package de.sep.sesam.restapi.authentication;

import de.sep.sesam.model.Credentials;
import de.sep.sesam.model.type.UserOrigin;
import de.sep.sesam.security.PasswordController;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider;
import org.springframework.security.ldap.authentication.BindAuthenticator;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;

/* loaded from: input_file:de/sep/sesam/restapi/authentication/LDAPCredentialsLogin.class */
public class LDAPCredentialsLogin extends AbstractExternalCredentialsLogin {
    static final /* synthetic */ boolean $assertionsDisabled;

    public LDAPCredentialsLogin(Credentials credentials) {
        super(credentials);
    }

    @Override // de.sep.sesam.restapi.authentication.AbstractCredentialsLogin
    public String getCredentialsType() {
        return UserOrigin.LDAP.name();
    }

    @Override // de.sep.sesam.restapi.authentication.AbstractExternalCredentialsLogin
    protected UserOrigin getCredentialsOrigin() {
        return UserOrigin.LDAP;
    }

    private String restoreSecret(String str) {
        if (str == null) {
            return null;
        }
        String decrypt = PasswordController.getInstance().decrypt(str);
        return decrypt != null ? decrypt : str;
    }

    @Override // de.sep.sesam.restapi.authentication.AbstractCredentialsLogin
    public AbstractLdapAuthenticationProvider createAuthenticationProvider(Credentials credentials) {
        if (!$assertionsDisabled && credentials == null) {
            throw new AssertionError();
        }
        String path = credentials.getPath();
        String accessName = credentials.getAccessName();
        String osAccessName = credentials.getOsAccessName();
        String restoreSecret = restoreSecret(credentials.getSecret());
        String publicKey = credentials.getPublicKey();
        if (StringUtils.isBlank(publicKey)) {
            String name = credentials.getName();
            if (StringUtils.contains(name, 61)) {
                publicKey = name;
            }
        }
        String storeName = credentials.getStoreName();
        if (StringUtils.isBlank(path)) {
            return null;
        }
        DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(path);
        defaultSpringSecurityContextSource.setUserDn(osAccessName);
        defaultSpringSecurityContextSource.setPassword(restoreSecret);
        defaultSpringSecurityContextSource.afterPropertiesSet();
        BindAuthenticator bindAuthenticator = new BindAuthenticator(defaultSpringSecurityContextSource);
        bindAuthenticator.setUserDnPatterns(StringUtils.split(accessName, ';'));
        DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(defaultSpringSecurityContextSource, publicKey);
        if (StringUtils.isNotBlank(storeName)) {
            defaultLdapAuthoritiesPopulator.setGroupSearchFilter(storeName);
        }
        defaultLdapAuthoritiesPopulator.setRolePrefix("");
        defaultLdapAuthoritiesPopulator.setSearchSubtree(true);
        defaultLdapAuthoritiesPopulator.setConvertToUpperCase(true);
        return new LdapAuthenticationProvider(bindAuthenticator, defaultLdapAuthoritiesPopulator);
    }

    @Override // de.sep.sesam.restapi.authentication.AbstractExternalCredentialsLogin
    protected String getAuthenticationProviderDetailsMessage() {
        StringBuilder sb = new StringBuilder("Trying LDAP authentication source with '");
        Credentials credentials = getCredentials();
        if (credentials != null) {
            sb.append("URL: ");
            sb.append(credentials.getPath());
            sb.append(", User base: ");
            sb.append(StringUtils.isNotBlank(credentials.getAccessName()) ? credentials.getAccessName() : "-");
            sb.append(", USer pattern: ");
            sb.append(StringUtils.isNotBlank(credentials.getOsAccessName()) ? credentials.getOsAccessName() : "-");
            String publicKey = credentials.getPublicKey();
            if (StringUtils.isBlank(publicKey)) {
                String name = credentials.getName();
                if (StringUtils.contains(name, 61)) {
                    publicKey = name;
                }
            }
            sb.append(", Group base: ");
            sb.append(StringUtils.isNotBlank(publicKey) ? publicKey : "-");
            sb.append(", Group filter: ");
            sb.append(StringUtils.isNotBlank(credentials.getStoreName()) ? credentials.getStoreName() : "-");
        } else {
            sb.append("null");
        }
        sb.append("'.");
        return sb.toString();
    }

    static {
        $assertionsDisabled = !LDAPCredentialsLogin.class.desiredAssertionStatus();
    }
}
