package org.cloudfoundry.identity.uaa.impl.config;

import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.Optional;
import org.cloudfoundry.identity.uaa.provider.LdapIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.ldap.ExtendedLdapUserMapper;
import org.cloudfoundry.identity.uaa.provider.ldap.ProcessLdapProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Condition;
import org.springframework.context.annotation.ConditionContext;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.core.type.AnnotatedTypeMetadata;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.authentication.BindAuthenticator;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
import org.springframework.util.StringUtils;

@Configuration
@Conditional({IfConfigured.class})
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.30.0.jar:org/cloudfoundry/identity/uaa/impl/config/LdapSimpleBindConfig.class */
public class LdapSimpleBindConfig {

    /* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.30.0.jar:org/cloudfoundry/identity/uaa/impl/config/LdapSimpleBindConfig$IfConfigured.class */
    public static class IfConfigured implements Condition {
        @Override // org.springframework.context.annotation.Condition
        public boolean matches(ConditionContext conditionContext, AnnotatedTypeMetadata annotatedTypeMetadata) {
            String property = conditionContext.getEnvironment().getProperty(LdapIdentityProviderDefinition.LDAP_PROFILE_FILE);
            return property == null || property.equals(LdapIdentityProviderDefinition.LDAP_PROFILE_FILE_SIMPLE_BIND);
        }
    }

    @Bean
    public DefaultSpringSecurityContextSource defaultSpringSecurityContextSource(Environment environment, Map map, ProcessLdapProperties processLdapProperties) throws ClassNotFoundException, KeyManagementException, NoSuchAlgorithmException, InstantiationException, IllegalAccessException {
        DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource((String) Optional.ofNullable(environment.getProperty(LdapIdentityProviderDefinition.LDAP_BASE_URL)).orElse("ldap://localhost:389/"));
        defaultSpringSecurityContextSource.setBaseEnvironmentProperties(map);
        defaultSpringSecurityContextSource.setPooled(false);
        defaultSpringSecurityContextSource.setAuthenticationStrategy(processLdapProperties.getAuthenticationStrategy());
        return defaultSpringSecurityContextSource;
    }

    @Bean
    public LdapAuthenticationProvider ldapAuthProvider(BaseLdapPathContextSource baseLdapPathContextSource, Environment environment, LdapAuthoritiesPopulator ldapAuthoritiesPopulator, GrantedAuthoritiesMapper grantedAuthoritiesMapper, ExtendedLdapUserMapper extendedLdapUserMapper) {
        String[] delimitedListToStringArray = StringUtils.delimitedListToStringArray((String) Optional.ofNullable(environment.getProperty(LdapIdentityProviderDefinition.LDAP_BASE_USER_DN_PATTERN)).orElse("cn={0},ou=Users,dc=test,dc=com"), (String) Optional.ofNullable(environment.getProperty(LdapIdentityProviderDefinition.LDAP_BASE_USER_DN_PATTERN_DELIMITER)).orElse(";"));
        BindAuthenticator bindAuthenticator = new BindAuthenticator(baseLdapPathContextSource);
        bindAuthenticator.setUserDnPatterns(delimitedListToStringArray);
        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, ldapAuthoritiesPopulator);
        ldapAuthenticationProvider.setAuthoritiesMapper(grantedAuthoritiesMapper);
        ldapAuthenticationProvider.setUserDetailsContextMapper(extendedLdapUserMapper);
        return ldapAuthenticationProvider;
    }

    @Bean
    public String testLdapProfile() {
        return "ldap-simple-bind.xml";
    }
}
