package org.georchestra.gateway.security.ldap;

import lombok.Generated;
import org.georchestra.gateway.security.GeorchestraGatewaySecurityConfigProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.validation.Errors;
import org.springframework.validation.ValidationUtils;

/* loaded from: input_file:BOOT-INF/classes/org/georchestra/gateway/security/ldap/LdapConfigPropertiesValidations.class */
public class LdapConfigPropertiesValidations {

    @Generated
    private static final Logger log = LoggerFactory.getLogger("org.georchestra.gateway.security.ldap");

    public void validate(String str, GeorchestraGatewaySecurityConfigProperties.Server server, Errors errors) {
        if (!server.isEnabled()) {
            log.debug("ignoring validation of LDAP config {}, enabled = false", str);
            return;
        }
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, String.format("ldap.[%s].url", str), "", "LDAP url is required (e.g.: ldap://my.ldap.com:389)");
        validateSimpleLdap(str, server, errors);
        if (server.isExtended()) {
            validateGeorchestraExtensions(str, server, errors);
        }
        if (server.isActiveDirectory()) {
            validateActiveDirectory(str, server, errors);
        } else {
            validateUsersSearchFilterMandatory(str, errors);
        }
    }

    private void validateSimpleLdap(String str, GeorchestraGatewaySecurityConfigProperties.Server server, Errors errors) {
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, String.format("ldap.[%s].baseDn", str), "", "LDAP base DN is required. e.g.: dc=georchestra,dc=org");
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, String.format("ldap.[%s].users.rdn", str), "", "LDAP users RDN (Relative Distinguished Name) is required. e.g.: ou=users,dc=georchestra,dc=org");
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, String.format("ldap.[%s].roles.rdn", str), "", "Roles Relative distinguished name is required. e.g.: ou=roles");
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, String.format("ldap.[%s].roles.searchFilter", str), "", "Roles searchFilter is required. e.g.: (member={0})");
    }

    private void validateUsersSearchFilterMandatory(String str, Errors errors) {
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, String.format("ldap.[%s].users.searchFilter", str), "", "LDAP users searchFilter is required for regular LDAP configs. e.g.: (uid={0}), and optional for Active Directory. e.g.: (&(objectClass=user)(userPrincipalName={0}))");
    }

    private void validateGeorchestraExtensions(String str, GeorchestraGatewaySecurityConfigProperties.Server server, Errors errors) {
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, String.format("ldap.[%s].orgs.rdn", str), "", "Organizations search base RDN is required if extended is true. e.g.: ou=orgs");
    }

    private void validateActiveDirectory(String str, GeorchestraGatewaySecurityConfigProperties.Server server, Errors errors) {
        warnUnusedByActiveDirectory(str, "orgs", server.getOrgs());
    }

    private void warnUnusedByActiveDirectory(String str, String str2, Object obj) {
        if (obj != null) {
            log.warn("Found config property org.georchestra.gateway.security.ldap.{}.{} but it's not used by Active Directory", str, str2);
        }
    }
}
