package com.alibaba.nacos.plugin.auth.impl.ldap;

import com.alibaba.nacos.plugin.auth.impl.authenticate.IAuthenticationManager;
import com.alibaba.nacos.plugin.auth.impl.authenticate.LdapAuthenticationManager;
import com.alibaba.nacos.plugin.auth.impl.condition.ConditionOnLdapAuth;
import com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService;
import com.alibaba.nacos.plugin.auth.impl.token.TokenManagerDelegate;
import com.alibaba.nacos.plugin.auth.impl.users.NacosUserService;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.ldap.LdapAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter;

@Configuration(proxyBeanMethods = false)
@EnableAutoConfiguration(exclude = {LdapAutoConfiguration.class})
@Conditional({ConditionOnLdapAuth.class})
/* loaded from: input_file:com/alibaba/nacos/plugin/auth/impl/ldap/LdapAuthPluginConfig.class */
public class LdapAuthPluginConfig {

    @Value("${nacos.core.auth.ldap.url:ldap://localhost:389}")
    private String ldapUrl;

    @Value("${nacos.core.auth.ldap.basedc:dc=example,dc=org}")
    private String ldapBaseDc;

    @Value("${nacos.core.auth.ldap.timeout:3000}")
    private String ldapTimeOut;

    @Value("${nacos.core.auth.ldap.userDn:cn=admin,dc=example,dc=org}")
    private String userDn;

    @Value("${nacos.core.auth.ldap.password:password}")
    private String password;

    @Value("${nacos.core.auth.ldap.filter.prefix:uid}")
    private String filterPrefix;

    @Value("${nacos.core.auth.ldap.case.sensitive:true}")
    private boolean caseSensitive;

    @Value("${nacos.core.auth.ldap.ignore.partial.result.exception:false}")
    private boolean ignorePartialResultException;

    @Bean
    public LdapTemplate ldapTemplate(LdapContextSource ldapContextSource) {
        LdapTemplate ldapTemplate = new LdapTemplate(ldapContextSource);
        ldapTemplate.setIgnorePartialResultException(this.ignorePartialResultException);
        return ldapTemplate;
    }

    @Bean
    public LdapContextSource ldapContextSource() {
        return new NacosLdapContextSource(this.ldapUrl, this.ldapBaseDc, this.userDn, this.password, this.ldapTimeOut);
    }

    @Bean
    public LdapAuthenticationProvider ldapAuthenticationProvider(LdapTemplate ldapTemplate, NacosUserService nacosUserService, NacosRoleService nacosRoleService) {
        return new LdapAuthenticationProvider(ldapTemplate, nacosUserService, nacosRoleService, this.filterPrefix, this.caseSensitive);
    }

    @Bean
    public IAuthenticationManager ldapAuthenticatoinManager(LdapTemplate ldapTemplate, NacosUserService nacosUserService, TokenManagerDelegate tokenManagerDelegate, NacosRoleService nacosRoleService) {
        return new LdapAuthenticationManager(ldapTemplate, nacosUserService, tokenManagerDelegate, nacosRoleService, this.filterPrefix, this.caseSensitive);
    }

    @Bean
    public GlobalAuthenticationConfigurerAdapter authenticationConfigurer(final LdapAuthenticationProvider ldapAuthenticationProvider) {
        return new GlobalAuthenticationConfigurerAdapter() { // from class: com.alibaba.nacos.plugin.auth.impl.ldap.LdapAuthPluginConfig.1
            public void init(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
                authenticationManagerBuilder.authenticationProvider(ldapAuthenticationProvider);
            }
        };
    }
}
