package io.camunda.operate.webapp.security.ldap;

import io.camunda.operate.property.LdapProperties;
import io.camunda.operate.webapp.security.BaseWebConfigurer;
import io.camunda.operate.webapp.security.oauth2.OAuth2WebConfigurer;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

@Configuration
@EnableWebSecurity
@Profile({"ldap-auth"})
@Component("webSecurityConfig")
/* loaded from: input_file:io/camunda/operate/webapp/security/ldap/LDAPWebSecurityConfig.class */
public class LDAPWebSecurityConfig extends BaseWebConfigurer {

    @Autowired
    protected OAuth2WebConfigurer oAuth2WebConfigurer;

    @Autowired
    private LDAPUserService userService;

    @Override // io.camunda.operate.webapp.security.BaseWebConfigurer
    protected void applyAuthenticationSettings(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        LdapProperties ldap = this.operateProperties.getLdap();
        if (StringUtils.hasText(ldap.getDomain())) {
            setUpActiveDirectoryLDAP(authenticationManagerBuilder, ldap);
        } else {
            setupStandardLDAP(authenticationManagerBuilder, ldap);
        }
    }

    @Override // io.camunda.operate.webapp.security.BaseWebConfigurer
    protected void applyOAuth2Settings(HttpSecurity httpSecurity) throws Exception {
        this.oAuth2WebConfigurer.configure(httpSecurity);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.camunda.operate.webapp.security.BaseWebConfigurer
    public void logoutSuccessHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        this.userService.cleanUp(authentication);
        super.logoutSuccessHandler(httpServletRequest, httpServletResponse, authentication);
    }

    private void setUpActiveDirectoryLDAP(AuthenticationManagerBuilder authenticationManagerBuilder, LdapProperties ldapProperties) {
        ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider = new ActiveDirectoryLdapAuthenticationProvider(ldapProperties.getDomain(), ldapProperties.getUrl(), ldapProperties.getBaseDn());
        if (StringUtils.hasText(ldapProperties.getUserSearchFilter())) {
            activeDirectoryLdapAuthenticationProvider.setSearchFilter(ldapProperties.getUserSearchFilter());
        }
        activeDirectoryLdapAuthenticationProvider.setConvertSubErrorCodesToExceptions(true);
        authenticationManagerBuilder.authenticationProvider(activeDirectoryLdapAuthenticationProvider);
    }

    private void setupStandardLDAP(AuthenticationManagerBuilder authenticationManagerBuilder, LdapProperties ldapProperties) throws Exception {
        authenticationManagerBuilder.ldapAuthentication().userDnPatterns(new String[]{ldapProperties.getUserDnPatterns()}).userSearchFilter(ldapProperties.getUserSearchFilter()).userSearchBase(ldapProperties.getUserSearchBase()).contextSource().url(ldapProperties.getUrl() + ldapProperties.getBaseDn()).managerDn(ldapProperties.getManagerDn()).managerPassword(ldapProperties.getManagerPassword());
    }
}
