package com.appiancorp.security.auth.ldap;

import com.appiancorp.security.auth.ExternalAuthUserSyncer;
import com.appiancorp.security.auth.SpringSecurityContextHelper;
import com.appiancorp.suite.cfg.FeatureToggleConfiguration;
import com.appiancorp.suite.cfg.LdapConfiguration;
import com.appiancorp.suiteapi.encryption.EncryptionService;
import com.appiancorp.suiteapi.personalization.UserProfileService;
import com.appiancorp.suiteapi.type.TypedValue;
import java.util.Objects;

/* loaded from: input_file:com/appiancorp/security/auth/ldap/LdapAuthenticatorFactory.class */
public class LdapAuthenticatorFactory {
    private final LdapConfiguration ldapConfiguration;
    private final UserProfileService adminUserProfileService;
    private final EncryptionService encryptionService;
    private final FeatureToggleConfiguration featureToggleConfiguration;

    public LdapAuthenticatorFactory(LdapConfiguration ldapConfiguration, EncryptionService encryptionService, UserProfileService userProfileService, FeatureToggleConfiguration featureToggleConfiguration) {
        this.ldapConfiguration = (LdapConfiguration) Objects.requireNonNull(ldapConfiguration);
        this.adminUserProfileService = (UserProfileService) Objects.requireNonNull(userProfileService);
        this.encryptionService = encryptionService;
        this.featureToggleConfiguration = featureToggleConfiguration;
    }

    public LdapAuthenticator build() throws Exception {
        boolean bindAsUser = this.ldapConfiguration.getBindAsUser();
        BindAuthenticatorBuilder bindAuthenticatorBuilder = new BindAuthenticatorBuilder(this.ldapConfiguration.getServerUrl(), bindAsUser, this.ldapConfiguration.getConnectTimeout(), this.featureToggleConfiguration);
        if (bindAsUser) {
            bindAuthenticatorBuilder.userDnPattern(this.ldapConfiguration.getUserDnPattern());
        } else {
            bindAuthenticatorBuilder.bindDn(this.ldapConfiguration.getBindDn()).bindPassword(decryptBindPassword()).searchFilter(this.ldapConfiguration.getSearchFilter());
        }
        return new LdapAuthenticator(bindAuthenticatorBuilder.build(), this.adminUserProfileService, new ExternalAuthUserSyncer(this.adminUserProfileService), this.ldapConfiguration);
    }

    private String decryptBindPassword() {
        TypedValue encryptedBindPassword = this.ldapConfiguration.getEncryptedBindPassword();
        return (String) SpringSecurityContextHelper.runAsUserIfNoContextSet("ANONYMOUS", () -> {
            return this.encryptionService.decrypt(encryptedBindPassword);
        });
    }
}
