package org.apache.jackrabbit.oak.security.authentication.ldap.impl;

import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Property;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;

@Component(label = "Apache Jackrabbit Oak LDAP Identity Provider", name = "org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider", configurationFactory = true, metatype = true, ds = false)
/* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.class */
public class LdapProviderConfig {
    public static final String PARAM_NAME_DEFAULT = "ldap";

    @Property(label = "LDAP Provider Name", description = "Name of this LDAP provider configuration. This is used to reference this provider by the login modules.", value = {PARAM_NAME_DEFAULT})
    public static final String PARAM_NAME = "provider.name";
    public static final String PARAM_LDAP_HOST_DEFAULT = "localhost";

    @Property(label = "LDAP Server Hostname", description = "Hostname of the LDAP server", value = {"localhost"})
    public static final String PARAM_LDAP_HOST = "host.name";
    public static final int PARAM_LDAP_PORT_DEFAULT = 389;

    @Property(label = "LDAP Server Port", description = "Port of the LDAP server", intValue = {389})
    public static final String PARAM_LDAP_PORT = "host.port";
    public static final boolean PARAM_USE_SSL_DEFAULT = false;

    @Property(label = "Use SSL", description = "Indicates if an SSL (LDAPs) connection should be used.", boolValue = {false})
    public static final String PARAM_USE_SSL = "host.ssl";
    public static final boolean PARAM_USE_TLS_DEFAULT = false;

    @Property(label = "Use TLS", description = "Indicates if TLS should be started on connections.", boolValue = {false})
    public static final String PARAM_USE_TLS = "host.tls";
    public static final boolean PARAM_NO_CERT_CHECK_DEFAULT = false;

    @Property(label = "Disable certificate checking", description = "Indicates if server certificate validation should be disabled.", boolValue = {false})
    public static final String PARAM_NO_CERT_CHECK = "host.noCertCheck";
    public static final String PARAM_BIND_DN_DEFAULT = "";

    @Property(label = "Bind DN", description = "DN of the user for authentication. Leave empty for anonymous bind.", value = {""})
    public static final String PARAM_BIND_DN = "bind.dn";
    public static final String PARAM_BIND_PASSWORD_DEFAULT = "";

    @Property(label = "Bind Password", description = "Password of the user for authentication.", passwordValue = {""})
    public static final String PARAM_BIND_PASSWORD = "bind.password";
    public static final String PARAM_SEARCH_TIMEOUT_DEFAULT = "60s";

    @Property(label = "Search Timeout", description = "Time in until a search times out (eg: '1s' or '1m 30s').", value = {PARAM_SEARCH_TIMEOUT_DEFAULT})
    public static final String PARAM_SEARCH_TIMEOUT = "searchTimeout";
    public static final int PARAM_ADMIN_POOL_MAX_ACTIVE_DEFAULT = 8;

    @Property(label = "Admin pool max active", description = "The max active size of the admin connection pool.", longValue = {8})
    public static final String PARAM_ADMIN_POOL_MAX_ACTIVE = "adminPool.maxActive";
    public static final boolean PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE_DEFAULT = true;

    @Property(label = "Admin pool lookup on validate", description = "Indicates an ROOT DSE lookup is performed to test if the connection is still valid when taking it out of the pool.", boolValue = {true})
    public static final String PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE = "adminPool.lookupOnValidate";
    public static final int PARAM_USER_POOL_MAX_ACTIVE_DEFAULT = 8;

    @Property(label = "User pool max active", description = "The max active size of the user connection pool.", longValue = {8})
    public static final String PARAM_USER_POOL_MAX_ACTIVE = "userPool.maxActive";
    public static final boolean PARAM_USER_POOL_LOOKUP_ON_VALIDATE_DEFAULT = true;

    @Property(label = "User pool lookup on validate", description = "Indicates an ROOT DSE lookup is performed to test if the connection is still valid when taking it out of the pool.", boolValue = {true})
    public static final String PARAM_USER_POOL_LOOKUP_ON_VALIDATE = "userPool.lookupOnValidate";
    public static final String PARAM_USER_BASE_DN_DEFAULT = "ou=people,o=example,dc=com";

    @Property(label = "User base DN", description = "The base DN for user searches.", value = {PARAM_USER_BASE_DN_DEFAULT})
    public static final String PARAM_USER_BASE_DN = "user.baseDN";

    @Property(label = "User object classes", description = "The list of object classes an user entry must contain.", value = {SchemaConstants.PERSON_OC}, cardinality = Integer.MAX_VALUE)
    public static final String PARAM_USER_OBJECTCLASS = "user.objectclass";
    public static final String PARAM_USER_ID_ATTRIBUTE_DEFAULT = "uid";

    @Property(label = "User id attribute", description = "Name of the attribute that contains the user id.", value = {"uid"})
    public static final String PARAM_USER_ID_ATTRIBUTE = "user.idAttribute";
    public static final String PARAM_USER_EXTRA_FILTER_DEFAULT = "";

    @Property(label = "User extra filter", description = "Extra LDAP filter to use when searching for users. The final filter isformatted like: '(&(<idAttr>=<userId>)(objectclass=<objectclass>)<extraFilter>)'", value = {""})
    public static final String PARAM_USER_EXTRA_FILTER = "user.extraFilter";
    public static final boolean PARAM_USER_MAKE_DN_PATH_DEFAULT = false;

    @Property(label = "User DN paths", description = "Controls if the DN should be used for calculating a portion of the intermediate path.", boolValue = {false})
    public static final String PARAM_USER_MAKE_DN_PATH = "user.makeDnPath";
    public static final String PARAM_GROUP_BASE_DN_DEFAULT = "ou=groups,o=example,dc=com";

    @Property(label = "Group base DN", description = "The base DN for group searches.", value = {PARAM_GROUP_BASE_DN_DEFAULT})
    public static final String PARAM_GROUP_BASE_DN = "group.baseDN";

    @Property(label = "Group object classes", description = "The list of object classes a group entry must contain.", value = {SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC}, cardinality = Integer.MAX_VALUE)
    public static final String PARAM_GROUP_OBJECTCLASS = "group.objectclass";
    public static final String PARAM_GROUP_NAME_ATTRIBUTE_DEFAULT = "cn";

    @Property(label = "Group name attribute", description = "Name of the attribute that contains the group name.", value = {"cn"})
    public static final String PARAM_GROUP_NAME_ATTRIBUTE = "group.nameAttribute";
    public static final String PARAM_GROUP_EXTRA_FILTER_DEFAULT = "";

    @Property(label = "Group extra filter", description = "Extra LDAP filter to use when searching for groups. The final filter isformatted like: '(&(<nameAttr>=<groupName>)(objectclass=<objectclass>)<extraFilter>)'", value = {""})
    public static final String PARAM_GROUP_EXTRA_FILTER = "group.extraFilter";
    public static final boolean PARAM_GROUP_MAKE_DN_PATH_DEFAULT = false;

    @Property(label = "Group DN paths", description = "Controls if the DN should be used for calculating a portion of the intermediate path.", boolValue = {false})
    public static final String PARAM_GROUP_MAKE_DN_PATH = "group.makeDnPath";
    public static final String PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT = "uniquemember";

    @Property(label = "Group member attribute", description = "Group attribute that contains the member(s) of a group.", value = {PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT})
    public static final String PARAM_GROUP_MEMBER_ATTRIBUTE = "group.memberAttribute";
    public static final boolean PARAM_USE_UID_FOR_EXT_ID_DEFAULT = false;

    @Property(label = "Use user id for external ids", description = "If enabled, the value of the user id (resp. group name) attribute will be used to create external identifiers. Leave disabled to use the DN instead.", boolValue = {false})
    public static final String PARAM_USE_UID_FOR_EXT_ID = "useUidForExtId";

    @Property(label = "Custom Attributes", description = "Attributes retrieved when looking up LDAP entries. Leave empty to retrieve all attributes.", value = {}, cardinality = Integer.MAX_VALUE)
    public static final String PARAM_CUSTOM_ATTRIBUTES = "customattributes";
    private String memberOfFilterTemplate;
    public static final String[] PARAM_USER_OBJECTCLASS_DEFAULT = {SchemaConstants.PERSON_OC};
    public static final String[] PARAM_GROUP_OBJECTCLASS_DEFAULT = {SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC};
    public static final String[] PARAM_CUSTOM_ATTRIBUTES_DEFAULT = new String[0];
    private String name = PARAM_NAME_DEFAULT;
    private String hostname = "localhost";
    private int port = 389;
    private boolean useSSL = false;
    private boolean useTLS = false;
    private boolean noCertCheck = false;
    private String bindDN = "";
    private String bindPassword = "";
    private long searchTimeout = ConfigurationParameters.Milliseconds.of(PARAM_SEARCH_TIMEOUT_DEFAULT).value;
    private String groupMemberAttribute = PARAM_GROUP_MEMBER_ATTRIBUTE;
    private boolean useUidForExtId = false;
    private String[] customAttributes = PARAM_CUSTOM_ATTRIBUTES_DEFAULT;
    private final PoolConfig adminPoolConfig = new PoolConfig().setMaxActive(8);
    private final PoolConfig userPoolConfig = new PoolConfig().setMaxActive(8);
    private final Identity userConfig = new Identity().setBaseDN(PARAM_USER_BASE_DN_DEFAULT).setExtraFilter("").setIdAttribute("uid").setMakeDnPath(false).setObjectClasses(PARAM_USER_OBJECTCLASS_DEFAULT);
    private final Identity groupConfig = new Identity().setBaseDN(PARAM_GROUP_BASE_DN_DEFAULT).setExtraFilter("").setIdAttribute("cn").setMakeDnPath(false).setObjectClasses(PARAM_GROUP_OBJECTCLASS_DEFAULT);

    /* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig$Identity.class */
    public class Identity {
        private String baseDN;
        private String[] objectClasses;
        private String idAttribute;
        private String[] customAttributes = new String[0];
        private String extraFilter;
        private String filterTemplate;
        private boolean makeDnPath;

        public Identity() {
        }

        @Nonnull
        public String getBaseDN() {
            return this.baseDN;
        }

        @Nonnull
        public Identity setBaseDN(@Nonnull String str) {
            this.baseDN = str;
            return this;
        }

        @Nonnull
        public String[] getObjectClasses() {
            return this.objectClasses;
        }

        @Nonnull
        public Identity setObjectClasses(@Nonnull String... strArr) {
            this.objectClasses = strArr;
            this.filterTemplate = null;
            LdapProviderConfig.this.memberOfFilterTemplate = null;
            return this;
        }

        @Nonnull
        public String getIdAttribute() {
            return this.idAttribute;
        }

        @Nonnull
        public Identity setIdAttribute(@Nonnull String str) {
            this.idAttribute = str;
            this.filterTemplate = null;
            LdapProviderConfig.this.memberOfFilterTemplate = null;
            return this;
        }

        @CheckForNull
        public String getExtraFilter() {
            return this.extraFilter;
        }

        @Nonnull
        public Identity setExtraFilter(@Nullable String str) {
            this.extraFilter = str;
            this.filterTemplate = null;
            LdapProviderConfig.this.memberOfFilterTemplate = null;
            return this;
        }

        public boolean makeDnPath() {
            return this.makeDnPath;
        }

        @Nonnull
        public Identity setMakeDnPath(boolean z) {
            this.makeDnPath = z;
            return this;
        }

        @Nonnull
        public String getSearchFilter(@Nonnull String str) {
            if (this.filterTemplate == null) {
                StringBuilder append = new StringBuilder("(&(").append(this.idAttribute).append("=%s)");
                for (String str2 : this.objectClasses) {
                    append.append("(objectclass=").append(LdapProviderConfig.encodeFilterValue(str2)).append(')');
                }
                if (this.extraFilter != null && this.extraFilter.length() > 0) {
                    append.append(this.extraFilter);
                }
                append.append(')');
                this.filterTemplate = append.toString();
            }
            return String.format(this.filterTemplate, LdapProviderConfig.encodeFilterValue(str));
        }

        public String toString() {
            StringBuilder sb = new StringBuilder("Identity{");
            sb.append("baseDN='").append(this.baseDN).append('\'');
            sb.append(", objectClasses=").append(Arrays.toString(this.objectClasses));
            sb.append(", idAttribute='").append(this.idAttribute).append('\'');
            sb.append(", userAttributes='").append(Arrays.toString(this.customAttributes));
            sb.append(", extraFilter='").append(this.extraFilter).append('\'');
            sb.append(", filterTemplate='").append(this.filterTemplate).append('\'');
            sb.append(", makeDnPath=").append(this.makeDnPath);
            sb.append('}');
            return sb.toString();
        }
    }

    /* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig$PoolConfig.class */
    public static class PoolConfig {
        private int maxActiveSize;
        private boolean lookupOnValidate;

        public int getMaxActive() {
            return this.maxActiveSize;
        }

        @Nonnull
        public PoolConfig setMaxActive(int i) {
            this.maxActiveSize = i;
            return this;
        }

        public boolean lookupOnValidate() {
            return this.lookupOnValidate;
        }

        @Nonnull
        public PoolConfig setLookupOnValidate(boolean z) {
            this.lookupOnValidate = z;
            return this;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder("PoolConfig{");
            sb.append("maxActiveSize=").append(this.maxActiveSize);
            sb.append(", lookupOnValidate=").append(this.lookupOnValidate);
            sb.append('}');
            return sb.toString();
        }
    }

    public static LdapProviderConfig of(ConfigurationParameters configurationParameters) {
        LdapProviderConfig useUidForExtId = new LdapProviderConfig().setName((String) configurationParameters.getConfigValue(PARAM_NAME, PARAM_NAME_DEFAULT)).setHostname((String) configurationParameters.getConfigValue(PARAM_LDAP_HOST, "localhost")).setPort(((Integer) configurationParameters.getConfigValue(PARAM_LDAP_PORT, 389)).intValue()).setUseSSL(((Boolean) configurationParameters.getConfigValue(PARAM_USE_SSL, false)).booleanValue()).setUseTLS(((Boolean) configurationParameters.getConfigValue(PARAM_USE_TLS, false)).booleanValue()).setNoCertCheck(((Boolean) configurationParameters.getConfigValue(PARAM_NO_CERT_CHECK, false)).booleanValue()).setBindDN((String) configurationParameters.getConfigValue(PARAM_BIND_DN, "")).setBindPassword((String) configurationParameters.getConfigValue(PARAM_BIND_PASSWORD, "")).setGroupMemberAttribute((String) configurationParameters.getConfigValue(PARAM_GROUP_MEMBER_ATTRIBUTE, PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT)).setCustomAttributes((String[]) configurationParameters.getConfigValue(PARAM_CUSTOM_ATTRIBUTES, PARAM_CUSTOM_ATTRIBUTES_DEFAULT)).setUseUidForExtId(((Boolean) configurationParameters.getConfigValue(PARAM_USE_UID_FOR_EXT_ID, false)).booleanValue());
        ConfigurationParameters.Milliseconds of = ConfigurationParameters.Milliseconds.of((String) configurationParameters.getConfigValue(PARAM_SEARCH_TIMEOUT, PARAM_SEARCH_TIMEOUT_DEFAULT));
        if (of != null) {
            useUidForExtId.setSearchTimeout(of.value);
        }
        useUidForExtId.getUserConfig().setBaseDN((String) configurationParameters.getConfigValue(PARAM_USER_BASE_DN, PARAM_USER_BASE_DN)).setIdAttribute((String) configurationParameters.getConfigValue(PARAM_USER_ID_ATTRIBUTE, "uid")).setExtraFilter((String) configurationParameters.getConfigValue(PARAM_USER_EXTRA_FILTER, "")).setObjectClasses((String[]) configurationParameters.getConfigValue(PARAM_USER_OBJECTCLASS, PARAM_USER_OBJECTCLASS_DEFAULT)).setMakeDnPath(((Boolean) configurationParameters.getConfigValue(PARAM_USER_MAKE_DN_PATH, false)).booleanValue());
        useUidForExtId.getGroupConfig().setBaseDN((String) configurationParameters.getConfigValue(PARAM_GROUP_BASE_DN, PARAM_GROUP_BASE_DN)).setIdAttribute((String) configurationParameters.getConfigValue(PARAM_GROUP_NAME_ATTRIBUTE, "cn")).setExtraFilter((String) configurationParameters.getConfigValue(PARAM_GROUP_EXTRA_FILTER, "")).setObjectClasses((String[]) configurationParameters.getConfigValue(PARAM_GROUP_OBJECTCLASS, PARAM_GROUP_OBJECTCLASS_DEFAULT)).setMakeDnPath(((Boolean) configurationParameters.getConfigValue(PARAM_GROUP_MAKE_DN_PATH, false)).booleanValue());
        useUidForExtId.getAdminPoolConfig().setLookupOnValidate(((Boolean) configurationParameters.getConfigValue(PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE, true)).booleanValue()).setMaxActive(((Integer) configurationParameters.getConfigValue(PARAM_ADMIN_POOL_MAX_ACTIVE, 8)).intValue());
        useUidForExtId.getUserPoolConfig().setLookupOnValidate(((Boolean) configurationParameters.getConfigValue(PARAM_USER_POOL_LOOKUP_ON_VALIDATE, true)).booleanValue()).setMaxActive(((Integer) configurationParameters.getConfigValue(PARAM_USER_POOL_MAX_ACTIVE, 8)).intValue());
        return useUidForExtId;
    }

    @Nonnull
    public String getName() {
        return this.name;
    }

    @Nonnull
    public LdapProviderConfig setName(@Nonnull String str) {
        this.name = str;
        return this;
    }

    @Nonnull
    public String getHostname() {
        return this.hostname;
    }

    @Nonnull
    public LdapProviderConfig setHostname(@Nonnull String str) {
        this.hostname = str;
        return this;
    }

    public int getPort() {
        return this.port;
    }

    @Nonnull
    public LdapProviderConfig setPort(int i) {
        this.port = i;
        return this;
    }

    public boolean useSSL() {
        return this.useSSL;
    }

    @Nonnull
    public LdapProviderConfig setUseSSL(boolean z) {
        this.useSSL = z;
        return this;
    }

    public boolean useTLS() {
        return this.useTLS;
    }

    @Nonnull
    public LdapProviderConfig setUseTLS(boolean z) {
        this.useTLS = z;
        return this;
    }

    public boolean noCertCheck() {
        return this.noCertCheck;
    }

    @Nonnull
    public LdapProviderConfig setNoCertCheck(boolean z) {
        this.noCertCheck = z;
        return this;
    }

    @CheckForNull
    public String getBindDN() {
        return this.bindDN;
    }

    @Nonnull
    public LdapProviderConfig setBindDN(@Nullable String str) {
        this.bindDN = str;
        return this;
    }

    @CheckForNull
    public String getBindPassword() {
        return this.bindPassword;
    }

    @Nonnull
    public LdapProviderConfig setBindPassword(@Nullable String str) {
        this.bindPassword = str;
        return this;
    }

    public long getSearchTimeout() {
        return this.searchTimeout;
    }

    @Nonnull
    public LdapProviderConfig setSearchTimeout(long j) {
        this.searchTimeout = j;
        return this;
    }

    @Nonnull
    public String getGroupMemberAttribute() {
        return this.groupMemberAttribute;
    }

    @Nonnull
    public LdapProviderConfig setGroupMemberAttribute(@Nonnull String str) {
        this.groupMemberAttribute = str;
        return this;
    }

    @Nonnull
    public boolean getUseUidForExtId() {
        return this.useUidForExtId;
    }

    @Nonnull
    public LdapProviderConfig setUseUidForExtId(boolean z) {
        this.useUidForExtId = z;
        return this;
    }

    @Nonnull
    public String[] getCustomAttributes() {
        return this.customAttributes;
    }

    @Nonnull
    public LdapProviderConfig setCustomAttributes(@Nonnull String[] strArr) {
        this.customAttributes = removeEmptyStrings(strArr);
        return this;
    }

    public String getMemberOfSearchFilter(@Nonnull String str) {
        if (this.memberOfFilterTemplate == null) {
            StringBuilder append = new StringBuilder("(&(").append(this.groupMemberAttribute).append("=%s)");
            for (String str2 : this.groupConfig.objectClasses) {
                append.append("(objectclass=").append(encodeFilterValue(str2)).append(')');
            }
            if (this.groupConfig.extraFilter != null && this.groupConfig.extraFilter.length() > 0) {
                append.append(this.groupConfig.extraFilter);
            }
            append.append(')');
            this.memberOfFilterTemplate = append.toString();
        }
        return String.format(this.memberOfFilterTemplate, encodeFilterValue(str));
    }

    @Nonnull
    public Identity getUserConfig() {
        return this.userConfig;
    }

    @Nonnull
    public Identity getGroupConfig() {
        return this.groupConfig;
    }

    @Nonnull
    public PoolConfig getAdminPoolConfig() {
        return this.adminPoolConfig;
    }

    @Nonnull
    public PoolConfig getUserPoolConfig() {
        return this.userPoolConfig;
    }

    public static String encodeFilterValue(String str) {
        String str2;
        StringBuilder sb = null;
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    str2 = "\\00";
                    break;
                case '(':
                    str2 = "\\28";
                    break;
                case ')':
                    str2 = "\\29";
                    break;
                case '*':
                    str2 = "\\2A";
                    break;
                case '\\':
                    str2 = "\\5C";
                    break;
                default:
                    str2 = null;
                    break;
            }
            if (str2 != null) {
                if (sb == null) {
                    sb = new StringBuilder(str.length() * 2);
                    sb.append(str.substring(0, i));
                }
                sb.append(str2);
            } else if (sb != null) {
                sb.append(charAt);
            }
        }
        return sb == null ? str : sb.toString();
    }

    private String[] removeEmptyStrings(@Nonnull String[] strArr) {
        List asList = Arrays.asList(strArr);
        if (!asList.contains("")) {
            return strArr;
        }
        LinkedList linkedList = new LinkedList(asList);
        while (linkedList.contains("")) {
            linkedList.remove("");
        }
        return (String[]) linkedList.toArray(new String[linkedList.size()]);
    }

    public String toString() {
        StringBuilder sb = new StringBuilder("LdapProviderConfig{");
        sb.append("name='").append(this.name).append('\'');
        sb.append(", hostname='").append(this.hostname).append('\'');
        sb.append(", port=").append(this.port);
        sb.append(", useSSL=").append(this.useSSL);
        sb.append(", useTLS=").append(this.useTLS);
        sb.append(", noCertCheck=").append(this.noCertCheck);
        sb.append(", bindDN='").append(this.bindDN).append('\'');
        sb.append(", bindPassword='***'");
        sb.append(", searchTimeout=").append(this.searchTimeout);
        sb.append(", groupMemberAttribute='").append(this.groupMemberAttribute).append('\'');
        sb.append(", useUidForExtId='").append(this.useUidForExtId).append('\'');
        sb.append(", memberOfFilterTemplate='").append(this.memberOfFilterTemplate).append('\'');
        sb.append(", adminPoolConfig=").append(this.adminPoolConfig);
        sb.append(", userPoolConfig=").append(this.userPoolConfig);
        sb.append(", userConfig=").append(this.userConfig);
        sb.append(", groupConfig=").append(this.groupConfig);
        sb.append('}');
        return sb.toString();
    }
}
