package org.exist.security.realm.ldap;

import java.text.MessageFormat;
import java.util.Hashtable;
import java.util.Map;
import javax.naming.NamingException;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.exist.config.Configurable;
import org.exist.config.Configuration;
import org.exist.config.Configurator;
import org.exist.config.annotation.ConfigurationClass;
import org.exist.config.annotation.ConfigurationFieldAsElement;

@ConfigurationClass("context")
/* loaded from: input_file:org/exist/security/realm/ldap/LdapContextFactory.class */
public class LdapContextFactory implements Configurable {
    private static final Logger LOG = LogManager.getLogger(LdapContextFactory.class);
    private static final String SUN_CONNECTION_POOLING_PROPERTY = "com.sun.jndi.ldap.connect.pool";
    protected MessageFormat principalPatternFormat;
    private Configuration configuration;

    @ConfigurationFieldAsElement("search")
    private LDAPSearchContext search;

    @ConfigurationFieldAsElement("transformation")
    private LDAPTransformationContext realmTransformation;

    @ConfigurationFieldAsElement("authentication")
    protected String authentication = "simple";

    @ConfigurationFieldAsElement("use-ssl")
    private final boolean ssl = false;

    @ConfigurationFieldAsElement("principal-pattern")
    protected String principalPattern = null;

    @ConfigurationFieldAsElement("url")
    protected String url = null;

    @ConfigurationFieldAsElement("domain")
    protected String domain = null;
    protected String contextFactoryClassName = "com.sun.jndi.ldap.LdapCtxFactory";
    protected String systemUsername = null;
    protected String systemPassword = null;
    private boolean usePooling = true;

    public LdapContextFactory(Configuration configuration) {
        this.configuration = null;
        this.configuration = Configurator.configure(this, configuration);
        if (this.principalPattern != null) {
            this.principalPatternFormat = new MessageFormat(this.principalPattern);
        }
    }

    public LdapContext getSystemLdapContext() throws NamingException {
        return getLdapContext(this.systemUsername, this.systemPassword);
    }

    public LdapContext getLdapContext(String str, String str2) throws NamingException {
        return getLdapContext(str, str2, null);
    }

    public LdapContext getLdapContext(String str, String str2, Map<String, Object> map) throws NamingException {
        if (this.url == null) {
            throw new IllegalStateException("An LDAP URL must be specified of the form ldap://<hostname>:<port>");
        }
        if (StringUtils.isBlank(str2)) {
            throw new IllegalStateException("Password for LDAP authentication may not be empty.");
        }
        if (str != null && this.principalPattern != null) {
            str = this.principalPatternFormat.format(new String[]{str});
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.security.authentication", this.authentication);
        if (str != null) {
            hashtable.put("java.naming.security.principal", str);
        }
        if (str2 != null) {
            hashtable.put("java.naming.security.credentials", str2);
        }
        hashtable.put("java.naming.factory.initial", this.contextFactoryClassName);
        hashtable.put("java.naming.provider.url", this.url);
        hashtable.put("java.naming.ldap.attributes.binary", "objectSid");
        if (this.usePooling && str != null && str.equals(this.systemUsername)) {
            hashtable.put(SUN_CONNECTION_POOLING_PROPERTY, "true");
        }
        if (map != null) {
            hashtable.putAll(map);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Initializing LDAP context using URL [" + this.url + "] and username [" + str + "] with pooling [" + (this.usePooling ? "enabled" : "disabled") + "]");
        }
        return new InitialLdapContext(hashtable, (Control[]) null);
    }

    public LDAPSearchContext getSearch() {
        return this.search;
    }

    public LDAPTransformationContext getTransformationContext() {
        return this.realmTransformation;
    }

    public String getDomain() {
        return this.domain;
    }

    public boolean isConfigured() {
        return this.configuration != null;
    }

    public Configuration getConfiguration() {
        return this.configuration;
    }
}
