package com.hazelcast.webmonitor.security.spi.impl.activedirectory;

import com.hazelcast.webmonitor.model.SecurityConfigConstants;
import com.hazelcast.webmonitor.security.spi.SecurityConfigApiException;
import com.hazelcast.webmonitor.security.spi.SecurityConfigParameter;
import com.hazelcast.webmonitor.security.spi.impl.AbstractLdapSecurityProvider;
import com.hazelcast.webmonitor.security.spi.impl.LdapUserDetailsContextMapper;
import com.hazelcast.webmonitor.security.spi.impl.SecurityConfigImportService;
import com.hazelcast.webmonitor.security.spi.impl.ldap.PersistentActiveDirectoryConfig;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.CommunicationException;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/classes/com/hazelcast/webmonitor/security/spi/impl/activedirectory/ActiveDirectorySecurityProvider.class
 */
/* loaded from: input_file:com/hazelcast/webmonitor/security/spi/impl/activedirectory/ActiveDirectorySecurityProvider.class */
public class ActiveDirectorySecurityProvider extends AbstractLdapSecurityProvider {
    public static final String ACTIVE_DIRECTORY_SECURITY_PROVIDER_NAME = "Active Directory";
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) ActiveDirectorySecurityProvider.class);
    private final PersistentActiveDirectoryConfig persistentActiveDirectoryConfig;
    private final SecurityConfigImportService securityConfigImportService;
    private AuthenticationProvider authenticationProvider;

    public ActiveDirectorySecurityProvider(PersistentActiveDirectoryConfig persistentActiveDirectoryConfig, SecurityConfigImportService securityConfigImportService) {
        this.persistentActiveDirectoryConfig = persistentActiveDirectoryConfig;
        this.securityConfigImportService = securityConfigImportService;
    }

    @Override // com.hazelcast.webmonitor.security.spi.SecurityProvider
    public String getName() {
        return ACTIVE_DIRECTORY_SECURITY_PROVIDER_NAME;
    }

    @Override // com.hazelcast.webmonitor.security.spi.SecurityProvider
    public List<SecurityConfigParameter> getConfigParameters() {
        return Arrays.asList(SecurityConfigParameter.stringParam("url", "URL", "ldap://localhost:10389"), SecurityConfigParameter.stringParam("domain", "Domain", "example.com"), SecurityConfigParameter.stringParam("userSearchFilter", "User Search Filter", "(&(objectClass=user)(userPrincipalName={0}))"), SecurityConfigParameter.stringParam("adminGroup", "Admin Group Name", SecurityConfigConstants.DEFAULT_ADMIN_GROUP), SecurityConfigParameter.stringParam("userGroup", "User Group Name", SecurityConfigConstants.DEFAULT_USER_GROUP), SecurityConfigParameter.stringParam("readonlyUserGroup", "Read-only User Group Name", SecurityConfigConstants.DEFAULT_READONLY_USER_GROUP), SecurityConfigParameter.stringParam("metricsOnlyGroup", "Metrics-only Group Name", SecurityConfigConstants.DEFAULT_METRICS_ONLY_GROUP), SecurityConfigParameter.boolParam("nestedGroupSearch", "Nested Group Search", true));
    }

    @Override // com.hazelcast.webmonitor.security.spi.SecurityProvider
    public void saveConfig(Map<String, String> map) {
        ActiveDirectoryConfig createActiveDirectoryConfig = createActiveDirectoryConfig(map);
        writeConfig(createActiveDirectoryConfig);
        this.authenticationProvider = createAuthenticationProvider(createActiveDirectoryConfig);
    }

    private ActiveDirectoryConfig createActiveDirectoryConfig(Map<String, String> map) {
        String str = map.get("url");
        String str2 = map.get("domain");
        String str3 = map.get("userSearchFilter");
        String str4 = map.get("adminGroup");
        String str5 = map.get("userGroup");
        String str6 = map.get("readonlyUserGroup");
        String str7 = map.get("metricsOnlyGroup");
        return ActiveDirectoryConfig.builder().url(str).domain(str2).userSearchFilter(str3).adminGroup(str4).userGroup(str5).readonlyUserGroup(str6).metricsOnlyGroup(str7).nestedGroupSearch(Boolean.parseBoolean(map.getOrDefault("nestedGroupSearch", "true"))).build();
    }

    @Override // com.hazelcast.webmonitor.security.spi.SecurityProvider
    public AuthenticationProvider getAuthenticationProvider() {
        if (this.authenticationProvider == null) {
            this.authenticationProvider = createAuthenticationProvider(this.persistentActiveDirectoryConfig.get());
        }
        return this.authenticationProvider;
    }

    @Override // com.hazelcast.webmonitor.security.spi.SecurityProvider
    public Optional<String> testConfig(String str, String str2, Map<String, String> map) {
        try {
            Collection<? extends GrantedAuthority> authorities = createAuthenticationProvider(createActiveDirectoryConfig(map)).authenticate(new UsernamePasswordAuthenticationToken(str, str2)).getAuthorities();
            if (authorities.isEmpty()) {
                throw new SecurityConfigApiException("User has no roles. Check the group names and make sure the test user is a member of one of the groups (or its nested groups).");
            }
            return Optional.of(authorities.iterator().next().getAuthority());
        } catch (CommunicationException e) {
            LOGGER.info(e.getMessage(), (Throwable) e);
            throw new SecurityConfigApiException("Failed to communicate with Active Directory server. Check the URL.");
        } catch (BadCredentialsException e2) {
            LOGGER.info(e2.getMessage(), (Throwable) e2);
            throw new SecurityConfigApiException("Wrong credentials. Check the domain along with test user credentials.");
        } catch (Exception e3) {
            LOGGER.info(e3.getMessage(), (Throwable) e3);
            throw new SecurityConfigApiException(e3.getMessage());
        }
    }

    @Override // com.hazelcast.webmonitor.security.spi.ReloadableSecurityProvider
    public void reloadConfig() {
        ActiveDirectoryConfig fromProperties = ActiveDirectoryConfig.fromProperties(this.securityConfigImportService.readProperties());
        writeConfig(fromProperties);
        this.authenticationProvider = createAuthenticationProvider(fromProperties);
        this.securityConfigImportService.cleanupOnSuccessfulImport();
    }

    @Override // com.hazelcast.webmonitor.security.spi.ReloadableSecurityProvider
    public boolean reloadConfigAvailable() {
        return this.securityConfigImportService.importPropertiesAvailable();
    }

    private void writeConfig(ActiveDirectoryConfig activeDirectoryConfig) {
        this.persistentActiveDirectoryConfig.write(activeDirectoryConfig);
    }

    private ActiveDirectoryAuthenticationProvider createAuthenticationProvider(ActiveDirectoryConfig activeDirectoryConfig) {
        ActiveDirectoryAuthenticationProvider activeDirectoryAuthenticationProvider = new ActiveDirectoryAuthenticationProvider(activeDirectoryConfig.getDomain(), activeDirectoryConfig.getUrl(), activeDirectoryConfig.isNestedGroupSearch(), this.ldapConnTimeout);
        activeDirectoryAuthenticationProvider.setSearchFilter(activeDirectoryConfig.getUserSearchFilter());
        activeDirectoryAuthenticationProvider.setUserDetailsContextMapper(new LdapUserDetailsContextMapper(activeDirectoryConfig.getGroupsToRolesMappingConfig()));
        return activeDirectoryAuthenticationProvider;
    }
}
