package com.evolveum.midpoint.web.boot;

import com.evolveum.midpoint.model.api.authentication.MidPointLdapAuthenticationProvider;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.authentication.BindAuthenticator;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;

@Profile({"ldap"})
@Configuration
/* loaded from: input_file:com/evolveum/midpoint/web/boot/LdapSecurityConfig.class */
public class LdapSecurityConfig {

    @Value("${auth.ldap.host}")
    private String ldapHost;

    @Value("${auth.ldap.manager:}")
    private String ldapUserDn;

    @Value("${auth.ldap.password:#{null}}")
    private String ldapUserPassword;

    @Value("${auth.ldap.dn.pattern:#{null}}")
    private String ldapDnPattern;

    @Value("${auth.ldap.search.pattern:#{null}}")
    private String ldapSearchPattern;

    @Value("${auth.ldap.search.subtree:true}")
    private boolean searchSubtree;

    @Bean
    public LdapContextSource contextSource() {
        DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(this.ldapHost);
        defaultSpringSecurityContextSource.setUserDn(this.ldapUserDn);
        defaultSpringSecurityContextSource.setPassword(this.ldapUserPassword);
        return defaultSpringSecurityContextSource;
    }

    @Bean
    public MidPointLdapAuthenticationProvider midPointAuthenticationProvider(@Qualifier("userDetailsService") UserDetailsContextMapper userDetailsContextMapper) {
        MidPointLdapAuthenticationProvider midPointLdapAuthenticationProvider = new MidPointLdapAuthenticationProvider(bindAuthenticator());
        midPointLdapAuthenticationProvider.setUserDetailsContextMapper(userDetailsContextMapper);
        return midPointLdapAuthenticationProvider;
    }

    @Bean
    public BindAuthenticator bindAuthenticator() {
        BindAuthenticator bindAuthenticator = new BindAuthenticator(contextSource());
        if (StringUtils.isNotEmpty(this.ldapDnPattern)) {
            bindAuthenticator.setUserDnPatterns(new String[]{this.ldapDnPattern});
        }
        if (StringUtils.isNotEmpty(this.ldapSearchPattern)) {
            bindAuthenticator.setUserSearch(userSearch());
        }
        return bindAuthenticator;
    }

    @ConditionalOnProperty({"auth.ldap.search.pattern"})
    @Bean
    public FilterBasedLdapUserSearch userSearch() {
        FilterBasedLdapUserSearch filterBasedLdapUserSearch = new FilterBasedLdapUserSearch("", this.ldapSearchPattern, contextSource());
        filterBasedLdapUserSearch.setSearchSubtree(this.searchSubtree);
        return filterBasedLdapUserSearch;
    }
}
