package io.spaship.operator.ldap;

import io.quarkus.cache.CacheResult;
import io.quarkus.runtime.StartupEvent;
import io.spaship.operator.rest.website.WebsiteResource;
import java.util.HashSet;
import java.util.Optional;
import java.util.Properties;
import java.util.Set;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.event.Observes;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.jboss.logging.Logger;

@ApplicationScoped
/* loaded from: input_file:io/spaship/operator/ldap/LdapService.class */
public class LdapService {
    private static final Logger log = Logger.getLogger(LdapService.class);

    @ConfigProperty(name = "app.ldap.enabled")
    boolean enabled;

    @ConfigProperty(name = "app.ldap.ctxFactory")
    String ldapCtxFactory;

    @ConfigProperty(name = "app.ldap.url")
    Optional<String> ldapUrl;

    @ConfigProperty(name = "app.ldap.search.name")
    Optional<String> searchName;

    @ConfigProperty(name = "app.ldap.search.filter")
    String searchFilter;

    @ConfigProperty(name = "app.ldap.search.groups.attrName")
    Optional<String> searchGroupAttrName;

    @ConfigProperty(name = "app.ldap.search.role.user.attrValue")
    Optional<String> searchRoleUserAttrValue;

    @ConfigProperty(name = "app.ldap.search.role.admin.attrValue")
    Optional<String> searchRoleAdminAttrValue;

    @ConfigProperty(name = "app.ldap.adminLogin.username")
    Optional<String> adminLoginUsername;

    @ConfigProperty(name = "app.ldap.adminLogin.password")
    Optional<String> adminLoginPassword;
    LdapContext ldapContext;
    SearchControls controls;

    void onStart(@Observes StartupEvent startupEvent) throws NamingException {
        log.infof("LDAP Service Init. enabled=%s ldapUrl=%s searchName=%s searchFilter=%s adminLoginUsername=%s searchGroupAttrName=%s searchRoleUserAttrValue=%s searchRoleAdminAttrValue=%s", new Object[]{Boolean.valueOf(this.enabled), this.ldapUrl.orElse("N/A"), this.searchName.orElse("N/A"), this.searchFilter, this.adminLoginUsername.orElse("N/A"), this.searchGroupAttrName.orElse("N/A"), this.searchRoleUserAttrValue.orElse("N/A"), this.searchRoleAdminAttrValue.orElse("N/A")});
        if (this.enabled) {
            if (this.ldapUrl.isEmpty() || this.searchName.isEmpty() || this.searchGroupAttrName.isEmpty() || this.searchRoleUserAttrValue.isEmpty() || this.searchRoleAdminAttrValue.isEmpty()) {
                throw new LdapException("Configuration missing. Properties 'app.ldap.url', 'app.ldap.search.name', 'app.ldap.search.groups.attrName', 'app.ldap.search.role.user.attrValue', 'app.ldap.search.role.admin.attrValue' are required");
            }
            initLdap();
        }
    }

    protected void initLdap() throws NamingException {
        Properties properties = new Properties();
        properties.put("java.naming.factory.initial", this.ldapCtxFactory);
        properties.put("java.naming.provider.url", this.ldapUrl.get());
        this.adminLoginUsername.ifPresent(str -> {
            properties.put("java.naming.security.principal", str);
        });
        this.adminLoginPassword.ifPresent(str2 -> {
            properties.put("java.naming.security.credentials", str2);
        });
        this.ldapContext = new InitialLdapContext(properties, (Control[]) null);
        this.controls = new SearchControls();
        this.controls.setSearchScope(2);
        this.controls.setReturningAttributes(new String[]{this.searchGroupAttrName.get()});
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    @CacheResult(cacheName = "ldap-roles")
    public Set<String> getRoles(String str) {
        log.infof("LDAP Search Roles. filterValue=%s", str);
        HashSet hashSet = new HashSet();
        try {
            NamingEnumeration search = this.ldapContext.search(this.searchName.get(), String.format(this.searchFilter, str), this.controls);
            if (search == null) {
                return hashSet;
            }
            while (search.hasMore()) {
                Attribute attribute = ((SearchResult) search.next()).getAttributes().get(this.searchGroupAttrName.get());
                log.tracef("groups=%s", attribute);
                if (attribute.contains(this.searchRoleUserAttrValue.get())) {
                    hashSet.add(WebsiteResource.ROLE_SPASHIP_USER);
                }
                if (attribute.contains(this.searchRoleAdminAttrValue.get())) {
                    hashSet.add(WebsiteResource.ROLE_SPASHIP_ADMIN);
                }
            }
            return hashSet;
        } catch (NamingException e) {
            log.error("Cannot query LDAP", e);
            throw new LdapException((Throwable) e);
        }
    }
}
