package org.georchestra.security;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Predicates;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Maps;
import java.io.File;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.function.Supplier;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import lombok.NonNull;
import org.apache.commons.logging.Log;
import org.apache.http.Header;
import org.apache.http.message.BasicHeader;
import org.georchestra.commons.configuration.GeorchestraConfiguration;
import org.georchestra.ds.users.UserSchema;
import org.georchestra.security.LdapHeaderMappings;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;

/* loaded from: input_file:WEB-INF/classes/org/georchestra/security/LdapUserDetailsRequestHeaderProvider.class */
public class LdapUserDetailsRequestHeaderProvider extends HeaderProvider {
    private static final String MEMBER_OF_PATTERN = "([^=,]+)=([^=,]+),%s.*";
    private final Supplier<FilterBasedLdapUserSearch> userSearchFactory;
    private final Pattern orgSearchMemberOfPattern;
    private final String orgSearchBaseDN;
    private final LdapHeaderMappings mappingsSupport;

    @VisibleForTesting
    @Autowired
    LdapTemplate ldapTemplate;

    @Autowired
    private Environment env;

    @Autowired
    private GeorchestraConfiguration georchestraConfiguration;
    private final Cache<String, Map<String, String>> cache;
    private static final long DEFAULT_CACHE_TTL = 2000;

    public LdapUserDetailsRequestHeaderProvider(BaseLdapPathContextSource baseLdapPathContextSource, String str, String str2, String str3) {
        this.mappingsSupport = new LdapHeaderMappings();
        Objects.requireNonNull(baseLdapPathContextSource, "contextSource must not be null");
        Objects.requireNonNull(str, "ldapOrgsRdn must not be null");
        Objects.requireNonNull(str2, "ldapUsersRdn must not be null");
        Objects.requireNonNull(str3, "userSearchFilter must not be null");
        this.orgSearchBaseDN = str;
        this.userSearchFactory = () -> {
            return new FilterBasedLdapUserSearch(str2, str3, baseLdapPathContextSource);
        };
        this.orgSearchMemberOfPattern = Pattern.compile(String.format(MEMBER_OF_PATTERN, str));
        this.cache = createCache();
    }

    @VisibleForTesting
    LdapUserDetailsRequestHeaderProvider(Supplier<FilterBasedLdapUserSearch> supplier, String str) {
        this.mappingsSupport = new LdapHeaderMappings();
        this.orgSearchBaseDN = str;
        this.userSearchFactory = supplier;
        this.orgSearchMemberOfPattern = Pattern.compile(String.format(MEMBER_OF_PATTERN, str));
        this.cache = createCache();
    }

    private Cache<String, Map<String, String>> createCache() {
        long j = 2000;
        if (this.env != null) {
            j = ((Long) this.env.getProperty("security-proxy.ldap.cache.ttl", Long.class, 2000L)).longValue();
        }
        logger.info(String.format("Setting up LDAP headers cache ttl %,d ms", Long.valueOf(j)));
        return CacheBuilder.newBuilder().expireAfterWrite(j, TimeUnit.MILLISECONDS).build();
    }

    @PostConstruct
    public void init() throws IOException {
        LdapHeaderMappings.EMBEDDED_MAPPINGS.forEach((str, str2) -> {
            logger.info(String.format("Will contribute standard header %s", str));
        });
        if (this.georchestraConfiguration != null && this.georchestraConfiguration.activated()) {
            ImmutableMap<String, String> fromProperties = Maps.fromProperties(this.georchestraConfiguration.loadCustomPropertiesFile("headers-mapping"));
            logger.info("Loading header mappings from " + new File(this.georchestraConfiguration.getContextDataDir(), "headers-mapping.properties"));
            loadConfig(fromProperties);
        }
    }

    @VisibleForTesting
    void loadConfig(Map<String, String> map) {
        this.mappingsSupport.loadFrom(map);
    }

    @Override // org.georchestra.security.HeaderProvider
    public Map<String, String> getCustomRequestHeaders(HttpServletRequest httpServletRequest, String str) {
        if (isPreAuthorized(httpServletRequest) || isAnnonymous()) {
            return Collections.emptyMap();
        }
        try {
            return this.cache.get(serviceCacheKey(str), () -> {
                return collectHeaders(str);
            });
        } catch (ExecutionException e) {
            throw new IllegalStateException(e.getCause());
        }
    }

    private Map<String, String> collectHeaders(@Nullable String str) {
        String currentUserName = getCurrentUserName();
        LdapHeaderMappings.HeaderMappings defaultMappings = str == null ? this.mappingsSupport.getDefaultMappings() : this.mappingsSupport.getMappings(str);
        logger.debug("Collecting headers, service = " + str + ", mappings:" + defaultMappings.all());
        HashMap hashMap = new HashMap();
        try {
            DirContextOperations loadUser = loadUser(currentUserName, defaultMappings.getUserHeaders());
            Optional<String> findOrgCn = findOrgCn(loadUser);
            Optional<String> findManagerUid = findManagerUid(loadUser);
            Log log = logger;
            Object[] objArr = new Object[4];
            objArr[0] = str == null ? "default" : str;
            objArr[1] = currentUserName;
            objArr[2] = findOrgCn.orElse(null);
            objArr[3] = findManagerUid.orElse(null);
            log.debug(String.format("Loading %s headers for user %s, org %s, manager %s", objArr));
            listcontext("* LDAP user context", loadUser);
            addHeaders(loadUser, defaultMappings.getUserHeaders(), hashMap);
            findOrgCn.ifPresent(str2 -> {
                addOrgHeaders(str2, defaultMappings, hashMap);
            });
            findManagerUid.ifPresent(str3 -> {
                addManagerHeaders(str3, defaultMappings.getUserManagerHeaders(), hashMap);
            });
            return hashMap;
        } catch (Exception e) {
            logger.error("Unable to collect headers for user:" + currentUserName, e);
            return Collections.emptyMap();
        }
    }

    private void addManagerHeaders(String str, List<LdapHeaderMappings.HeaderMapping> list, Map<String, String> map) {
        if (list.isEmpty()) {
            return;
        }
        DirContextOperations searchForUser = this.userSearchFactory.get().searchForUser(str);
        listcontext("* LDAP user's manager context", searchForUser);
        addHeaders(searchForUser, list, map);
    }

    private void addOrgHeaders(String str, LdapHeaderMappings.HeaderMappings headerMappings, Map<String, String> map) {
        DirContextOperations lookupContext = this.ldapTemplate.lookupContext(String.format("cn=%s,%s", str, this.orgSearchBaseDN));
        listcontext("* LDAP org context", lookupContext);
        addHeaders(lookupContext, headerMappings.getOrgHeaders(), map);
        findSeeAlsoOrg(lookupContext).ifPresent(str2 -> {
            addOrgExtHeaders(str2, headerMappings.getOrgExtensionHeaders(), map);
        });
    }

    private void addOrgExtHeaders(String str, List<LdapHeaderMappings.HeaderMapping> list, Map<String, String> map) {
        if (list.isEmpty()) {
            return;
        }
        DirContextOperations lookupContext = this.ldapTemplate.lookupContext(String.format("o=%s,ou=orgs", str));
        listcontext("* LDAP orgExt context", lookupContext);
        addHeaders(lookupContext, list, map);
    }

    private Optional<String> findSeeAlsoOrg(DirContextOperations dirContextOperations) {
        String stringAttribute = dirContextOperations.getStringAttribute("seeAlso");
        if (null != stringAttribute) {
            Matcher matcher = Pattern.compile("^o=(.*),ou=orgs,.*").matcher(stringAttribute);
            if (matcher.matches()) {
                return Optional.of(matcher.group(1));
            }
        }
        return Optional.empty();
    }

    private void addHeaders(DirContextOperations dirContextOperations, List<LdapHeaderMappings.HeaderMapping> list, Map<String, String> map) {
        list.stream().map(headerMapping -> {
            return buildHeader(dirContextOperations, headerMapping);
        }).filter(Predicates.notNull()).forEach(header -> {
            map.put(header.getName(), header.getValue());
        });
    }

    private Header buildHeader(DirContextOperations dirContextOperations, LdapHeaderMappings.HeaderMapping headerMapping) {
        String buildValue = buildValue(dirContextOperations, headerMapping);
        if (buildValue == null) {
            return null;
        }
        return new BasicHeader(headerMapping.getHeaderName(), buildValue);
    }

    private Optional<String> findManagerUid(DirContextOperations dirContextOperations) {
        Pattern compile = Pattern.compile("^uid=(.*),(ou=users),.*");
        Optional ofNullable = Optional.ofNullable(dirContextOperations.getStringAttribute(UserSchema.MANAGER_KEY));
        Objects.requireNonNull(compile);
        return ofNullable.map((v1) -> {
            return r1.matcher(v1);
        }).filter((v0) -> {
            return v0.matches();
        }).map(matcher -> {
            return matcher.group(1);
        });
    }

    private DirContextOperations loadUser(String str, List<LdapHeaderMappings.HeaderMapping> list) {
        FilterBasedLdapUserSearch filterBasedLdapUserSearch = this.userSearchFactory.get();
        Set set = (Set) list.stream().map((v0) -> {
            return v0.getLdapAttribute();
        }).collect(Collectors.toSet());
        set.add(UserSchema.MEMBER_OF);
        set.add(UserSchema.MANAGER_KEY);
        logger.debug("Requesting user attributes: " + set);
        filterBasedLdapUserSearch.setReturningAttributes((String[]) set.toArray(new String[set.size()]));
        return filterBasedLdapUserSearch.searchForUser(str);
    }

    private Optional<String> findOrgCn(DirContextOperations dirContextOperations) {
        Optional ofNullable = Optional.ofNullable(dirContextOperations.getStringAttributes(UserSchema.MEMBER_OF));
        ofNullable.map((v0) -> {
            return Arrays.stream(v0);
        });
        Stream stream = (Stream) ofNullable.map((v0) -> {
            return Arrays.stream(v0);
        }).orElse(Stream.empty());
        Pattern pattern = this.orgSearchMemberOfPattern;
        Objects.requireNonNull(pattern);
        return stream.map((v1) -> {
            return r1.matcher(v1);
        }).filter((v0) -> {
            return v0.matches();
        }).map(matcher -> {
            return matcher.group(2);
        }).findFirst();
    }

    private String buildValue(DirContextOperations dirContextOperations, LdapHeaderMappings.HeaderMapping headerMapping) {
        if (logger.isDebugEnabled()) {
            logger.debug(String.format("Loading header mapping %s=%s", headerMapping.getHeaderName(), headerMapping.getLdapAttribute()));
        }
        String[] stringAttributes = dirContextOperations.getStringAttributes(headerMapping.getLdapAttribute());
        if (stringAttributes == null || stringAttributes.length == 0) {
            logger.debug(String.format("Found no values for header mapping %s=%s", headerMapping.getHeaderName(), headerMapping.getLdapAttribute()));
            return null;
        }
        if (logger.isDebugEnabled()) {
            logger.debug(String.format("Found values for header %s: %s", headerMapping.getHeaderName(), Arrays.stream(stringAttributes).collect(Collectors.joining(","))));
        }
        Stream filter = Arrays.stream(stringAttributes).filter(Predicates.notNull());
        Objects.requireNonNull(headerMapping);
        return (String) filter.map(str -> {
            return headerMapping.encode(str);
        }).collect(Collectors.joining(","));
    }

    private void listcontext(String str, DirContextOperations dirContextOperations) {
        if (logger.isDebugEnabled()) {
            logger.debug(str);
            Collections.list(dirContextOperations.getAttributes().getAll()).forEach(attribute -> {
                try {
                    logger.debug(String.format("%s='%s'", attribute.getID(), attribute.get()));
                } catch (Exception e) {
                    logger.error("Error getting attribute " + attribute.getID(), e);
                }
            });
        }
    }

    @NonNull
    private String getCurrentUserName() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            throw new IllegalStateException("Request is not authenticated");
        }
        return authentication.getName();
    }

    @VisibleForTesting
    Map<String, String> getCachedHeaders(String str) {
        Map<String, String> ifPresent = this.cache.getIfPresent(serviceCacheKey(str));
        return ifPresent == null ? Collections.emptyMap() : ifPresent;
    }

    @VisibleForTesting
    void setCachedHeaders(@NonNull Map<String, String> map, String str) {
        if (map == null) {
            throw new NullPointerException("headers is marked non-null but is null");
        }
        String serviceCacheKey = serviceCacheKey(str);
        logger.debug("Storing attributes into session for " + serviceCacheKey);
        this.cache.put(serviceCacheKey, new HashMap(map));
    }

    private String serviceCacheKey(String str) {
        Object[] objArr = new Object[2];
        objArr[0] = getCurrentUserName();
        objArr[1] = str == null ? "global" : str;
        return String.format("%s@%s", objArr);
    }

    private boolean isAnnonymous() {
        return SecurityContextHolder.getContext().getAuthentication() instanceof AnonymousAuthenticationToken;
    }
}
