package com.evolveum.polygon.connector.ldap;

import com.evolveum.polygon.common.GuardedStringAccessor;
import com.evolveum.polygon.connector.ldap.AbstractLdapConfiguration;
import com.evolveum.polygon.connector.ldap.ServerDefinition;
import com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator;
import java.io.Closeable;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Random;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
import org.apache.directory.api.ldap.model.exception.LdapURLEncodingException;
import org.apache.directory.api.ldap.model.message.BindRequestImpl;
import org.apache.directory.api.ldap.model.message.LdapResult;
import org.apache.directory.api.ldap.model.message.Referral;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.apache.directory.api.ldap.model.url.LdapUrl;
import org.apache.directory.api.ldap.schema.manager.impl.DefaultSchemaManager;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.framework.common.exceptions.ConfigurationException;
import org.identityconnectors.framework.common.exceptions.ConnectionFailedException;
import org.identityconnectors.framework.common.exceptions.ConnectorIOException;

/* loaded from: input_file:WEB-INF/lib/connector-ldap-1.4.4.jar:com/evolveum/polygon/connector/ldap/ConnectionManager.class */
public class ConnectionManager<C extends AbstractLdapConfiguration> implements Closeable {
    private static final Log LOG = Log.getLog(ConnectionManager.class);
    private static final Random rnd = new Random();
    private C configuration;
    private String[] serversConfiguration;
    private ServerDefinition defaultServerDefinition;
    private List<ServerDefinition> servers;
    private AbstractSchemaTranslator<C> schemaTranslator;
    private ConnectorBinaryAttributeDetector<C> binaryAttributeDetector;

    public ConnectionManager(C c) {
        this(c, c.getServers(), true);
    }

    public ConnectionManager(C c, String[] strArr, boolean z) {
        this.defaultServerDefinition = null;
        this.binaryAttributeDetector = new ConnectorBinaryAttributeDetector<>();
        this.configuration = c;
        this.serversConfiguration = strArr;
        buildServerList(z);
    }

    private void buildServerList(boolean z) {
        this.servers = new ArrayList();
        if (z) {
            this.defaultServerDefinition = ServerDefinition.createDefaultDefinition(this.configuration);
            this.servers.add(this.defaultServerDefinition);
        }
        if (this.serversConfiguration != null) {
            for (int i = 0; i < this.serversConfiguration.length; i++) {
                this.servers.add(ServerDefinition.parse(this.configuration, this.serversConfiguration[i], i));
            }
        }
    }

    public AbstractSchemaTranslator<C> getSchemaTranslator() {
        return this.schemaTranslator;
    }

    public void setSchemaTranslator(AbstractSchemaTranslator<C> abstractSchemaTranslator) {
        this.schemaTranslator = abstractSchemaTranslator;
        this.binaryAttributeDetector.setSchemaTranslator(abstractSchemaTranslator);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public LdapNetworkConnection getConnection(ServerDefinition serverDefinition) {
        if (!serverDefinition.isConnected()) {
            connectServer(serverDefinition);
        }
        return serverDefinition.getConnection();
    }

    public LdapNetworkConnection getDefaultConnection() {
        if (this.defaultServerDefinition == null) {
            throw new IllegalStateException("No default connection in this connection manager");
        }
        return getConnection(this.defaultServerDefinition);
    }

    public LdapNetworkConnection getConnection(Dn dn) {
        LOG.ok("Selecting server for {0} from servers:\n{1}", dn, dumpServers());
        return getConnection(selectServer(dn));
    }

    public LdapNetworkConnection getConnectionReconnect(Dn dn) {
        return getConnectionReconnect(dn, null);
    }

    public LdapNetworkConnection getConnectionReconnect(Dn dn, Referral referral) {
        ServerDefinition selectServer = selectServer(dn, getLdapUrl(referral));
        LOG.ok("Reconnecting server {0}", selectServer);
        if (selectServer.isConnected()) {
            try {
                closeConnection(selectServer);
            } catch (IOException e) {
                LOG.error("Error closing conection {0}: {1}", selectServer, e.getMessage(), e);
            }
        }
        connectServer(selectServer);
        return selectServer.getConnection();
    }

    public LdapNetworkConnection getConnection(Dn dn, Referral referral) {
        return getConnection(dn, getLdapUrl(referral));
    }

    private LdapUrl getLdapUrl(Referral referral) {
        Collection ldapUrls;
        if (referral == null || (ldapUrls = referral.getLdapUrls()) == null || ldapUrls.isEmpty()) {
            return null;
        }
        String str = (String) selectRandomItem(ldapUrls);
        try {
            return new LdapUrl(str);
        } catch (LdapURLEncodingException e) {
            throw new IllegalArgumentException("Wrong LDAP URL '" + str + "': " + e.getMessage());
        }
    }

    public LdapNetworkConnection getConnection(Dn dn, LdapUrl ldapUrl) {
        ServerDefinition selectServer = selectServer(dn, ldapUrl);
        if (!selectServer.isConnected()) {
            connectServer(selectServer);
        }
        return selectServer.getConnection();
    }

    public LdapNetworkConnection getRandomConnection() {
        ServerDefinition selectRandomServer = selectRandomServer();
        if (!selectRandomServer.isConnected()) {
            connectServer(selectRandomServer);
        }
        return selectRandomServer.getConnection();
    }

    public Iterable<LdapNetworkConnection> getAllConnections() {
        final Iterator<ServerDefinition> it = this.servers.iterator();
        return new Iterable<LdapNetworkConnection>() { // from class: com.evolveum.polygon.connector.ldap.ConnectionManager.1
            @Override // java.lang.Iterable
            public Iterator<LdapNetworkConnection> iterator() {
                return new Iterator<LdapNetworkConnection>() { // from class: com.evolveum.polygon.connector.ldap.ConnectionManager.1.1
                    @Override // java.util.Iterator
                    public boolean hasNext() {
                        return it.hasNext();
                    }

                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.Iterator
                    public LdapNetworkConnection next() {
                        return ConnectionManager.this.getConnection((ServerDefinition) it.next());
                    }

                    @Override // java.util.Iterator
                    public void remove() {
                        it.remove();
                    }
                };
            }
        };
    }

    private ServerDefinition selectServer(Dn dn) {
        String name = dn != null ? dn.getName() : null;
        if (StringUtils.isBlank(name) || !Character.isAlphabetic(name.charAt(0))) {
            if (this.defaultServerDefinition == null) {
                throw new IllegalStateException("No default connection in this connection manager");
            }
            return this.defaultServerDefinition;
        }
        Dn dn2 = null;
        Iterator<ServerDefinition> it = this.servers.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ServerDefinition next = it.next();
            Dn baseContext = next.getBaseContext();
            LOG.ok("SELECT: considering {0} ({1}) for {2}", next.getHost(), baseContext, dn);
            if (baseContext != null) {
                if (baseContext.equals(dn)) {
                    dn2 = dn;
                    LOG.ok("SELECT: accepting {0} because {1} is an exact match", next.getHost(), baseContext);
                    break;
                }
                if (!LdapUtil.isAncestorOf(baseContext, dn, this.schemaTranslator)) {
                    LOG.ok("SELECT: refusing {0} because {1} ({2}) is not under {3} ({4})", next.getHost(), dn, Boolean.valueOf(dn.isSchemaAware()), baseContext, Boolean.valueOf(baseContext.isSchemaAware()));
                } else if (baseContext == null || baseContext.isDescendantOf(dn2)) {
                    LOG.ok("SELECT: accepting {0} because {1} is under {2} and it is the best we have", next.getHost(), dn, baseContext);
                    dn2 = baseContext;
                } else {
                    LOG.ok("SELECT: accepting {0} because {1} is under {2} but it is NOT the best we have, {3} is better", next.getHost(), dn, baseContext, dn2);
                }
            }
        }
        LOG.ok("SELECT: selected base context: {0}", dn2);
        ArrayList arrayList = new ArrayList();
        for (ServerDefinition serverDefinition : this.servers) {
            if (dn2 == null && serverDefinition.getBaseContext() == null) {
                if (serverDefinition.getOrigin() != ServerDefinition.Origin.REFERRAL) {
                    arrayList.add(serverDefinition);
                }
            }
            if (dn2 != null && serverDefinition.getBaseContext() != null && dn2.equals(serverDefinition.getBaseContext())) {
                arrayList.add(serverDefinition);
            }
        }
        LOG.ok("SELECT: selected server list: {0}", arrayList);
        ServerDefinition serverDefinition2 = (ServerDefinition) selectRandomItem(arrayList);
        if (serverDefinition2 != null) {
            LOG.ok("SELECT: selected {0} for {1}", serverDefinition2.getHost(), dn);
            return serverDefinition2;
        }
        LOG.ok("SELECT: selected default for {0}", dn);
        if (this.defaultServerDefinition == null) {
            throw new IllegalStateException("No default connection in this connection manager");
        }
        return this.defaultServerDefinition;
    }

    private ServerDefinition selectServer(Dn dn, LdapUrl ldapUrl) {
        if (ldapUrl == null) {
            return selectServer(dn);
        }
        for (ServerDefinition serverDefinition : this.servers) {
            if (serverDefinition.matches(ldapUrl)) {
                return serverDefinition;
            }
        }
        ServerDefinition createDefinition = ServerDefinition.createDefinition(this.configuration, ldapUrl);
        this.servers.add(createDefinition);
        return createDefinition;
    }

    private ServerDefinition selectRandomServer() {
        return (ServerDefinition) selectRandomItem(this.servers);
    }

    public ConnectorBinaryAttributeDetector<C> getBinaryAttributeDetector() {
        return this.binaryAttributeDetector;
    }

    public boolean isConnected() {
        if (this.defaultServerDefinition == null) {
            throw new IllegalStateException("No default connection in this connection manager");
        }
        return this.defaultServerDefinition.getConnection() != null && this.defaultServerDefinition.getConnection().isConnected();
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        IOException iOException = null;
        for (ServerDefinition serverDefinition : this.servers) {
            try {
                closeConnection(serverDefinition);
            } catch (IOException e) {
                LOG.error("Error closing conection {0}: {1}", serverDefinition, e.getMessage(), e);
                iOException = e;
            }
        }
        if (iOException != null) {
            throw iOException;
        }
    }

    private void closeConnection(ServerDefinition serverDefinition) throws IOException {
        if (serverDefinition.getConnection() == null) {
            LOG.ok("Not closing connection {0} because there is no connection", serverDefinition);
            return;
        }
        LOG.ok("Closing connection {0}", serverDefinition);
        serverDefinition.getConnection().close();
        serverDefinition.setConnection(null);
    }

    public void connect() {
        if (this.defaultServerDefinition != null) {
            connectServer(this.defaultServerDefinition);
        }
    }

    private LdapConnectionConfig createLdapConnectionConfig(ServerDefinition serverDefinition) {
        LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
        ldapConnectionConfig.setLdapHost(serverDefinition.getHost());
        ldapConnectionConfig.setLdapPort(serverDefinition.getPort());
        ldapConnectionConfig.setTimeout(serverDefinition.getConnectTimeout());
        String connectionSecurity = serverDefinition.getConnectionSecurity();
        if (connectionSecurity != null && !"none".equals(connectionSecurity)) {
            if (AbstractLdapConfiguration.CONNECTION_SECURITY_SSL.equals(connectionSecurity)) {
                ldapConnectionConfig.setUseSsl(true);
            } else {
                if (!AbstractLdapConfiguration.CONNECTION_SECURITY_STARTTLS.equals(connectionSecurity)) {
                    throw new ConfigurationException("Unknown value for connectionSecurity: " + connectionSecurity);
                }
                ldapConnectionConfig.setUseTls(true);
            }
        }
        String[] enabledSecurityProtocols = this.configuration.getEnabledSecurityProtocols();
        if (enabledSecurityProtocols != null) {
            ldapConnectionConfig.setEnabledProtocols(enabledSecurityProtocols);
        }
        String[] enabledCipherSuites = this.configuration.getEnabledCipherSuites();
        if (enabledCipherSuites != null) {
            ldapConnectionConfig.setEnabledCipherSuites(enabledCipherSuites);
        }
        String sslProtocol = this.configuration.getSslProtocol();
        if (sslProtocol != null) {
            ldapConnectionConfig.setSslProtocol(sslProtocol);
        }
        ldapConnectionConfig.setBinaryAttributeDetector(this.binaryAttributeDetector);
        return ldapConnectionConfig;
    }

    private void connectServer(ServerDefinition serverDefinition) {
        if (serverDefinition.getConnection() != null) {
            try {
                closeConnection(serverDefinition);
            } catch (IOException e) {
                throw new ConnectorIOException("Error closing connection to " + serverDefinition + ": " + e.getMessage(), e);
            }
        }
        LdapNetworkConnection connectConnection = connectConnection(createLdapConnectionConfig(serverDefinition));
        try {
            bind(connectConnection, serverDefinition);
            serverDefinition.setConnection(connectConnection);
        } catch (RuntimeException e2) {
            try {
                connectConnection.close();
            } catch (IOException e3) {
                LOG.error("Error closing conection (error handling of a bind of a new connection): {1}", e2.getMessage(), e2);
            }
            throw e2;
        }
    }

    private LdapNetworkConnection connectConnection(LdapConnectionConfig ldapConnectionConfig) {
        LOG.ok("Creating connection object", new Object[0]);
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection(ldapConnectionConfig);
        try {
            LOG.info("Connecting to {0}:{1} as {2}", ldapConnectionConfig.getLdapHost(), Integer.valueOf(ldapConnectionConfig.getLdapPort()), this.configuration.getBindDn());
            if (LOG.isOk()) {
                Object obj = "none";
                if (ldapConnectionConfig.isUseSsl()) {
                    obj = AbstractLdapConfiguration.CONNECTION_SECURITY_SSL;
                } else if (ldapConnectionConfig.isUseTls()) {
                    obj = "tls";
                }
                LOG.ok("Connection security: {0} (sslProtocol={1}, enabledSecurityProtocols={2}, enabledCipherSuites={3}", obj, ldapConnectionConfig.getSslProtocol(), ldapConnectionConfig.getEnabledProtocols(), ldapConnectionConfig.getEnabledCipherSuites());
            }
            boolean connect = ldapNetworkConnection.connect();
            LOG.ok("Connected ({0})", Boolean.valueOf(connect));
            if (connect) {
                return ldapNetworkConnection;
            }
            throw new ConnectionFailedException("Unable to connect to LDAP server " + this.configuration.getHost() + ":" + this.configuration.getPort() + " due to unknown reasons");
        } catch (LdapException e) {
            try {
                ldapNetworkConnection.close();
            } catch (IOException e2) {
                LOG.error("Error closing conection (handling error during creation of a new connection): {1}", e.getMessage(), e);
            }
            throw LdapUtil.processLdapException("Unable to connect to LDAP server " + this.configuration.getHost() + ":" + this.configuration.getPort(), e);
        }
    }

    private void bind(LdapNetworkConnection ldapNetworkConnection, ServerDefinition serverDefinition) {
        final BindRequestImpl bindRequestImpl = new BindRequestImpl();
        String bindDn = serverDefinition.getBindDn();
        try {
            bindRequestImpl.setDn(new Dn(createBindSchemaManager(), bindDn));
            GuardedString bindPassword = serverDefinition.getBindPassword();
            if (bindPassword != null) {
                bindPassword.access(new GuardedStringAccessor() { // from class: com.evolveum.polygon.connector.ldap.ConnectionManager.2
                    @Override // com.evolveum.polygon.common.GuardedStringAccessor, org.identityconnectors.common.security.GuardedString.Accessor
                    public void access(char[] cArr) {
                        bindRequestImpl.setCredentials(new String(cArr));
                    }
                });
            }
            try {
                LdapResult ldapResult = ldapNetworkConnection.bind(bindRequestImpl).getLdapResult();
                if (ldapResult.getResultCode() != ResultCodeEnum.SUCCESS) {
                    throw new ConfigurationException("Unable to bind to LDAP server " + ldapNetworkConnection.getConfig().getLdapHost() + ":" + ldapNetworkConnection.getConfig().getLdapPort() + " as " + bindDn + ": " + ldapResult.getResultCode().getMessage() + ": " + ldapResult.getDiagnosticMessage() + " (" + ldapResult.getResultCode().getResultCode() + ")");
                }
                LOG.info("Bound to {0}:{1} as {2}: {3} ({4})", ldapNetworkConnection.getConfig().getLdapHost(), Integer.valueOf(ldapNetworkConnection.getConfig().getLdapPort()), bindDn, ldapResult.getDiagnosticMessage(), ldapResult.getResultCode());
            } catch (LdapException e) {
                throw LdapUtil.processLdapException("Unable to bind to LDAP server " + ldapNetworkConnection.getConfig().getLdapHost() + ":" + ldapNetworkConnection.getConfig().getLdapPort() + " as " + bindDn, e);
            }
        } catch (LdapInvalidDnException e2) {
            throw new ConfigurationException("bindDn is not in DN format: " + e2.getMessage(), e2);
        }
    }

    private SchemaManager createBindSchemaManager() {
        if (this.schemaTranslator != null && this.schemaTranslator.getSchemaManager() != null) {
            return this.schemaTranslator.getSchemaManager();
        }
        DefaultSchemaManager defaultSchemaManager = new DefaultSchemaManager(new ArrayList(0));
        defaultSchemaManager.setRelaxed();
        return defaultSchemaManager;
    }

    public boolean isAlive() {
        if (this.defaultServerDefinition == null) {
            throw new IllegalStateException("No default connection in this connection manager");
        }
        return this.defaultServerDefinition.getConnection() != null && this.defaultServerDefinition.getConnection().isConnected();
    }

    private <T> T selectRandomItem(Collection<T> collection) {
        if (collection == null || collection.isEmpty()) {
            return null;
        }
        if (collection.size() == 1) {
            return collection.iterator().next();
        }
        int nextInt = rnd.nextInt(collection.size());
        T t = null;
        Iterator<T> it = collection.iterator();
        for (int i = 0; i <= nextInt; i++) {
            t = it.next();
        }
        return t;
    }

    public String dumpServers() {
        StringBuilder sb = new StringBuilder();
        Iterator<ServerDefinition> it = this.servers.iterator();
        while (it.hasNext()) {
            ServerDefinition next = it.next();
            sb.append(next.toString());
            if (next == this.defaultServerDefinition) {
                sb.append(" DEFAULT");
            }
            if (it.hasNext()) {
                sb.append("\n");
            }
        }
        return sb.toString();
    }
}
