package net.nemerosa.ontrack.extension.ldap;

import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import net.nemerosa.ontrack.model.security.SecurityRole;
import net.nemerosa.ontrack.model.settings.CachedSettingsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.authentication.BindAuthenticator;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:net/nemerosa/ontrack/extension/ldap/LDAPProviderFactoryImpl.class */
public class LDAPProviderFactoryImpl implements LDAPProviderFactory {
    private final CachedSettingsService cachedSettingsService;
    private static final String CACHE_KEY = "0";
    private final LdapAuthoritiesPopulator authoritiesPopulator = (dirContextOperations, str) -> {
        return AuthorityUtils.createAuthorityList(new String[]{SecurityRole.USER.name()});
    };
    private final Map<String, LdapAuthenticationProvider> cache = new ConcurrentHashMap();

    @Autowired
    public LDAPProviderFactoryImpl(CachedSettingsService cachedSettingsService) {
        this.cachedSettingsService = cachedSettingsService;
    }

    @Override // net.nemerosa.ontrack.extension.ldap.LDAPProviderFactory
    public void invalidate() {
        this.cache.clear();
    }

    @Override // net.nemerosa.ontrack.extension.ldap.LDAPProviderFactory
    public LdapAuthenticationProvider getProvider() {
        return this.cache.computeIfAbsent(CACHE_KEY, str -> {
            return loadProvider();
        });
    }

    private LdapAuthenticationProvider loadProvider() {
        LDAPSettings lDAPSettings = (LDAPSettings) this.cachedSettingsService.getCachedSettings(LDAPSettings.class);
        if (!lDAPSettings.isEnabled()) {
            return null;
        }
        DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(lDAPSettings.getUrl());
        defaultSpringSecurityContextSource.setUserDn(lDAPSettings.getUser());
        defaultSpringSecurityContextSource.setPassword(lDAPSettings.getPassword());
        try {
            defaultSpringSecurityContextSource.afterPropertiesSet();
            FilterBasedLdapUserSearch filterBasedLdapUserSearch = new FilterBasedLdapUserSearch(lDAPSettings.getSearchBase(), lDAPSettings.getSearchFilter(), defaultSpringSecurityContextSource);
            filterBasedLdapUserSearch.setSearchSubtree(true);
            BindAuthenticator bindAuthenticator = new BindAuthenticator(defaultSpringSecurityContextSource);
            bindAuthenticator.setUserSearch(filterBasedLdapUserSearch);
            LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, this.authoritiesPopulator);
            ldapAuthenticationProvider.setUserDetailsContextMapper(new ConfigurableUserDetailsContextMapper(lDAPSettings));
            return ldapAuthenticationProvider;
        } catch (Exception e) {
            throw new CannotInitializeLDAPException(e);
        }
    }
}
