package org.georchestra.gateway.accounts.admin.ldap;

import java.util.Objects;
import org.georchestra.ds.orgs.OrgsDao;
import org.georchestra.ds.orgs.OrgsDaoImpl;
import org.georchestra.ds.roles.Role;
import org.georchestra.ds.roles.RoleDao;
import org.georchestra.ds.roles.RoleDaoImpl;
import org.georchestra.ds.roles.RoleProtected;
import org.georchestra.ds.users.AccountDao;
import org.georchestra.ds.users.AccountDaoImpl;
import org.georchestra.gateway.accounts.admin.AccountManager;
import org.georchestra.gateway.accounts.admin.CreateAccountUserCustomizer;
import org.georchestra.gateway.security.GeorchestraGatewaySecurityConfigProperties;
import org.georchestra.gateway.security.ldap.extended.DemultiplexingUsersApi;
import org.georchestra.gateway.security.ldap.extended.ExtendedLdapConfig;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.pool.factory.PoolingContextSource;
import org.springframework.ldap.pool.validation.DefaultDirContextValidator;

@EnableConfigurationProperties({GeorchestraGatewaySecurityConfigProperties.class})
@Configuration(proxyBeanMethods = false)
/* loaded from: input_file:BOOT-INF/classes/org/georchestra/gateway/accounts/admin/ldap/GeorchestraLdapAccountManagementConfiguration.class */
public class GeorchestraLdapAccountManagementConfiguration {
    @Bean
    AccountManager ldapAccountsManager(ApplicationEventPublisher applicationEventPublisher, AccountDao accountDao, RoleDao roleDao, OrgsDao orgsDao, DemultiplexingUsersApi demultiplexingUsersApi, GeorchestraGatewaySecurityConfigProperties georchestraGatewaySecurityConfigProperties) {
        Objects.requireNonNull(applicationEventPublisher);
        return new LdapAccountsManager(applicationEventPublisher::publishEvent, accountDao, roleDao, orgsDao, demultiplexingUsersApi, georchestraGatewaySecurityConfigProperties);
    }

    @Bean
    CreateAccountUserCustomizer createAccountUserCustomizer(AccountManager accountManager) {
        return new CreateAccountUserCustomizer(accountManager);
    }

    @Bean
    LdapContextSource singleContextSource(GeorchestraGatewaySecurityConfigProperties georchestraGatewaySecurityConfigProperties) {
        ExtendedLdapConfig extendedLdapConfig = georchestraGatewaySecurityConfigProperties.extendedEnabled().get(0);
        LdapContextSource ldapContextSource = new LdapContextSource();
        ldapContextSource.setUrl(extendedLdapConfig.getUrl());
        ldapContextSource.setBase(extendedLdapConfig.getBaseDn());
        ldapContextSource.setUserDn(extendedLdapConfig.getAdminDn().orElseThrow());
        ldapContextSource.setPassword(extendedLdapConfig.getAdminPassword().orElseThrow());
        return ldapContextSource;
    }

    @Bean
    PoolingContextSource contextSource(LdapContextSource ldapContextSource) {
        PoolingContextSource poolingContextSource = new PoolingContextSource();
        poolingContextSource.setContextSource(ldapContextSource);
        poolingContextSource.setDirContextValidator(new DefaultDirContextValidator());
        poolingContextSource.setTestOnBorrow(true);
        poolingContextSource.setMaxActive(8);
        poolingContextSource.setMinIdle(1);
        poolingContextSource.setMaxIdle(8);
        poolingContextSource.setMaxTotal(-1);
        poolingContextSource.setMaxWait(-1L);
        return poolingContextSource;
    }

    @Bean
    LdapTemplate ldapTemplate(PoolingContextSource poolingContextSource) throws Exception {
        return new LdapTemplate(poolingContextSource);
    }

    @Bean
    RoleDao roleDao(LdapTemplate ldapTemplate, GeorchestraGatewaySecurityConfigProperties georchestraGatewaySecurityConfigProperties) {
        RoleDaoImpl roleDaoImpl = new RoleDaoImpl();
        roleDaoImpl.setLdapTemplate(ldapTemplate);
        roleDaoImpl.setRoleSearchBaseDN(georchestraGatewaySecurityConfigProperties.extendedEnabled().get(0).getRolesRdn());
        return roleDaoImpl;
    }

    @Bean
    OrgsDao orgsDao(LdapTemplate ldapTemplate, GeorchestraGatewaySecurityConfigProperties georchestraGatewaySecurityConfigProperties) {
        OrgsDaoImpl orgsDaoImpl = new OrgsDaoImpl();
        orgsDaoImpl.setLdapTemplate(ldapTemplate);
        ExtendedLdapConfig extendedLdapConfig = georchestraGatewaySecurityConfigProperties.extendedEnabled().get(0);
        orgsDaoImpl.setBasePath(extendedLdapConfig.getBaseDn());
        orgsDaoImpl.setOrgSearchBaseDN(extendedLdapConfig.getOrgsRdn());
        orgsDaoImpl.setPendingOrgSearchBaseDN(extendedLdapConfig.getPendingOrgsRdn());
        return orgsDaoImpl;
    }

    @Bean
    AccountDao accountDao(LdapTemplate ldapTemplate, GeorchestraGatewaySecurityConfigProperties georchestraGatewaySecurityConfigProperties) {
        ExtendedLdapConfig extendedLdapConfig = georchestraGatewaySecurityConfigProperties.extendedEnabled().get(0);
        String baseDn = extendedLdapConfig.getBaseDn();
        String usersRdn = extendedLdapConfig.getUsersRdn();
        String rolesRdn = extendedLdapConfig.getRolesRdn();
        AccountDaoImpl accountDaoImpl = new AccountDaoImpl(ldapTemplate);
        accountDaoImpl.setBasePath(baseDn);
        accountDaoImpl.setUserSearchBaseDN(usersRdn);
        accountDaoImpl.setRoleSearchBaseDN(rolesRdn);
        accountDaoImpl.setPendingUserSearchBaseDN("ou=pendingusers");
        String orgsRdn = extendedLdapConfig.getOrgsRdn();
        Objects.requireNonNull(orgsRdn);
        accountDaoImpl.setOrgSearchBaseDN(orgsRdn);
        accountDaoImpl.setPendingOrgSearchBaseDN("ou=pendingorgs");
        accountDaoImpl.init();
        return accountDaoImpl;
    }

    @Bean
    RoleProtected roleProtected() {
        RoleProtected roleProtected = new RoleProtected();
        roleProtected.setListOfprotectedRoles(new String[]{"ADMINISTRATOR", "GN_.*", "ORGADMIN", "REFERENT", Role.USER, "SUPERUSER"});
        return roleProtected;
    }
}
