package io.imunity.otp.ldap;

import eu.unicore.util.configuration.DocumentationReferenceMeta;
import eu.unicore.util.configuration.DocumentationReferencePrefix;
import eu.unicore.util.configuration.PropertyMD;
import io.imunity.otp.HashFunction;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.ldap.client.config.LdapProperties;
import pl.edu.icm.unity.ldap.client.config.common.LDAPConnectionProperties;

/* loaded from: input_file:io/imunity/otp/ldap/OTPWithLDAPProperties.class */
class OTPWithLDAPProperties extends LDAPConnectionProperties {
    public static final String LDAP_SEARCH_BASENAME = "searchBaseName";
    public static final String LDAP_SEARCH_FILTER = "searchFilter";
    public static final String LDAP_SEARCH_SCOPE = "searchScope";
    public static final String OTP_SECRET_URI_ATTRIBUTE = "otpSecretURIAttribute";
    public static final String OTP_CODE_LENGHT = "otpCodeLenght";
    public static final String OTP_ALLOWED_TIME_DRIFT_STEPS = "otpAllowedTimeDriftSteps";
    public static final String OTP_HASH_FUNCTION = "otpHashFunction";
    public static final String OTP_TIME_STEP_SECODS = "otpTimeStepSeconds";
    public static final int DEFAULT_OTP_CODE_LENGHT = 6;
    public static final int DEFAULT_OTP_ALLOWED_TIME_DRIFT_STEPS = 3;
    public static final int DEFAULT_OTP_TIME_STEP_SECODS = 30;

    @DocumentationReferencePrefix
    public static final String PREFIX = "otpldap.";
    private static final Logger log = Log.getLogger("unity.server.config", OTPWithLDAPProperties.class);
    public static final HashFunction DEFAULT_OTP_HASH_FUNCTION = HashFunction.SHA1;

    @DocumentationReferenceMeta
    public static final Map<String, PropertyMD> defaults = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    public OTPWithLDAPProperties(Properties properties) {
        super(PREFIX, properties, defaults, log);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LdapProperties toFullLDAPProperties() {
        Properties properties = new Properties();
        properties.putAll(this.properties);
        properties.remove("otpldap.otpSecretURIAttribute");
        properties.remove("otpldap.otpAllowedTimeDriftSteps");
        properties.remove("otpldap.otpCodeLenght");
        properties.remove("otpldap.otpTimeStepSeconds");
        properties.remove("otpldap.otpHashFunction");
        properties.put("otpldap.bindAs", LdapProperties.BindAs.system.toString());
        properties.put("otpldap.authenticateOnly", String.valueOf(false));
        if (getValue("userDNTemplate") == null) {
            properties.put("otpldap.userDNSearchKey", "userDNSearchKey");
            if (getValue(LDAP_SEARCH_BASENAME) != null) {
                properties.put("otpldap.additionalSearch.userDNSearchKey." + "baseName", getValue(LDAP_SEARCH_BASENAME));
            }
            if (getValue(LDAP_SEARCH_FILTER) != null) {
                properties.put("otpldap.additionalSearch.userDNSearchKey." + "filter", getValue(LDAP_SEARCH_FILTER));
            }
            if (getValue(LDAP_SEARCH_SCOPE) != null) {
                properties.put("otpldap.additionalSearch.userDNSearchKey." + "scope", getValue(LDAP_SEARCH_SCOPE));
            }
        }
        return new LdapProperties(PREFIX, properties);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Properties getProperties() {
        return this.properties;
    }

    static {
        defaults.put("systemDN", new PropertyMD().setMandatory().setCategory(main).setDescription("The value must be the DN of the system user to authenticate as before performing any queries."));
        defaults.put("systemPassword", new PropertyMD().setCategory(main).setMandatory().setDescription("The value must be the password of the system user to authenticate as before performing any queries."));
        defaults.put("validUsersFilter", new PropertyMD("objectclass=*").setCategory(main).setDescription("Standard LDAP filter of valid users. Even the users who can authenticate but are not matching this filter will have access denied."));
        defaults.put(OTP_SECRET_URI_ATTRIBUTE, new PropertyMD().setMandatory().setCategory(main).setDescription("Name of LDAP attribute holding otp secret uri"));
        defaults.put(OTP_CODE_LENGHT, new PropertyMD(String.valueOf(6)).setCategory(main).setDescription("How long each generated code is valid. 30 seconds is the safest bet. Used only if URI stored in LDAP doesn’t define this parameter."));
        defaults.put(OTP_ALLOWED_TIME_DRIFT_STEPS, new PropertyMD(String.valueOf(3)).setCategory(main).setDescription("If larger then zero, then codes generated in that many steps behindor after server''s time will be accepted."));
        defaults.put(OTP_TIME_STEP_SECODS, new PropertyMD(String.valueOf(30)).setCategory(main).setDescription("How long each generated code is valid. 30 seconds is the safest bet. Google and Microsoft authenticator apps only support setting of 30s. Used only if URI stored in LDAP doesn’t define this parameter."));
        defaults.put(OTP_HASH_FUNCTION, new PropertyMD(String.valueOf(DEFAULT_OTP_HASH_FUNCTION)).setCategory(main).setDescription("Hash algorithm to be used. SHA1 is the most commonly supported, other variants are more secure. Google and Microsoft authenticator apps only support SHA1. Used only if URI stored in LDAP doesn’t define this parameter."));
        defaults.put(LDAP_SEARCH_BASENAME, new PropertyMD().setCategory(main).setDescription("Base DN for the search.  The value can include a specialstring: '\\{USERNAME\\}'. The username provided by the client will be substituted."));
        defaults.put(LDAP_SEARCH_FILTER, new PropertyMD().setCategory(main).setDescription("Filter in LDAP syntax, to match requested entries. The filter can include a specialstring: '\\{USERNAME\\}'. The username provided by the client will be substituted."));
        defaults.put(LDAP_SEARCH_SCOPE, new PropertyMD(LDAPConnectionProperties.SearchScope.sub).setCategory(main).setDescription("LDAP search scope to be used for this search."));
        defaults.put("userDNTemplate", new PropertyMD().setCategory(main).setDescription("Template of a DN of the user that should be used to log in. The tempalte must possess a single occurence of a special string: '\\{USERNAME\\}'. "));
        defaults.put("validUsersFilter", new PropertyMD("objectclass=*").setCategory(main).setDescription("Standard LDAP filter of valid users. Even the users who can authenticate but are not matching this filter will have access denied."));
        defaults.putAll(LDAPConnectionProperties.getDefaults());
    }
}
