package pl.edu.icm.unity.ldap.client.config;

import com.unboundid.ldap.sdk.DereferencePolicy;
import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.SearchScope;
import eu.emi.security.authn.x509.X509CertChainValidator;
import eu.emi.security.authn.x509.helpers.BinaryCertChainValidator;
import eu.unicore.util.configuration.ConfigurationException;
import java.util.regex.Pattern;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.ldap.client.LdapUnsafeArgsEscaper;
import pl.edu.icm.unity.ldap.client.LdapUtils;
import pl.edu.icm.unity.ldap.client.config.common.LDAPCommonConfiguration;
import pl.edu.icm.unity.ldap.client.config.common.LDAPConnectionProperties;

/* loaded from: input_file:pl/edu/icm/unity/ldap/client/config/LdapClientConfiguration.class */
public class LdapClientConfiguration extends LdapConfiguration {
    private X509CertChainValidator connectionValidator;
    private Pattern userExtractPattern;
    private SearchSpecification searchForUserSpec;
    private Filter parsedValidUserFilter;

    public LdapClientConfiguration(LdapProperties ldapProperties, PKIManagement pKIManagement) throws ConfigurationException {
        this.userExtractPattern = null;
        this.parsedValidUserFilter = null;
        fromProperties(ldapProperties);
        validateConfiguration(pKIManagement);
        if (getUsernameExtractorRegexp() != null) {
            this.userExtractPattern = Pattern.compile(getUsernameExtractorRegexp());
        }
        if (getConnectionMode() != LDAPConnectionProperties.ConnectionMode.plain) {
            if (isTrustAllCerts()) {
                this.connectionValidator = new BinaryCertChainValidator(true);
            } else {
                try {
                    this.connectionValidator = pKIManagement.getValidator(getClientTrustStore());
                } catch (EngineException e) {
                    throw new ConfigurationException("Can't load certificate validator for the ldap client", e);
                }
            }
        }
        if (LdapUtils.nonEmpty(getUserDNSearchKey())) {
            try {
                this.searchForUserSpec = new SearchSpecification(getLdapSearchFilter(), getLdapSearchBaseName(), null, getLdapSearchScope());
            } catch (LDAPException e2) {
                throw new ConfigurationException("Invalid search user spec", e2);
            }
        }
        try {
            this.parsedValidUserFilter = getValidUserFilter() == null ? Filter.create("objectclass=*") : Filter.create(getValidUserFilter());
        } catch (LDAPException e3) {
            throw new ConfigurationException("Valid users filter is invalid.", e3);
        }
    }

    public String getBindDN(String str) {
        return getUserDNTemplate().replace(LDAPCommonConfiguration.USERNAME_TOKEN, LdapUnsafeArgsEscaper.escapeForUseAsDN(str));
    }

    public X509CertChainValidator getConnectionValidator() {
        return this.connectionValidator;
    }

    public Pattern getUserExtractPattern() {
        return this.userExtractPattern;
    }

    public SearchSpecification getSearchForUserSpec() {
        return this.searchForUserSpec;
    }

    public DereferencePolicy getDereferencePolicy() {
        return DereferencePolicy.ALWAYS;
    }

    public boolean isFollowReferral() {
        return getFollowReferrals() == 0;
    }

    public long getSocketReadTimeout() {
        return getSocketTimeout();
    }

    public int[] getPorts() {
        return getServers().stream().mapToInt(serverSpecification -> {
            return serverSpecification.getPort();
        }).toArray();
    }

    public String[] getServersAddresses() {
        return (String[]) getServers().stream().map(serverSpecification -> {
            return serverSpecification.getServer();
        }).toArray(i -> {
            return new String[i];
        });
    }

    public SearchScope getSearchScope() {
        return SearchScope.SUB;
    }

    public Filter getParsedValidUserFilter() {
        return this.parsedValidUserFilter;
    }
}
