package io.trino.plugin.password.ldap;

import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import io.airlift.configuration.Config;
import io.airlift.configuration.ConfigDescription;
import io.airlift.configuration.ConfigSecuritySensitive;
import io.airlift.configuration.validation.FileExists;
import io.airlift.units.Duration;
import java.io.File;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import javax.validation.constraints.AssertTrue;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Pattern;

/* loaded from: input_file:io/trino/plugin/password/ldap/LdapConfig.class */
public class LdapConfig {
    private String ldapUrl;
    private boolean allowInsecure;
    private File trustCertificate;
    private String groupAuthorizationSearchPattern;
    private String userBaseDistinguishedName;
    private String bindDistinguishedName;
    private String bindPassword;
    private boolean ignoreReferrals;
    private List<String> userBindSearchPatterns = ImmutableList.of();
    private Duration ldapCacheTtl = new Duration(1.0d, TimeUnit.HOURS);

    @NotNull
    @Pattern(regexp = "^ldaps?://.*", message = "Invalid LDAP server URL. Expected ldap:// or ldaps://")
    public String getLdapUrl() {
        return this.ldapUrl;
    }

    @ConfigDescription("URL of the LDAP server")
    @Config("ldap.url")
    public LdapConfig setLdapUrl(String str) {
        this.ldapUrl = str;
        return this;
    }

    public boolean isAllowInsecure() {
        return this.allowInsecure;
    }

    @ConfigDescription("Allow insecure connection to the LDAP server")
    @Config("ldap.allow-insecure")
    public LdapConfig setAllowInsecure(boolean z) {
        this.allowInsecure = z;
        return this;
    }

    @AssertTrue(message = "Connecting to the LDAP server without SSL enabled requires `ldap.allow-insecure=true`")
    public boolean isUrlConfigurationValid() {
        return Strings.nullToEmpty(this.ldapUrl).startsWith("ldaps://") || this.allowInsecure;
    }

    @FileExists
    public File getTrustCertificate() {
        return this.trustCertificate;
    }

    @ConfigDescription("Path to the PEM trust certificate for the LDAP server")
    @Config("ldap.ssl-trust-certificate")
    public LdapConfig setTrustCertificate(File file) {
        this.trustCertificate = file;
        return this;
    }

    @NotNull
    public List<String> getUserBindSearchPatterns() {
        return this.userBindSearchPatterns;
    }

    public LdapConfig setUserBindSearchPatterns(List<String> list) {
        this.userBindSearchPatterns = (List) Objects.requireNonNull(list, "userBindSearchPatterns is null");
        return this;
    }

    @ConfigDescription("Custom user bind pattern. Example: ${USER}@example.com")
    @Config("ldap.user-bind-pattern")
    public LdapConfig setUserBindSearchPatterns(String str) {
        this.userBindSearchPatterns = Splitter.on(":").trimResults().omitEmptyStrings().splitToList(str);
        return this;
    }

    public String getGroupAuthorizationSearchPattern() {
        return this.groupAuthorizationSearchPattern;
    }

    @ConfigDescription("Custom group authorization check query. Example: &(objectClass=user)(memberOf=cn=group)(user=username)")
    @Config("ldap.group-auth-pattern")
    public LdapConfig setGroupAuthorizationSearchPattern(String str) {
        this.groupAuthorizationSearchPattern = str;
        return this;
    }

    public String getUserBaseDistinguishedName() {
        return this.userBaseDistinguishedName;
    }

    @ConfigDescription("Base distinguished name of the user. Example: dc=example,dc=com")
    @Config("ldap.user-base-dn")
    public LdapConfig setUserBaseDistinguishedName(String str) {
        this.userBaseDistinguishedName = str;
        return this;
    }

    public String getBindDistingushedName() {
        return this.bindDistinguishedName;
    }

    @ConfigDescription("Bind distinguished name. Example: CN=User Name,OU=CITY_OU,OU=STATE_OU,DC=domain,DC=domain_root")
    @Config("ldap.bind-dn")
    public LdapConfig setBindDistingushedName(String str) {
        this.bindDistinguishedName = str;
        return this;
    }

    public String getBindPassword() {
        return this.bindPassword;
    }

    @ConfigSecuritySensitive
    @ConfigDescription("Bind password used. Example: password1234")
    @Config("ldap.bind-password")
    public LdapConfig setBindPassword(String str) {
        this.bindPassword = str;
        return this;
    }

    public boolean isIgnoreReferrals() {
        return this.ignoreReferrals;
    }

    @ConfigDescription("Referrals allow finding entries across multiple LDAP servers. Ignore them to only search within 1 LDAP server")
    @Config("ldap.ignore-referrals")
    public LdapConfig setIgnoreReferrals(boolean z) {
        this.ignoreReferrals = z;
        return this;
    }

    @NotNull
    public Duration getLdapCacheTtl() {
        return this.ldapCacheTtl;
    }

    @Config("ldap.cache-ttl")
    public LdapConfig setLdapCacheTtl(Duration duration) {
        this.ldapCacheTtl = duration;
        return this;
    }
}
