Object obj = this.fields.get(ACTIVE_DIRECTORY);
        if (obj != null) {
            return Boolean.valueOf(obj.toString()).booleanValue();
        }
        return false;
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public String getDefaultGroup() {
        String defaultGroupId = getDefaultGroupId();
        if (defaultGroupId.equals(this.roleService.getReaderRoleObjectId())) {
            return "Reader";
        }
        try {
            return this.roleService.loadAllIdMap().get(defaultGroupId).getName();
        } catch (Exception e) {
            LOG.error("Unable to load role mapping");
            return "Reader";
        }
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public String getDefaultGroupId() {
        Object obj = this.fields.get(DEFAULT_GROUP);
        return obj == null ? this.roleService.getReaderRoleObjectId() : (String) obj;
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public void setDefaultGroup(String str) {
        String readerRoleObjectId = this.roleService.getReaderRoleObjectId();
        try {
            readerRoleObjectId = this.roleService.load(str).getId();
        } catch (NotFoundException e) {
            LOG.error("Unable to load role mapping");
        }
        this.fields.put(DEFAULT_GROUP, readerRoleObjectId);
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public boolean isTrustAllCertificates() {
        Object obj = this.fields.get(TRUST_ALL_CERTS);
        if (obj != null) {
            return Boolean.valueOf(obj.toString()).booleanValue();
        }
        return false;
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public void setTrustAllCertificates(boolean z) {
        this.fields.put(TRUST_ALL_CERTS, Boolean.valueOf(z));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v33, types: [java.util.Map] */
    @Override // org.graylog2.shared.security.ldap.LdapSettings
    @Nonnull
    public Map<String, String> getGroupMapping() {
        HashMap newHashMapWithExpectedSize;
        BasicDBList basicDBList = (BasicDBList) this.fields.get(GROUP_MAPPING_LIST);
        if (basicDBList == null) {
            newHashMapWithExpectedSize = (Map) this.fields.get(GROUP_MAPPING);
        } else {
            newHashMapWithExpectedSize = Maps.newHashMapWithExpectedSize(basicDBList.size());
            Iterator it = basicDBList.iterator();
            while (it.hasNext()) {
                DBObject dBObject = (DBObject) it.next();
                newHashMapWithExpectedSize.put((String) dBObject.get(LDAP_GROUP_MAPPING_NAMEKEY), (String) dBObject.get(LDAP_GROUP_MAPPING_ROLEKEY));
            }
        }
        if (newHashMapWithExpectedSize == null || newHashMapWithExpectedSize.isEmpty()) {
            return Collections.emptyMap();
        }
        try {
            return Maps.newHashMap(Maps.transformValues(newHashMapWithExpectedSize, Roles.roleIdToNameFunction(this.roleService.loadAllIdMap())));
        } catch (NotFoundException e) {
            LOG.error("Unable to load role mapping");
            return Collections.emptyMap();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v13, types: [java.util.Map] */
    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public void setGroupMapping(Map<String, String> map) {
        HashMap newHashMap;
        if (map == null) {
            newHashMap = Collections.emptyMap();
        } else {
            try {
                final ImmutableMap uniqueIndex = Maps.uniqueIndex(this.roleService.loadAll(), Roles.roleToNameFunction());
                newHashMap = Maps.newHashMap(Maps.transformValues(map, new Function<String, String>() { // from class: org.graylog2.security.ldap.LdapSettingsImpl.1
                    @Nullable
                    public String apply(@Nullable String str) {
                        if (str == null || !uniqueIndex.containsKey(str)) {
                            return null;
                        }
                        return ((Role) uniqueIndex.get(str)).getId();
                    }
                }));
            } catch (NotFoundException e) {
                LOG.error("Unable to convert group names to ids", e);
                throw new IllegalStateException("Unable to convert group names to ids", e);
            }
        }
        this.fields.put(GROUP_MAPPING_LIST, newHashMap.entrySet().stream().map(entry -> {
            HashMap newHashMap2 = Maps.newHashMap();
            newHashMap2.put(LDAP_GROUP_MAPPING_NAMEKEY, (String) entry.getKey());
            newHashMap2.put(LDAP_GROUP_MAPPING_ROLEKEY, (String) entry.getValue());
            return newHashMap2;
        }).collect(Collectors.toList()));
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public String getGroupSearchBase() {
        return Strings.nullToEmpty((String) this.fields.get(GROUP_SEARCH_BASE));
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public void setGroupSearchBase(String str) {
        this.fields.put(GROUP_SEARCH_BASE, str);
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public String getGroupIdAttribute() {
        return Strings.nullToEmpty((String) this.fields.get(GROUP_ID_ATTRIBUTE));
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public void setGroupIdAttribute(String str) {
        this.fields.put(GROUP_ID_ATTRIBUTE, str);
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public String getGroupSearchPattern() {
        return Strings.nullToEmpty((String) this.fields.get(GROUP_SEARCH_PATTERN));
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public void setGroupSearchPattern(String str) {
        this.fields.put(GROUP_SEARCH_PATTERN, str);
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public Set<String> getAdditionalDefaultGroups() {
        try {
            return Sets.newHashSet(Collections2.transform(getAdditionalDefaultGroupIds(), Roles.roleIdToNameFunction(this.roleService.loadAllIdMap())));
        } catch (NotFoundException e) {
            LOG.error("Unable to load role mapping");
            return Collections.emptySet();
        }
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public Set<String> getAdditionalDefaultGroupIds() {
        List list = (List) this.fields.get(ADDITIONAL_DEFAULT_GROUPS);
        return list == null ? Collections.emptySet() : Sets.newHashSet(list);
    }

    @Override // org.graylog2.shared.security.ldap.LdapSettings
    public void setAdditionalDefaultGroups(Set<String> set) {
        if (set == null) {
            return;
        }
        try {
            final ImmutableMap uniqueIndex = Maps.uniqueIndex(this.roleService.loadAll(), Roles.roleToNameFunction());
            this.fields.put(ADDITIONAL_DEFAULT_GROUPS, Lists.newArrayList(Collections2.transform(set, new Function<String, String>() { // from class: org.graylog2.security.ldap.LdapSettingsImpl.2
                @Nullable
                public String apply(@Nullable String str) {
                    if (str == null || !uniqueIndex.containsKey(str)) {
                        return null;
                    }
                    return ((Role) uniqueIndex.get(str)).getId();
                }
            })));
        } catch (NotFoundException e) {
            LOG.error("Unable to convert group names to ids", e);
            throw new IllegalStateException("Unable to convert group names to ids", e);
        }
    }
}
