package com.provectus.kafka.ui.config.auth;

import java.util.List;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.authentication.ReactiveAuthenticationManagerAdapter;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.ldap.authentication.BindAuthenticator;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.web.server.SecurityWebFilterChain;

@Configuration
@EnableWebFluxSecurity
@ConditionalOnProperty(value = {"auth.type"}, havingValue = "LDAP")
/* loaded from: input_file:BOOT-INF/classes/com/provectus/kafka/ui/config/auth/LdapSecurityConfig.class */
public class LdapSecurityConfig extends AbstractAuthSecurityConfig {
    private static final Logger log = LogManager.getLogger((Class<?>) LdapSecurityConfig.class);

    @Value("${spring.ldap.urls}")
    private String ldapUrls;

    @Value("${spring.ldap.dn.pattern}")
    private String ldapUserDnPattern;

    @Bean
    public ReactiveAuthenticationManager authenticationManager(BaseLdapPathContextSource baseLdapPathContextSource) {
        BindAuthenticator bindAuthenticator = new BindAuthenticator(baseLdapPathContextSource);
        bindAuthenticator.setUserDnPatterns(new String[]{this.ldapUserDnPattern});
        return new ReactiveAuthenticationManagerAdapter(new ProviderManager((List<AuthenticationProvider>) List.of(new LdapAuthenticationProvider(bindAuthenticator))));
    }

    @Bean
    public BaseLdapPathContextSource contextSource() {
        LdapContextSource ldapContextSource = new LdapContextSource();
        ldapContextSource.setUrl(this.ldapUrls);
        ldapContextSource.afterPropertiesSet();
        return ldapContextSource;
    }

    @Bean
    public SecurityWebFilterChain configureLdap(ServerHttpSecurity serverHttpSecurity) {
        log.info("Configuring LDAP authentication.");
        serverHttpSecurity.authorizeExchange().pathMatchers(AUTH_WHITELIST).permitAll().anyExchange().authenticated().and().httpBasic();
        return serverHttpSecurity.csrf().disable().build();
    }
}
