package org.geoserver.security.ldap;

import java.io.IOException;
import java.util.Collection;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import org.geoserver.config.util.XStreamPersister;
import org.geoserver.security.GeoServerAuthenticationProvider;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.GeoServerSecurityProvider;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geotools.util.logging.Logging;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource;
import org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator;
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;

/* loaded from: input_file:WEB-INF/lib/sec-ldap-2.4-SNAPSHOT.jar:org/geoserver/security/ldap/LDAPSecurityProvider.class */
public class LDAPSecurityProvider extends GeoServerSecurityProvider {
    static final Logger LOGGER = Logging.getLogger("org.geoserver.security.ldap");
    GeoServerSecurityManager securityManager;

    public LDAPSecurityProvider(GeoServerSecurityManager geoServerSecurityManager) {
        this.securityManager = geoServerSecurityManager;
    }

    @Override // org.geoserver.security.GeoServerSecurityProvider
    public void configure(XStreamPersister xStreamPersister) {
        xStreamPersister.getXStream().alias("ldap", LDAPSecurityServiceConfig.class);
    }

    @Override // org.geoserver.security.GeoServerSecurityProvider
    public Class<LDAPAuthenticationProvider> getAuthenticationProviderClass() {
        return LDAPAuthenticationProvider.class;
    }

    @Override // org.geoserver.security.GeoServerSecurityProvider
    public GeoServerAuthenticationProvider createAuthenticationProvider(SecurityNamedServiceConfig securityNamedServiceConfig) {
        LDAPSecurityServiceConfig lDAPSecurityServiceConfig = (LDAPSecurityServiceConfig) securityNamedServiceConfig;
        DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(lDAPSecurityServiceConfig.getServerURL());
        defaultSpringSecurityContextSource.setCacheEnvironmentProperties(false);
        defaultSpringSecurityContextSource.setAuthenticationSource(new SpringSecurityAuthenticationSource());
        if (lDAPSecurityServiceConfig.isUseTLS().booleanValue()) {
            defaultSpringSecurityContextSource.setPooled(false);
            DefaultTlsDirContextAuthenticationStrategy defaultTlsDirContextAuthenticationStrategy = new DefaultTlsDirContextAuthenticationStrategy();
            defaultTlsDirContextAuthenticationStrategy.setHostnameVerifier(new HostnameVerifier() { // from class: org.geoserver.security.ldap.LDAPSecurityProvider.1
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return true;
                }
            });
            defaultSpringSecurityContextSource.setAuthenticationStrategy(defaultTlsDirContextAuthenticationStrategy);
        }
        GeoserverLdapBindAuthenticator geoserverLdapBindAuthenticator = new GeoserverLdapBindAuthenticator(defaultSpringSecurityContextSource);
        geoserverLdapBindAuthenticator.setUserFilter(lDAPSecurityServiceConfig.getUserFilter());
        geoserverLdapBindAuthenticator.setUserFormat(lDAPSecurityServiceConfig.getUserFormat());
        if (lDAPSecurityServiceConfig.getUserDnPattern() != null) {
            geoserverLdapBindAuthenticator.setUserDnPatterns(new String[]{lDAPSecurityServiceConfig.getUserDnPattern()});
        }
        UserDetailsServiceLdapAuthoritiesPopulator userDetailsServiceLdapAuthoritiesPopulator = null;
        LdapAuthenticationProvider ldapAuthenticationProvider = null;
        String userGroupServiceName = lDAPSecurityServiceConfig.getUserGroupServiceName();
        if (userGroupServiceName != null) {
            try {
                userDetailsServiceLdapAuthoritiesPopulator = new UserDetailsServiceLdapAuthoritiesPopulator(this.securityManager.loadUserGroupService(userGroupServiceName));
                ldapAuthenticationProvider = new LdapAuthenticationProvider(geoserverLdapBindAuthenticator, userDetailsServiceLdapAuthoritiesPopulator);
            } catch (IOException e) {
                LOGGER.log(Level.SEVERE, String.format("Unable to load user group service '%s', will use LDAP server for calculating roles", userGroupServiceName), (Throwable) e);
            }
        }
        if (userDetailsServiceLdapAuthoritiesPopulator == null) {
            if (lDAPSecurityServiceConfig.isBindBeforeGroupSearch().booleanValue()) {
                BindingLdapAuthoritiesPopulator bindingLdapAuthoritiesPopulator = new BindingLdapAuthoritiesPopulator(defaultSpringSecurityContextSource, lDAPSecurityServiceConfig.getGroupSearchBase());
                if (lDAPSecurityServiceConfig.getGroupSearchFilter() != null) {
                    bindingLdapAuthoritiesPopulator.setGroupSearchFilter(lDAPSecurityServiceConfig.getGroupSearchFilter());
                }
                ldapAuthenticationProvider = new LdapAuthenticationProvider(geoserverLdapBindAuthenticator, bindingLdapAuthoritiesPopulator) { // from class: org.geoserver.security.ldap.LDAPSecurityProvider.2
                    @Override // org.springframework.security.ldap.authentication.LdapAuthenticationProvider, org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
                    protected Collection<? extends GrantedAuthority> loadUserAuthorities(DirContextOperations dirContextOperations, String str, String str2) {
                        return getAuthoritiesPopulator().getGrantedAuthorities(dirContextOperations, str + ":" + str2);
                    }
                };
            } else {
                DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(defaultSpringSecurityContextSource, lDAPSecurityServiceConfig.getGroupSearchBase());
                if (lDAPSecurityServiceConfig.getGroupSearchFilter() != null) {
                    defaultLdapAuthoritiesPopulator.setGroupSearchFilter(lDAPSecurityServiceConfig.getGroupSearchFilter());
                }
                ldapAuthenticationProvider = new LdapAuthenticationProvider(geoserverLdapBindAuthenticator, defaultLdapAuthoritiesPopulator);
            }
        }
        return new LDAPAuthenticationProvider(ldapAuthenticationProvider, lDAPSecurityServiceConfig.getAdminGroup(), lDAPSecurityServiceConfig.getGroupAdminGroup());
    }
}
