package org.apereo.cas.mgmt.config;

import java.util.ArrayList;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authorization.LdapUserAttributesToRolesAuthorizationGenerator;
import org.apereo.cas.authorization.LdapUserGroupsToRolesAuthorizationGenerator;
import org.apereo.cas.configuration.CasManagementConfigurationProperties;
import org.apereo.cas.configuration.model.support.ldap.LdapAuthorizationProperties;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LdapUtils;
import org.ldaptive.SearchExecutor;
import org.ldaptive.pool.PooledConnectionFactory;
import org.pac4j.core.authorization.generator.AuthorizationGenerator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@EnableConfigurationProperties({CasManagementConfigurationProperties.class})
@Configuration("casManagementLdapAuthorizationConfiguration")
/* loaded from: input_file:org/apereo/cas/mgmt/config/CasManagementLdapAuthorizationConfiguration.class */
public class CasManagementLdapAuthorizationConfiguration {

    @Autowired
    private CasManagementConfigurationProperties casProperties;

    @RefreshScope
    @Bean
    public AuthorizationGenerator authorizationGenerator() {
        LdapAuthorizationProperties ldapAuthz = this.casProperties.getLdap().getLdapAuthz();
        PooledConnectionFactory newLdaptivePooledConnectionFactory = LdapUtils.newLdaptivePooledConnectionFactory(this.casProperties.getLdap());
        return (StringUtils.isNotBlank(ldapAuthz.getGroupFilter()) && StringUtils.isNotBlank(ldapAuthz.getGroupAttribute())) ? new LdapUserGroupsToRolesAuthorizationGenerator(newLdaptivePooledConnectionFactory, ldapAuthorizationGeneratorUserSearchExecutor(), ldapAuthz.isAllowMultipleResults(), ldapAuthz.getGroupAttribute(), ldapAuthz.getGroupPrefix(), ldapAuthorizationGeneratorGroupSearchExecutor()) : new LdapUserAttributesToRolesAuthorizationGenerator(newLdaptivePooledConnectionFactory, ldapAuthorizationGeneratorUserSearchExecutor(), ldapAuthz.isAllowMultipleResults(), ldapAuthz.getRoleAttribute(), ldapAuthz.getRolePrefix());
    }

    private SearchExecutor ldapAuthorizationGeneratorUserSearchExecutor() {
        LdapAuthorizationProperties ldapAuthz = this.casProperties.getLdap().getLdapAuthz();
        return LdapUtils.newLdaptiveSearchExecutor(ldapAuthz.getBaseDn(), ldapAuthz.getSearchFilter(), new ArrayList(0), CollectionUtils.wrap(ldapAuthz.getRoleAttribute()));
    }

    private SearchExecutor ldapAuthorizationGeneratorGroupSearchExecutor() {
        LdapAuthorizationProperties ldapAuthz = this.casProperties.getLdap().getLdapAuthz();
        return LdapUtils.newLdaptiveSearchExecutor(ldapAuthz.getGroupBaseDn(), ldapAuthz.getGroupFilter(), new ArrayList(0), CollectionUtils.wrap(ldapAuthz.getGroupAttribute()));
    }
}
