package com.floragunn.dlic.auth.ldap2;

import com.floragunn.dlic.auth.ldap.util.ConfigConstants;
import com.floragunn.dlic.util.SettingsBasedSSLConfigurator;
import com.google.common.primitives.Ints;
import com.unboundid.ldap.sdk.AggregateLDAPConnectionPoolHealthCheck;
import com.unboundid.ldap.sdk.BindRequest;
import com.unboundid.ldap.sdk.DereferencePolicy;
import com.unboundid.ldap.sdk.EXTERNALBindRequest;
import com.unboundid.ldap.sdk.FailoverServerSet;
import com.unboundid.ldap.sdk.FastestConnectServerSet;
import com.unboundid.ldap.sdk.FewestConnectionsServerSet;
import com.unboundid.ldap.sdk.GetEntryLDAPConnectionPoolHealthCheck;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.LDAPConnectionPool;
import com.unboundid.ldap.sdk.LDAPConnectionPoolHealthCheck;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.PostConnectProcessor;
import com.unboundid.ldap.sdk.PruneUnneededConnectionsLDAPConnectionPoolHealthCheck;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.RoundRobinServerSet;
import com.unboundid.ldap.sdk.SearchRequest;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
import com.unboundid.ldap.sdk.ServerSet;
import com.unboundid.ldap.sdk.SimpleBindRequest;
import com.unboundid.ldap.sdk.StartTLSPostConnectProcessor;
import com.unboundid.util.ssl.HostNameSSLSocketVerifier;
import java.io.Closeable;
import java.io.IOException;
import java.nio.file.Path;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import javax.net.SocketFactory;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.settings.Settings;

/* loaded from: input_file:com/floragunn/dlic/auth/ldap2/LDAPConnectionManager.class */
public final class LDAPConnectionManager implements Closeable {
    private static final Logger log = LogManager.getLogger(LDAPConnectionManager.class);
    private final LDAPConnectionPool pool;
    private final SettingsBasedSSLConfigurator.SSLConfig sslConfig;
    private final LDAPUserSearcher userSearcher;
    private final Settings settings;

    public LDAPConnectionManager(Settings settings, Path path) throws LDAPException, SettingsBasedSSLConfigurator.SSLConfigException {
        long j;
        boolean z;
        this.sslConfig = new SettingsBasedSSLConfigurator(settings, path, "").buildSSLConfig();
        this.settings = settings;
        List asList = this.settings.getAsList(ConfigConstants.LDAP_HOSTS, Collections.singletonList("localhost"));
        String str = settings.get(ConfigConstants.LDAP_BIND_DN, (String) null);
        String str2 = settings.get(ConfigConstants.LDAP_PASSWORD, (String) null);
        if (str2 != null && str2.length() == 0) {
            str2 = null;
        }
        SimpleBindRequest simpleBindRequest = (str == null || str2 == null || str2.length() <= 0) ? (this.sslConfig == null || !this.sslConfig.isClientCertAuthenticationEnabled()) ? new SimpleBindRequest() : new EXTERNALBindRequest() : new SimpleBindRequest(str, str2);
        LDAPConnectionOptions lDAPConnectionOptions = new LDAPConnectionOptions();
        if (this.sslConfig != null && this.sslConfig.isHostnameVerificationEnabled()) {
            lDAPConnectionOptions.setSSLSocketVerifier(new HostNameSSLSocketVerifier(false));
        }
        int intValue = settings.getAsInt(ConfigConstants.LDAP_CONNECT_TIMEOUT, Integer.valueOf(lDAPConnectionOptions.getConnectTimeoutMillis())).intValue();
        long longValue = settings.getAsLong(ConfigConstants.LDAP_RESPONSE_TIMEOUT, Long.valueOf(lDAPConnectionOptions.getResponseTimeoutMillis())).longValue();
        lDAPConnectionOptions.setConnectTimeoutMillis(intValue);
        lDAPConnectionOptions.setResponseTimeoutMillis(longValue);
        lDAPConnectionOptions.setFollowReferrals(true);
        int intValue2 = this.settings.getAsInt(ConfigConstants.LDAP_POOL_MIN_SIZE, 3).intValue();
        int intValue3 = this.settings.getAsInt(ConfigConstants.LDAP_POOL_MAX_SIZE, 10).intValue();
        if (this.settings.getAsBoolean("pool.enabled", false).booleanValue()) {
            log.warn("LDAP connection pool can no longer be disabled");
        }
        if ("blocking".equals(this.settings.get(ConfigConstants.LDAP_POOL_TYPE))) {
            j = Long.MAX_VALUE;
            z = false;
        } else {
            j = 0;
            z = true;
        }
        try {
            SimpleBindRequest simpleBindRequest2 = simpleBindRequest;
            this.pool = (LDAPConnectionPool) AccessController.doPrivileged(() -> {
                return new LDAPConnectionPool(createServerSet(asList, lDAPConnectionOptions), simpleBindRequest2, intValue2, intValue3, (PostConnectProcessor) null, false);
            });
            this.pool.setCreateIfNecessary(z);
            this.pool.setMaxWaitTimeMillis(j);
            configureHealthChecks(intValue3);
            this.userSearcher = new LDAPUserSearcher(this, settings);
        } catch (PrivilegedActionException e) {
            if (e.getException() instanceof LDAPException) {
                throw e.getException();
            }
            if (!(e.getException() instanceof RuntimeException)) {
                throw new RuntimeException(e.getException());
            }
            throw ((RuntimeException) e.getException());
        }
    }

    private void configureHealthChecks(int i) {
        if (this.settings.getAsBoolean("pool.health_check.enabled", false).booleanValue()) {
            ArrayList arrayList = new ArrayList();
            if (this.settings.getAsBoolean("pool.health_check.validation.enabled", true).booleanValue()) {
                arrayList.add(new GetEntryLDAPConnectionPoolHealthCheck(this.settings.get("pool.health_check.validation.dn", (String) null), this.settings.getAsLong("pool.health_check.validation.max_response_time", 0L).longValue(), this.settings.getAsBoolean("pool.health_check.validation.on_create", false).booleanValue(), this.settings.getAsBoolean("pool.health_check.validation.after_authentication", false).booleanValue(), this.settings.getAsBoolean("pool.health_check.validation.on_checkout", false).booleanValue(), this.settings.getAsBoolean("pool.health_check.validation.on_release", false).booleanValue(), this.settings.getAsBoolean("pool.health_check.validation.for_background_checks", true).booleanValue(), this.settings.getAsBoolean("pool.health_check.validation.on_exception", false).booleanValue()));
            }
            if (this.settings.getAsBoolean("pool.health_check.pruning.enabled", false).booleanValue()) {
                arrayList.add(new PruneUnneededConnectionsLDAPConnectionPoolHealthCheck(this.settings.getAsInt("pool.health_check.pruning.min_available_connections", Integer.valueOf(i)).intValue(), this.settings.getAsLong("pool.health_check.pruning.min_duration_millis_exceeding_min_available_connections", 0L).longValue()));
            }
            if (arrayList.size() == 1) {
                this.pool.setHealthCheck((LDAPConnectionPoolHealthCheck) arrayList.get(0));
            } else if (arrayList.size() > 1) {
                this.pool.setHealthCheck(new AggregateLDAPConnectionPoolHealthCheck(arrayList));
            }
            this.pool.setHealthCheckIntervalMillis(this.settings.getAsLong("pool.health_check.interval_millis", Long.valueOf(this.pool.getHealthCheckIntervalMillis())).longValue());
        }
    }

    private ServerSet createServerSet(Collection<String> collection, LDAPConnectionOptions lDAPConnectionOptions) throws LDAPException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (collection == null || collection.isEmpty()) {
            arrayList.add("localhost");
            arrayList2.add(Integer.valueOf(this.sslConfig != null ? 636 : 389));
        } else {
            for (String str : collection) {
                if (str != null) {
                    String trim = str.trim();
                    String str2 = trim;
                    if (!trim.isEmpty()) {
                        int i = this.sslConfig != null ? 636 : 389;
                        if (str2.startsWith("ldap://")) {
                            str2 = str2.replace("ldap://", "");
                        }
                        if (str2.startsWith("ldaps://")) {
                            str2 = str2.replace("ldaps://", "");
                            i = 636;
                        }
                        String[] split = str2.split(":");
                        if (split.length > 1) {
                            i = Integer.parseInt(split[1]);
                        }
                        arrayList.add(split[0]);
                        arrayList2.add(Integer.valueOf(i));
                    }
                }
            }
        }
        if (this.sslConfig != null && !this.sslConfig.isStartTlsEnabled()) {
            return newServerSetImpl((String[]) arrayList.toArray(new String[0]), Ints.toArray(arrayList2), this.sslConfig.getRestrictedSSLSocketFactory(), lDAPConnectionOptions, null, null);
        }
        if (this.sslConfig == null || !this.sslConfig.isStartTlsEnabled()) {
            return newServerSetImpl((String[]) arrayList.toArray(new String[0]), Ints.toArray(arrayList2), null, lDAPConnectionOptions, null, null);
        }
        return newServerSetImpl((String[]) arrayList.toArray(new String[0]), Ints.toArray(arrayList2), null, lDAPConnectionOptions, null, new StartTLSPostConnectProcessor(this.sslConfig.getRestrictedSSLSocketFactory()));
    }

    private ServerSet newServerSetImpl(String[] strArr, int[] iArr, SocketFactory socketFactory, LDAPConnectionOptions lDAPConnectionOptions, BindRequest bindRequest, PostConnectProcessor postConnectProcessor) throws LDAPException {
        String lowerCase = this.settings.get(ConfigConstants.LDAP_CONNECTION_STRATEGY, "roundrobin").toLowerCase();
        if ("fewest".equals(lowerCase)) {
            return new FewestConnectionsServerSet(strArr, iArr, socketFactory, lDAPConnectionOptions, bindRequest, postConnectProcessor);
        }
        if ("failover".equals(lowerCase)) {
            return new FailoverServerSet(strArr, iArr, socketFactory, lDAPConnectionOptions, bindRequest, postConnectProcessor);
        }
        if ("fastest".equals(lowerCase)) {
            return new FastestConnectServerSet(strArr, iArr, socketFactory, lDAPConnectionOptions, bindRequest, postConnectProcessor);
        }
        if ("roundrobin".equals(lowerCase)) {
            return new RoundRobinServerSet(strArr, iArr, socketFactory, lDAPConnectionOptions, bindRequest, postConnectProcessor);
        }
        throw new LDAPException(ResultCode.NOT_SUPPORTED, "connection_strategy: " + lowerCase + " not supported");
    }

    public LDAPConnection getConnection() throws LDAPException {
        return this.pool.getConnection();
    }

    public void checkDnPassword(String str, String str2) throws LDAPException {
        this.pool.bindAndRevertAuthentication(new SimpleBindRequest(str, str2));
    }

    public void checkDnPassword(String str, byte[] bArr) throws LDAPException {
        this.pool.bindAndRevertAuthentication(new SimpleBindRequest(str, bArr));
    }

    public List<SearchResultEntry> search(LDAPConnection lDAPConnection, String str, SearchScope searchScope, ParametrizedFilter parametrizedFilter) throws LDAPException {
        SearchRequest searchRequest = new SearchRequest(str, searchScope, parametrizedFilter.toString(), new String[]{"+", "*"});
        searchRequest.setDerefPolicy(DereferencePolicy.ALWAYS);
        return lDAPConnection.search(searchRequest).getSearchEntries();
    }

    public SearchResultEntry lookup(LDAPConnection lDAPConnection, String str) throws LDAPException {
        return lDAPConnection.getEntry(str, new String[]{"+", "*"});
    }

    public SearchResultEntry exists(LDAPConnection lDAPConnection, String str) throws LDAPException {
        return this.userSearcher.exists(lDAPConnection, str);
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.pool != null) {
            this.pool.close();
        }
    }
}
