package net.shibboleth.idp.attribute.resolver.dc.ldap.impl;

import java.security.GeneralSecurityException;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.attribute.IdPAttribute;
import net.shibboleth.idp.attribute.resolver.ResolutionException;
import net.shibboleth.idp.attribute.resolver.dc.ValidationException;
import net.shibboleth.idp.attribute.resolver.dc.Validator;
import net.shibboleth.idp.attribute.resolver.dc.impl.AbstractSearchDataConnector;
import net.shibboleth.idp.attribute.resolver.dc.ldap.ExecutableSearchFilter;
import net.shibboleth.idp.attribute.resolver.dc.ldap.SearchResultMappingStrategy;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.ldaptive.Connection;
import org.ldaptive.ConnectionConfig;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.LdapException;
import org.ldaptive.SearchExecutor;
import org.ldaptive.SearchResult;
import org.ldaptive.pool.ConnectionPool;
import org.ldaptive.pool.PooledConnectionFactory;
import org.ldaptive.ssl.SSLContextInitializer;
import org.ldaptive.ssl.SslConfig;
import org.ldaptive.ssl.X509SSLContextInitializer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/idp-attribute-resolver-impl-4.3.3.jar:net/shibboleth/idp/attribute/resolver/dc/ldap/impl/LDAPDataConnector.class */
public class LDAPDataConnector extends AbstractSearchDataConnector<ExecutableSearchFilter, SearchResultMappingStrategy> {
    private ConnectionFactory connectionFactory;
    private SearchExecutor searchExecutor;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) LDAPDataConnector.class);
    private boolean defaultValidator = true;
    private boolean defaultMappingStrategy = true;

    public ConnectionFactory getConnectionFactory() {
        return this.connectionFactory;
    }

    public void setConnectionFactory(@Nonnull ConnectionFactory connectionFactory) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.connectionFactory = (ConnectionFactory) Constraint.isNotNull(connectionFactory, "LDAP connection factory can not be null");
    }

    public SearchExecutor getSearchExecutor() {
        return this.searchExecutor;
    }

    public void setSearchExecutor(@Nonnull SearchExecutor searchExecutor) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.searchExecutor = (SearchExecutor) Constraint.isNotNull(searchExecutor, "LDAP search executor can not be null");
    }

    @Override // net.shibboleth.idp.attribute.resolver.dc.impl.AbstractSearchDataConnector
    public void setValidator(@Nonnull Validator validator) {
        super.setValidator(validator);
        if ((validator instanceof ConnectionFactoryValidator) && this.connectionFactory != null) {
            ((ConnectionFactoryValidator) validator).setConnectionFactory(this.connectionFactory);
        }
        this.defaultValidator = false;
    }

    @Override // net.shibboleth.idp.attribute.resolver.dc.impl.AbstractSearchDataConnector
    public void setMappingStrategy(@Nonnull SearchResultMappingStrategy searchResultMappingStrategy) {
        super.setMappingStrategy((LDAPDataConnector) searchResultMappingStrategy);
        this.defaultMappingStrategy = false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.attribute.resolver.dc.impl.AbstractSearchDataConnector, net.shibboleth.idp.attribute.resolver.AbstractDataConnector, net.shibboleth.idp.attribute.resolver.AbstractResolverPlugin, net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent, net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        if (this.connectionFactory == null) {
            throw new ComponentInitializationException(getLogPrefix() + " No connection factory was configured");
        }
        if (this.searchExecutor == null) {
            throw new ComponentInitializationException(getLogPrefix() + " No search executor was configured");
        }
        if (this.defaultValidator) {
            ConnectionFactoryValidator connectionFactoryValidator = new ConnectionFactoryValidator();
            connectionFactoryValidator.setConnectionFactory(this.connectionFactory);
            super.setValidator(connectionFactoryValidator);
        }
        if (this.defaultMappingStrategy) {
            super.setMappingStrategy((LDAPDataConnector) new net.shibboleth.idp.attribute.resolver.dc.ldap.StringAttributeValueMappingStrategy());
        }
        super.doInitialize();
        boolean isThrowValidateError = getValidator().isThrowValidateError();
        try {
            getValidator().setThrowValidateError(isFailFastInitialize());
            getValidator().validate();
        } catch (ValidationException e) {
            this.log.error("{} Invalid connector configuration", getLogPrefix(), e);
            if (isFailFastInitialize()) {
                throw new ComponentInitializationException(getLogPrefix() + " Invalid connector configuration", e);
            }
        } finally {
            getValidator().setThrowValidateError(isThrowValidateError);
        }
        policeForJVMTrust();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.attribute.resolver.AbstractResolverPlugin, net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doDestroy() {
        ConnectionPool connectionPool;
        if ((this.connectionFactory instanceof PooledConnectionFactory) && (connectionPool = ((PooledConnectionFactory) this.connectionFactory).getConnectionPool()) != null) {
            this.log.info("{} Closing LDAP connection pool", getLogPrefix());
            connectionPool.close();
        }
        super.doDestroy();
    }

    private void policeForJVMTrust() throws ComponentInitializationException {
        SslConfig sslConfig;
        AutoCloseable autoCloseable = null;
        try {
            try {
                Connection connection = this.connectionFactory.getConnection();
                if (connection == null) {
                    this.log.debug("{} No connection to probe", getLogPrefix());
                    if (connection != null) {
                        try {
                            connection.close();
                            return;
                        } catch (Exception e) {
                            this.log.debug("{} Error closing LDAP connection", getLogPrefix(), e);
                            return;
                        }
                    }
                    return;
                }
                ConnectionConfig connectionConfig = connection.getConnectionConfig();
                if ((connectionConfig.getUseStartTLS() || connectionConfig.getUseSSL() || connectionConfig.getLdapUrl().toLowerCase().contains("ldaps://")) && (sslConfig = connectionConfig.getSslConfig()) != null) {
                    SSLContextInitializer createSSLContextInitializer = sslConfig.getCredentialConfig() != null ? sslConfig.getCredentialConfig().createSSLContextInitializer() : null;
                    if ((createSSLContextInitializer instanceof X509SSLContextInitializer) && ((X509SSLContextInitializer) createSSLContextInitializer).getTrustCertificates() == null) {
                        throw new ComponentInitializationException(getLogPrefix() + ": Use of default JVM trust store not supported");
                    }
                }
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e2) {
                        this.log.debug("{} Error closing LDAP connection", getLogPrefix(), e2);
                    }
                }
            } catch (GeneralSecurityException | LdapException e3) {
                this.log.debug("{} Failed to inspect TLS implementation", getLogPrefix(), e3);
                if (0 != 0) {
                    try {
                        autoCloseable.close();
                    } catch (Exception e4) {
                        this.log.debug("{} Error closing LDAP connection", getLogPrefix(), e4);
                    }
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    autoCloseable.close();
                } catch (Exception e5) {
                    this.log.debug("{} Error closing LDAP connection", getLogPrefix(), e5);
                }
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.attribute.resolver.dc.impl.AbstractSearchDataConnector
    @Nullable
    public Map<String, IdPAttribute> retrieveAttributes(ExecutableSearchFilter executableSearchFilter) throws ResolutionException {
        if (executableSearchFilter == null) {
            throw new ResolutionException(getLogPrefix() + " Search filter cannot be null");
        }
        try {
            SearchResult execute = executableSearchFilter.execute(this.searchExecutor, this.connectionFactory);
            this.log.trace("{} Search returned {}", getLogPrefix(), execute);
            return getMappingStrategy().map(execute);
        } catch (LdapException e) {
            throw new ResolutionException(getLogPrefix() + " Unable to execute LDAP search", e);
        }
    }
}
