package org.apache.ignite.internal.security.authentication;

import com.google.auto.service.AutoService;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import org.apache.ignite.configuration.ConfigurationModule;
import org.apache.ignite.configuration.RootKey;
import org.apache.ignite.configuration.SuperRootChange;
import org.apache.ignite.configuration.annotation.ConfigurationType;
import org.apache.ignite.configuration.validation.Validator;
import org.apache.ignite.internal.security.authentication.basic.BasicAuthenticationProviderChange;
import org.apache.ignite.internal.security.authentication.basic.BasicAuthenticationProviderConfigurationSchema;
import org.apache.ignite.internal.security.authentication.basic.UserPasswordEncodingValidatorImpl;
import org.apache.ignite.internal.security.authentication.basic.UserWithSystemRoleValidatorImpl;
import org.apache.ignite.internal.security.authentication.configuration.validator.AuthenticationRolesValidatorImpl;
import org.apache.ignite.internal.security.authentication.validator.AuthenticationProvidersValidatorImpl;
import org.apache.ignite.internal.security.configuration.SecurityChange;
import org.apache.ignite.internal.security.configuration.SecurityConfiguration;
import org.gridgain.internal.rbac.configuration.PrivilegeNameGenerator;
import org.gridgain.internal.rbac.configuration.PrivilegesValidatorImpl;
import org.gridgain.internal.rbac.privileges.Action;
import org.gridgain.internal.security.ldap.configuration.LdapAuthenticationProviderConfigurationSchema;
import org.gridgain.internal.security.ldap.configuration.validator.LdapUrlValidatorImpl;

@AutoService({ConfigurationModule.class})
/* loaded from: input_file:org/apache/ignite/internal/security/authentication/SecurityConfigurationModule.class */
public class SecurityConfigurationModule implements ConfigurationModule {
    static final String DEFAULT_PROVIDER_NAME = "default";
    static final String DEFAULT_USERNAME = "ignite";
    static final String DEFAULT_PASSWORD = "ignite";

    public ConfigurationType type() {
        return ConfigurationType.DISTRIBUTED;
    }

    public Collection<RootKey<?, ?>> rootKeys() {
        return Collections.singleton(SecurityConfiguration.KEY);
    }

    public Set<Validator<?, ?>> validators() {
        return Set.of(AuthenticationProvidersValidatorImpl.INSTANCE, LdapUrlValidatorImpl.INSTANCE, PrivilegesValidatorImpl.INSTANCE, AuthenticationRolesValidatorImpl.INSTANCE, UserWithSystemRoleValidatorImpl.INSTANCE, UserPasswordEncodingValidatorImpl.INSTANCE);
    }

    public Collection<Class<?>> polymorphicSchemaExtensions() {
        return List.of(BasicAuthenticationProviderConfigurationSchema.class, LdapAuthenticationProviderConfigurationSchema.class);
    }

    public void patchConfigurationWithDynamicDefaults(SuperRootChange superRootChange) {
        ((SecurityChange) superRootChange.changeRoot(SecurityConfiguration.KEY)).changeAuthorization().changeRoles(namedListChange -> {
            namedListChange.create("system", roleChange -> {
                roleChange.changeDisplayName("system").changePrivileges(namedListChange -> {
                    for (Action action : Action.values()) {
                        namedListChange.create(PrivilegeNameGenerator.privilegeName(action.name(), (String) null), privilegeChange -> {
                            privilegeChange.changeAction(action.name());
                        });
                    }
                });
            });
        });
        ((SecurityChange) superRootChange.changeRoot(SecurityConfiguration.KEY)).changeAuthentication(authenticationChange -> {
            if (authenticationChange.changeProviders().size() == 0) {
                authenticationChange.changeProviders().create(DEFAULT_PROVIDER_NAME, authenticationProviderChange -> {
                    ((BasicAuthenticationProviderChange) authenticationProviderChange.convert(BasicAuthenticationProviderChange.class)).changeUsers(namedListChange2 -> {
                        namedListChange2.create("ignite", basicUserChange -> {
                            basicUserChange.changeDisplayName("ignite").changePassword("ignite").changeRoles("system");
                        });
                    });
                });
            }
        });
    }
}
