package com.floragunn.searchguard.enterprise.auth.ldap;

import com.floragunn.codova.config.net.TLSConfig;
import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Parser;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidatingDocNode;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.codova.validation.errors.ValidationError;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.searchsupport.PrivilegedCode;
import com.google.common.primitives.Ints;
import com.unboundid.ldap.sdk.AggregateLDAPConnectionPoolHealthCheck;
import com.unboundid.ldap.sdk.BindRequest;
import com.unboundid.ldap.sdk.EXTERNALBindRequest;
import com.unboundid.ldap.sdk.FailoverServerSet;
import com.unboundid.ldap.sdk.FastestConnectServerSet;
import com.unboundid.ldap.sdk.FewestConnectionsServerSet;
import com.unboundid.ldap.sdk.GetEntryLDAPConnectionPoolHealthCheck;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.LDAPConnectionPool;
import com.unboundid.ldap.sdk.LDAPConnectionPoolHealthCheck;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.PostConnectProcessor;
import com.unboundid.ldap.sdk.PruneUnneededConnectionsLDAPConnectionPoolHealthCheck;
import com.unboundid.ldap.sdk.RoundRobinServerSet;
import com.unboundid.ldap.sdk.ServerSet;
import com.unboundid.ldap.sdk.SimpleBindRequest;
import com.unboundid.ldap.sdk.StartTLSPostConnectProcessor;
import com.unboundid.util.ssl.HostNameSSLSocketVerifier;
import java.io.Closeable;
import java.io.IOException;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collection;
import javax.net.SocketFactory;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/auth/ldap/LDAPConnectionManager.class */
public final class LDAPConnectionManager implements Closeable {
    private static final Logger log = LogManager.getLogger(LDAPConnectionManager.class);
    private final LDAPConnectionPool pool;
    private final TLSConfig tlsConfig;
    private final int poolMinSize;
    private final int poolMaxSize;
    private final ConnectionStrategy connectionStrategy;

    /* loaded from: input_file:com/floragunn/searchguard/enterprise/auth/ldap/LDAPConnectionManager$ConnectionStrategy.class */
    public enum ConnectionStrategy {
        FEWEST,
        FAILOVER,
        FASTEST,
        ROUNDROBIN
    }

    public LDAPConnectionManager(DocNode docNode, Parser.Context context) throws ConfigValidationException {
        long j;
        boolean z;
        ValidationErrors validationErrors = new ValidationErrors();
        ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors, context);
        this.tlsConfig = (TLSConfig) validatingDocNode.get("tls").by((v0) -> {
            return TLSConfig.parseInclStartTlsSupport(v0);
        });
        ImmutableList ofStrings = validatingDocNode.get("hosts").required().asList().ofStrings();
        this.connectionStrategy = (ConnectionStrategy) validatingDocNode.get("connection_strategy").withDefault(ConnectionStrategy.ROUNDROBIN).asEnum(ConnectionStrategy.class);
        String asString = validatingDocNode.get("bind_dn").asString();
        String asString2 = validatingDocNode.get("password").asString();
        SimpleBindRequest simpleBindRequest = (asString == null || asString2 == null || asString2.length() <= 0) ? (this.tlsConfig == null || this.tlsConfig.getClientCertAuthConfig() == null) ? new SimpleBindRequest() : new EXTERNALBindRequest() : new SimpleBindRequest(asString, asString2);
        LDAPConnectionOptions lDAPConnectionOptions = new LDAPConnectionOptions();
        if (this.tlsConfig != null && this.tlsConfig.isHostnameVerificationEnabled()) {
            lDAPConnectionOptions.setSSLSocketVerifier(new HostNameSSLSocketVerifier(false));
        }
        Duration asDuration = validatingDocNode.get("connect_timeout").asDuration();
        if (asDuration != null) {
            lDAPConnectionOptions.setConnectTimeoutMillis((int) asDuration.toMillis());
        }
        Duration asDuration2 = validatingDocNode.get("response_timeout").asDuration();
        if (asDuration2 != null) {
            lDAPConnectionOptions.setResponseTimeoutMillis(asDuration2.toMillis());
        }
        lDAPConnectionOptions.setFollowReferrals(true);
        this.poolMinSize = validatingDocNode.get("connection_pool.min_size").withDefault(3).asInt();
        this.poolMaxSize = validatingDocNode.get("connection_pool.max_size").withDefault(10).asInt();
        if (validatingDocNode.get("connection_pool.blocking").withDefault(false).asBoolean()) {
            j = Long.MAX_VALUE;
            z = false;
        } else {
            j = 0;
            z = true;
        }
        LDAPConnectionPoolHealthCheck lDAPConnectionPoolHealthCheck = (LDAPConnectionPoolHealthCheck) validatingDocNode.get("connection_pool").by(docNode2 -> {
            return getHealthChecks(docNode2);
        });
        Duration asDuration3 = validatingDocNode.get("connection_pool.health_check_interval").asDuration();
        validationErrors.throwExceptionForPresentErrors();
        try {
            SimpleBindRequest simpleBindRequest2 = simpleBindRequest;
            this.pool = (LDAPConnectionPool) PrivilegedCode.execute(() -> {
                return new LDAPConnectionPool(createServerSet(ofStrings, lDAPConnectionOptions), simpleBindRequest2, this.poolMinSize, this.poolMaxSize, (PostConnectProcessor) null, false);
            }, LDAPException.class);
            this.pool.setCreateIfNecessary(z);
            this.pool.setMaxWaitTimeMillis(j);
            if (lDAPConnectionPoolHealthCheck != null) {
                this.pool.setHealthCheck(lDAPConnectionPoolHealthCheck);
                if (asDuration3 != null) {
                    this.pool.setHealthCheckIntervalMillis(asDuration3.toMillis());
                }
            }
        } catch (LDAPException e) {
            log.error("Error while creating pool", e);
            throw new ConfigValidationException(new ValidationError((String) null, e.getMessage()).cause(e));
        }
    }

    private LDAPConnectionPoolHealthCheck getHealthChecks(DocNode docNode) throws ConfigValidationException {
        ValidationErrors validationErrors = new ValidationErrors();
        ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors);
        ArrayList arrayList = new ArrayList();
        boolean asBoolean = validatingDocNode.get("validation.enabled").withDefault(false).asBoolean();
        String asString = validatingDocNode.get("validation.dn").asString();
        long asLong = validatingDocNode.get("validation.max_response_time").withDefault(30000L).asLong();
        boolean asBoolean2 = validatingDocNode.get("validation.on_create").withDefault(false).asBoolean();
        boolean asBoolean3 = validatingDocNode.get("validation.after_authentication").withDefault(false).asBoolean();
        boolean asBoolean4 = validatingDocNode.get("validation.on_checkout").withDefault(false).asBoolean();
        boolean asBoolean5 = validatingDocNode.get("validation.on_release").withDefault(false).asBoolean();
        boolean asBoolean6 = validatingDocNode.get("validation.for_background_checks").withDefault(true).asBoolean();
        boolean asBoolean7 = validatingDocNode.get("validation.on_exception").withDefault(false).asBoolean();
        if (asBoolean) {
            arrayList.add(new GetEntryLDAPConnectionPoolHealthCheck(asString, asLong, asBoolean2, asBoolean3, asBoolean4, asBoolean5, asBoolean6, asBoolean7));
        }
        boolean asBoolean8 = validatingDocNode.get("pruning.enabled").withDefault(false).asBoolean();
        int asInt = validatingDocNode.get("pruning.min_available_connections").withDefault(Integer.valueOf(this.poolMaxSize)).asInt();
        long asLong2 = validatingDocNode.get("pruning.min_duration_millis_exceeding_min_available_connections").withDefault(0L).asLong();
        if (asBoolean8) {
            arrayList.add(new PruneUnneededConnectionsLDAPConnectionPoolHealthCheck(asInt, asLong2));
        }
        validationErrors.throwExceptionForPresentErrors();
        if (arrayList.size() == 1) {
            return (LDAPConnectionPoolHealthCheck) arrayList.get(0);
        }
        if (arrayList.size() > 1) {
            return new AggregateLDAPConnectionPoolHealthCheck(arrayList);
        }
        return null;
    }

    private ServerSet createServerSet(Collection<String> collection, LDAPConnectionOptions lDAPConnectionOptions) throws LDAPException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (String str : collection) {
            if (str != null) {
                String trim = str.trim();
                String str2 = trim;
                if (!trim.isEmpty()) {
                    int i = this.tlsConfig != null ? 636 : 389;
                    if (str2.startsWith("ldap://")) {
                        str2 = str2.replace("ldap://", "");
                    }
                    if (str2.startsWith("ldaps://")) {
                        str2 = str2.replace("ldaps://", "");
                        i = 636;
                    }
                    String[] split = str2.split(":");
                    if (split.length > 1) {
                        i = Integer.parseInt(split[1]);
                    }
                    arrayList.add(split[0]);
                    arrayList2.add(Integer.valueOf(i));
                }
            }
        }
        return this.tlsConfig != null ? !this.tlsConfig.isStartTlsEnabled() ? newServerSetImpl((String[]) arrayList.toArray(new String[0]), Ints.toArray(arrayList2), this.tlsConfig.getRestrictedSSLSocketFactory(), lDAPConnectionOptions, null, null) : newServerSetImpl((String[]) arrayList.toArray(new String[0]), Ints.toArray(arrayList2), null, lDAPConnectionOptions, null, new StartTLSPostConnectProcessor(this.tlsConfig.getRestrictedSSLSocketFactory())) : newServerSetImpl((String[]) arrayList.toArray(new String[0]), Ints.toArray(arrayList2), null, lDAPConnectionOptions, null, null);
    }

    private ServerSet newServerSetImpl(String[] strArr, int[] iArr, SocketFactory socketFactory, LDAPConnectionOptions lDAPConnectionOptions, BindRequest bindRequest, PostConnectProcessor postConnectProcessor) throws LDAPException {
        switch (this.connectionStrategy) {
            case FAILOVER:
                return new FailoverServerSet(strArr, iArr, socketFactory, lDAPConnectionOptions, bindRequest, postConnectProcessor);
            case FASTEST:
                return new FastestConnectServerSet(strArr, iArr, socketFactory, lDAPConnectionOptions, bindRequest, postConnectProcessor);
            case FEWEST:
                return new FewestConnectionsServerSet(strArr, iArr, socketFactory, lDAPConnectionOptions, bindRequest, postConnectProcessor);
            case ROUNDROBIN:
                return new RoundRobinServerSet(strArr, iArr, socketFactory, lDAPConnectionOptions, bindRequest, postConnectProcessor);
            default:
                throw new RuntimeException("Unexpected connectionStrategy " + this.connectionStrategy);
        }
    }

    public LDAPConnection getConnection() throws LDAPException {
        return this.pool.getConnection();
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.pool != null) {
            this.pool.close();
        }
    }

    public LDAPConnectionPool getPool() {
        return this.pool;
    }
}
