package org.geoserver.web.security.ldap;

import java.util.HashMap;
import java.util.Optional;
import java.util.logging.Level;
import javax.naming.AuthenticationException;
import org.apache.wicket.WicketRuntimeException;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.ajax.markup.html.form.AjaxCheckBox;
import org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.form.CheckBox;
import org.apache.wicket.markup.html.form.Form;
import org.apache.wicket.markup.html.form.FormComponent;
import org.apache.wicket.markup.html.form.FormComponentPanel;
import org.apache.wicket.markup.html.form.PasswordTextField;
import org.apache.wicket.markup.html.form.TextField;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.Model;
import org.apache.wicket.model.StringResourceModel;
import org.geoserver.security.ldap.LDAPAuthenticationProvider;
import org.geoserver.security.ldap.LDAPSecurityProvider;
import org.geoserver.security.ldap.LDAPSecurityServiceConfig;
import org.geoserver.security.web.auth.AuthenticationProviderPanel;
import org.geoserver.security.web.usergroup.UserGroupServiceChoice;
import org.geoserver.web.util.MapModel;
import org.hsqldb.server.ServerConstants;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:WEB-INF/lib/gs-web-sec-ldap-2.25.3.jar:org/geoserver/web/security/ldap/LDAPAuthProviderPanel.class */
public class LDAPAuthProviderPanel extends AuthenticationProviderPanel<LDAPSecurityServiceConfig> {
    private static final long serialVersionUID = 4772173006888418298L;

    /* loaded from: input_file:WEB-INF/lib/gs-web-sec-ldap-2.25.3.jar:org/geoserver/web/security/ldap/LDAPAuthProviderPanel$AuthorizationPanel.class */
    abstract class AuthorizationPanel extends FormComponentPanel<HashMap<String, Object>> {
        private static final long serialVersionUID = -2021795762927385164L;

        public AuthorizationPanel(String str) {
            super(str, new Model());
        }

        public abstract void resetModel();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/gs-web-sec-ldap-2.25.3.jar:org/geoserver/web/security/ldap/LDAPAuthProviderPanel$LDAPAuthorizationPanel.class */
    public class LDAPAuthorizationPanel extends AuthorizationPanel {
        private static final long serialVersionUID = 7541432269535150812L;
        private static final String USE_NESTED_PARENT_GROUPS = "useNestedParentGroups";
        private static final String MAX_GROUP_SEARCH_LEVEL = "maxGroupSearchLevel";
        private static final String NESTED_GROUP_SEARCH_FILTER = "nestedGroupSearchFilter";
        private static final String NESTED_SEARCH_FIELDS_CONTAINER = "nestedSearchFieldsContainer";

        public LDAPAuthorizationPanel(String str) {
            super(str);
            setOutputMarkupId(true);
            add(new CheckBox("bindBeforeGroupSearch"));
            add(new TextField("adminGroup"));
            add(new TextField("groupAdminGroup"));
            add(new TextField("groupSearchBase"));
            add(new TextField("groupSearchFilter"));
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.apache.wicket.MarkupContainer, org.apache.wicket.Component
        public void onInitialize() {
            super.onInitialize();
            hierarchicalGroupsinit();
        }

        private void hierarchicalGroupsinit() {
            boolean booleanValue = ((Boolean) Optional.of(this).map(lDAPAuthorizationPanel -> {
                try {
                    return lDAPAuthorizationPanel.getForm();
                } catch (WicketRuntimeException e) {
                    return null;
                }
            }).map((v0) -> {
                return v0.getModel();
            }).map((v0) -> {
                return v0.getObject();
            }).filter(obj -> {
                return obj instanceof LDAPSecurityServiceConfig;
            }).map(obj2 -> {
                return (LDAPSecurityServiceConfig) obj2;
            }).map((v0) -> {
                return v0.isUseNestedParentGroups();
            }).orElse(false)).booleanValue();
            final WebMarkupContainer webMarkupContainer = new WebMarkupContainer(NESTED_SEARCH_FIELDS_CONTAINER);
            webMarkupContainer.setOutputMarkupPlaceholderTag(true);
            webMarkupContainer.setOutputMarkupId(true);
            webMarkupContainer.setVisible(booleanValue);
            add(webMarkupContainer);
            TextField textField = new TextField(MAX_GROUP_SEARCH_LEVEL);
            TextField textField2 = new TextField(NESTED_GROUP_SEARCH_FILTER);
            add(new AjaxCheckBox(USE_NESTED_PARENT_GROUPS) { // from class: org.geoserver.web.security.ldap.LDAPAuthProviderPanel.LDAPAuthorizationPanel.1
                private static final long serialVersionUID = 1;

                @Override // org.apache.wicket.ajax.markup.html.form.AjaxCheckBox
                protected void onUpdate(AjaxRequestTarget ajaxRequestTarget) {
                    webMarkupContainer.setVisible(((AjaxCheckBox) LDAPAuthorizationPanel.this.get(LDAPAuthorizationPanel.USE_NESTED_PARENT_GROUPS)).getModelObject().booleanValue());
                    ajaxRequestTarget.add(webMarkupContainer);
                }
            });
            webMarkupContainer.add(textField);
            webMarkupContainer.add(textField2);
        }

        @Override // org.geoserver.web.security.ldap.LDAPAuthProviderPanel.AuthorizationPanel
        public void resetModel() {
            get("bindBeforeGroupSearch").setDefaultModelObject(null);
            get("adminGroup").setDefaultModelObject(null);
            get("groupAdminGroup").setDefaultModelObject(null);
            get("groupSearchBase").setDefaultModelObject(null);
            get("groupSearchFilter").setDefaultModelObject(null);
            get(USE_NESTED_PARENT_GROUPS).setDefaultModelObject(false);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/gs-web-sec-ldap-2.25.3.jar:org/geoserver/web/security/ldap/LDAPAuthProviderPanel$TestLDAPConnectionPanel.class */
    public class TestLDAPConnectionPanel extends FormComponentPanel<HashMap<String, Object>> {
        private static final long serialVersionUID = 5433983389877706266L;

        /* loaded from: input_file:WEB-INF/lib/gs-web-sec-ldap-2.25.3.jar:org/geoserver/web/security/ldap/LDAPAuthProviderPanel$TestLDAPConnectionPanel$TestLink.class */
        private class TestLink extends AjaxSubmitLink {
            private static final long serialVersionUID = 2373404292655355758L;

            public TestLink() {
                super(ServerConstants.SC_DEFAULT_DATABASE);
            }

            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            protected void onSubmit(AjaxRequestTarget ajaxRequestTarget, Form<?> form) {
                ((FormComponent) TestLDAPConnectionPanel.this.get("username")).processInput();
                ((FormComponent) TestLDAPConnectionPanel.this.get("password")).processInput();
                ((FormComponent) LDAPAuthProviderPanel.this.get("serverURL")).processInput();
                ((FormComponent) LDAPAuthProviderPanel.this.get("useTLS")).processInput();
                ((FormComponent) LDAPAuthProviderPanel.this.get("userDnPattern")).processInput();
                ((FormComponent) LDAPAuthProviderPanel.this.get("userFilter")).processInput();
                ((FormComponent) LDAPAuthProviderPanel.this.get("userFormat")).processInput();
                try {
                    doTest((LDAPSecurityServiceConfig) getForm().getModelObject(), (String) ((FormComponent) TestLDAPConnectionPanel.this.get("username")).getConvertedInput(), (String) ((FormComponent) TestLDAPConnectionPanel.this.get("password")).getConvertedInput());
                } catch (Exception e) {
                    error(e);
                    LDAPAuthProviderPanel.LOGGER.log(Level.WARNING, e.getMessage(), (Throwable) e);
                }
                ajaxRequestTarget.add(getPage().get("topFeedback"));
            }

            void doTest(LDAPSecurityServiceConfig lDAPSecurityServiceConfig, String str, String str2) throws AuthenticationException {
                if (lDAPSecurityServiceConfig.getUserDnPattern() == null && lDAPSecurityServiceConfig.getUserFilter() == null) {
                    error("Neither user dn pattern or user filter specified");
                    return;
                }
                LDAPSecurityProvider lDAPSecurityProvider = new LDAPSecurityProvider(LDAPAuthProviderPanel.this.getSecurityManager());
                Authentication authenticate = ((LDAPAuthenticationProvider) lDAPSecurityProvider.createAuthenticationProvider(lDAPSecurityServiceConfig)).authenticate(new UsernamePasswordAuthenticationToken(str, str2));
                if (authenticate == null || !authenticate.isAuthenticated()) {
                    throw new AuthenticationException("Cannot authenticate " + str);
                }
                lDAPSecurityProvider.destroy(null);
                info(new StringResourceModel(LDAPAuthProviderPanel.class.getSimpleName() + ".connectionSuccessful").getObject());
            }
        }

        public TestLDAPConnectionPanel(String str) {
            super(str, new Model(new HashMap()));
            add(new TextField("username", new MapModel(getModel().getObject(), "username")));
            add(new PasswordTextField("password", new MapModel(getModel().getObject(), "password")).setRequired(false));
            add(new TestLink().setDefaultFormProcessing(false));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/gs-web-sec-ldap-2.25.3.jar:org/geoserver/web/security/ldap/LDAPAuthProviderPanel$UserGroupAuthorizationPanel.class */
    public class UserGroupAuthorizationPanel extends AuthorizationPanel {
        private static final long serialVersionUID = 2464048864034610244L;

        public UserGroupAuthorizationPanel(String str) {
            super(str);
            add(new UserGroupServiceChoice("userGroupServiceName"));
        }

        @Override // org.geoserver.web.security.ldap.LDAPAuthProviderPanel.AuthorizationPanel
        public void resetModel() {
            get("userGroupServiceName").setDefaultModelObject(null);
        }
    }

    public LDAPAuthProviderPanel(String str, IModel<LDAPSecurityServiceConfig> iModel) {
        super(str, iModel);
        add(new TextField("serverURL").setRequired(true));
        add(new CheckBox("useTLS"));
        add(new TextField("userDnPattern"));
        add(new TextField("userFilter"));
        add(new TextField("userFormat"));
        boolean z = iModel.getObject().getUserGroupServiceName() == null;
        add(new AjaxCheckBox("useLdapAuthorization", new Model(Boolean.valueOf(z))) { // from class: org.geoserver.web.security.ldap.LDAPAuthProviderPanel.1
            private static final long serialVersionUID = 2060279075143716273L;

            @Override // org.apache.wicket.ajax.markup.html.form.AjaxCheckBox
            protected void onUpdate(AjaxRequestTarget ajaxRequestTarget) {
                WebMarkupContainer webMarkupContainer = (WebMarkupContainer) LDAPAuthProviderPanel.this.get("authorizationPanelContainer");
                ((AuthorizationPanel) webMarkupContainer.get("authorizationPanel")).resetModel();
                webMarkupContainer.remove("authorizationPanel");
                webMarkupContainer.add(LDAPAuthProviderPanel.this.createAuthorizationPanel("authorizationPanel", getModelObject().booleanValue()));
                ajaxRequestTarget.add(webMarkupContainer);
            }
        });
        add(new WebMarkupContainer("authorizationPanelContainer").add(createAuthorizationPanel("authorizationPanel", z)).setOutputMarkupId(true));
        add(new TestLDAPConnectionPanel("testCx"));
    }

    AuthorizationPanel createAuthorizationPanel(String str, boolean z) {
        return z ? new LDAPAuthorizationPanel(str) : new UserGroupAuthorizationPanel(str);
    }
}
