package org.apereo.cas.util;

import java.net.URI;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import lombok.Generated;
import org.apache.commons.lang3.ClassUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticationProperties;
import org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties;
import org.apereo.cas.configuration.support.Beans;
import org.ldaptive.ActivePassiveConnectionStrategy;
import org.ldaptive.AddOperation;
import org.ldaptive.AddRequest;
import org.ldaptive.AttributeModification;
import org.ldaptive.AttributeModificationType;
import org.ldaptive.BindConnectionInitializer;
import org.ldaptive.BindRequest;
import org.ldaptive.CompareRequest;
import org.ldaptive.Connection;
import org.ldaptive.ConnectionConfig;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.Credential;
import org.ldaptive.DefaultConnectionFactory;
import org.ldaptive.DefaultConnectionStrategy;
import org.ldaptive.DeleteOperation;
import org.ldaptive.DeleteRequest;
import org.ldaptive.DerefAliases;
import org.ldaptive.DnsSrvConnectionStrategy;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.LdapException;
import org.ldaptive.ModifyOperation;
import org.ldaptive.ModifyRequest;
import org.ldaptive.RandomConnectionStrategy;
import org.ldaptive.Response;
import org.ldaptive.ResultCode;
import org.ldaptive.ReturnAttributes;
import org.ldaptive.RoundRobinConnectionStrategy;
import org.ldaptive.SearchExecutor;
import org.ldaptive.SearchFilter;
import org.ldaptive.SearchOperation;
import org.ldaptive.SearchRequest;
import org.ldaptive.SearchResult;
import org.ldaptive.SearchScope;
import org.ldaptive.ad.UnicodePwdAttribute;
import org.ldaptive.ad.extended.FastBindOperation;
import org.ldaptive.ad.handler.ObjectGuidHandler;
import org.ldaptive.ad.handler.ObjectSidHandler;
import org.ldaptive.ad.handler.PrimaryGroupIdHandler;
import org.ldaptive.ad.handler.RangeEntryHandler;
import org.ldaptive.auth.Authenticator;
import org.ldaptive.auth.EntryResolver;
import org.ldaptive.auth.FormatDnResolver;
import org.ldaptive.auth.PooledBindAuthenticationHandler;
import org.ldaptive.auth.PooledCompareAuthenticationHandler;
import org.ldaptive.auth.PooledSearchDnResolver;
import org.ldaptive.control.PasswordPolicyControl;
import org.ldaptive.extended.PasswordModifyOperation;
import org.ldaptive.extended.PasswordModifyRequest;
import org.ldaptive.handler.CaseChangeEntryHandler;
import org.ldaptive.handler.DnAttributeEntryHandler;
import org.ldaptive.handler.MergeAttributeEntryHandler;
import org.ldaptive.handler.RecursiveEntryHandler;
import org.ldaptive.handler.SearchEntryHandler;
import org.ldaptive.pool.BindPassivator;
import org.ldaptive.pool.BlockingConnectionPool;
import org.ldaptive.pool.ClosePassivator;
import org.ldaptive.pool.CompareValidator;
import org.ldaptive.pool.ConnectionPool;
import org.ldaptive.pool.IdlePruneStrategy;
import org.ldaptive.pool.PoolConfig;
import org.ldaptive.pool.PooledConnectionFactory;
import org.ldaptive.pool.SearchValidator;
import org.ldaptive.provider.Provider;
import org.ldaptive.referral.DeleteReferralHandler;
import org.ldaptive.referral.ModifyReferralHandler;
import org.ldaptive.referral.SearchReferralHandler;
import org.ldaptive.sasl.CramMd5Config;
import org.ldaptive.sasl.DigestMd5Config;
import org.ldaptive.sasl.ExternalConfig;
import org.ldaptive.sasl.GssApiConfig;
import org.ldaptive.sasl.Mechanism;
import org.ldaptive.sasl.QualityOfProtection;
import org.ldaptive.sasl.SaslConfig;
import org.ldaptive.sasl.SecurityStrength;
import org.ldaptive.ssl.AllowAnyHostnameVerifier;
import org.ldaptive.ssl.DefaultHostnameVerifier;
import org.ldaptive.ssl.KeyStoreCredentialConfig;
import org.ldaptive.ssl.SslConfig;
import org.ldaptive.ssl.X509CredentialConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.thymeleaf.spring4.processor.SpringInputGeneralFieldTagProcessor;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-ldap-core-5.3.11.jar:org/apereo/cas/util/LdapUtils.class */
public final class LdapUtils {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) LdapUtils.class);
    public static final String LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME = "user";
    public static final String OBJECT_CLASS_ATTRIBUTE = "objectClass";
    private static final String LDAP_PREFIX = "ldap";

    public static Boolean getBoolean(LdapEntry ldapEntry, String str) {
        return getBoolean(ldapEntry, str, Boolean.FALSE);
    }

    public static Boolean getBoolean(LdapEntry ldapEntry, String str, Boolean bool) {
        String string = getString(ldapEntry, str, bool.toString());
        return string != null ? Boolean.valueOf(string.equalsIgnoreCase(Boolean.TRUE.toString())) : bool;
    }

    public static Long getLong(LdapEntry ldapEntry, String str) {
        return getLong(ldapEntry, str, Long.MIN_VALUE);
    }

    public static Long getLong(LdapEntry ldapEntry, String str, Long l) {
        String string = getString(ldapEntry, str, l.toString());
        return (string == null || !NumberUtils.isCreatable(string)) ? l : Long.valueOf(string);
    }

    public static String getString(LdapEntry ldapEntry, String str) {
        return getString(ldapEntry, str, null);
    }

    public static String getString(LdapEntry ldapEntry, String str, String str2) {
        LdapAttribute attribute = ldapEntry.getAttribute(str);
        if (attribute == null) {
            return str2;
        }
        String str3 = attribute.isBinary() ? new String(attribute.getBinaryValue(), StandardCharsets.UTF_8) : attribute.getStringValue();
        return StringUtils.isNotBlank(str3) ? str3 : str2;
    }

    public static Response<SearchResult> executeSearchOperation(ConnectionFactory connectionFactory, String str, SearchFilter searchFilter, String... strArr) throws LdapException {
        return executeSearchOperation(connectionFactory, str, searchFilter, null, strArr);
    }

    public static Response<SearchResult> executeSearchOperation(ConnectionFactory connectionFactory, String str, SearchFilter searchFilter, String[] strArr, String[] strArr2) throws LdapException {
        Connection createConnection = createConnection(connectionFactory);
        Throwable th = null;
        try {
            try {
                SearchOperation searchOperation = new SearchOperation(createConnection);
                SearchRequest newLdaptiveSearchRequest = newLdaptiveSearchRequest(str, searchFilter, strArr, strArr2);
                newLdaptiveSearchRequest.setReferralHandler(new SearchReferralHandler());
                Response<SearchResult> execute = searchOperation.execute(newLdaptiveSearchRequest);
                if (createConnection != null) {
                    $closeResource(null, createConnection);
                }
                return execute;
            } finally {
            }
        } catch (Throwable th2) {
            if (createConnection != null) {
                $closeResource(th, createConnection);
            }
            throw th2;
        }
    }

    public static Response<SearchResult> executeSearchOperation(ConnectionFactory connectionFactory, String str, SearchFilter searchFilter) throws LdapException {
        return executeSearchOperation(connectionFactory, str, searchFilter, ReturnAttributes.ALL_USER.value(), ReturnAttributes.ALL_USER.value());
    }

    public static boolean containsResultEntry(Response<SearchResult> response) {
        SearchResult result;
        return (response == null || (result = response.getResult()) == null || result.getEntry() == null) ? false : true;
    }

    public static Connection createConnection(ConnectionFactory connectionFactory) throws LdapException {
        Connection connection = connectionFactory.getConnection();
        if (!connection.isOpen()) {
            connection.open();
        }
        return connection;
    }

    /* JADX WARN: Failed to calculate best type for var: r22v1 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r23v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
     */
    /* JADX WARN: Not initialized variable reg: 22, insn: 0x012d: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r22 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:38:0x012d */
    /* JADX WARN: Not initialized variable reg: 23, insn: 0x0132: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r23 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:40:0x0132 */
    /* JADX WARN: Type inference failed for: r22v1, types: [java.lang.AutoCloseable] */
    /* JADX WARN: Type inference failed for: r23v0, types: [java.lang.Throwable] */
    public static boolean executePasswordModifyOperation(String str, ConnectionFactory connectionFactory, String str2, String str3, AbstractLdapProperties.LdapType ldapType) {
        ?? r22;
        ?? r23;
        try {
            try {
                Connection createConnection = createConnection(connectionFactory);
                if (!createConnection.getConnectionConfig().getUseSSL() && !createConnection.getConnectionConfig().getUseStartTLS()) {
                    LOGGER.warn("Executing password modification op under a non-secure LDAP connection; To modify password attributes, the connection to the LDAP server SHOULD be secured and/or encrypted.");
                }
                if (ldapType == AbstractLdapProperties.LdapType.AD) {
                    LOGGER.debug("Executing password modification op for active directory based on [https://support.microsoft.com/en-us/kb/269190]");
                    Response<Void> execute = new ModifyOperation(createConnection).execute(new ModifyRequest(str, new AttributeModification(AttributeModificationType.REPLACE, new UnicodePwdAttribute(str3))));
                    LOGGER.debug("Result code [{}], message: [{}]", execute.getResult(), execute.getMessage());
                    boolean z = execute.getResultCode() == ResultCode.SUCCESS;
                    if (createConnection != null) {
                        $closeResource(null, createConnection);
                    }
                    return z;
                }
                LOGGER.debug("Executing password modification op for generic LDAP");
                Response<Credential> execute2 = new PasswordModifyOperation(createConnection).execute(new PasswordModifyRequest(str, StringUtils.isNotBlank(str2) ? new Credential(str2) : null, new Credential(str3)));
                LOGGER.debug("Result code [{}], message: [{}]", execute2.getResult(), execute2.getMessage());
                boolean z2 = execute2.getResultCode() == ResultCode.SUCCESS;
                if (createConnection != null) {
                    $closeResource(null, createConnection);
                }
                return z2;
            } catch (Throwable th) {
                if (r22 != 0) {
                    $closeResource(r23, r22);
                }
                throw th;
            }
        } catch (LdapException e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            return false;
        }
    }

    public static boolean executeModifyOperation(String str, ConnectionFactory connectionFactory, Map<String, Set<String>> map) {
        try {
            Connection createConnection = createConnection(connectionFactory);
            try {
                ModifyOperation modifyOperation = new ModifyOperation(createConnection);
                ModifyRequest modifyRequest = new ModifyRequest(str, (AttributeModification[]) map.entrySet().stream().map(entry -> {
                    return new AttributeModification(AttributeModificationType.REPLACE, new LdapAttribute((String) entry.getKey(), (String[]) ((Set) entry.getValue()).toArray(new String[0])));
                }).toArray(i -> {
                    return new AttributeModification[map.size()];
                }));
                modifyRequest.setReferralHandler(new ModifyReferralHandler());
                modifyOperation.execute(modifyRequest);
                if (createConnection != null) {
                    $closeResource(null, createConnection);
                }
                return true;
            } catch (Throwable th) {
                if (createConnection != null) {
                    $closeResource(null, createConnection);
                }
                throw th;
            }
        } catch (LdapException e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            return false;
        }
    }

    public static boolean executeModifyOperation(String str, ConnectionFactory connectionFactory, LdapEntry ldapEntry) {
        return executeModifyOperation(str, connectionFactory, (Map<String, Set<String>>) ldapEntry.getAttributes().stream().collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, ldapAttribute -> {
            return new HashSet(ldapAttribute.getStringValues());
        })));
    }

    public static boolean executeAddOperation(ConnectionFactory connectionFactory, LdapEntry ldapEntry) {
        try {
            Connection createConnection = createConnection(connectionFactory);
            Throwable th = null;
            try {
                try {
                    new AddOperation(createConnection).execute(new AddRequest(ldapEntry.getDn(), ldapEntry.getAttributes()));
                    if (createConnection != null) {
                        $closeResource(null, createConnection);
                    }
                    return true;
                } finally {
                }
            } catch (Throwable th2) {
                if (createConnection != null) {
                    $closeResource(th, createConnection);
                }
                throw th2;
            }
        } catch (LdapException e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            return false;
        }
    }

    public static boolean executeDeleteOperation(ConnectionFactory connectionFactory, LdapEntry ldapEntry) {
        try {
            Connection createConnection = createConnection(connectionFactory);
            Throwable th = null;
            try {
                try {
                    DeleteOperation deleteOperation = new DeleteOperation(createConnection);
                    DeleteRequest deleteRequest = new DeleteRequest(ldapEntry.getDn());
                    deleteRequest.setReferralHandler(new DeleteReferralHandler());
                    boolean z = deleteOperation.execute(deleteRequest).getResultCode() == ResultCode.SUCCESS;
                    if (createConnection != null) {
                        $closeResource(null, createConnection);
                    }
                    return z;
                } finally {
                }
            } catch (Throwable th2) {
                if (createConnection != null) {
                    $closeResource(th, createConnection);
                }
                throw th2;
            }
        } catch (LdapException e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            return false;
        }
    }

    public static boolean isLdapConnectionUrl(String str) {
        return str.toLowerCase().startsWith(LDAP_PREFIX);
    }

    public static boolean isLdapConnectionUrl(URI uri) {
        return uri.getScheme().equalsIgnoreCase(LDAP_PREFIX);
    }

    public static boolean isLdapConnectionUrl(URL url) {
        return url.getProtocol().equalsIgnoreCase(LDAP_PREFIX);
    }

    public static SearchRequest newLdaptiveSearchRequest(String str, SearchFilter searchFilter, String[] strArr, String[] strArr2) {
        SearchRequest searchRequest = new SearchRequest(str, searchFilter);
        searchRequest.setBinaryAttributes(strArr);
        searchRequest.setReturnAttributes(strArr2);
        searchRequest.setSearchScope(SearchScope.SUBTREE);
        return searchRequest;
    }

    public static SearchRequest newLdaptiveSearchRequest(String str, SearchFilter searchFilter) {
        return newLdaptiveSearchRequest(str, searchFilter, ReturnAttributes.ALL_USER.value(), ReturnAttributes.ALL_USER.value());
    }

    public static SearchFilter newLdaptiveSearchFilter(String str) {
        return newLdaptiveSearchFilter(str, new ArrayList(0));
    }

    public static SearchFilter newLdaptiveSearchFilter(String str, List<String> list) {
        return newLdaptiveSearchFilter(str, "user", list);
    }

    public static SearchFilter newLdaptiveSearchFilter(String str, String str2, List<String> list) {
        SearchFilter searchFilter = new SearchFilter();
        searchFilter.setFilter(str);
        if (list != null) {
            IntStream.range(0, list.size()).forEach(i -> {
                if (searchFilter.getFilter().contains("{" + i + '}')) {
                    searchFilter.setParameter(i, list.get(i));
                } else {
                    searchFilter.setParameter(str2, list.get(i));
                }
            });
        }
        LOGGER.debug("Constructed LDAP search filter [{}]", searchFilter.format());
        return searchFilter;
    }

    public static SearchFilter newLdaptiveSearchFilter(String str, List<String> list, List<String> list2) {
        SearchFilter searchFilter = new SearchFilter();
        searchFilter.setFilter(str);
        if (list2 != null) {
            IntStream.range(0, list2.size()).forEach(i -> {
                String str2 = (String) list2.get(i);
                if (searchFilter.getFilter().contains("{" + i + '}')) {
                    searchFilter.setParameter(i, str2);
                }
                String str3 = (String) list.get(i);
                if (searchFilter.getFilter().contains("{" + str3 + '}')) {
                    searchFilter.setParameter(str3, str2);
                }
            });
        }
        LOGGER.debug("Constructed LDAP search filter [{}]", searchFilter.format());
        return searchFilter;
    }

    public static SearchExecutor newLdaptiveSearchExecutor(String str, String str2, List<String> list) {
        return newLdaptiveSearchExecutor(str, str2, list, ReturnAttributes.ALL.value());
    }

    public static SearchExecutor newLdaptiveSearchExecutor(String str, String str2, List<String> list, List<String> list2) {
        return newLdaptiveSearchExecutor(str, str2, list, (String[]) list2.toArray(new String[0]));
    }

    public static SearchExecutor newLdaptiveSearchExecutor(String str, String str2, List<String> list, String[] strArr) {
        SearchExecutor searchExecutor = new SearchExecutor();
        searchExecutor.setBaseDn(str);
        searchExecutor.setSearchFilter(newLdaptiveSearchFilter(str2, list));
        searchExecutor.setReturnAttributes(strArr);
        searchExecutor.setSearchScope(SearchScope.SUBTREE);
        return searchExecutor;
    }

    public static SearchExecutor newLdaptiveSearchExecutor(String str, String str2) {
        return newLdaptiveSearchExecutor(str, str2, new ArrayList(0));
    }

    public static Authenticator newLdaptiveAuthenticator(AbstractLdapAuthenticationProperties abstractLdapAuthenticationProperties) {
        switch (abstractLdapAuthenticationProperties.getType()) {
            case AD:
                LOGGER.debug("Creating active directory authenticator for [{}]", abstractLdapAuthenticationProperties.getLdapUrl());
                return getActiveDirectoryAuthenticator(abstractLdapAuthenticationProperties);
            case DIRECT:
                LOGGER.debug("Creating direct-bind authenticator for [{}]", abstractLdapAuthenticationProperties.getLdapUrl());
                return getDirectBindAuthenticator(abstractLdapAuthenticationProperties);
            case AUTHENTICATED:
                LOGGER.debug("Creating authenticated authenticator for [{}]", abstractLdapAuthenticationProperties.getLdapUrl());
                return getAuthenticatedOrAnonSearchAuthenticator(abstractLdapAuthenticationProperties);
            default:
                LOGGER.debug("Creating anonymous authenticator for [{}]", abstractLdapAuthenticationProperties.getLdapUrl());
                return getAuthenticatedOrAnonSearchAuthenticator(abstractLdapAuthenticationProperties);
        }
    }

    private static Authenticator getAuthenticatedOrAnonSearchAuthenticator(AbstractLdapAuthenticationProperties abstractLdapAuthenticationProperties) {
        if (StringUtils.isBlank(abstractLdapAuthenticationProperties.getBaseDn())) {
            throw new IllegalArgumentException("Base dn cannot be empty/blank for authenticated/anonymous authentication");
        }
        if (StringUtils.isBlank(abstractLdapAuthenticationProperties.getSearchFilter())) {
            throw new IllegalArgumentException("User filter cannot be empty/blank for authenticated/anonymous authentication");
        }
        PooledConnectionFactory newLdaptivePooledConnectionFactory = newLdaptivePooledConnectionFactory(abstractLdapAuthenticationProperties);
        PooledSearchDnResolver pooledSearchDnResolver = new PooledSearchDnResolver();
        pooledSearchDnResolver.setBaseDn(abstractLdapAuthenticationProperties.getBaseDn());
        pooledSearchDnResolver.setSubtreeSearch(abstractLdapAuthenticationProperties.isSubtreeSearch());
        pooledSearchDnResolver.setAllowMultipleDns(abstractLdapAuthenticationProperties.isAllowMultipleDns());
        pooledSearchDnResolver.setConnectionFactory(newLdaptivePooledConnectionFactory);
        pooledSearchDnResolver.setUserFilter(abstractLdapAuthenticationProperties.getSearchFilter());
        if (abstractLdapAuthenticationProperties.isFollowReferrals()) {
            pooledSearchDnResolver.setReferralHandler(new SearchReferralHandler());
        }
        if (StringUtils.isNotBlank(abstractLdapAuthenticationProperties.getDerefAliases())) {
            pooledSearchDnResolver.setDerefAliases(DerefAliases.valueOf(abstractLdapAuthenticationProperties.getDerefAliases()));
        }
        Authenticator authenticator = StringUtils.isBlank(abstractLdapAuthenticationProperties.getPrincipalAttributePassword()) ? new Authenticator(pooledSearchDnResolver, getPooledBindAuthenticationHandler(abstractLdapAuthenticationProperties, newLdaptivePooledConnectionFactory(abstractLdapAuthenticationProperties))) : new Authenticator(pooledSearchDnResolver, getPooledCompareAuthenticationHandler(abstractLdapAuthenticationProperties, newLdaptivePooledConnectionFactory(abstractLdapAuthenticationProperties)));
        if (abstractLdapAuthenticationProperties.isEnhanceWithEntryResolver()) {
            authenticator.setEntryResolver(newLdaptiveSearchEntryResolver(abstractLdapAuthenticationProperties, newLdaptivePooledConnectionFactory(abstractLdapAuthenticationProperties)));
        }
        return authenticator;
    }

    private static Authenticator getDirectBindAuthenticator(AbstractLdapAuthenticationProperties abstractLdapAuthenticationProperties) {
        if (StringUtils.isBlank(abstractLdapAuthenticationProperties.getDnFormat())) {
            throw new IllegalArgumentException("Dn format cannot be empty/blank for direct bind authentication");
        }
        Authenticator authenticator = new Authenticator(new FormatDnResolver(abstractLdapAuthenticationProperties.getDnFormat()), getPooledBindAuthenticationHandler(abstractLdapAuthenticationProperties, newLdaptivePooledConnectionFactory(abstractLdapAuthenticationProperties)));
        if (abstractLdapAuthenticationProperties.isEnhanceWithEntryResolver()) {
            authenticator.setEntryResolver(newLdaptiveSearchEntryResolver(abstractLdapAuthenticationProperties, newLdaptivePooledConnectionFactory(abstractLdapAuthenticationProperties)));
        }
        return authenticator;
    }

    private static Authenticator getActiveDirectoryAuthenticator(AbstractLdapAuthenticationProperties abstractLdapAuthenticationProperties) {
        if (StringUtils.isBlank(abstractLdapAuthenticationProperties.getDnFormat())) {
            throw new IllegalArgumentException("Dn format cannot be empty/blank for active directory authentication");
        }
        Authenticator authenticator = new Authenticator(new FormatDnResolver(abstractLdapAuthenticationProperties.getDnFormat()), getPooledBindAuthenticationHandler(abstractLdapAuthenticationProperties, newLdaptivePooledConnectionFactory(abstractLdapAuthenticationProperties)));
        if (abstractLdapAuthenticationProperties.isEnhanceWithEntryResolver()) {
            authenticator.setEntryResolver(newLdaptiveSearchEntryResolver(abstractLdapAuthenticationProperties, newLdaptivePooledConnectionFactory(abstractLdapAuthenticationProperties)));
        }
        return authenticator;
    }

    private static PooledBindAuthenticationHandler getPooledBindAuthenticationHandler(AbstractLdapAuthenticationProperties abstractLdapAuthenticationProperties, PooledConnectionFactory pooledConnectionFactory) {
        PooledBindAuthenticationHandler pooledBindAuthenticationHandler = new PooledBindAuthenticationHandler(pooledConnectionFactory);
        pooledBindAuthenticationHandler.setAuthenticationControls(new PasswordPolicyControl());
        return pooledBindAuthenticationHandler;
    }

    private static PooledCompareAuthenticationHandler getPooledCompareAuthenticationHandler(AbstractLdapAuthenticationProperties abstractLdapAuthenticationProperties, PooledConnectionFactory pooledConnectionFactory) {
        PooledCompareAuthenticationHandler pooledCompareAuthenticationHandler = new PooledCompareAuthenticationHandler(pooledConnectionFactory);
        pooledCompareAuthenticationHandler.setPasswordAttribute(abstractLdapAuthenticationProperties.getPrincipalAttributePassword());
        return pooledCompareAuthenticationHandler;
    }

    public static PooledConnectionFactory newLdaptivePooledConnectionFactory(AbstractLdapProperties abstractLdapProperties) {
        return new PooledConnectionFactory(newLdaptiveBlockingConnectionPool(abstractLdapProperties));
    }

    public static ConnectionConfig newLdaptiveConnectionConfig(AbstractLdapProperties abstractLdapProperties) {
        SaslConfig gssApiConfig;
        if (StringUtils.isBlank(abstractLdapProperties.getLdapUrl())) {
            throw new IllegalArgumentException("LDAP url cannot be empty/blank");
        }
        LOGGER.debug("Creating LDAP connection configuration for [{}]", abstractLdapProperties.getLdapUrl());
        ConnectionConfig connectionConfig = new ConnectionConfig();
        String ldapUrl = abstractLdapProperties.getLdapUrl().contains(" ") ? abstractLdapProperties.getLdapUrl() : String.join(" ", abstractLdapProperties.getLdapUrl().split(","));
        LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", abstractLdapProperties.getLdapUrl(), ldapUrl);
        connectionConfig.setLdapUrl(ldapUrl);
        connectionConfig.setUseSSL(abstractLdapProperties.isUseSsl());
        connectionConfig.setUseStartTLS(abstractLdapProperties.isUseStartTls());
        connectionConfig.setConnectTimeout(Beans.newDuration(abstractLdapProperties.getConnectTimeout()));
        connectionConfig.setResponseTimeout(Beans.newDuration(abstractLdapProperties.getResponseTimeout()));
        if (StringUtils.isNotBlank(abstractLdapProperties.getConnectionStrategy())) {
            switch (AbstractLdapProperties.LdapConnectionStrategy.valueOf(abstractLdapProperties.getConnectionStrategy())) {
                case RANDOM:
                    connectionConfig.setConnectionStrategy(new RandomConnectionStrategy());
                    break;
                case DNS_SRV:
                    connectionConfig.setConnectionStrategy(new DnsSrvConnectionStrategy());
                    break;
                case ACTIVE_PASSIVE:
                    connectionConfig.setConnectionStrategy(new ActivePassiveConnectionStrategy());
                    break;
                case ROUND_ROBIN:
                    connectionConfig.setConnectionStrategy(new RoundRobinConnectionStrategy());
                    break;
                case DEFAULT:
                default:
                    connectionConfig.setConnectionStrategy(new DefaultConnectionStrategy());
                    break;
            }
        }
        if (abstractLdapProperties.getTrustCertificates() != null) {
            LOGGER.debug("Creating LDAP SSL configuration via trust certificates [{}]", abstractLdapProperties.getTrustCertificates());
            X509CredentialConfig x509CredentialConfig = new X509CredentialConfig();
            x509CredentialConfig.setTrustCertificates(abstractLdapProperties.getTrustCertificates());
            connectionConfig.setSslConfig(new SslConfig(x509CredentialConfig));
        } else if (abstractLdapProperties.getKeystore() != null) {
            LOGGER.debug("Creating LDAP SSL configuration via keystore [{}]", abstractLdapProperties.getKeystore());
            KeyStoreCredentialConfig keyStoreCredentialConfig = new KeyStoreCredentialConfig();
            keyStoreCredentialConfig.setKeyStore(abstractLdapProperties.getKeystore());
            keyStoreCredentialConfig.setKeyStorePassword(abstractLdapProperties.getKeystorePassword());
            keyStoreCredentialConfig.setKeyStoreType(abstractLdapProperties.getKeystoreType());
            connectionConfig.setSslConfig(new SslConfig(keyStoreCredentialConfig));
        } else {
            LOGGER.debug("Creating LDAP SSL configuration via the native JVM truststore");
            connectionConfig.setSslConfig(new SslConfig());
        }
        SslConfig sslConfig = connectionConfig.getSslConfig();
        if (sslConfig != null) {
            switch (abstractLdapProperties.getHostnameVerifier()) {
                case ANY:
                    sslConfig.setHostnameVerifier(new AllowAnyHostnameVerifier());
                    break;
                case DEFAULT:
                default:
                    sslConfig.setHostnameVerifier(new DefaultHostnameVerifier());
                    break;
            }
        }
        if (StringUtils.isNotBlank(abstractLdapProperties.getSaslMechanism())) {
            LOGGER.debug("Creating LDAP SASL mechanism via [{}]", abstractLdapProperties.getSaslMechanism());
            BindConnectionInitializer bindConnectionInitializer = new BindConnectionInitializer();
            switch (Mechanism.valueOf(abstractLdapProperties.getSaslMechanism())) {
                case DIGEST_MD5:
                    gssApiConfig = new DigestMd5Config();
                    ((DigestMd5Config) gssApiConfig).setRealm(abstractLdapProperties.getSaslRealm());
                    break;
                case CRAM_MD5:
                    gssApiConfig = new CramMd5Config();
                    break;
                case EXTERNAL:
                    gssApiConfig = new ExternalConfig();
                    break;
                case GSSAPI:
                default:
                    gssApiConfig = new GssApiConfig();
                    ((GssApiConfig) gssApiConfig).setRealm(abstractLdapProperties.getSaslRealm());
                    break;
            }
            if (StringUtils.isNotBlank(abstractLdapProperties.getSaslAuthorizationId())) {
                gssApiConfig.setAuthorizationId(abstractLdapProperties.getSaslAuthorizationId());
            }
            gssApiConfig.setMutualAuthentication(abstractLdapProperties.getSaslMutualAuth());
            if (StringUtils.isNotBlank(abstractLdapProperties.getSaslQualityOfProtection())) {
                gssApiConfig.setQualityOfProtection(QualityOfProtection.valueOf(abstractLdapProperties.getSaslQualityOfProtection()));
            }
            if (StringUtils.isNotBlank(abstractLdapProperties.getSaslSecurityStrength())) {
                gssApiConfig.setSecurityStrength(SecurityStrength.valueOf(abstractLdapProperties.getSaslSecurityStrength()));
            }
            bindConnectionInitializer.setBindSaslConfig(gssApiConfig);
            connectionConfig.setConnectionInitializer(bindConnectionInitializer);
        } else if (StringUtils.equals(abstractLdapProperties.getBindCredential(), "*") && StringUtils.equals(abstractLdapProperties.getBindDn(), "*")) {
            LOGGER.debug("Creating LDAP fast-bind connection initializer");
            connectionConfig.setConnectionInitializer(new FastBindOperation.FastBindConnectionInitializer());
        } else if (StringUtils.isNotBlank(abstractLdapProperties.getBindDn()) && StringUtils.isNotBlank(abstractLdapProperties.getBindCredential())) {
            LOGGER.debug("Creating LDAP bind connection initializer via [{}]", abstractLdapProperties.getBindDn());
            connectionConfig.setConnectionInitializer(new BindConnectionInitializer(abstractLdapProperties.getBindDn(), new Credential(abstractLdapProperties.getBindCredential())));
        }
        return connectionConfig;
    }

    public static PoolConfig newLdaptivePoolConfig(AbstractLdapProperties abstractLdapProperties) {
        LOGGER.debug("Creating LDAP connection pool configuration for [{}]", abstractLdapProperties.getLdapUrl());
        PoolConfig poolConfig = new PoolConfig();
        poolConfig.setMinPoolSize(abstractLdapProperties.getMinPoolSize());
        poolConfig.setMaxPoolSize(abstractLdapProperties.getMaxPoolSize());
        poolConfig.setValidateOnCheckOut(abstractLdapProperties.isValidateOnCheckout());
        poolConfig.setValidatePeriodically(abstractLdapProperties.isValidatePeriodically());
        poolConfig.setValidatePeriod(Beans.newDuration(abstractLdapProperties.getValidatePeriod()));
        poolConfig.setValidateTimeout(Beans.newDuration(abstractLdapProperties.getValidateTimeout()));
        return poolConfig;
    }

    public static DefaultConnectionFactory newLdaptiveConnectionFactory(AbstractLdapProperties abstractLdapProperties) {
        LOGGER.debug("Creating LDAP connection factory for [{}]", abstractLdapProperties.getLdapUrl());
        DefaultConnectionFactory defaultConnectionFactory = new DefaultConnectionFactory(newLdaptiveConnectionConfig(abstractLdapProperties));
        if (abstractLdapProperties.getProviderClass() != null) {
            try {
                defaultConnectionFactory.setProvider((Provider) Provider.class.cast(ClassUtils.getClass(abstractLdapProperties.getProviderClass()).getDeclaredConstructor(new Class[0]).newInstance(new Object[0])));
            } catch (Exception e) {
                LOGGER.error(e.getMessage(), (Throwable) e);
            }
        }
        return defaultConnectionFactory;
    }

    public static ConnectionPool newLdaptiveBlockingConnectionPool(AbstractLdapProperties abstractLdapProperties) {
        DefaultConnectionFactory newLdaptiveConnectionFactory = newLdaptiveConnectionFactory(abstractLdapProperties);
        PoolConfig newLdaptivePoolConfig = newLdaptivePoolConfig(abstractLdapProperties);
        BlockingConnectionPool blockingConnectionPool = new BlockingConnectionPool(newLdaptivePoolConfig, newLdaptiveConnectionFactory);
        blockingConnectionPool.setBlockWaitTime(Beans.newDuration(abstractLdapProperties.getBlockWaitTime()));
        blockingConnectionPool.setPoolConfig(newLdaptivePoolConfig);
        IdlePruneStrategy idlePruneStrategy = new IdlePruneStrategy();
        idlePruneStrategy.setIdleTime(Beans.newDuration(abstractLdapProperties.getIdleTime()));
        idlePruneStrategy.setPrunePeriod(Beans.newDuration(abstractLdapProperties.getPrunePeriod()));
        blockingConnectionPool.setPruneStrategy(idlePruneStrategy);
        String lowerCase = abstractLdapProperties.getValidator().getType().trim().toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -906336856:
                if (lowerCase.equals(SpringInputGeneralFieldTagProcessor.SEARCH_INPUT_TYPE_ATTR_VALUE)) {
                    z = 2;
                    break;
                }
                break;
            case 3387192:
                if (lowerCase.equals("none")) {
                    z = true;
                    break;
                }
                break;
            case 950484197:
                if (lowerCase.equals("compare")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                CompareRequest compareRequest = new CompareRequest();
                compareRequest.setDn(abstractLdapProperties.getValidator().getDn());
                compareRequest.setAttribute(new LdapAttribute(abstractLdapProperties.getValidator().getAttributeName(), (String[]) abstractLdapProperties.getValidator().getAttributeValues().toArray(new String[0])));
                if (abstractLdapProperties.isFollowReferrals()) {
                    compareRequest.setReferralHandler(new SearchReferralHandler());
                }
                blockingConnectionPool.setValidator(new CompareValidator(compareRequest));
                break;
            case true:
                LOGGER.debug("No validator is configured for the LDAP connection pool of [{}]", abstractLdapProperties.getLdapUrl());
                break;
            case true:
            default:
                SearchRequest searchRequest = new SearchRequest();
                searchRequest.setBaseDn(abstractLdapProperties.getValidator().getBaseDn());
                searchRequest.setSearchFilter(new SearchFilter(abstractLdapProperties.getValidator().getSearchFilter()));
                searchRequest.setReturnAttributes(ReturnAttributes.NONE.value());
                searchRequest.setSearchScope(SearchScope.valueOf(abstractLdapProperties.getValidator().getScope()));
                searchRequest.setSizeLimit(1L);
                if (abstractLdapProperties.isFollowReferrals()) {
                    searchRequest.setReferralHandler(new SearchReferralHandler());
                }
                blockingConnectionPool.setValidator(new SearchValidator(searchRequest));
                break;
        }
        blockingConnectionPool.setFailFastInitialize(abstractLdapProperties.isFailFast());
        if (StringUtils.isNotBlank(abstractLdapProperties.getPoolPassivator())) {
            switch (AbstractLdapProperties.LdapConnectionPoolPassivator.valueOf(abstractLdapProperties.getPoolPassivator().toUpperCase())) {
                case CLOSE:
                    blockingConnectionPool.setPassivator(new ClosePassivator());
                    LOGGER.debug("Created [{}] passivator for [{}]", abstractLdapProperties.getPoolPassivator(), abstractLdapProperties.getLdapUrl());
                    break;
                case BIND:
                    if (!StringUtils.isNotBlank(abstractLdapProperties.getBindDn()) || !StringUtils.isNoneBlank(abstractLdapProperties.getBindCredential())) {
                        LOGGER.warn("[{}] pool passivator could not be created for [{}] given bind credentials are not specified. If you are dealing with LDAP in such a way that does not require bind credentials, you may need to set the pool passivator setting to one of [{}]", abstractLdapProperties.getPoolPassivator(), abstractLdapProperties.getLdapUrl(), (List) Arrays.stream(AbstractLdapProperties.LdapConnectionPoolPassivator.values()).filter(ldapConnectionPoolPassivator -> {
                            return ldapConnectionPoolPassivator != AbstractLdapProperties.LdapConnectionPoolPassivator.BIND;
                        }).collect(Collectors.toList()));
                        break;
                    } else {
                        BindRequest bindRequest = new BindRequest();
                        bindRequest.setDn(abstractLdapProperties.getBindDn());
                        bindRequest.setCredential(new Credential(abstractLdapProperties.getBindCredential()));
                        blockingConnectionPool.setPassivator(new BindPassivator(bindRequest));
                        LOGGER.debug("Created [{}] passivator for [{}]", abstractLdapProperties.getPoolPassivator(), abstractLdapProperties.getLdapUrl());
                        break;
                    }
                    break;
            }
        }
        LOGGER.debug("Initializing ldap connection pool for [{}] and bindDn [{}]", abstractLdapProperties.getLdapUrl(), abstractLdapProperties.getBindDn());
        blockingConnectionPool.initialize();
        return blockingConnectionPool;
    }

    public static EntryResolver newLdaptiveSearchEntryResolver(AbstractLdapAuthenticationProperties abstractLdapAuthenticationProperties, PooledConnectionFactory pooledConnectionFactory) {
        if (StringUtils.isBlank(abstractLdapAuthenticationProperties.getBaseDn())) {
            throw new IllegalArgumentException("To create a search entry resolver, base dn cannot be empty/blank ");
        }
        if (StringUtils.isBlank(abstractLdapAuthenticationProperties.getSearchFilter())) {
            throw new IllegalArgumentException("To create a search entry resolver, user filter cannot be empty/blank");
        }
        BinaryAttributeAwarePooledSearchEntryResolver binaryAttributeAwarePooledSearchEntryResolver = new BinaryAttributeAwarePooledSearchEntryResolver();
        binaryAttributeAwarePooledSearchEntryResolver.setBaseDn(abstractLdapAuthenticationProperties.getBaseDn());
        binaryAttributeAwarePooledSearchEntryResolver.setUserFilter(abstractLdapAuthenticationProperties.getSearchFilter());
        binaryAttributeAwarePooledSearchEntryResolver.setSubtreeSearch(abstractLdapAuthenticationProperties.isSubtreeSearch());
        binaryAttributeAwarePooledSearchEntryResolver.setConnectionFactory(pooledConnectionFactory);
        binaryAttributeAwarePooledSearchEntryResolver.setAllowMultipleEntries(abstractLdapAuthenticationProperties.isAllowMultipleEntries());
        binaryAttributeAwarePooledSearchEntryResolver.setBinaryAttributes(abstractLdapAuthenticationProperties.getBinaryAttributes());
        if (StringUtils.isNotBlank(abstractLdapAuthenticationProperties.getDerefAliases())) {
            binaryAttributeAwarePooledSearchEntryResolver.setDerefAliases(DerefAliases.valueOf(abstractLdapAuthenticationProperties.getDerefAliases()));
        }
        ArrayList arrayList = new ArrayList();
        abstractLdapAuthenticationProperties.getSearchEntryHandlers().forEach(ldapSearchEntryHandlersProperties -> {
            switch (ldapSearchEntryHandlersProperties.getType()) {
                case CASE_CHANGE:
                    CaseChangeEntryHandler caseChangeEntryHandler = new CaseChangeEntryHandler();
                    caseChangeEntryHandler.setAttributeNameCaseChange(CaseChangeEntryHandler.CaseChange.valueOf(ldapSearchEntryHandlersProperties.getCasChange().getAttributeNameCaseChange()));
                    caseChangeEntryHandler.setAttributeNames((String[]) ldapSearchEntryHandlersProperties.getCasChange().getAttributeNames().toArray(new String[0]));
                    caseChangeEntryHandler.setAttributeValueCaseChange(CaseChangeEntryHandler.CaseChange.valueOf(ldapSearchEntryHandlersProperties.getCasChange().getAttributeValueCaseChange()));
                    caseChangeEntryHandler.setDnCaseChange(CaseChangeEntryHandler.CaseChange.valueOf(ldapSearchEntryHandlersProperties.getCasChange().getDnCaseChange()));
                    arrayList.add(caseChangeEntryHandler);
                    return;
                case DN_ATTRIBUTE_ENTRY:
                    DnAttributeEntryHandler dnAttributeEntryHandler = new DnAttributeEntryHandler();
                    dnAttributeEntryHandler.setAddIfExists(ldapSearchEntryHandlersProperties.getDnAttribute().isAddIfExists());
                    dnAttributeEntryHandler.setDnAttributeName(ldapSearchEntryHandlersProperties.getDnAttribute().getDnAttributeName());
                    arrayList.add(dnAttributeEntryHandler);
                    return;
                case MERGE:
                    MergeAttributeEntryHandler mergeAttributeEntryHandler = new MergeAttributeEntryHandler();
                    mergeAttributeEntryHandler.setAttributeNames((String[]) ldapSearchEntryHandlersProperties.getMergeAttribute().getAttributeNames().toArray(new String[0]));
                    mergeAttributeEntryHandler.setMergeAttributeName(ldapSearchEntryHandlersProperties.getMergeAttribute().getMergeAttributeName());
                    arrayList.add(mergeAttributeEntryHandler);
                    return;
                case OBJECT_GUID:
                    arrayList.add(new ObjectGuidHandler());
                    return;
                case OBJECT_SID:
                    arrayList.add(new ObjectSidHandler());
                    return;
                case PRIMARY_GROUP:
                    PrimaryGroupIdHandler primaryGroupIdHandler = new PrimaryGroupIdHandler();
                    primaryGroupIdHandler.setBaseDn(ldapSearchEntryHandlersProperties.getPrimaryGroupId().getBaseDn());
                    primaryGroupIdHandler.setGroupFilter(ldapSearchEntryHandlersProperties.getPrimaryGroupId().getGroupFilter());
                    arrayList.add(primaryGroupIdHandler);
                    return;
                case RANGE_ENTRY:
                    arrayList.add(new RangeEntryHandler());
                    return;
                case RECURSIVE_ENTRY:
                    arrayList.add(new RecursiveEntryHandler(ldapSearchEntryHandlersProperties.getRecursive().getSearchAttribute(), (String[]) ldapSearchEntryHandlersProperties.getRecursive().getMergeAttributes().toArray(new String[0])));
                    return;
                default:
                    return;
            }
        });
        if (!arrayList.isEmpty()) {
            LOGGER.debug("Search entry handlers defined for the entry resolver of [{}] are [{}]", abstractLdapAuthenticationProperties.getLdapUrl(), arrayList);
            binaryAttributeAwarePooledSearchEntryResolver.setSearchEntryHandlers((SearchEntryHandler[]) arrayList.toArray(new SearchEntryHandler[0]));
        }
        if (abstractLdapAuthenticationProperties.isFollowReferrals()) {
            binaryAttributeAwarePooledSearchEntryResolver.setReferralHandler(new SearchReferralHandler());
        }
        return binaryAttributeAwarePooledSearchEntryResolver;
    }

    @Generated
    private LdapUtils() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }

    private static /* synthetic */ void $closeResource(Throwable th, AutoCloseable autoCloseable) {
        if (th == null) {
            autoCloseable.close();
            return;
        }
        try {
            autoCloseable.close();
        } catch (Throwable th2) {
            th.addSuppressed(th2);
        }
    }
}
