package org.frankframework.lifecycle.servlets;

import java.io.FileNotFoundException;
import java.net.URL;
import java.util.HashMap;
import org.apache.commons.lang3.StringUtils;
import org.frankframework.util.ClassUtils;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
import org.springframework.security.web.SecurityFilterChain;

/* loaded from: input_file:WEB-INF/lib/frankframework-security-8.1.0-RC1.jar:org/frankframework/lifecycle/servlets/ActiveDirectoryAuthenticator.class */
public class ActiveDirectoryAuthenticator extends ServletAuthenticatorBase {
    private String url;
    private String baseDn;
    private String domainName = null;
    private boolean followReferrals = true;
    private String searchFilter = null;
    private String roleMappingFile = "ldap-role-mapping.properties";
    private URL roleMappingURL = null;

    private void configure() throws FileNotFoundException {
        setDefaultValues();
        if (StringUtils.isEmpty(this.url)) {
            throw new IllegalArgumentException("url may not be empty");
        }
        this.roleMappingURL = ClassUtils.getResourceURL(this.roleMappingFile);
        if (this.roleMappingURL == null) {
            throw new FileNotFoundException("unable to find LDAP role-mapping file [" + this.roleMappingFile + "]");
        }
        this.log.info("found rolemapping file [{}]", this.roleMappingURL);
    }

    private void setDefaultValues() {
        Environment environment = getApplicationContext().getEnvironment();
        String property = environment.getProperty("ldap.auth.url");
        if (StringUtils.isEmpty(this.url) && StringUtils.isNotBlank(property)) {
            this.url = property;
        }
        String property2 = environment.getProperty("ldap.auth.user.base");
        if (StringUtils.isEmpty(this.baseDn) && StringUtils.isNotBlank(property2)) {
            this.baseDn = property2;
        }
    }

    @Override // org.frankframework.lifecycle.servlets.ServletAuthenticatorBase
    public SecurityFilterChain configure(HttpSecurity httpSecurity) throws Exception {
        configure();
        ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider = new ActiveDirectoryLdapAuthenticationProvider(this.domainName, this.url, this.baseDn);
        activeDirectoryLdapAuthenticationProvider.setConvertSubErrorCodesToExceptions(this.log.isDebugEnabled());
        if (StringUtils.isNotEmpty(this.searchFilter)) {
            activeDirectoryLdapAuthenticationProvider.setSearchFilter(this.searchFilter);
        }
        HashMap hashMap = new HashMap();
        if (this.followReferrals) {
            hashMap.put("java.naming.referral", "follow");
        }
        activeDirectoryLdapAuthenticationProvider.setContextEnvironmentProperties(hashMap);
        LdapUserDetailsMapper ldapUserDetailsMapper = new LdapUserDetailsMapper();
        ldapUserDetailsMapper.setRoleAttributes("memberOf".split(" "));
        ldapUserDetailsMapper.setConvertToUpperCase(false);
        ldapUserDetailsMapper.setRolePrefix("");
        activeDirectoryLdapAuthenticationProvider.setUserDetailsContextMapper(ldapUserDetailsMapper);
        activeDirectoryLdapAuthenticationProvider.setAuthoritiesMapper(new AuthorityMapper(this.roleMappingURL, getSecurityRoles(), getEnvironmentProperties()));
        httpSecurity.authenticationProvider((AuthenticationProvider) activeDirectoryLdapAuthenticationProvider);
        httpSecurity.httpBasic().realmName(StringUtils.isNotEmpty(this.domainName) ? this.domainName : this.url);
        return (SecurityFilterChain) httpSecurity.build();
    }

    public void setDomainName(String str) {
        this.domainName = str;
    }

    public void setUrl(String str) {
        this.url = str;
    }

    public void setBaseDn(String str) {
        this.baseDn = str;
    }

    public void setFollowReferrals(boolean z) {
        this.followReferrals = z;
    }

    public void setSearchFilter(String str) {
        this.searchFilter = str;
    }

    public void setRoleMappingFile(String str) {
        this.roleMappingFile = str;
    }
}
