package edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector;

import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapPoolStrategy;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine;
import edu.vt.middleware.ldap.Ldap;
import edu.vt.middleware.ldap.LdapConfig;
import edu.vt.middleware.ldap.handler.BinarySearchResultHandler;
import edu.vt.middleware.ldap.handler.CaseChangeSearchResultHandler;
import edu.vt.middleware.ldap.handler.ConnectionHandler;
import edu.vt.middleware.ldap.handler.EntryDnSearchResultHandler;
import edu.vt.middleware.ldap.handler.FqdnSearchResultHandler;
import edu.vt.middleware.ldap.handler.MergeSearchResultHandler;
import edu.vt.middleware.ldap.handler.SearchResultHandler;
import edu.vt.middleware.ldap.pool.DefaultLdapFactory;
import edu.vt.middleware.ldap.pool.LdapFactory;
import edu.vt.middleware.ldap.pool.LdapValidator;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import net.sf.ehcache.Cache;
import net.sf.ehcache.CacheManager;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.util.DatatypeHelper;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/common/config/attribute/resolver/dataConnector/LdapDataConnectorFactoryBean.class */
public class LdapDataConnectorFactoryBean extends BaseDataConnectorFactoryBean {
    private LdapPoolStrategy ldapPoolStrategy;
    private LdapConfig ldapConfig = new LdapConfig();
    private ConnectionHandler.ConnectionStrategy connStrategy;
    private Map<String, String> ldapProperties;
    private LdapValidator ldapValidator;
    private TemplateEngine templateEngine;
    private String filterTemplate;
    private List<String> returnAttributes;
    private X509Credential trustCredential;
    private X509Credential connectionCredential;
    private boolean mergeResults;
    private boolean noResultsIsError;
    private boolean lowercaseAttributeNames;
    private CacheManager cacheManager;
    private int maximumCachedElements;
    private long cacheElementTtl;

    protected Object createInstance() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new FqdnSearchResultHandler());
        arrayList.add(new EntryDnSearchResultHandler());
        if (this.mergeResults) {
            arrayList.add(new MergeSearchResultHandler());
        }
        if (this.lowercaseAttributeNames) {
            CaseChangeSearchResultHandler caseChangeSearchResultHandler = new CaseChangeSearchResultHandler();
            caseChangeSearchResultHandler.setAttributeNameCaseChange(CaseChangeSearchResultHandler.CaseChange.LOWER);
            arrayList.add(caseChangeSearchResultHandler);
        }
        arrayList.add(new BinarySearchResultHandler());
        this.ldapConfig.setSearchResultHandlers((SearchResultHandler[]) arrayList.toArray(new SearchResultHandler[arrayList.size()]));
        this.ldapConfig.getConnectionHandler().setConnectionStrategy(this.connStrategy);
        if (this.ldapProperties != null) {
            for (Map.Entry<String, String> entry : this.ldapProperties.entrySet()) {
                this.ldapConfig.setEnvironmentProperties(entry.getKey(), entry.getValue());
            }
        }
        SSLContext createSSLContext = createSSLContext();
        if (createSSLContext != null) {
            this.ldapConfig.setSslSocketFactory(createSSLContext.getSocketFactory());
        }
        Cache cache = null;
        if (this.cacheManager != null) {
            cache = this.cacheManager.getCache(getPluginId());
            if (cache == null) {
                long j = this.cacheElementTtl / 1000;
                cache = new Cache(getPluginId(), this.maximumCachedElements, false, false, j, j);
                this.cacheManager.addCache(cache);
            }
        }
        try {
            setupPoolStrategy();
        } catch (Exception e) {
            this.logger.error("LDAP pool failed to initialize", e);
        }
        LdapDataConnector ldapDataConnector = new LdapDataConnector(this.ldapPoolStrategy, cache);
        populateDataConnector(ldapDataConnector);
        ldapDataConnector.setNoResultsIsError(this.noResultsIsError);
        if (this.returnAttributes != null) {
            ldapDataConnector.setReturnAttributes((String[]) this.returnAttributes.toArray(new String[this.returnAttributes.size()]));
        }
        ldapDataConnector.registerTemplate(this.templateEngine, this.filterTemplate);
        return ldapDataConnector;
    }

    protected void setupPoolStrategy() throws Exception {
        LdapFactory<Ldap> defaultLdapFactory = new DefaultLdapFactory<>(this.ldapConfig);
        if (this.ldapValidator != null) {
            defaultLdapFactory.setLdapValidator(this.ldapValidator);
        }
        this.ldapPoolStrategy.setLdapFactory(defaultLdapFactory);
        this.ldapPoolStrategy.initialize();
    }

    protected SSLContext createSSLContext() throws Exception {
        TrustManager[] trustManagerArr = null;
        if (this.trustCredential != null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                for (X509Certificate x509Certificate : this.trustCredential.getEntityCertificateChain()) {
                    keyStore.setCertificateEntry("ldap_tls_trust_" + x509Certificate.getSerialNumber(), x509Certificate);
                }
                trustManagerFactory.init(keyStore);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (IOException e) {
                this.logger.error("Error initializing trust managers", e);
            } catch (GeneralSecurityException e2) {
                this.logger.error("Error initializing trust managers", e2);
            }
        }
        KeyManager[] keyManagerArr = null;
        if (this.connectionCredential != null) {
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore2.load(null, null);
                keyStore2.setKeyEntry("ldap_tls_client_auth", this.connectionCredential.getPrivateKey(), "changeit".toCharArray(), (Certificate[]) this.connectionCredential.getEntityCertificateChain().toArray(new X509Certificate[0]));
                keyManagerFactory.init(keyStore2, "changeit".toCharArray());
                keyManagerArr = keyManagerFactory.getKeyManagers();
            } catch (IOException e3) {
                this.logger.error("Error initializing key managers", e3);
            } catch (GeneralSecurityException e4) {
                this.logger.error("Error initializing key managers", e4);
            }
        }
        SSLContext sSLContext = null;
        if (trustManagerArr != null || keyManagerArr != null) {
            sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, trustManagerArr, null);
        }
        return sSLContext;
    }

    public LdapDataConnector.AUTHENTICATION_TYPE getAuthenticationType() {
        return LdapDataConnector.AUTHENTICATION_TYPE.getAuthenticationTypeByName(this.ldapConfig.getAuthtype());
    }

    public String getBaseDN() {
        return this.ldapConfig.getBaseDn();
    }

    public long getCacheElementTimeToLive() {
        return this.cacheElementTtl;
    }

    public CacheManager getCacheManager() {
        return this.cacheManager;
    }

    public X509Credential getConnectionCredential() {
        return this.connectionCredential;
    }

    public String getFilterTemplate() {
        return this.filterTemplate;
    }

    public Map<String, String> getLdapProperties() {
        return this.ldapProperties;
    }

    public String getLdapUrl() {
        return this.ldapConfig.getLdapUrl();
    }

    public ConnectionHandler.ConnectionStrategy getConnectionStrategy() {
        return this.connStrategy;
    }

    public int getMaximumCachedElements() {
        return this.maximumCachedElements;
    }

    public int getMaxResultSize() {
        return (int) this.ldapConfig.getCountLimit();
    }

    public Class<?> getObjectType() {
        return LdapDataConnector.class;
    }

    public LdapPoolStrategy getPoolStrategy() {
        return this.ldapPoolStrategy;
    }

    public LdapValidator getPoolValidator() {
        return this.ldapValidator;
    }

    public String getPrincipal() {
        return this.ldapConfig.getBindDn();
    }

    public String getPrincipalCredential() {
        return (String) this.ldapConfig.getBindCredential();
    }

    public List<String> getReturnAttributes() {
        return this.returnAttributes;
    }

    public LdapConfig.SearchScope getSearchScope() {
        return this.ldapConfig.getSearchScope();
    }

    public int getSearchTimeLimit() {
        return this.ldapConfig.getTimeLimit();
    }

    public TemplateEngine getTemplateEngine() {
        return this.templateEngine;
    }

    public X509Credential getTrustCredential() {
        return this.trustCredential;
    }

    public boolean getUseStartTLS() {
        return this.ldapConfig.isTlsEnabled();
    }

    public boolean isLowercaseAttributeNames() {
        return this.lowercaseAttributeNames;
    }

    public boolean isMergeResults() {
        return this.mergeResults;
    }

    public boolean isNoResultsIsError() {
        return this.noResultsIsError;
    }

    public void setAuthenticationType(LdapDataConnector.AUTHENTICATION_TYPE authentication_type) {
        this.ldapConfig.setAuthtype(authentication_type.getAuthTypeName());
    }

    public void setBaseDN(String str) {
        String safeTrimOrNullString = DatatypeHelper.safeTrimOrNullString(str);
        if (safeTrimOrNullString != null) {
            this.ldapConfig.setBaseDn(safeTrimOrNullString);
        } else {
            this.ldapConfig.setBaseDn("");
        }
    }

    public void setCacheElementTimeToLive(long j) {
        this.cacheElementTtl = j;
    }

    public void setCacheManager(CacheManager cacheManager) {
        this.cacheManager = cacheManager;
    }

    public void setConnectionCredential(X509Credential x509Credential) {
        this.connectionCredential = x509Credential;
    }

    public void setFilterTemplate(String str) {
        this.filterTemplate = DatatypeHelper.safeTrimOrNullString(str);
    }

    public void setLdapProperties(Map<String, String> map) {
        this.ldapProperties = map;
    }

    public void setLdapUrl(String str) {
        this.ldapConfig.setLdapUrl(DatatypeHelper.safeTrimOrNullString(str));
    }

    public void setConnectionStrategy(ConnectionHandler.ConnectionStrategy connectionStrategy) {
        this.connStrategy = connectionStrategy;
    }

    public void setLowercaseAttributeNames(boolean z) {
        this.lowercaseAttributeNames = z;
    }

    public void setMaximumCachedElements(int i) {
        this.maximumCachedElements = i;
    }

    public void setMaxResultSize(int i) {
        this.ldapConfig.setCountLimit(i);
    }

    public void setMergeResults(boolean z) {
        this.mergeResults = z;
    }

    public void setNoResultsIsError(boolean z) {
        this.noResultsIsError = z;
    }

    public void setPoolStrategy(LdapPoolStrategy ldapPoolStrategy) {
        this.ldapPoolStrategy = ldapPoolStrategy;
    }

    public void setPoolValidator(LdapValidator ldapValidator) {
        this.ldapValidator = ldapValidator;
    }

    public void setPrincipal(String str) {
        this.ldapConfig.setBindDn(DatatypeHelper.safeTrimOrNullString(str));
    }

    public void setPrincipalCredential(String str) {
        this.ldapConfig.setBindCredential(DatatypeHelper.safeTrimOrNullString(str));
    }

    public void setReturnAttributes(List<String> list) {
        this.returnAttributes = list;
    }

    public void setSearchScope(LdapConfig.SearchScope searchScope) {
        this.ldapConfig.setSearchScope(searchScope);
    }

    public void setSearchTimeLimit(int i) {
        this.ldapConfig.setTimeLimit(i);
    }

    public void setTemplateEngine(TemplateEngine templateEngine) {
        this.templateEngine = templateEngine;
    }

    public void setTrustCredential(X509Credential x509Credential) {
        this.trustCredential = x509Credential;
    }

    public void setUseStartTLS(boolean z) {
        this.ldapConfig.setTls(z);
    }
}
