package org.springframework.security.config.annotation.authentication.configurers.ldap;

import de.digitalcollections.model.security.Role;
import java.io.IOException;
import java.net.ServerSocket;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.authentication.ProviderManagerBuilder;
import org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.authentication.BindAuthenticator;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.authentication.LdapAuthenticator;
import org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.ldap.search.LdapUserSearch;
import org.springframework.security.ldap.server.ApacheDSContainer;
import org.springframework.security.ldap.server.UnboundIdContainer;
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
import org.springframework.util.Assert;
import org.springframework.util.ClassUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.0.2.jar:org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.class */
public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuilder<B>> extends SecurityConfigurerAdapter<AuthenticationManager, B> {
    private static final String APACHEDS_CLASSNAME = "org.apache.directory.server.core.DefaultDirectoryService";
    private static final String UNBOUNDID_CLASSNAME = "com.unboundid.ldap.listener.InMemoryDirectoryServer";
    private static final boolean apacheDsPresent;
    private static final boolean unboundIdPresent;
    private String[] userDnPatterns;
    private BaseLdapPathContextSource contextSource;
    private UserDetailsContextMapper userDetailsContextMapper;
    private PasswordEncoder passwordEncoder;
    private String passwordAttribute;
    private LdapAuthoritiesPopulator ldapAuthoritiesPopulator;
    private GrantedAuthoritiesMapper authoritiesMapper;
    private String groupRoleAttribute = "cn";
    private String groupSearchBase = "";
    private boolean groupSearchSubtree = false;
    private String groupSearchFilter = LdapUserServiceBeanDefinitionParser.DEF_GROUP_SEARCH_FILTER;
    private String rolePrefix = Role.PREFIX;
    private String userSearchBase = "";
    private String userSearchFilter = null;
    private LdapAuthenticationProviderConfigurer<B>.ContextSourceBuilder contextSourceBuilder = new ContextSourceBuilder();

    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.0.2.jar:org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer$ContextSourceBuilder.class */
    public final class ContextSourceBuilder {
        private static final String APACHEDS_CLASSNAME = "org.apache.directory.server.core.DefaultDirectoryService";
        private static final String UNBOUNDID_CLASSNAME = "com.unboundid.ldap.listener.InMemoryDirectoryServer";
        private static final int DEFAULT_PORT = 33389;
        private static final int RANDOM_PORT = 0;
        private String managerPassword;
        private String managerDn;
        private Integer port;
        private String url;
        private String ldif = "classpath*:*.ldif";
        private String root = "dc=springframework,dc=org";

        public LdapAuthenticationProviderConfigurer<B>.ContextSourceBuilder ldif(String str) {
            this.ldif = str;
            return this;
        }

        public LdapAuthenticationProviderConfigurer<B>.ContextSourceBuilder managerDn(String str) {
            this.managerDn = str;
            return this;
        }

        public LdapAuthenticationProviderConfigurer<B>.ContextSourceBuilder managerPassword(String str) {
            this.managerPassword = str;
            return this;
        }

        public LdapAuthenticationProviderConfigurer<B>.ContextSourceBuilder port(int i) {
            this.port = Integer.valueOf(i);
            return this;
        }

        public LdapAuthenticationProviderConfigurer<B>.ContextSourceBuilder root(String str) {
            this.root = str;
            return this;
        }

        public LdapAuthenticationProviderConfigurer<B>.ContextSourceBuilder url(String str) {
            this.url = str;
            return this;
        }

        public LdapAuthenticationProviderConfigurer<B> and() {
            return LdapAuthenticationProviderConfigurer.this;
        }

        private DefaultSpringSecurityContextSource build() throws Exception {
            if (this.url == null) {
                startEmbeddedLdapServer();
            }
            DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(getProviderUrl());
            if (this.managerDn != null) {
                defaultSpringSecurityContextSource.setUserDn(this.managerDn);
                if (this.managerPassword == null) {
                    throw new IllegalStateException("managerPassword is required if managerDn is supplied");
                }
                defaultSpringSecurityContextSource.setPassword(this.managerPassword);
            }
            return (DefaultSpringSecurityContextSource) LdapAuthenticationProviderConfigurer.this.postProcess(defaultSpringSecurityContextSource);
        }

        private void startEmbeddedLdapServer() throws Exception {
            if (LdapAuthenticationProviderConfigurer.apacheDsPresent) {
                ApacheDSContainer apacheDSContainer = new ApacheDSContainer(this.root, this.ldif);
                apacheDSContainer.setPort(getPort());
                LdapAuthenticationProviderConfigurer.this.postProcess(apacheDSContainer);
                this.port = Integer.valueOf(apacheDSContainer.getLocalPort());
                return;
            }
            if (!LdapAuthenticationProviderConfigurer.unboundIdPresent) {
                throw new IllegalStateException("Embedded LDAP server is not provided");
            }
            UnboundIdContainer unboundIdContainer = new UnboundIdContainer(this.root, this.ldif);
            unboundIdContainer.setPort(getPort());
            LdapAuthenticationProviderConfigurer.this.postProcess(unboundIdContainer);
            this.port = Integer.valueOf(unboundIdContainer.getPort());
        }

        private int getPort() {
            if (this.port == null) {
                this.port = Integer.valueOf(getDefaultPort());
            }
            return this.port.intValue();
        }

        private int getDefaultPort() {
            try {
                ServerSocket serverSocket = new ServerSocket(DEFAULT_PORT);
                try {
                    int localPort = serverSocket.getLocalPort();
                    serverSocket.close();
                    return localPort;
                } finally {
                }
            } catch (IOException e) {
                return 0;
            }
        }

        private String getProviderUrl() {
            return this.url == null ? "ldap://127.0.0.1:" + getPort() + "/" + this.root : this.url;
        }

        private ContextSourceBuilder() {
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.0.2.jar:org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer$PasswordCompareConfigurer.class */
    public final class PasswordCompareConfigurer {
        public LdapAuthenticationProviderConfigurer<B>.PasswordCompareConfigurer passwordEncoder(PasswordEncoder passwordEncoder) {
            LdapAuthenticationProviderConfigurer.this.passwordEncoder = passwordEncoder;
            return this;
        }

        public LdapAuthenticationProviderConfigurer<B>.PasswordCompareConfigurer passwordAttribute(String str) {
            LdapAuthenticationProviderConfigurer.this.passwordAttribute = str;
            return this;
        }

        public LdapAuthenticationProviderConfigurer<B> and() {
            return LdapAuthenticationProviderConfigurer.this;
        }

        private PasswordCompareConfigurer() {
        }
    }

    private LdapAuthenticationProvider build() throws Exception {
        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(createLdapAuthenticator(getContextSource()), getLdapAuthoritiesPopulator());
        ldapAuthenticationProvider.setAuthoritiesMapper(getAuthoritiesMapper());
        if (this.userDetailsContextMapper != null) {
            ldapAuthenticationProvider.setUserDetailsContextMapper(this.userDetailsContextMapper);
        }
        return ldapAuthenticationProvider;
    }

    public LdapAuthenticationProviderConfigurer<B> ldapAuthoritiesPopulator(LdapAuthoritiesPopulator ldapAuthoritiesPopulator) {
        this.ldapAuthoritiesPopulator = ldapAuthoritiesPopulator;
        return this;
    }

    public LdapAuthenticationProviderConfigurer<B> withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
        addObjectPostProcessor(objectPostProcessor);
        return this;
    }

    private LdapAuthoritiesPopulator getLdapAuthoritiesPopulator() {
        if (this.ldapAuthoritiesPopulator != null) {
            return this.ldapAuthoritiesPopulator;
        }
        DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(this.contextSource, this.groupSearchBase);
        defaultLdapAuthoritiesPopulator.setGroupRoleAttribute(this.groupRoleAttribute);
        defaultLdapAuthoritiesPopulator.setGroupSearchFilter(this.groupSearchFilter);
        defaultLdapAuthoritiesPopulator.setSearchSubtree(this.groupSearchSubtree);
        defaultLdapAuthoritiesPopulator.setRolePrefix(this.rolePrefix);
        this.ldapAuthoritiesPopulator = (LdapAuthoritiesPopulator) postProcess(defaultLdapAuthoritiesPopulator);
        return defaultLdapAuthoritiesPopulator;
    }

    public LdapAuthenticationProviderConfigurer<B> authoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
        this.authoritiesMapper = grantedAuthoritiesMapper;
        return this;
    }

    protected GrantedAuthoritiesMapper getAuthoritiesMapper() throws Exception {
        if (this.authoritiesMapper != null) {
            return this.authoritiesMapper;
        }
        SimpleAuthorityMapper simpleAuthorityMapper = new SimpleAuthorityMapper();
        simpleAuthorityMapper.setPrefix(this.rolePrefix);
        simpleAuthorityMapper.afterPropertiesSet();
        this.authoritiesMapper = simpleAuthorityMapper;
        return simpleAuthorityMapper;
    }

    private LdapAuthenticator createLdapAuthenticator(BaseLdapPathContextSource baseLdapPathContextSource) {
        PasswordComparisonAuthenticator createPasswordCompareAuthenticator = this.passwordEncoder != null ? createPasswordCompareAuthenticator(baseLdapPathContextSource) : createBindAuthenticator(baseLdapPathContextSource);
        LdapUserSearch createUserSearch = createUserSearch();
        if (createUserSearch != null) {
            createPasswordCompareAuthenticator.setUserSearch(createUserSearch);
        }
        if (this.userDnPatterns != null && this.userDnPatterns.length > 0) {
            createPasswordCompareAuthenticator.setUserDnPatterns(this.userDnPatterns);
        }
        return (LdapAuthenticator) postProcess(createPasswordCompareAuthenticator);
    }

    private PasswordComparisonAuthenticator createPasswordCompareAuthenticator(BaseLdapPathContextSource baseLdapPathContextSource) {
        PasswordComparisonAuthenticator passwordComparisonAuthenticator = new PasswordComparisonAuthenticator(baseLdapPathContextSource);
        if (this.passwordAttribute != null) {
            passwordComparisonAuthenticator.setPasswordAttributeName(this.passwordAttribute);
        }
        passwordComparisonAuthenticator.setPasswordEncoder(this.passwordEncoder);
        return passwordComparisonAuthenticator;
    }

    private BindAuthenticator createBindAuthenticator(BaseLdapPathContextSource baseLdapPathContextSource) {
        return new BindAuthenticator(baseLdapPathContextSource);
    }

    private LdapUserSearch createUserSearch() {
        if (this.userSearchFilter == null) {
            return null;
        }
        return new FilterBasedLdapUserSearch(this.userSearchBase, this.userSearchFilter, this.contextSource);
    }

    public LdapAuthenticationProviderConfigurer<B> contextSource(BaseLdapPathContextSource baseLdapPathContextSource) {
        this.contextSource = baseLdapPathContextSource;
        return this;
    }

    public LdapAuthenticationProviderConfigurer<B>.ContextSourceBuilder contextSource() {
        return this.contextSourceBuilder;
    }

    public LdapAuthenticationProviderConfigurer<B> passwordEncoder(PasswordEncoder passwordEncoder) {
        Assert.notNull(passwordEncoder, "passwordEncoder must not be null.");
        this.passwordEncoder = passwordEncoder;
        return this;
    }

    public LdapAuthenticationProviderConfigurer<B> userDnPatterns(String... strArr) {
        this.userDnPatterns = strArr;
        return this;
    }

    public LdapAuthenticationProviderConfigurer<B> userDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper) {
        this.userDetailsContextMapper = userDetailsContextMapper;
        return this;
    }

    public LdapAuthenticationProviderConfigurer<B> groupRoleAttribute(String str) {
        this.groupRoleAttribute = str;
        return this;
    }

    public LdapAuthenticationProviderConfigurer<B> groupSearchBase(String str) {
        this.groupSearchBase = str;
        return this;
    }

    public LdapAuthenticationProviderConfigurer<B> groupSearchSubtree(boolean z) {
        this.groupSearchSubtree = z;
        return this;
    }

    public LdapAuthenticationProviderConfigurer<B> groupSearchFilter(String str) {
        this.groupSearchFilter = str;
        return this;
    }

    public LdapAuthenticationProviderConfigurer<B> rolePrefix(String str) {
        this.rolePrefix = str;
        return this;
    }

    public LdapAuthenticationProviderConfigurer<B> userSearchBase(String str) {
        this.userSearchBase = str;
        return this;
    }

    public LdapAuthenticationProviderConfigurer<B> userSearchFilter(String str) {
        this.userSearchFilter = str;
        return this;
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(B b) throws Exception {
        b.authenticationProvider((LdapAuthenticationProvider) postProcess(build()));
    }

    private BaseLdapPathContextSource getContextSource() throws Exception {
        if (this.contextSource == null) {
            this.contextSource = this.contextSourceBuilder.build();
        }
        return this.contextSource;
    }

    public LdapAuthenticationProviderConfigurer<B>.PasswordCompareConfigurer passwordCompare() {
        return new PasswordCompareConfigurer().passwordAttribute("password").passwordEncoder(NoOpPasswordEncoder.getInstance());
    }

    static {
        ClassLoader classLoader = LdapAuthenticationProviderConfigurer.class.getClassLoader();
        apacheDsPresent = ClassUtils.isPresent(APACHEDS_CLASSNAME, classLoader);
        unboundIdPresent = ClassUtils.isPresent(UNBOUNDID_CLASSNAME, classLoader);
    }
}
