package com.evolveum.midpoint.authentication.impl.factory.module;

import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.impl.filter.ldap.MidpointPrincipalContextMapper;
import com.evolveum.midpoint.authentication.impl.module.authentication.LdapModuleAuthentication;
import com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl;
import com.evolveum.midpoint.authentication.impl.module.configuration.LdapModuleWebSecurityConfiguration;
import com.evolveum.midpoint.authentication.impl.module.configurer.LdapWebSecurityConfigurer;
import com.evolveum.midpoint.authentication.impl.provider.MidPointLdapAuthenticationProvider;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.crypto.Protector;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractAuthenticationModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.LdapAuthenticationModuleType;
import jakarta.servlet.ServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.authentication.BindAuthenticator;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/evolveum/midpoint/authentication/impl/factory/module/LdapModuleFactory.class */
public class LdapModuleFactory extends AbstractModuleFactory<LdapModuleWebSecurityConfiguration, LdapWebSecurityConfigurer, LdapAuthenticationModuleType, ModuleAuthenticationImpl> {
    private static final Trace LOGGER = TraceManager.getTrace(LdapModuleFactory.class);

    @Autowired
    private Protector protector;

    @Override // com.evolveum.midpoint.authentication.impl.factory.module.AbstractModuleFactory
    public boolean match(AbstractAuthenticationModuleType abstractAuthenticationModuleType, AuthenticationChannel authenticationChannel) {
        return abstractAuthenticationModuleType instanceof LdapAuthenticationModuleType;
    }

    /* renamed from: createModuleConfigurer, reason: avoid collision after fix types in other method */
    protected LdapWebSecurityConfigurer createModuleConfigurer2(LdapAuthenticationModuleType ldapAuthenticationModuleType, String str, AuthenticationChannel authenticationChannel, ObjectPostProcessor<Object> objectPostProcessor, ServletRequest servletRequest) {
        return new LdapWebSecurityConfigurer(ldapAuthenticationModuleType, str, authenticationChannel, objectPostProcessor, servletRequest, getProvider(ldapAuthenticationModuleType));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.factory.module.AbstractModuleFactory
    public ModuleAuthenticationImpl createEmptyModuleAuthentication(LdapAuthenticationModuleType ldapAuthenticationModuleType, LdapModuleWebSecurityConfiguration ldapModuleWebSecurityConfiguration, AuthenticationSequenceModuleType authenticationSequenceModuleType, ServletRequest servletRequest) {
        LdapModuleAuthentication ldapModuleAuthentication = new LdapModuleAuthentication(authenticationSequenceModuleType);
        ldapModuleAuthentication.setPrefix(ldapModuleWebSecurityConfiguration.getPrefixOfModule());
        if (ldapAuthenticationModuleType.getSearch() != null) {
            ldapModuleAuthentication.setNamingAttribute(ldapAuthenticationModuleType.getSearch().getNamingAttr());
        }
        ldapModuleAuthentication.setNameOfModule(ldapModuleWebSecurityConfiguration.getModuleIdentifier());
        return ldapModuleAuthentication;
    }

    private AuthenticationProvider getProvider(LdapAuthenticationModuleType ldapAuthenticationModuleType) {
        DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(ldapAuthenticationModuleType.getHost());
        defaultSpringSecurityContextSource.setUserDn(ldapAuthenticationModuleType.getUserDn());
        try {
            if (ldapAuthenticationModuleType.getUserPassword() != null) {
                defaultSpringSecurityContextSource.setPassword(this.protector.decryptString(ldapAuthenticationModuleType.getUserPassword()));
            }
        } catch (EncryptionException e) {
            LOGGER.error("Couldn't obtain clear string for configuration of LDAP user password from " + ldapAuthenticationModuleType.getUserPassword());
        }
        getObjectObjectPostProcessor().postProcess(defaultSpringSecurityContextSource);
        BindAuthenticator bindAuthenticator = new BindAuthenticator(defaultSpringSecurityContextSource);
        if (StringUtils.isNotEmpty(ldapAuthenticationModuleType.getDnPattern())) {
            bindAuthenticator.setUserDnPatterns(new String[]{ldapAuthenticationModuleType.getDnPattern()});
        }
        if (ldapAuthenticationModuleType.getSearch() != null) {
            FilterBasedLdapUserSearch filterBasedLdapUserSearch = new FilterBasedLdapUserSearch("", ldapAuthenticationModuleType.getSearch().getPattern(), defaultSpringSecurityContextSource);
            if (ldapAuthenticationModuleType.getSearch().isSubtree() != null) {
                filterBasedLdapUserSearch.setSearchSubtree(ldapAuthenticationModuleType.getSearch().isSubtree().booleanValue());
            }
            getObjectObjectPostProcessor().postProcess(filterBasedLdapUserSearch);
            bindAuthenticator.setUserSearch(filterBasedLdapUserSearch);
        }
        getObjectObjectPostProcessor().postProcess(bindAuthenticator);
        MidPointLdapAuthenticationProvider midPointLdapAuthenticationProvider = new MidPointLdapAuthenticationProvider(bindAuthenticator);
        midPointLdapAuthenticationProvider.setUserDetailsContextMapper((UserDetailsContextMapper) getObjectObjectPostProcessor().postProcess(new MidpointPrincipalContextMapper()));
        getObjectObjectPostProcessor().postProcess(midPointLdapAuthenticationProvider.getAuthenticatorProvider());
        getObjectObjectPostProcessor().postProcess(midPointLdapAuthenticationProvider);
        return midPointLdapAuthenticationProvider;
    }

    @Override // com.evolveum.midpoint.authentication.impl.factory.module.AbstractModuleFactory
    protected /* bridge */ /* synthetic */ LdapWebSecurityConfigurer createModuleConfigurer(LdapAuthenticationModuleType ldapAuthenticationModuleType, String str, AuthenticationChannel authenticationChannel, ObjectPostProcessor objectPostProcessor, ServletRequest servletRequest) {
        return createModuleConfigurer2(ldapAuthenticationModuleType, str, authenticationChannel, (ObjectPostProcessor<Object>) objectPostProcessor, servletRequest);
    }
}
