package org.georchestra.gateway.security.ldap.basic;

import java.util.Objects;
import org.georchestra.ds.users.AccountDao;
import org.georchestra.gateway.security.ldap.extended.ExtendedLdapAuthenticationProvider;
import org.georchestra.gateway.security.ldap.extended.ExtendedPasswordPolicyAwareContextSource;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.ldap.authentication.BindAuthenticator;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;

/* loaded from: input_file:BOOT-INF/classes/org/georchestra/gateway/security/ldap/basic/LdapAuthenticatorProviderBuilder.class */
public class LdapAuthenticatorProviderBuilder {
    private String url;
    private String baseDn;
    private String userSearchBase;
    private String userSearchFilter;
    private String rolesSearchBase;
    private String rolesSearchFilter;
    private String adminDn;
    private String adminPassword;
    private AccountDao accountDao;
    private String[] returningAttributes = null;

    public ExtendedLdapAuthenticationProvider build() {
        Objects.requireNonNull(this.url, "url is not set");
        Objects.requireNonNull(this.baseDn, "baseDn is not set");
        Objects.requireNonNull(this.userSearchBase, "userSearchBase is not set");
        Objects.requireNonNull(this.userSearchFilter, "userSearchFilter is not set");
        Objects.requireNonNull(this.rolesSearchBase, "rolesSearchBase is not set");
        Objects.requireNonNull(this.rolesSearchFilter, "rolesSearchFilter is not set");
        ExtendedPasswordPolicyAwareContextSource contextSource = contextSource();
        ExtendedLdapAuthenticationProvider extendedLdapAuthenticationProvider = new ExtendedLdapAuthenticationProvider(ldapAuthenticator(contextSource), ldapAuthoritiesPopulator(contextSource));
        extendedLdapAuthenticationProvider.setAuthoritiesMapper(ldapAuthoritiesMapper());
        extendedLdapAuthenticationProvider.setUserDetailsContextMapper(new LdapUserDetailsMapper());
        extendedLdapAuthenticationProvider.setAccountDao(this.accountDao);
        return extendedLdapAuthenticationProvider;
    }

    private BindAuthenticator ldapAuthenticator(BaseLdapPathContextSource baseLdapPathContextSource) {
        FilterBasedLdapUserSearch filterBasedLdapUserSearch = new FilterBasedLdapUserSearch(this.userSearchBase, this.userSearchFilter, baseLdapPathContextSource);
        filterBasedLdapUserSearch.setReturningAttributes(this.returningAttributes);
        BindAuthenticator bindAuthenticator = new BindAuthenticator(baseLdapPathContextSource);
        bindAuthenticator.setUserSearch(filterBasedLdapUserSearch);
        bindAuthenticator.afterPropertiesSet();
        return bindAuthenticator;
    }

    private ExtendedPasswordPolicyAwareContextSource contextSource() {
        ExtendedPasswordPolicyAwareContextSource extendedPasswordPolicyAwareContextSource = new ExtendedPasswordPolicyAwareContextSource(this.url);
        extendedPasswordPolicyAwareContextSource.setBase(this.baseDn);
        if (this.adminDn != null) {
            extendedPasswordPolicyAwareContextSource.setUserDn(this.adminDn);
            extendedPasswordPolicyAwareContextSource.setPassword(this.adminPassword);
        }
        extendedPasswordPolicyAwareContextSource.afterPropertiesSet();
        return extendedPasswordPolicyAwareContextSource;
    }

    private GrantedAuthoritiesMapper ldapAuthoritiesMapper() {
        return new SimpleAuthorityMapper();
    }

    private DefaultLdapAuthoritiesPopulator ldapAuthoritiesPopulator(BaseLdapPathContextSource baseLdapPathContextSource) {
        DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(baseLdapPathContextSource, this.rolesSearchBase);
        defaultLdapAuthoritiesPopulator.setGroupSearchFilter(this.rolesSearchFilter);
        return defaultLdapAuthoritiesPopulator;
    }

    public LdapAuthenticatorProviderBuilder url(String str) {
        this.url = str;
        return this;
    }

    public LdapAuthenticatorProviderBuilder baseDn(String str) {
        this.baseDn = str;
        return this;
    }

    public LdapAuthenticatorProviderBuilder userSearchBase(String str) {
        this.userSearchBase = str;
        return this;
    }

    public LdapAuthenticatorProviderBuilder userSearchFilter(String str) {
        this.userSearchFilter = str;
        return this;
    }

    public LdapAuthenticatorProviderBuilder rolesSearchBase(String str) {
        this.rolesSearchBase = str;
        return this;
    }

    public LdapAuthenticatorProviderBuilder rolesSearchFilter(String str) {
        this.rolesSearchFilter = str;
        return this;
    }

    public LdapAuthenticatorProviderBuilder adminDn(String str) {
        this.adminDn = str;
        return this;
    }

    public LdapAuthenticatorProviderBuilder adminPassword(String str) {
        this.adminPassword = str;
        return this;
    }

    public LdapAuthenticatorProviderBuilder accountDao(AccountDao accountDao) {
        this.accountDao = accountDao;
        return this;
    }

    public LdapAuthenticatorProviderBuilder returningAttributes(String[] strArr) {
        this.returningAttributes = strArr;
        return this;
    }
}
