package org.graylog2.rest.resources.system.ldap;

import com.codahale.metrics.annotation.Timed;
import com.google.common.collect.Maps;
import java.io.IOException;
import java.net.URI;
import java.util.HashMap;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.directory.api.ldap.model.cursor.CursorException;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.graylog2.database.ValidationException;
import org.graylog2.rest.documentation.annotations.Api;
import org.graylog2.rest.documentation.annotations.ApiOperation;
import org.graylog2.rest.documentation.annotations.ApiParam;
import org.graylog2.rest.resources.RestResource;
import org.graylog2.rest.resources.system.ldap.requests.LdapSettingsRequest;
import org.graylog2.rest.resources.system.ldap.requests.LdapTestConfigRequest;
import org.graylog2.rest.resources.system.ldap.responses.LdapTestConfigResponse;
import org.graylog2.security.RestPermissions;
import org.graylog2.security.TrustAllX509TrustManager;
import org.graylog2.security.ldap.LdapConnector;
import org.graylog2.security.ldap.LdapEntry;
import org.graylog2.security.ldap.LdapSettings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RequiresAuthentication
@RequiresPermissions({RestPermissions.LDAP_EDIT})
@Path("/system/ldap")
@Api(value = "System/LDAP", description = "LDAP settings")
/* loaded from: input_file:org/graylog2/rest/resources/system/ldap/LdapResource.class */
public class LdapResource extends RestResource {
    private static final Logger log = LoggerFactory.getLogger(LdapResource.class);

    @GET
    @Path("/settings")
    @Timed
    @ApiOperation("Get the LDAP configuration if it is configured")
    @Produces({MediaType.APPLICATION_JSON})
    public Response getLdapSettings() {
        LdapSettings load = LdapSettings.load(this.core);
        if (load == null) {
            return Response.noContent().build();
        }
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("enabled", Boolean.valueOf(load.isEnabled()));
        newHashMap.put(LdapSettings.SYSTEM_USERNAME, load.getSystemUserName());
        newHashMap.put(LdapSettings.SYSTEM_PASSWORD, load.getSystemPassword());
        newHashMap.put(LdapSettings.LDAP_URI, load.getUri());
        newHashMap.put(LdapSettings.SEARCH_BASE, load.getSearchBase());
        newHashMap.put("search_pattern", load.getSearchPattern());
        newHashMap.put("display_name_attribute", load.getDisplayNameAttribute());
        newHashMap.put(LdapSettings.ACTIVE_DIRECTORY, Boolean.valueOf(load.isActiveDirectory()));
        newHashMap.put(LdapSettings.USE_START_TLS, Boolean.valueOf(load.isUseStartTls()));
        newHashMap.put(LdapSettings.TRUST_ALL_CERTS, Boolean.valueOf(load.isTrustAllCertificates()));
        newHashMap.put("default_group", load.getDefaultGroup());
        return Response.ok(json(newHashMap)).build();
    }

    @Path("/test")
    @Timed
    @ApiOperation("Test LDAP Configuration")
    @Consumes({MediaType.APPLICATION_JSON})
    @POST
    @Produces({MediaType.APPLICATION_JSON})
    public LdapTestConfigResponse testLdapConfiguration(@ApiParam(title = "Configuration to test", required = true) LdapTestConfigRequest ldapTestConfigRequest) {
        LdapTestConfigResponse ldapTestConfigResponse = new LdapTestConfigResponse();
        LdapConnector ldapConnector = this.core.getLdapConnector();
        LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
        URI uri = ldapTestConfigRequest.ldapUri;
        ldapConnectionConfig.setLdapHost(uri.getHost());
        ldapConnectionConfig.setLdapPort(uri.getPort());
        ldapConnectionConfig.setUseSsl(uri.getScheme().startsWith("ldaps"));
        ldapConnectionConfig.setUseTls(ldapTestConfigRequest.useStartTls);
        if (ldapTestConfigRequest.trustAllCertificates) {
            ldapConnectionConfig.setTrustManagers(new TrustAllX509TrustManager());
        }
        if (ldapTestConfigRequest.systemUsername != null && !ldapTestConfigRequest.systemUsername.isEmpty()) {
            ldapConnectionConfig.setName(ldapTestConfigRequest.systemUsername);
            ldapConnectionConfig.setCredentials(ldapTestConfigRequest.systemPassword);
        }
        try {
            LdapNetworkConnection connect = ldapConnector.connect(ldapConnectionConfig);
            ldapTestConfigResponse.connected = connect.isConnected();
            ldapTestConfigResponse.systemAuthenticated = connect.isAuthenticated();
            if (ldapTestConfigRequest.testConnectOnly) {
                return ldapTestConfigResponse;
            }
            String str = null;
            try {
                LdapEntry search = ldapConnector.search(connect, ldapTestConfigRequest.searchBase, ldapTestConfigRequest.searchPattern, ldapTestConfigRequest.principal, ldapTestConfigRequest.activeDirectory);
                if (search != null) {
                    str = search.getDn();
                    ldapTestConfigResponse.entry = search.getAttributes();
                }
            } catch (CursorException e) {
                ldapTestConfigResponse.entry = null;
                ldapTestConfigResponse.exception = e.getMessage();
            } catch (LdapException e2) {
                ldapTestConfigResponse.entry = null;
                ldapTestConfigResponse.exception = e2.getMessage();
            }
            try {
                ldapTestConfigResponse.loginAuthenticated = ldapConnector.authenticate(connect, str, ldapTestConfigRequest.password);
            } catch (Exception e3) {
                ldapTestConfigResponse.loginAuthenticated = false;
                ldapTestConfigResponse.exception = e3.getMessage();
            }
            return ldapTestConfigResponse;
        } catch (LdapException e4) {
            ldapTestConfigResponse.exception = e4.getMessage();
            ldapTestConfigResponse.connected = false;
            ldapTestConfigResponse.systemAuthenticated = false;
            return ldapTestConfigResponse;
        }
    }

    @Path("/settings")
    @Timed
    @ApiOperation("Update the LDAP configuration")
    @Consumes({MediaType.APPLICATION_JSON})
    @PUT
    public Response updateLdapSettings(@ApiParam(title = "JSON body", required = true) String str) {
        try {
            LdapSettingsRequest ldapSettingsRequest = (LdapSettingsRequest) this.objectMapper.readValue(str, LdapSettingsRequest.class);
            LdapSettings load = LdapSettings.load(this.core);
            if (load == null) {
                load = new LdapSettings(this.core);
            }
            load.setSystemUsername(ldapSettingsRequest.systemUsername);
            load.setSystemPassword(ldapSettingsRequest.systemPassword);
            load.setUri(ldapSettingsRequest.ldapUri);
            load.setUseStartTls(ldapSettingsRequest.useStartTls);
            load.setTrustAllCertificates(ldapSettingsRequest.trustAllCertificates);
            load.setActiveDirectory(ldapSettingsRequest.activeDirectory);
            load.setSearchPattern(ldapSettingsRequest.searchPattern);
            load.setSearchBase(ldapSettingsRequest.searchBase);
            load.setEnabled(ldapSettingsRequest.enabled);
            load.setDisplayNameAttribute(ldapSettingsRequest.displayNameAttribute);
            load.setDefaultGroup(ldapSettingsRequest.defaultGroup);
            try {
                load.save();
                this.core.getLdapAuthenticator().applySettings(load);
                return Response.noContent().build();
            } catch (ValidationException e) {
                log.error("Invalid LDAP settings, not updated!", (Throwable) e);
                throw new WebApplicationException(e, Response.Status.BAD_REQUEST);
            }
        } catch (IOException e2) {
            log.error("Error while parsing JSON", (Throwable) e2);
            throw new WebApplicationException(e2, Response.Status.BAD_REQUEST);
        }
    }

    @Path("/settings")
    @Timed
    @ApiOperation("Remove the LDAP configuration")
    @DELETE
    public Response deleteLdapSettings() {
        LdapSettings.delete(this.core);
        return Response.noContent().build();
    }
}
