package io.camunda.operate.webapp.security.ldap;

import io.camunda.operate.property.OperateProperties;
import io.camunda.operate.webapp.rest.dto.UserDto;
import io.camunda.operate.webapp.rest.exception.UserNotFoundException;
import io.camunda.operate.webapp.security.AbstractUserService;
import io.camunda.operate.webapp.security.Permission;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Profile;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.security.core.Authentication;
import org.springframework.security.ldap.userdetails.LdapUserDetails;
import org.springframework.stereotype.Component;

@Profile({"ldap-auth"})
@Component
/* loaded from: input_file:io/camunda/operate/webapp/security/ldap/LDAPUserService.class */
public class LDAPUserService extends AbstractUserService<Authentication> {
    private static final Logger LOGGER = LoggerFactory.getLogger(LDAPUserService.class);

    @Autowired
    private LdapTemplate ldapTemplate;

    @Autowired
    private OperateProperties operateProperties;
    private Map<String, UserDto> ldapDnToUser = new ConcurrentHashMap();

    /* loaded from: input_file:io/camunda/operate/webapp/security/ldap/LDAPUserService$LdapUserAttributesMapper.class */
    private final class LdapUserAttributesMapper implements AttributesMapper<UserDto> {
        private LdapUserAttributesMapper() {
        }

        /* renamed from: mapFromAttributes, reason: merged with bridge method [inline-methods] */
        public UserDto m67mapFromAttributes(Attributes attributes) throws NamingException {
            UserDto canLogout = new UserDto().setCanLogout(true);
            Attribute attribute = attributes.get(LDAPUserService.this.operateProperties.getLdap().getUserIdAttrName());
            if (attribute != null) {
                canLogout.setUserId((String) attribute.get());
            }
            Attribute attribute2 = attributes.get(LDAPUserService.this.operateProperties.getLdap().getDisplayNameAttrName());
            if (attribute2 != null) {
                canLogout.setDisplayName((String) attribute2.get());
            }
            canLogout.setPermissions(List.of(Permission.READ, Permission.WRITE));
            return canLogout;
        }
    }

    @Override // io.camunda.operate.webapp.security.UserService
    public UserDto createUserDtoFrom(Authentication authentication) {
        String dn = ((LdapUserDetails) authentication.getPrincipal()).getDn();
        if (!this.ldapDnToUser.containsKey(dn)) {
            LOGGER.info(String.format("Do a LDAP Lookup for user DN: %s)", dn));
            try {
                this.ldapDnToUser.put(dn, (UserDto) this.ldapTemplate.lookup(dn, new LdapUserAttributesMapper()));
            } catch (Exception e) {
                throw new UserNotFoundException(String.format("Couldn't find user for dn %s", dn));
            }
        }
        return this.ldapDnToUser.get(dn);
    }

    public void cleanUp(Authentication authentication) {
        this.ldapDnToUser.remove(((LdapUserDetails) authentication.getPrincipal()).getDn());
    }

    @Override // io.camunda.operate.webapp.security.AbstractUserService
    public String getUserToken(Authentication authentication) {
        throw new UnsupportedOperationException("Get token is not supported for LDAP authentication");
    }
}
