package pl.edu.icm.unity.ldap;

import eu.unicore.util.configuration.ConfigurationException;
import eu.unicore.util.configuration.DocumentationReferenceMeta;
import eu.unicore.util.configuration.DocumentationReferencePrefix;
import eu.unicore.util.configuration.PropertiesHelper;
import eu.unicore.util.configuration.PropertyMD;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import org.apache.log4j.Logger;
import pl.edu.icm.unity.ldap.LdapClientConfiguration;
import pl.edu.icm.unity.server.utils.Log;

/* loaded from: input_file:pl/edu/icm/unity/ldap/LdapProperties.class */
public class LdapProperties extends PropertiesHelper {

    @DocumentationReferencePrefix
    public static final String PREFIX = "ldap.";
    public static final String SERVERS = "servers.";
    public static final String PORTS = "ports.";
    public static final String SOCKET_TIMEOUT = "socketTimeout";
    public static final String FOLLOW_REFERRALS = "referralHopLimit";
    public static final String CONNECTION_MODE = "connectionMode";
    public static final String TLS_TRUST_ALL = "trustAllServerCertificates";
    public static final String BIND_AS = "bindAs";
    public static final String USER_DN_TEMPLATE = "userDNTemplate";
    public static final String USER_DN_SEARCH_KEY = "userDNSearchKey";
    public static final String BIND_ONLY = "authenticateOnly";
    public static final String ATTRIBUTES = "attributes.";
    public static final String SEARCH_TIME_LIMIT = "searchTimeLimit";
    public static final String VALID_USERS_FILTER = "validUsersFilter";
    public static final String MEMBER_OF_ATTRIBUTE = "memberOfAttribute";
    public static final String MEMBER_OF_GROUP_ATTRIBUTE = "memberOfGroupAttribute";
    public static final String SYSTEM_DN = "systemDN";
    public static final String SYSTEM_PASSWORD = "systemPassword";
    public static final String ADV_SEARCH_PFX = "additionalSearch.";
    public static final String ADV_SEARCH_ATTRIBUTES = "selectedAttributes";
    public static final String ADV_SEARCH_FILTER = "filter";
    public static final String ADV_SEARCH_BASE = "baseName";
    public static final String ADV_SEARCH_SCOPE = "scope";
    public static final String GROUPS_BASE_NAME = "groupsBaseName";
    public static final String GROUP_DEFINITION_PFX = "groups.";
    public static final String GROUP_DEFINITION_OC = "objectClass";
    public static final String GROUP_DEFINITION_MEMBER_ATTR = "memberAttribute";
    public static final String GROUP_DEFINITION_NAME_ATTR = "nameAttribute";
    public static final String GROUP_DEFINITION_MATCHBY_MEMBER_ATTR = "matchByMemberAttribute";
    public static final String TRUSTSTORE = "truststore";
    public static final String TRANSLATION_PROFILE = "translationProfile";
    private static final Logger log = Log.getLogger("unity.server.config", LdapProperties.class);

    @DocumentationReferenceMeta
    public static final Map<String, PropertyMD> META = new HashMap();

    /* loaded from: input_file:pl/edu/icm/unity/ldap/LdapProperties$BindAs.class */
    public enum BindAs {
        user,
        system
    }

    /* loaded from: input_file:pl/edu/icm/unity/ldap/LdapProperties$SearchScope.class */
    public enum SearchScope {
        one(com.unboundid.ldap.sdk.SearchScope.ONE),
        sub(com.unboundid.ldap.sdk.SearchScope.SUB),
        base(com.unboundid.ldap.sdk.SearchScope.BASE),
        subordinate(com.unboundid.ldap.sdk.SearchScope.SUBORDINATE_SUBTREE);

        com.unboundid.ldap.sdk.SearchScope rScope;

        SearchScope(com.unboundid.ldap.sdk.SearchScope searchScope) {
            this.rScope = searchScope;
        }

        public com.unboundid.ldap.sdk.SearchScope getInternalScope() {
            return this.rScope;
        }
    }

    public LdapProperties(Properties properties) throws ConfigurationException {
        super(PREFIX, properties, META, log);
    }

    public Properties getProperties() {
        return this.properties;
    }

    static {
        PropertyMD.DocumentationCategory documentationCategory = new PropertyMD.DocumentationCategory("General settings", "1");
        PropertyMD.DocumentationCategory documentationCategory2 = new PropertyMD.DocumentationCategory("Group retrieval settings", "3");
        PropertyMD.DocumentationCategory documentationCategory3 = new PropertyMD.DocumentationCategory("Advanced attribute search settings", "5");
        META.put(SERVERS, new PropertyMD().setList(true).setCategory(documentationCategory).setDescription("List of redundant LDAP server hostnames. Use only one if there is no redundancy."));
        META.put(PORTS, new PropertyMD().setList(true).setCategory(documentationCategory).setDescription("List of redundant LDAP server ports. The ports must match their corresponding servers."));
        META.put(CONNECTION_MODE, new PropertyMD(LdapClientConfiguration.ConnectionMode.plain).setCategory(documentationCategory).setDescription("It can be controlled whether a connection to teh server should be made using a plain socket, over SSL socketor over a socket with START TLS after handshake."));
        META.put(TLS_TRUST_ALL, new PropertyMD("false").setCategory(documentationCategory).setDescription("Used only when TLS mode is enabled. If true then the secured TLS protocol will accept any server's certificate. If false - then the truststore must be configured."));
        META.put(SOCKET_TIMEOUT, new PropertyMD("30000").setNonNegative().setCategory(documentationCategory).setDescription("Number of milliseconds the network operations (connect and read) are allowed to lasts. Set to 0 to disable the limit."));
        META.put(FOLLOW_REFERRALS, new PropertyMD("2").setNonNegative().setCategory(documentationCategory).setDescription("Number of referrals to follow. Set to 0 to disable following referrals."));
        META.put(BIND_AS, new PropertyMD(BindAs.user).setCategory(documentationCategory).setDescription("Fundamental setting controlling how Unity interacts with the LDAP server. By default Unity binds to the LDAP server _as the user_ who is being authenticated by Unity. This may be changed to use a predefined user ('system or unity user') and password. Then the credentials provided by the user are only compared if are genuine, but all searches (and LDAP authorization) is run as the designated system user. In this mode, the system user's DN, password and user's password attribute must be configured."));
        META.put(USER_DN_TEMPLATE, new PropertyMD().setCategory(documentationCategory).setDescription("Template of a DN of the user that should be used to log in. The tempalte must possess a single occurence of a special string: '\\{USERNAME\\}'. The username provided by the client will be substituted. Mutually exclusive with userDNTemplate and at least one of them must be defined."));
        META.put(USER_DN_SEARCH_KEY, new PropertyMD().setCategory(documentationCategory).setDescription("A key of one of the advanced search definitions. The search must be defined and must return a single entry. The DN of this entry will be treated as a DN of the user being authenticated. This is useful when the username is not present in the user's DN or when users can have different DN templates. Using this mode is slower then userDNTemplate. Mutually exclusive with userDNTemplate and at least one of them must be defined. To use this mode the systemDN and systemPassword must be also set to run the initial search."));
        META.put(BIND_ONLY, new PropertyMD("false").setCategory(documentationCategory).setDescription("If true then the user is only authenticated and no LDAP attributes (including groups) are collected for the user. This is much faster but maximally limits an information imported to Unity."));
        META.put(ATTRIBUTES, new PropertyMD().setList(false).setCategory(documentationCategory).setDescription("List of attributes to be retrieved. If the list is empty then all available attributes are fetched."));
        META.put(SEARCH_TIME_LIMIT, new PropertyMD("60").setCategory(documentationCategory).setDescription("Amount of time (in seconds) for which a search query may be executed. Note that depending on configuration there might be up to two queries performed per a single authentication. The LDAP server might have more strict limit."));
        META.put(SYSTEM_DN, new PropertyMD().setCategory(documentationCategory).setDescription("Relevant and mandatory only if bindAs is set to " + BindAs.system + ". The value must be the DN of the system user to authenticate as before performing any queries."));
        META.put(SYSTEM_PASSWORD, new PropertyMD().setCategory(documentationCategory).setDescription("Relevant and mandatory only if bindAs is set to " + BindAs.system + ". The value must be the password of the system user to authenticate as before performing any queries."));
        META.put(GROUPS_BASE_NAME, new PropertyMD().setCategory(documentationCategory2).setDescription("Base DN under which all groups are defined. Groups need not to be immediatelly under this DN. If not defined, then groups are not searched for the membership of the user."));
        META.put(GROUP_DEFINITION_PFX, new PropertyMD().setStructuredList(true).setCategory(documentationCategory2).setDescription("Group definitions should be defined under this prefix."));
        META.put(GROUP_DEFINITION_OC, new PropertyMD().setMandatory().setCategory(documentationCategory2).setStructuredListEntry(GROUP_DEFINITION_PFX).setDescription("Object class of the group."));
        META.put(GROUP_DEFINITION_MEMBER_ATTR, new PropertyMD().setCategory(documentationCategory2).setMandatory().setStructuredListEntry(GROUP_DEFINITION_PFX).setDescription("Group's entry attribute with group members. Usually something like 'member'."));
        META.put(GROUP_DEFINITION_NAME_ATTR, new PropertyMD().setCategory(documentationCategory2).setStructuredListEntry(GROUP_DEFINITION_PFX).setDescription("Group's entry attribute with group's name. If undefined then the whole DN is used."));
        META.put(GROUP_DEFINITION_MATCHBY_MEMBER_ATTR, new PropertyMD().setCategory(documentationCategory2).setStructuredListEntry(GROUP_DEFINITION_PFX).setDescription("If this attribute is defined then it is assumed thet the members in the group entry are given with values of a single attribute (e.g. uid), not with their full DNs. This property defines this attribute (should be present on the user's entry for which groups are searched)."));
        META.put(VALID_USERS_FILTER, new PropertyMD().setCategory(documentationCategory).setDescription("Standard LDAP filter of valid users. Even the users who can authenticate but are not matching this filter will have access denied. IMPORTANT: if the 'authenticateOnly' mode is turned on, this setting is ignored."));
        META.put(MEMBER_OF_ATTRIBUTE, new PropertyMD().setCategory(documentationCategory2).setDescription("User's attribute name which contains groups of the user, usually something like 'memberOf'. If not defined then groups are not extracted from the user's entry (but might be retrieved by scanning all groups in the LDAP tree)."));
        META.put(MEMBER_OF_GROUP_ATTRIBUTE, new PropertyMD().setCategory(documentationCategory2).setDescription("If user's attributes are read from 'memberOf' (or alike) attribute, then this property may be used to extract the actual group name from its DN. If undefined then the DN will be used as group's name. If defined then the group's name will be the value of the attribute in the group's DN with a name defined here."));
        META.put(ADV_SEARCH_PFX, new PropertyMD().setStructuredList(false).setCategory(documentationCategory3).setDescription("Advanced attribute searches can be defined with this prefix."));
        META.put(ADV_SEARCH_BASE, new PropertyMD().setStructuredListEntry(ADV_SEARCH_PFX).setMandatory().setCategory(documentationCategory3).setDescription("Base DN for the search.  The value can include a specialstring: '\\{USERNAME\\}'. The username provided by the client will be substituted."));
        META.put(ADV_SEARCH_FILTER, new PropertyMD().setStructuredListEntry(ADV_SEARCH_PFX).setMandatory().setCategory(documentationCategory3).setDescription("Filter in LDAP syntax, to match requested entries. The filter can include a specialstring: '\\{USERNAME\\}'. The username provided by the client will be substituted."));
        META.put(ADV_SEARCH_ATTRIBUTES, new PropertyMD().setStructuredListEntry(ADV_SEARCH_PFX).setCategory(documentationCategory3).setDescription("Space separated list of attributes to be searched. Attributes from the query will have all values unified from all returned entries by the query.Duplicate values will be removed and finally attributes will be added to the set of the standard attributes of the principal."));
        META.put(ADV_SEARCH_SCOPE, new PropertyMD(SearchScope.sub).setStructuredListEntry(ADV_SEARCH_PFX).setCategory(documentationCategory3).setDescription("LDAP search scope to be used for this search."));
        META.put(TRANSLATION_PROFILE, new PropertyMD().setMandatory().setCategory(documentationCategory).setDescription("Name of a translation profile, which will be used to map remotely obtained attributes and identity to the local counterparts. The profile should at least map the remote identity."));
        META.put(TRUSTSTORE, new PropertyMD().setCategory(documentationCategory).setDescription("Truststore name used to configure client's trust settings for the TLS connections."));
    }
}
