package org.sonatype.security.ldap.realms.persist;

import java.util.Iterator;
import javax.inject.Named;
import javax.inject.Singleton;
import org.apache.http.cookie.ClientCookie;
import org.codehaus.plexus.util.StringUtils;
import org.osgi.framework.BundlePermission;
import org.sonatype.security.ldap.realms.persist.model.CConnectionInfo;
import org.sonatype.security.ldap.realms.persist.model.CUserAndGroupAuthConfiguration;
import org.sonatype.security.ldap.realms.persist.model.CUserRoleMapping;
import org.sonatype.security.ldap.realms.persist.model.Configuration;

@Singleton
@Named
/* loaded from: input_file:WEB-INF/plugin-repository/nexus-ldap-realm-plugin-2.14.5-02/dependencies/nexus-ldap-common-2.14.5-02.jar:org/sonatype/security/ldap/realms/persist/DefaultLdapConfigurationValidator.class */
public class DefaultLdapConfigurationValidator implements ConfigurationValidator {
    @Override // org.sonatype.security.ldap.realms.persist.ConfigurationValidator
    public ValidationResponse validateModel(ValidationRequest validationRequest) {
        ValidationResponse validationResponse = new ValidationResponse();
        Configuration configuration = validationRequest.getConfiguration();
        if (configuration == null) {
            validationResponse.addValidationError(new ValidationMessage("*", "Configuration is missing."));
        } else {
            if (configuration.getConnectionInfo() != null) {
                mergeValidationResponse(validateConnectionInfo(null, configuration.getConnectionInfo()), validationResponse);
            } else {
                validationResponse.addValidationError(new ValidationMessage("*", "Connection Configuration is missing."));
            }
            if (configuration.getUserAndGroupConfig() != null) {
                mergeValidationResponse(validateUserAndGroupAuthConfiguration(null, configuration.getUserAndGroupConfig()), validationResponse);
            } else {
                validationResponse.addValidationError(new ValidationMessage("*", "User And Group Configuration is missing."));
            }
        }
        return validationResponse;
    }

    @Override // org.sonatype.security.ldap.realms.persist.ConfigurationValidator
    public ValidationResponse validateConnectionInfo(ValidationContext validationContext, CConnectionInfo cConnectionInfo) {
        ValidationResponse validationResponse = new ValidationResponse();
        if (StringUtils.isEmpty(cConnectionInfo.getHost())) {
            validationResponse.addValidationError(new ValidationMessage(BundlePermission.HOST, "Host cannot be empty."));
        }
        if (StringUtils.isEmpty(cConnectionInfo.getAuthScheme())) {
            validationResponse.addValidationError(new ValidationMessage("authScheme", "Authorization Scheme cannot be empty."));
        }
        if (StringUtils.isEmpty(cConnectionInfo.getProtocol())) {
            validationResponse.addValidationError(new ValidationMessage("protocol", "Protocol cannot be empty."));
        }
        if (StringUtils.isEmpty(cConnectionInfo.getSearchBase())) {
            validationResponse.addValidationError(new ValidationMessage("searchBase", "Search Base cannot be empty."));
        }
        if (cConnectionInfo.getPort() < 1) {
            validationResponse.addValidationError(new ValidationMessage(ClientCookie.PORT_ATTR, "Port cannot be empty."));
        }
        if (StringUtils.isNotEmpty(cConnectionInfo.getAuthScheme()) && !cConnectionInfo.getAuthScheme().toLowerCase().equals("none")) {
            if (StringUtils.isEmpty(cConnectionInfo.getSystemUsername())) {
                validationResponse.addValidationError(new ValidationMessage("systemUsername", "Username cannot be empty unless the 'Authorization Scheme' is 'Anonymous Authentication'."));
            }
            if (StringUtils.isEmpty(cConnectionInfo.getSystemPassword())) {
                validationResponse.addValidationError(new ValidationMessage("systemPassword", "Password cannot be empty unless the 'Authorization Scheme' is 'Anonymous Authentication'."));
            }
        }
        return validationResponse;
    }

    @Override // org.sonatype.security.ldap.realms.persist.ConfigurationValidator
    public ValidationResponse validateUserAndGroupAuthConfiguration(ValidationContext validationContext, CUserAndGroupAuthConfiguration cUserAndGroupAuthConfiguration) {
        ValidationResponse validationResponse = new ValidationResponse();
        if (StringUtils.isEmpty(cUserAndGroupAuthConfiguration.getUserIdAttribute())) {
            validationResponse.addValidationError(new ValidationMessage("userIdAttribute", "User ID Attribute cannot be empty."));
        }
        if (StringUtils.isEmpty(cUserAndGroupAuthConfiguration.getUserObjectClass())) {
            validationResponse.addValidationError(new ValidationMessage("userObjectClass", "User Object Class cannot be empty."));
        }
        if (StringUtils.isEmpty(cUserAndGroupAuthConfiguration.getUserRealNameAttribute())) {
            validationResponse.addValidationError(new ValidationMessage("userRealNameAttribute", "User Real Name Attribute cannot be empty."));
        }
        if (StringUtils.isEmpty(cUserAndGroupAuthConfiguration.getEmailAddressAttribute())) {
            validationResponse.addValidationError(new ValidationMessage("emailAddressAttribute", "Email Address Attribute cannot be empty."));
        }
        if (cUserAndGroupAuthConfiguration.isLdapGroupsAsRoles() && StringUtils.isEmpty(cUserAndGroupAuthConfiguration.getUserMemberOfAttribute())) {
            if (StringUtils.isEmpty(cUserAndGroupAuthConfiguration.getGroupIdAttribute())) {
                validationResponse.addValidationError(new ValidationMessage("groupIdAttribute", "Group ID Attribute cannot be empty when Use LDAP Groups as Roles is true."));
            }
            if (StringUtils.isEmpty(cUserAndGroupAuthConfiguration.getGroupMemberAttribute())) {
                validationResponse.addValidationError(new ValidationMessage("groupMemberAttribute", "Group Member Attribute cannot be empty when Use LDAP Groups as Roles is true."));
            }
            if (StringUtils.isEmpty(cUserAndGroupAuthConfiguration.getGroupMemberFormat())) {
                validationResponse.addValidationError(new ValidationMessage("groupMemberFormat", "Group Member Format cannot be empty when Use LDAP Groups as Roles is true."));
            }
            if (StringUtils.isEmpty(cUserAndGroupAuthConfiguration.getGroupObjectClass())) {
                validationResponse.addValidationError(new ValidationMessage("groupObjectClass", "Group Object Class cannot be empty when Use LDAP Groups as Roles is true."));
            }
        }
        return validationResponse;
    }

    public ValidationResponse validateUserRoleMapping(ValidationContext validationContext, CUserRoleMapping cUserRoleMapping) {
        ValidationResponse validationResponse = new ValidationResponse();
        if (StringUtils.isEmpty(cUserRoleMapping.getUserId())) {
            validationResponse.addValidationError(new ValidationMessage("userId", "UserId cannot be empty."));
        }
        if (cUserRoleMapping == null || cUserRoleMapping.getRoles().size() == 0) {
            validationResponse.addValidationError(new ValidationMessage("roles", "Roles cannot be empty."));
        }
        return validationResponse;
    }

    protected ValidationResponse mergeValidationResponse(ValidationResponse validationResponse, ValidationResponse validationResponse2) {
        Iterator<ValidationMessage> it = validationResponse.getValidationErrors().iterator();
        while (it.hasNext()) {
            validationResponse2.addValidationError(it.next());
        }
        Iterator<ValidationMessage> it2 = validationResponse.getValidationWarnings().iterator();
        while (it2.hasNext()) {
            validationResponse2.addValidationError(it2.next());
        }
        return validationResponse2;
    }
}
