package pl.edu.icm.unity.ldap;

import com.unboundid.ldap.sdk.DereferencePolicy;
import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.SearchScope;
import eu.emi.security.authn.x509.X509CertChainValidator;
import eu.emi.security.authn.x509.helpers.BinaryCertChainValidator;
import eu.unicore.util.configuration.ConfigurationException;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.ldap.LdapProperties;
import pl.edu.icm.unity.server.api.PKIManagement;

/* loaded from: input_file:pl/edu/icm/unity/ldap/LdapClientConfiguration.class */
public class LdapClientConfiguration {
    private LdapProperties ldapProperties;
    public static final String USERNAME_TOKEN = "{USERNAME}";
    private String[] servers;
    private int[] ports;
    private String[] queriedAttributes;
    private String bindTemplate;
    private SearchSpecification searchUserQuery;
    private List<GroupSpecification> groups;
    private Filter validUsersFilter;
    private X509CertChainValidator connectionValidator;
    private List<SearchSpecification> extraSearches;
    private boolean bindAsUser;
    private String systemDN;
    private String systemPassword;
    private String userPasswordAttribute;

    /* loaded from: input_file:pl/edu/icm/unity/ldap/LdapClientConfiguration$ConnectionMode.class */
    public enum ConnectionMode {
        plain,
        SSL,
        startTLS
    }

    public LdapClientConfiguration(LdapProperties ldapProperties, PKIManagement pKIManagement) {
        this.ldapProperties = ldapProperties;
        List listOfValues = ldapProperties.getListOfValues(LdapProperties.SERVERS);
        this.servers = (String[]) listOfValues.toArray(new String[listOfValues.size()]);
        List listOfValues2 = ldapProperties.getListOfValues(LdapProperties.PORTS);
        this.ports = new int[listOfValues2.size()];
        for (int i = 0; i < listOfValues2.size(); i++) {
            try {
                this.ports[i] = Integer.parseInt((String) listOfValues2.get(i));
                if (this.ports[i] > 65535 || this.ports[i] < 1) {
                    throw new ConfigurationException("LDAP server port is out of range: " + ((String) listOfValues2.get(i)));
                }
            } catch (NumberFormatException e) {
                throw new ConfigurationException("LDAP server port is not a number: " + ((String) listOfValues2.get(i)));
            }
        }
        if (this.servers.length != this.ports.length) {
            throw new ConfigurationException("LDAP server ports number is not equal the number of servers.");
        }
        if (!(ldapProperties.isSet(LdapProperties.USER_DN_TEMPLATE) ^ ldapProperties.isSet(LdapProperties.USER_DN_SEARCH_KEY))) {
            throw new ConfigurationException("One and only one of " + ldapProperties.getKeyDescription(LdapProperties.USER_DN_SEARCH_KEY) + " and " + ldapProperties.getKeyDescription(LdapProperties.USER_DN_TEMPLATE) + " must be defined");
        }
        String str = null;
        if (!ldapProperties.isSet(LdapProperties.USER_DN_SEARCH_KEY)) {
            this.bindTemplate = ldapProperties.getValue(LdapProperties.USER_DN_TEMPLATE);
            if (!this.bindTemplate.contains(USERNAME_TOKEN)) {
                throw new ConfigurationException("DN template doesn't contain the mandatory token {USERNAME}: " + this.bindTemplate);
            }
        } else {
            if (!ldapProperties.isSet(LdapProperties.SYSTEM_DN) || !ldapProperties.isSet(LdapProperties.SYSTEM_PASSWORD)) {
                throw new ConfigurationException("To search for users with " + ldapProperties.getKeyDescription(LdapProperties.USER_DN_SEARCH_KEY) + " system credentials must be defined");
            }
            str = LdapProperties.ADV_SEARCH_PFX + ldapProperties.getValue(LdapProperties.USER_DN_SEARCH_KEY) + ".";
            if (!ldapProperties.getStructuredListKeys(LdapProperties.ADV_SEARCH_PFX).contains(str)) {
                throw new ConfigurationException("A search with the key " + str + " used for searching users is not defined");
            }
        }
        List listOfValues3 = ldapProperties.getListOfValues(LdapProperties.ATTRIBUTES);
        this.queriedAttributes = (String[]) listOfValues3.toArray(new String[listOfValues3.size()]);
        this.bindAsUser = true;
        if (ldapProperties.getEnumValue(LdapProperties.BIND_AS, LdapProperties.BindAs.class) == LdapProperties.BindAs.system) {
            this.bindAsUser = false;
            this.systemDN = ldapProperties.getValue(LdapProperties.SYSTEM_DN);
            this.systemPassword = ldapProperties.getValue(LdapProperties.SYSTEM_PASSWORD);
            if (this.systemDN == null || this.systemPassword == null) {
                throw new ConfigurationException("When binding as system all system DN and password name must be configured.");
            }
        }
        Set<String> structuredListKeys = ldapProperties.getStructuredListKeys(LdapProperties.GROUP_DEFINITION_PFX);
        this.groups = new ArrayList(structuredListKeys.size());
        for (String str2 : structuredListKeys) {
            GroupSpecification groupSpecification = new GroupSpecification();
            groupSpecification.setGroupNameAttribute(ldapProperties.getValue(str2 + LdapProperties.GROUP_DEFINITION_NAME_ATTR));
            groupSpecification.setMatchByMemberAttribute(ldapProperties.getValue(str2 + LdapProperties.GROUP_DEFINITION_MATCHBY_MEMBER_ATTR));
            groupSpecification.setMemberAttribute(ldapProperties.getValue(str2 + LdapProperties.GROUP_DEFINITION_MEMBER_ATTR));
            groupSpecification.setObjectClass(ldapProperties.getValue(str2 + LdapProperties.GROUP_DEFINITION_OC));
            this.groups.add(groupSpecification);
        }
        try {
            String value = ldapProperties.getValue(LdapProperties.VALID_USERS_FILTER);
            this.validUsersFilter = value == null ? Filter.create("objectclass=*") : Filter.create(value);
            if (getConnectionMode() != ConnectionMode.plain) {
                if (ldapProperties.getBooleanValue(LdapProperties.TLS_TRUST_ALL).booleanValue()) {
                    this.connectionValidator = new BinaryCertChainValidator(true);
                } else {
                    try {
                        this.connectionValidator = pKIManagement.getValidator(ldapProperties.getValue(LdapProperties.TRUSTSTORE));
                    } catch (EngineException e2) {
                        throw new ConfigurationException("Can't load certificate validator for the ldap client", e2);
                    }
                }
            }
            Set<String> structuredListKeys2 = ldapProperties.getStructuredListKeys(LdapProperties.ADV_SEARCH_PFX);
            this.extraSearches = new ArrayList(structuredListKeys2.size());
            for (String str3 : structuredListKeys2) {
                SearchSpecification searchSpecification = new SearchSpecification();
                String value2 = ldapProperties.getValue(str3 + LdapProperties.ADV_SEARCH_FILTER);
                try {
                    searchSpecification.setFilter(value2);
                    searchSpecification.setBaseDN(ldapProperties.getValue(str3 + LdapProperties.ADV_SEARCH_BASE));
                    String value3 = ldapProperties.getValue(str3 + LdapProperties.ADV_SEARCH_ATTRIBUTES);
                    searchSpecification.setAttributes(value3 != null ? value3.split("[ ]+") : new String[0]);
                    searchSpecification.setScope((LdapProperties.SearchScope) ldapProperties.getEnumValue(str3 + LdapProperties.ADV_SEARCH_SCOPE, LdapProperties.SearchScope.class));
                    this.extraSearches.add(searchSpecification);
                    if (str != null && str.equals(str3)) {
                        this.searchUserQuery = searchSpecification;
                    }
                } catch (LDAPException e3) {
                    throw new ConfigurationException("The additional search query '" + str3 + "' filter is invalid: " + value2, e3);
                }
            }
        } catch (LDAPException e4) {
            throw new ConfigurationException("Valid users filter is invalid.", e4);
        }
    }

    public String[] getServers() {
        return this.servers;
    }

    public int[] getPorts() {
        return this.ports;
    }

    public String getBindDN(String str) {
        return this.bindTemplate.replace(USERNAME_TOKEN, LdapUnsafeArgsEscaper.escapeForUseAsDN(str));
    }

    public SearchSpecification getSearchForUserSpec() {
        return this.searchUserQuery;
    }

    public boolean isBindOnly() {
        return this.ldapProperties.getBooleanValue(LdapProperties.BIND_ONLY).booleanValue();
    }

    public String[] getQueriedAttributes() {
        return this.queriedAttributes;
    }

    public SearchScope getSearchScope() {
        return SearchScope.SUB;
    }

    public int getSearchTimeLimit() {
        return this.ldapProperties.getIntValue(LdapProperties.SEARCH_TIME_LIMIT).intValue();
    }

    public int getAttributesLimit() {
        return 1000;
    }

    public DereferencePolicy getDereferencePolicy() {
        return DereferencePolicy.ALWAYS;
    }

    public Filter getValidUsersFilter() {
        return this.validUsersFilter;
    }

    public String getGroupsBaseName() {
        return this.ldapProperties.getValue(LdapProperties.GROUPS_BASE_NAME);
    }

    public List<GroupSpecification> getGroupSpecifications() {
        return this.groups;
    }

    public static String getUsernameToken() {
        return USERNAME_TOKEN;
    }

    public List<SearchSpecification> getExtraSearches() {
        return this.extraSearches;
    }

    public String getMemberOfAttribute() {
        return this.ldapProperties.getValue(LdapProperties.MEMBER_OF_ATTRIBUTE);
    }

    public String getMemberOfGroupAttribute() {
        return this.ldapProperties.getValue(LdapProperties.MEMBER_OF_GROUP_ATTRIBUTE);
    }

    public int getSocketConnectTimeout() {
        return this.ldapProperties.getIntValue(LdapProperties.SOCKET_TIMEOUT).intValue();
    }

    public int getSocketReadTimeout() {
        return this.ldapProperties.getIntValue(LdapProperties.SOCKET_TIMEOUT).intValue();
    }

    public int getReferralHopCount() {
        return this.ldapProperties.getIntValue(LdapProperties.FOLLOW_REFERRALS).intValue();
    }

    public boolean isFollowReferral() {
        return getReferralHopCount() == 0;
    }

    public ConnectionMode getConnectionMode() {
        return (ConnectionMode) this.ldapProperties.getEnumValue(LdapProperties.CONNECTION_MODE, ConnectionMode.class);
    }

    public X509CertChainValidator getTlsValidator() {
        return this.connectionValidator;
    }

    public boolean isBindAsUser() {
        return this.bindAsUser;
    }

    public String getSystemDN() {
        return this.systemDN;
    }

    public String getSystemPassword() {
        return this.systemPassword;
    }

    public String getUserPasswordAttribute() {
        return this.userPasswordAttribute;
    }
}
