package org.pac4j.config.ldaptive;

import java.time.Duration;
import java.util.Arrays;
import java.util.stream.Collectors;
import org.apache.commons.lang3.ClassUtils;
import org.apache.commons.lang3.StringUtils;
import org.ldaptive.BindConnectionInitializer;
import org.ldaptive.BindRequest;
import org.ldaptive.ConnectionConfig;
import org.ldaptive.Credential;
import org.ldaptive.DefaultConnectionFactory;
import org.ldaptive.ReturnAttributes;
import org.ldaptive.SearchExecutor;
import org.ldaptive.SearchFilter;
import org.ldaptive.SearchRequest;
import org.ldaptive.SearchScope;
import org.ldaptive.ad.extended.FastBindOperation;
import org.ldaptive.auth.Authenticator;
import org.ldaptive.auth.EntryResolver;
import org.ldaptive.auth.FormatDnResolver;
import org.ldaptive.auth.PooledBindAuthenticationHandler;
import org.ldaptive.auth.PooledCompareAuthenticationHandler;
import org.ldaptive.auth.PooledSearchDnResolver;
import org.ldaptive.auth.PooledSearchEntryResolver;
import org.ldaptive.control.PasswordPolicyControl;
import org.ldaptive.pool.BindPassivator;
import org.ldaptive.pool.BlockingConnectionPool;
import org.ldaptive.pool.ClosePassivator;
import org.ldaptive.pool.ConnectionPool;
import org.ldaptive.pool.IdlePruneStrategy;
import org.ldaptive.pool.PoolConfig;
import org.ldaptive.pool.PooledConnectionFactory;
import org.ldaptive.pool.SearchValidator;
import org.ldaptive.provider.Provider;
import org.ldaptive.sasl.CramMd5Config;
import org.ldaptive.sasl.DigestMd5Config;
import org.ldaptive.sasl.ExternalConfig;
import org.ldaptive.sasl.GssApiConfig;
import org.ldaptive.sasl.SaslConfig;
import org.ldaptive.ssl.KeyStoreCredentialConfig;
import org.ldaptive.ssl.SslConfig;
import org.ldaptive.ssl.X509CredentialConfig;
import org.pac4j.config.ldaptive.AbstractLdapProperties;
import org.pac4j.config.ldaptive.LdapAuthenticationProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pac4j-config-3.0.1.jar:org/pac4j/config/ldaptive/LdaptiveAuthenticatorBuilder.class */
public class LdaptiveAuthenticatorBuilder {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) LdaptiveAuthenticatorBuilder.class);

    protected LdaptiveAuthenticatorBuilder() {
    }

    public static Authenticator getAuthenticator(LdapAuthenticationProperties ldapAuthenticationProperties) {
        if (ldapAuthenticationProperties.getType() == LdapAuthenticationProperties.AuthenticationTypes.AD) {
            LOGGER.debug("Creating active directory authenticator for {}", ldapAuthenticationProperties.getLdapUrl());
            return getActiveDirectoryAuthenticator(ldapAuthenticationProperties);
        }
        if (ldapAuthenticationProperties.getType() == LdapAuthenticationProperties.AuthenticationTypes.DIRECT) {
            LOGGER.debug("Creating direct-bind authenticator for {}", ldapAuthenticationProperties.getLdapUrl());
            return getDirectBindAuthenticator(ldapAuthenticationProperties);
        }
        if (ldapAuthenticationProperties.getType() == LdapAuthenticationProperties.AuthenticationTypes.SASL) {
            LOGGER.debug("Creating SASL authenticator for {}", ldapAuthenticationProperties.getLdapUrl());
            return getSaslAuthenticator(ldapAuthenticationProperties);
        }
        if (ldapAuthenticationProperties.getType() == LdapAuthenticationProperties.AuthenticationTypes.AUTHENTICATED) {
            LOGGER.debug("Creating authenticated authenticator for {}", ldapAuthenticationProperties.getLdapUrl());
            return getAuthenticatedOrAnonSearchAuthenticator(ldapAuthenticationProperties);
        }
        LOGGER.debug("Creating anonymous authenticator for {}", ldapAuthenticationProperties.getLdapUrl());
        return getAuthenticatedOrAnonSearchAuthenticator(ldapAuthenticationProperties);
    }

    private static Authenticator getSaslAuthenticator(LdapAuthenticationProperties ldapAuthenticationProperties) {
        PooledSearchDnResolver pooledSearchDnResolver = new PooledSearchDnResolver();
        pooledSearchDnResolver.setBaseDn(ldapAuthenticationProperties.getBaseDn());
        pooledSearchDnResolver.setSubtreeSearch(ldapAuthenticationProperties.isSubtreeSearch());
        pooledSearchDnResolver.setAllowMultipleDns(ldapAuthenticationProperties.isAllowMultipleDns());
        pooledSearchDnResolver.setConnectionFactory(newPooledConnectionFactory(ldapAuthenticationProperties));
        pooledSearchDnResolver.setUserFilter(ldapAuthenticationProperties.getUserFilter());
        return new Authenticator(pooledSearchDnResolver, getPooledBindAuthenticationHandler(ldapAuthenticationProperties));
    }

    private static Authenticator getAuthenticatedOrAnonSearchAuthenticator(LdapAuthenticationProperties ldapAuthenticationProperties) {
        PooledSearchDnResolver pooledSearchDnResolver = new PooledSearchDnResolver();
        pooledSearchDnResolver.setBaseDn(ldapAuthenticationProperties.getBaseDn());
        pooledSearchDnResolver.setSubtreeSearch(ldapAuthenticationProperties.isSubtreeSearch());
        pooledSearchDnResolver.setAllowMultipleDns(ldapAuthenticationProperties.isAllowMultipleDns());
        pooledSearchDnResolver.setConnectionFactory(newPooledConnectionFactory(ldapAuthenticationProperties));
        pooledSearchDnResolver.setUserFilter(ldapAuthenticationProperties.getUserFilter());
        Authenticator authenticator = StringUtils.isBlank(ldapAuthenticationProperties.getPrincipalAttributePassword()) ? new Authenticator(pooledSearchDnResolver, getPooledBindAuthenticationHandler(ldapAuthenticationProperties)) : new Authenticator(pooledSearchDnResolver, getPooledCompareAuthenticationHandler(ldapAuthenticationProperties));
        if (ldapAuthenticationProperties.isEnhanceWithEntryResolver()) {
            authenticator.setEntryResolver(newSearchEntryResolver(ldapAuthenticationProperties));
        }
        return authenticator;
    }

    private static Authenticator getDirectBindAuthenticator(LdapAuthenticationProperties ldapAuthenticationProperties) {
        if (StringUtils.isBlank(ldapAuthenticationProperties.getDnFormat())) {
            throw new IllegalArgumentException("Dn format cannot be empty/blank for direct bind authentication");
        }
        Authenticator authenticator = new Authenticator(new FormatDnResolver(ldapAuthenticationProperties.getDnFormat()), getPooledBindAuthenticationHandler(ldapAuthenticationProperties));
        if (ldapAuthenticationProperties.isEnhanceWithEntryResolver()) {
            authenticator.setEntryResolver(newSearchEntryResolver(ldapAuthenticationProperties));
        }
        return authenticator;
    }

    private static Authenticator getActiveDirectoryAuthenticator(LdapAuthenticationProperties ldapAuthenticationProperties) {
        if (StringUtils.isBlank(ldapAuthenticationProperties.getDnFormat())) {
            throw new IllegalArgumentException("Dn format cannot be empty/blank for active directory authentication");
        }
        Authenticator authenticator = new Authenticator(new FormatDnResolver(ldapAuthenticationProperties.getDnFormat()), getPooledBindAuthenticationHandler(ldapAuthenticationProperties));
        if (ldapAuthenticationProperties.isEnhanceWithEntryResolver()) {
            authenticator.setEntryResolver(newSearchEntryResolver(ldapAuthenticationProperties));
        }
        return authenticator;
    }

    private static PooledBindAuthenticationHandler getPooledBindAuthenticationHandler(LdapAuthenticationProperties ldapAuthenticationProperties) {
        PooledBindAuthenticationHandler pooledBindAuthenticationHandler = new PooledBindAuthenticationHandler(newPooledConnectionFactory(ldapAuthenticationProperties));
        pooledBindAuthenticationHandler.setAuthenticationControls(new PasswordPolicyControl());
        return pooledBindAuthenticationHandler;
    }

    private static PooledCompareAuthenticationHandler getPooledCompareAuthenticationHandler(LdapAuthenticationProperties ldapAuthenticationProperties) {
        PooledCompareAuthenticationHandler pooledCompareAuthenticationHandler = new PooledCompareAuthenticationHandler(newPooledConnectionFactory(ldapAuthenticationProperties));
        pooledCompareAuthenticationHandler.setPasswordAttribute(ldapAuthenticationProperties.getPrincipalAttributePassword());
        return pooledCompareAuthenticationHandler;
    }

    public static EntryResolver newSearchEntryResolver(LdapAuthenticationProperties ldapAuthenticationProperties) {
        PooledSearchEntryResolver pooledSearchEntryResolver = new PooledSearchEntryResolver();
        pooledSearchEntryResolver.setBaseDn(ldapAuthenticationProperties.getBaseDn());
        pooledSearchEntryResolver.setUserFilter(ldapAuthenticationProperties.getUserFilter());
        pooledSearchEntryResolver.setSubtreeSearch(ldapAuthenticationProperties.isSubtreeSearch());
        pooledSearchEntryResolver.setConnectionFactory(newPooledConnectionFactory(ldapAuthenticationProperties));
        return pooledSearchEntryResolver;
    }

    public static ConnectionConfig newConnectionConfig(AbstractLdapProperties abstractLdapProperties) {
        SaslConfig gssApiConfig;
        ConnectionConfig connectionConfig = new ConnectionConfig();
        String str = (String) Arrays.stream(abstractLdapProperties.getLdapUrl().split(",")).collect(Collectors.joining(" "));
        LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", abstractLdapProperties.getLdapUrl(), str);
        connectionConfig.setLdapUrl(str);
        connectionConfig.setUseSSL(abstractLdapProperties.isUseSsl());
        connectionConfig.setUseStartTLS(abstractLdapProperties.isUseStartTls());
        connectionConfig.setConnectTimeout(newDuration(abstractLdapProperties.getConnectTimeout()));
        if (abstractLdapProperties.getTrustCertificates() != null) {
            X509CredentialConfig x509CredentialConfig = new X509CredentialConfig();
            x509CredentialConfig.setTrustCertificates(abstractLdapProperties.getTrustCertificates());
            connectionConfig.setSslConfig(new SslConfig(x509CredentialConfig));
        } else if (abstractLdapProperties.getKeystore() != null) {
            KeyStoreCredentialConfig keyStoreCredentialConfig = new KeyStoreCredentialConfig();
            keyStoreCredentialConfig.setKeyStore(abstractLdapProperties.getKeystore());
            keyStoreCredentialConfig.setKeyStorePassword(abstractLdapProperties.getKeystorePassword());
            keyStoreCredentialConfig.setKeyStoreType(abstractLdapProperties.getKeystoreType());
            connectionConfig.setSslConfig(new SslConfig(keyStoreCredentialConfig));
        } else {
            connectionConfig.setSslConfig(new SslConfig());
        }
        if (abstractLdapProperties.getSaslMechanism() != null) {
            BindConnectionInitializer bindConnectionInitializer = new BindConnectionInitializer();
            switch (abstractLdapProperties.getSaslMechanism()) {
                case DIGEST_MD5:
                    gssApiConfig = new DigestMd5Config();
                    ((DigestMd5Config) gssApiConfig).setRealm(abstractLdapProperties.getSaslRealm());
                    break;
                case CRAM_MD5:
                    gssApiConfig = new CramMd5Config();
                    break;
                case EXTERNAL:
                    gssApiConfig = new ExternalConfig();
                    break;
                case GSSAPI:
                    gssApiConfig = new GssApiConfig();
                    ((GssApiConfig) gssApiConfig).setRealm(abstractLdapProperties.getSaslRealm());
                    break;
                default:
                    throw new IllegalArgumentException("Unknown SASL mechanism " + abstractLdapProperties.getSaslMechanism().name());
            }
            gssApiConfig.setAuthorizationId(abstractLdapProperties.getSaslAuthorizationId());
            gssApiConfig.setMutualAuthentication(abstractLdapProperties.getSaslMutualAuth());
            gssApiConfig.setQualityOfProtection(abstractLdapProperties.getSaslQualityOfProtection());
            gssApiConfig.setSecurityStrength(abstractLdapProperties.getSaslSecurityStrength());
            bindConnectionInitializer.setBindSaslConfig(gssApiConfig);
            connectionConfig.setConnectionInitializer(bindConnectionInitializer);
        } else if (StringUtils.equals(abstractLdapProperties.getBindCredential(), "*") && StringUtils.equals(abstractLdapProperties.getBindDn(), "*")) {
            connectionConfig.setConnectionInitializer(new FastBindOperation.FastBindConnectionInitializer());
        } else if (StringUtils.isNotBlank(abstractLdapProperties.getBindDn()) && StringUtils.isNotBlank(abstractLdapProperties.getBindCredential())) {
            connectionConfig.setConnectionInitializer(new BindConnectionInitializer(abstractLdapProperties.getBindDn(), new Credential(abstractLdapProperties.getBindCredential())));
        }
        return connectionConfig;
    }

    public static PoolConfig newPoolConfig(AbstractLdapProperties abstractLdapProperties) {
        PoolConfig poolConfig = new PoolConfig();
        poolConfig.setMinPoolSize(abstractLdapProperties.getMinPoolSize());
        poolConfig.setMaxPoolSize(abstractLdapProperties.getMaxPoolSize());
        poolConfig.setValidateOnCheckOut(abstractLdapProperties.isValidateOnCheckout());
        poolConfig.setValidatePeriodically(abstractLdapProperties.isValidatePeriodically());
        poolConfig.setValidatePeriod(newDuration(abstractLdapProperties.getValidatePeriod()));
        return poolConfig;
    }

    public static DefaultConnectionFactory newConnectionFactory(AbstractLdapProperties abstractLdapProperties) {
        DefaultConnectionFactory defaultConnectionFactory = new DefaultConnectionFactory(newConnectionConfig(abstractLdapProperties));
        if (abstractLdapProperties.getProviderClass() != null) {
            try {
                defaultConnectionFactory.setProvider((Provider) Provider.class.cast(ClassUtils.getClass(abstractLdapProperties.getProviderClass()).newInstance()));
            } catch (Exception e) {
                LOGGER.error(e.getMessage(), (Throwable) e);
            }
        }
        return defaultConnectionFactory;
    }

    public static ConnectionPool newBlockingConnectionPool(AbstractLdapProperties abstractLdapProperties) {
        DefaultConnectionFactory newConnectionFactory = newConnectionFactory(abstractLdapProperties);
        PoolConfig newPoolConfig = newPoolConfig(abstractLdapProperties);
        BlockingConnectionPool blockingConnectionPool = new BlockingConnectionPool(newPoolConfig, newConnectionFactory);
        blockingConnectionPool.setBlockWaitTime(newDuration(abstractLdapProperties.getBlockWaitTime()));
        blockingConnectionPool.setPoolConfig(newPoolConfig);
        IdlePruneStrategy idlePruneStrategy = new IdlePruneStrategy();
        idlePruneStrategy.setIdleTime(newDuration(abstractLdapProperties.getIdleTime()));
        idlePruneStrategy.setPrunePeriod(newDuration(abstractLdapProperties.getPrunePeriod()));
        blockingConnectionPool.setPruneStrategy(idlePruneStrategy);
        blockingConnectionPool.setValidator(new SearchValidator());
        blockingConnectionPool.setFailFastInitialize(abstractLdapProperties.isFailFast());
        if (StringUtils.isNotBlank(abstractLdapProperties.getPoolPassivator())) {
            switch (AbstractLdapProperties.LdapConnectionPoolPassivator.valueOf(abstractLdapProperties.getPoolPassivator().toUpperCase())) {
                case CLOSE:
                    blockingConnectionPool.setPassivator(new ClosePassivator());
                    break;
                case BIND:
                    LOGGER.debug("Creating a bind passivator instance for the connection pool");
                    BindRequest bindRequest = new BindRequest();
                    bindRequest.setDn(abstractLdapProperties.getBindDn());
                    bindRequest.setCredential(new Credential(abstractLdapProperties.getBindCredential()));
                    blockingConnectionPool.setPassivator(new BindPassivator(bindRequest));
                    break;
            }
        }
        LOGGER.debug("Initializing ldap connection pool for {} and bindDn {}", abstractLdapProperties.getLdapUrl(), abstractLdapProperties.getBindDn());
        blockingConnectionPool.initialize();
        return blockingConnectionPool;
    }

    public static PooledConnectionFactory newPooledConnectionFactory(AbstractLdapProperties abstractLdapProperties) {
        return new PooledConnectionFactory(newBlockingConnectionPool(abstractLdapProperties));
    }

    public static Duration newDuration(long j) {
        return Duration.ofSeconds(j);
    }

    public static SearchRequest newSearchRequest(String str, SearchFilter searchFilter) {
        SearchRequest searchRequest = new SearchRequest(str, searchFilter);
        searchRequest.setBinaryAttributes(ReturnAttributes.ALL_USER.value());
        searchRequest.setReturnAttributes(ReturnAttributes.ALL_USER.value());
        searchRequest.setSearchScope(SearchScope.SUBTREE);
        return searchRequest;
    }

    public static SearchFilter newSearchFilter(String str, String... strArr) {
        SearchFilter searchFilter = new SearchFilter();
        searchFilter.setFilter(str);
        if (strArr != null) {
            for (int i = 0; i < strArr.length; i++) {
                if (searchFilter.getFilter().contains("{" + i + "}")) {
                    searchFilter.setParameter(i, strArr[i]);
                } else {
                    searchFilter.setParameter("user", strArr[i]);
                }
            }
        }
        LOGGER.debug("Constructed LDAP search filter [{}]", searchFilter.format());
        return searchFilter;
    }

    public static SearchExecutor newSearchExecutor(String str, String str2, String... strArr) {
        SearchExecutor searchExecutor = new SearchExecutor();
        searchExecutor.setBaseDn(str);
        searchExecutor.setSearchFilter(newSearchFilter(str2, strArr));
        searchExecutor.setReturnAttributes(ReturnAttributes.ALL.value());
        searchExecutor.setSearchScope(SearchScope.SUBTREE);
        return searchExecutor;
    }
}
