package org.ldaptive.provider.unboundid;

import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.util.ssl.SSLSocketVerifier;
import com.unboundid.util.ssl.SSLUtil;
import java.io.IOException;
import java.security.GeneralSecurityException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.directory.api.ldap.model.url.LdapUrl;
import org.ldaptive.ConnectionConfig;
import org.ldaptive.LdapURL;
import org.ldaptive.provider.Provider;
import org.ldaptive.provider.ProviderConnectionFactory;
import org.ldaptive.ssl.DefaultHostnameVerifier;
import org.ldaptive.ssl.HostnameVerifierAdapter;
import org.ldaptive.ssl.SslConfig;
import org.ldaptive.ssl.TLSSocketFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/ldaptive-unboundid-1.2.4.jar:org/ldaptive/provider/unboundid/UnboundIDProvider.class */
public class UnboundIDProvider implements Provider<UnboundIDProviderConfig> {
    private UnboundIDProviderConfig config = new UnboundIDProviderConfig();

    @Override // org.ldaptive.provider.Provider
    public ProviderConnectionFactory<UnboundIDProviderConfig> getConnectionFactory(ConnectionConfig connectionConfig) {
        SSLSocketFactory sSLSocketFactory = this.config.getSSLSocketFactory();
        if (sSLSocketFactory == null && (connectionConfig.getUseStartTLS() || connectionConfig.getUseSSL() || connectionConfig.getLdapUrl().toLowerCase().contains(LdapUrl.LDAPS_SCHEME))) {
            if (connectionConfig.getSslConfig() != null && !connectionConfig.getSslConfig().isEmpty()) {
                TLSSocketFactory tLSSocketFactory = new TLSSocketFactory();
                tLSSocketFactory.setSslConfig(SslConfig.newSslConfig(connectionConfig.getSslConfig()));
                try {
                    tLSSocketFactory.initialize();
                    sSLSocketFactory = tLSSocketFactory;
                } catch (GeneralSecurityException e) {
                    throw new IllegalArgumentException(e);
                }
            } else if (connectionConfig.getUseSSL() || connectionConfig.getLdapUrl().toLowerCase().contains(LdapUrl.LDAPS_SCHEME)) {
                try {
                    sSLSocketFactory = new SSLUtil().createSSLSocketFactory();
                } catch (GeneralSecurityException e2) {
                    throw new IllegalArgumentException(e2);
                }
            }
        }
        LDAPConnectionOptions connectionOptions = this.config.getConnectionOptions();
        if (connectionOptions == null) {
            connectionOptions = getDefaultLDAPConnectionOptions(connectionConfig);
        }
        return connectionConfig.getUseStartTLS() ? new UnboundIDStartTLSConnectionFactory(connectionConfig.getLdapUrl(), connectionConfig.getConnectionStrategy(), this.config, sSLSocketFactory, connectionOptions) : new UnboundIDConnectionFactory(connectionConfig.getLdapUrl(), connectionConfig.getConnectionStrategy(), this.config, sSLSocketFactory, connectionOptions);
    }

    protected SSLSocketFactory getHostnameVerifierSocketFactory(ConnectionConfig connectionConfig) {
        return TLSSocketFactory.getHostnameVerifierFactory(connectionConfig.getSslConfig(), new LdapURL(connectionConfig.getLdapUrl()).getHostnames());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public LDAPConnectionOptions getDefaultLDAPConnectionOptions(ConnectionConfig connectionConfig) {
        LDAPConnectionOptions lDAPConnectionOptions = new LDAPConnectionOptions();
        if (connectionConfig.getConnectTimeout() != null) {
            lDAPConnectionOptions.setConnectTimeoutMillis((int) connectionConfig.getConnectTimeout().toMillis());
        }
        if (connectionConfig.getResponseTimeout() != null) {
            lDAPConnectionOptions.setResponseTimeoutMillis(connectionConfig.getResponseTimeout().toMillis());
        }
        final HostnameVerifier defaultHostnameVerifier = (connectionConfig.getSslConfig() == null || connectionConfig.getSslConfig().isEmpty()) ? new DefaultHostnameVerifier() : connectionConfig.getSslConfig().getHostnameVerifier() != null ? new HostnameVerifierAdapter(connectionConfig.getSslConfig().getHostnameVerifier()) : new DefaultHostnameVerifier();
        lDAPConnectionOptions.setSSLSocketVerifier(new SSLSocketVerifier() { // from class: org.ldaptive.provider.unboundid.UnboundIDProvider.1
            private final Logger logger = LoggerFactory.getLogger(getClass());

            @Override // com.unboundid.util.ssl.SSLSocketVerifier
            public void verifySSLSocket(String str, int i, SSLSocket sSLSocket) throws LDAPException {
                this.logger.trace("Verifying SSLSocket {} for host {} with verifier {}", sSLSocket, str, defaultHostnameVerifier);
                SSLSession session = sSLSocket.getSession();
                try {
                    session.getPeerCertificates();
                    if (defaultHostnameVerifier.verify(str, session)) {
                        return;
                    }
                    try {
                        sSLSocket.close();
                    } catch (IOException e) {
                        this.logger.debug("Error closing SSL socket", (Throwable) e);
                    }
                    throw new LDAPException(ResultCode.CONNECT_ERROR, "Hostname verification failed for " + str);
                } catch (SSLPeerUnverifiedException e2) {
                    throw new LDAPException(ResultCode.CONNECT_ERROR, "Trust verification failed for " + str, e2);
                }
            }
        });
        return lDAPConnectionOptions;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.ldaptive.provider.Provider
    public UnboundIDProviderConfig getProviderConfig() {
        return this.config;
    }

    @Override // org.ldaptive.provider.Provider
    public void setProviderConfig(UnboundIDProviderConfig unboundIDProviderConfig) {
        this.config = unboundIDProviderConfig;
    }

    @Override // org.ldaptive.provider.Provider
    /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
    public Provider<UnboundIDProviderConfig> newInstance2() {
        return new UnboundIDProvider();
    }
}
