package org.gluu.persist.ldap.operation.impl;

import com.unboundid.ldap.sdk.BindRequest;
import com.unboundid.ldap.sdk.FailoverServerSet;
import com.unboundid.ldap.sdk.GetEntryLDAPConnectionPoolHealthCheck;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.LDAPConnectionPool;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.SimpleBindRequest;
import com.unboundid.util.ssl.SSLUtil;
import com.unboundid.util.ssl.TrustAllTrustManager;
import com.unboundid.util.ssl.TrustStoreTrustManager;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Properties;
import org.gluu.orm.util.ArrayHelper;
import org.gluu.orm.util.CertUtils;
import org.gluu.orm.util.StringHelper;
import org.gluu.persist.exception.operation.ConfigurationException;
import org.gluu.persist.operation.auth.PasswordEncryptionMethod;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gluu/persist/ldap/operation/impl/LdapConnectionProvider.class */
public class LdapConnectionProvider {
    private static final int DEFAULT_SUPPORTED_LDAP_VERSION = 2;
    private static final String DEFAULT_SUBSCHEMA_SUBENTRY = "cn=schema";
    private LDAPConnectionPool connectionPool;
    private ResultCode creationResultCode;
    private int supportedLDAPVersion = DEFAULT_SUPPORTED_LDAP_VERSION;
    private String subschemaSubentry = DEFAULT_SUBSCHEMA_SUBENTRY;
    private String[] servers;
    private String[] addresses;
    private int[] ports;
    private String bindDn;
    private String bindPassword;
    private boolean useSSL;
    private ArrayList<PasswordEncryptionMethod> additionalPasswordMethods;
    private ArrayList<String> binaryAttributes;
    private ArrayList<String> certificateAttributes;
    private boolean supportsSubtreeDeleteRequestControl;
    private Properties props;
    private static final Logger LOG = LoggerFactory.getLogger(LdapConnectionProvider.class);
    private static final String[] SSL_PROTOCOLS = {"TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3"};

    /* JADX INFO: Access modifiers changed from: protected */
    public LdapConnectionProvider() {
    }

    public LdapConnectionProvider(Properties properties) {
        this.props = properties;
    }

    public void create(Properties properties) {
        this.props = properties;
        create();
    }

    public void create() {
        try {
            init(this.props);
        } catch (Exception e) {
            if (e instanceof LDAPException) {
                this.creationResultCode = e.getResultCode();
            }
            Properties properties = (Properties) this.props.clone();
            if (properties.getProperty("bindPassword") != null) {
                properties.setProperty("bindPassword", "REDACTED");
            }
            if (properties.getProperty("ssl.trustStorePin") != null) {
                properties.setProperty("ssl.trustStorePin", "REDACTED");
            }
            LOG.error("Failed to create connection pool with properties: " + properties, e);
        }
    }

    protected void init(Properties properties) throws NumberFormatException, LDAPException, GeneralSecurityException {
        SimpleBindRequest simpleBindRequest;
        FailoverServerSet failoverServerSet;
        this.servers = properties.getProperty("servers").split(",");
        this.addresses = new String[this.servers.length];
        this.ports = new int[this.servers.length];
        for (int i = 0; i < this.servers.length; i++) {
            String str = this.servers[i];
            int indexOf = str.indexOf(":");
            if (indexOf == -1) {
                throw new ConfigurationException("Ldap server settings should be in format server:port");
            }
            this.addresses[i] = str.substring(0, indexOf).trim();
            this.ports[i] = Integer.parseInt(str.substring(str.indexOf(":") + 1, str.length()));
        }
        if (StringHelper.isEmpty(properties.getProperty("bindDN"))) {
            this.bindDn = null;
            this.bindPassword = null;
            simpleBindRequest = new SimpleBindRequest();
        } else {
            this.bindDn = properties.getProperty("bindDN");
            this.bindPassword = properties.getProperty("bindPassword");
            simpleBindRequest = new SimpleBindRequest(this.bindDn, this.bindPassword);
        }
        LDAPConnectionOptions lDAPConnectionOptions = new LDAPConnectionOptions();
        lDAPConnectionOptions.setConnectTimeoutMillis(100000);
        this.useSSL = Boolean.valueOf(properties.getProperty("useSSL")).booleanValue();
        SSLUtil sSLUtil = null;
        if (this.useSSL) {
            String property = properties.getProperty("ssl.trustStoreFile");
            String property2 = properties.getProperty("ssl.trustStorePin");
            String property3 = properties.getProperty("ssl.trustStoreFormat");
            sSLUtil = CertUtils.isFips() ? new SSLUtil(CertUtils.getTrustManagers(property, property2, property3)) : (StringHelper.isEmpty(property) && StringHelper.isEmpty(property2)) ? new SSLUtil(new TrustAllTrustManager()) : new SSLUtil(new TrustStoreTrustManager(property, property2.toCharArray(), property3, true));
            failoverServerSet = new FailoverServerSet(this.addresses, this.ports, sSLUtil.createSSLSocketFactory(SSL_PROTOCOLS[0]), lDAPConnectionOptions);
        } else {
            failoverServerSet = new FailoverServerSet(this.addresses, this.ports, lDAPConnectionOptions);
        }
        this.connectionPool = createConnectionPoolWithWaitImpl(properties, failoverServerSet, simpleBindRequest, lDAPConnectionOptions, StringHelper.toInt(properties.getProperty("maxconnections"), 10), sSLUtil);
        if (this.connectionPool != null) {
            this.connectionPool.setCreateIfNecessary(true);
            String property4 = properties.getProperty("connection.max-wait-time-millis");
            if (StringHelper.isNotEmpty(property4)) {
                this.connectionPool.setMaxWaitTimeMillis(Long.parseLong(property4));
            }
            String property5 = properties.getProperty("connection.max-age-time-millis");
            if (StringHelper.isNotEmpty(property4)) {
                this.connectionPool.setMaxConnectionAgeMillis(Long.parseLong(property5));
            }
            boolean z = StringHelper.toBoolean(properties.getProperty("connection-pool.health-check.on-checkout.enabled"), false);
            long j = StringHelper.toLong(properties.getProperty("connection-pool.health-check.interval-millis"), 0L);
            long j2 = StringHelper.toLong(properties.getProperty("connection-pool.health-check.max-response-time-millis"), 0L);
            boolean z2 = !z && j > 0;
            if (z2) {
                this.connectionPool.setHealthCheckIntervalMillis(j);
            }
            if (z || z2) {
                this.connectionPool.setHealthCheck(new GetEntryLDAPConnectionPoolHealthCheck((String) null, j2, false, z, false, z2, false));
            }
        }
        this.additionalPasswordMethods = new ArrayList<>();
        if (properties.containsKey("additionalPasswordMethods")) {
            for (String str2 : StringHelper.split(properties.get("additionalPasswordMethods").toString(), ",")) {
                PasswordEncryptionMethod method = PasswordEncryptionMethod.getMethod(str2);
                if (method != null) {
                    this.additionalPasswordMethods.add(method);
                }
            }
        }
        LOG.debug("Adding support for password methods: " + this.additionalPasswordMethods);
        this.binaryAttributes = new ArrayList<>();
        if (properties.containsKey("binaryAttributes")) {
            this.binaryAttributes.addAll(Arrays.asList(StringHelper.split(properties.get("binaryAttributes").toString().toLowerCase(), ",")));
        }
        LOG.debug("Using next binary attributes: " + this.binaryAttributes);
        this.certificateAttributes = new ArrayList<>();
        if (properties.containsKey("certificateAttributes")) {
            this.certificateAttributes.addAll(Arrays.asList(StringHelper.split(properties.get("certificateAttributes").toString().toLowerCase(), ",")));
        }
        LOG.debug("Using next binary certificateAttributes: " + this.certificateAttributes);
        this.supportedLDAPVersion = determineSupportedLdapVersion();
        this.subschemaSubentry = determineSubschemaSubentry();
        this.supportsSubtreeDeleteRequestControl = supportsSubtreeDeleteRequestControl();
        this.creationResultCode = ResultCode.SUCCESS;
    }

    private LDAPConnectionPool createConnectionPoolWithWaitImpl(Properties properties, FailoverServerSet failoverServerSet, BindRequest bindRequest, LDAPConnectionOptions lDAPConnectionOptions, int i, SSLUtil sSLUtil) throws LDAPException {
        LOG.debug("Using LDAP connection pool timeout: '" + StringHelper.toInt(properties.getProperty("connection-pool-max-wait-time"), 30) + "'");
        LDAPConnectionPool lDAPConnectionPool = null;
        Throwable th = null;
        int i2 = 0;
        long currentTimeMillis = System.currentTimeMillis() + (r0 * 1000);
        do {
            i2++;
            if (i2 > 0) {
                LOG.info("Attempting to create connection pool: " + i2);
            }
            try {
                lDAPConnectionPool = createConnectionPoolImpl(failoverServerSet, bindRequest, lDAPConnectionOptions, i, sSLUtil);
                break;
            } catch (LDAPException e) {
                if (e.getResultCode().intValue() != 91) {
                    throw e;
                }
                th = e;
                try {
                    Thread.sleep(5000L);
                } catch (InterruptedException e2) {
                    LOG.error("Exception happened in sleep", e2);
                    return null;
                }
            }
        } while (currentTimeMillis > System.currentTimeMillis());
        if (lDAPConnectionPool != null || th == null) {
            return lDAPConnectionPool;
        }
        throw th;
    }

    private LDAPConnectionPool createConnectionPoolImpl(FailoverServerSet failoverServerSet, BindRequest bindRequest, LDAPConnectionOptions lDAPConnectionOptions, int i, SSLUtil sSLUtil) throws LDAPException {
        LDAPConnectionPool createSSLConnectionPoolWithPreviousProtocols;
        try {
            createSSLConnectionPoolWithPreviousProtocols = new LDAPConnectionPool(failoverServerSet, bindRequest, i);
        } catch (LDAPException e) {
            if (!this.useSSL) {
                throw e;
            }
            if (e.getResultCode() != ResultCode.SERVER_DOWN) {
                throw e;
            }
            LOG.info("Attempting to use older SSL protocols", e);
            createSSLConnectionPoolWithPreviousProtocols = createSSLConnectionPoolWithPreviousProtocols(sSLUtil, bindRequest, lDAPConnectionOptions, i);
            if (createSSLConnectionPoolWithPreviousProtocols == null) {
                throw e;
            }
        }
        return createSSLConnectionPoolWithPreviousProtocols;
    }

    private LDAPConnectionPool createSSLConnectionPoolWithPreviousProtocols(SSLUtil sSLUtil, BindRequest bindRequest, LDAPConnectionOptions lDAPConnectionOptions, int i) throws LDAPException {
        for (int i2 = 1; i2 < SSL_PROTOCOLS.length; i2++) {
            String str = SSL_PROTOCOLS[i2];
            try {
                LDAPConnectionPool lDAPConnectionPool = new LDAPConnectionPool(new FailoverServerSet(this.addresses, this.ports, sSLUtil.createSSLSocketFactory(str), lDAPConnectionOptions), bindRequest, i);
                LOG.info("Server supports: '" + str + "'");
                return lDAPConnectionPool;
            } catch (GeneralSecurityException e) {
                LOG.debug("Server not supports: '" + str + "'", e);
            } catch (LDAPException e2) {
                if (e2.getResultCode() != ResultCode.SERVER_DOWN) {
                    throw e2;
                }
                LOG.debug("Server not supports: '" + str + "'", e2);
            }
        }
        return null;
    }

    private int determineSupportedLdapVersion() {
        String[] attributeValues;
        int i = DEFAULT_SUPPORTED_LDAP_VERSION;
        if (!isValidConnection()) {
            return i;
        }
        try {
            attributeValues = this.connectionPool.getRootDSE().getAttributeValues("supportedLDAPVersion");
        } catch (Exception e) {
            LOG.error("Failed to determine supportedLDAPVersion", e);
        }
        if (ArrayHelper.isEmpty(attributeValues)) {
            return i;
        }
        for (String str : attributeValues) {
            i = Math.max(i, Integer.parseInt(str));
        }
        return i;
    }

    private String determineSubschemaSubentry() {
        String attributeValue;
        String str = DEFAULT_SUBSCHEMA_SUBENTRY;
        if (!isValidConnection()) {
            return str;
        }
        try {
            attributeValue = this.connectionPool.getRootDSE().getAttributeValue("subschemaSubentry");
        } catch (Exception e) {
            LOG.error("Failed to determine subschemaSubentry", e);
        }
        if (StringHelper.isEmpty(attributeValue)) {
            return str;
        }
        str = attributeValue;
        return str;
    }

    private boolean supportsSubtreeDeleteRequestControl() {
        boolean z = false;
        if (!isValidConnection()) {
            return false;
        }
        try {
            z = this.connectionPool.getRootDSE().supportsControl("1.2.840.113556.1.4.805");
        } catch (Exception e) {
            LOG.error("Failed to determine if LDAP server supports Subtree Delete Request Control", e);
        }
        return z;
    }

    private boolean isValidConnection() {
        return (StringHelper.isEmptyString(this.bindDn) || StringHelper.isEmptyString(this.bindPassword) || this.connectionPool == null) ? false : true;
    }

    public int getSupportedLDAPVersion() {
        return this.supportedLDAPVersion;
    }

    public String getSubschemaSubentry() {
        return this.subschemaSubentry;
    }

    public boolean isSupportsSubtreeDeleteRequestControl() {
        return this.supportsSubtreeDeleteRequestControl;
    }

    public LDAPConnection getConnection() throws LDAPException {
        return this.connectionPool.getConnection();
    }

    public void releaseConnection(LDAPConnection lDAPConnection) {
        this.connectionPool.releaseConnection(lDAPConnection);
    }

    public void releaseConnection(LDAPConnection lDAPConnection, LDAPException lDAPException) {
        this.connectionPool.releaseConnectionAfterException(lDAPConnection, lDAPException);
    }

    public void closeDefunctConnection(LDAPConnection lDAPConnection) {
        this.connectionPool.releaseDefunctConnection(lDAPConnection);
    }

    public LDAPConnectionPool getConnectionPool() {
        return this.connectionPool;
    }

    public void closeConnectionPool() {
        this.connectionPool.close();
    }

    public boolean isConnected() {
        if (this.connectionPool == null) {
            return false;
        }
        boolean z = false;
        try {
            LDAPConnection connection = getConnection();
            try {
                z = connection.isConnected();
                releaseConnection(connection);
            } catch (Throwable th) {
                releaseConnection(connection);
                throw th;
            }
        } catch (LDAPException e) {
        }
        return z;
    }

    public ResultCode getCreationResultCode() {
        return this.creationResultCode;
    }

    public void setCreationResultCode(ResultCode resultCode) {
        this.creationResultCode = resultCode;
    }

    public boolean isCreated() {
        return ResultCode.SUCCESS == this.creationResultCode;
    }

    public String[] getServers() {
        return this.servers;
    }

    public String[] getAddresses() {
        return this.addresses;
    }

    public int[] getPorts() {
        return this.ports;
    }

    public String getBindDn() {
        return this.bindDn;
    }

    public String getBindPassword() {
        return this.bindPassword;
    }

    public boolean isUseSSL() {
        return this.useSSL;
    }

    public final ArrayList<PasswordEncryptionMethod> getAdditionalPasswordMethods() {
        return this.additionalPasswordMethods;
    }

    public ArrayList<String> getBinaryAttributes() {
        return this.binaryAttributes;
    }

    public ArrayList<String> getCertificateAttributes() {
        return this.certificateAttributes;
    }

    public boolean isBinaryAttribute(String str) {
        if (StringHelper.isEmpty(str)) {
            return false;
        }
        return this.binaryAttributes.contains(str.toLowerCase());
    }

    public boolean isCertificateAttribute(String str) {
        return this.certificateAttributes.contains(getCertificateAttributeName(str).toLowerCase());
    }

    public String getCertificateAttributeName(String str) {
        if (!StringHelper.isEmpty(str) && str.endsWith(";binary")) {
            return str.substring(0, str.length() - 7);
        }
        return str;
    }
}
