package com.unboundid.ldap.sdk;

import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
import com.unboundid.util.Debug;
import com.unboundid.util.NotNull;
import com.unboundid.util.Nullable;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.Validator;
import com.unboundid.util.ssl.SSLUtil;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.SocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/unboundid/ldap/sdk/ReferralConnectionPool.class */
public final class ReferralConnectionPool {

    @NotNull
    private final AtomicReference<Long> lastUsedTimeMillisRef;
    private final boolean checkAuthenticationID;
    private final int serverPort;

    @NotNull
    private final LDAPConnectionPool connectionPool;
    private final long poolCreateTimeMillis;

    @NotNull
    private final PooledReferralConnector referralConnector;

    @NotNull
    private final String serverAddress;

    @Nullable
    private final String authenticationIdentifier;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ReferralConnectionPool(@NotNull LDAPURL ldapurl, @NotNull LDAPConnection lDAPConnection, @NotNull PooledReferralConnector pooledReferralConnector) throws LDAPException {
        this.referralConnector = pooledReferralConnector;
        this.serverAddress = ldapurl.getHost();
        this.serverPort = ldapurl.getPort();
        BindRequest bindRequest = pooledReferralConnector.getBindRequest();
        if (bindRequest == null) {
            bindRequest = lDAPConnection.getLastBindRequest();
            this.checkAuthenticationID = true;
            if (bindRequest == null) {
                this.authenticationIdentifier = Version.VERSION_QUALIFIER;
            } else {
                this.authenticationIdentifier = getAuthenticationIdentifier(lDAPConnection);
                if (this.authenticationIdentifier == null) {
                    throw new LDAPException(ResultCode.AUTH_METHOD_NOT_SUPPORTED, LDAPMessages.ERR_REFERRAL_POOL_UNSUPPORTED_BIND_TYPE.get("SASL " + ((SASLBindRequest) bindRequest).getSASLMechanismName()));
                }
            }
        } else {
            this.authenticationIdentifier = null;
            this.checkAuthenticationID = false;
        }
        this.connectionPool = new LDAPConnectionPool(new SingleServerSet(this.serverAddress, this.serverPort, getSocketFactory(ldapurl, lDAPConnection), getConnectionOptions(lDAPConnection), bindRequest, getPostConnectProcessor(ldapurl, lDAPConnection)), bindRequest, pooledReferralConnector.getInitialConnectionsPerPool(), pooledReferralConnector.getMaximumConnectionsPerPool(), 1, null, false, pooledReferralConnector.getHealthCheck());
        this.connectionPool.setRetryFailedOperationsDueToInvalidConnections(pooledReferralConnector.retryFailedOperationsDueToInvalidConnections());
        this.connectionPool.setHealthCheckIntervalMillis(pooledReferralConnector.getHealthCheckIntervalMillis());
        this.connectionPool.setMaxConnectionAgeMillis(pooledReferralConnector.getMaximumConnectionAgeMillis());
        this.poolCreateTimeMillis = System.currentTimeMillis();
        this.lastUsedTimeMillisRef = new AtomicReference<>(Long.valueOf(this.poolCreateTimeMillis));
    }

    @NotNull
    private SocketFactory getSocketFactory(@NotNull LDAPURL ldapurl, @NotNull LDAPConnection lDAPConnection) throws LDAPException {
        if (useLDAPS(ldapurl, lDAPConnection)) {
            return getSSLSocketFactory(lDAPConnection);
        }
        SocketFactory socketFactory = lDAPConnection.getSocketFactory();
        return !(socketFactory instanceof SSLSocketFactory) ? socketFactory : SocketFactory.getDefault();
    }

    private boolean useLDAPS(@NotNull LDAPURL ldapurl, @NotNull LDAPConnection lDAPConnection) {
        if (ldapurl.getScheme().equalsIgnoreCase("ldaps")) {
            return true;
        }
        switch (this.referralConnector.getLDAPURLSecurityType()) {
            case ALWAYS_USE_LDAPS:
                return true;
            case ALWAYS_USE_LDAP_AND_NEVER_USE_START_TLS:
            case ALWAYS_USE_LDAP_AND_ALWAYS_USE_START_TLS:
            case ALWAYS_USE_LDAP_AND_CONDITIONALLY_USE_START_TLS:
                return false;
            case CONDITIONALLY_USE_LDAP_AND_NEVER_USE_START_TLS:
            case CONDITIONALLY_USE_LDAP_AND_ALWAYS_USE_START_TLS:
            case CONDITIONALLY_USE_LDAP_AND_CONDITIONALLY_USE_START_TLS:
                return lDAPConnection.getSocketFactory() instanceof SSLSocketFactory;
            default:
                Validator.violation("Unrecognized ldapURLSecurityType value '" + this.referralConnector.getLDAPURLSecurityType().name() + "'.");
                return false;
        }
    }

    private boolean useStartTLS(@NotNull LDAPURL ldapurl, @NotNull LDAPConnection lDAPConnection) {
        if (ldapurl.getScheme().equalsIgnoreCase("ldaps")) {
            return false;
        }
        switch (this.referralConnector.getLDAPURLSecurityType()) {
            case ALWAYS_USE_LDAPS:
                return false;
            case ALWAYS_USE_LDAP_AND_NEVER_USE_START_TLS:
            case CONDITIONALLY_USE_LDAP_AND_NEVER_USE_START_TLS:
                return false;
            case ALWAYS_USE_LDAP_AND_ALWAYS_USE_START_TLS:
                return true;
            case ALWAYS_USE_LDAP_AND_CONDITIONALLY_USE_START_TLS:
            case CONDITIONALLY_USE_LDAP_AND_CONDITIONALLY_USE_START_TLS:
                return lDAPConnection.getStartTLSRequest() != null;
            case CONDITIONALLY_USE_LDAP_AND_ALWAYS_USE_START_TLS:
                return !(lDAPConnection.getSocketFactory() instanceof SSLSocketFactory);
            default:
                Validator.violation("Unrecognized ldapURLSecurityType value '" + this.referralConnector.getLDAPURLSecurityType().name() + "'.");
                return false;
        }
    }

    @NotNull
    private SSLSocketFactory getSSLSocketFactory(@NotNull LDAPConnection lDAPConnection) throws LDAPException {
        SSLSocketFactory sSLSocketFactory = this.referralConnector.getSSLSocketFactory();
        if (sSLSocketFactory != null) {
            return sSLSocketFactory;
        }
        SocketFactory socketFactory = lDAPConnection.getSocketFactory();
        if (socketFactory instanceof SSLSocketFactory) {
            return (SSLSocketFactory) socketFactory;
        }
        ExtendedRequest startTLSRequest = lDAPConnection.getStartTLSRequest();
        if (startTLSRequest != null && (startTLSRequest instanceof StartTLSExtendedRequest)) {
            return ((StartTLSExtendedRequest) startTLSRequest).getSSLSocketFactory();
        }
        try {
            return new SSLUtil(InternalSDKHelper.getPreferredNonInteractiveTrustManagerChain(new X509TrustManager[0])).createSSLSocketFactory();
        } catch (Exception e) {
            Debug.debugException(e);
            throw new LDAPException(ResultCode.CONNECT_ERROR, LDAPMessages.ERR_REFERRAL_POOL_CANNOT_CREATE_SSL_SOCKET_FACTORY.get(StaticUtils.getExceptionMessage(e)), e);
        }
    }

    @NotNull
    private LDAPConnectionOptions getConnectionOptions(@NotNull LDAPConnection lDAPConnection) {
        LDAPConnectionOptions connectionOptions = this.referralConnector.getConnectionOptions();
        LDAPConnectionOptions duplicate = connectionOptions != null ? connectionOptions.duplicate() : lDAPConnection.getConnectionOptions().duplicate();
        duplicate.setFollowReferrals(false);
        duplicate.setReferralConnector(null);
        return duplicate;
    }

    @Nullable
    private PostConnectProcessor getPostConnectProcessor(@NotNull LDAPURL ldapurl, @NotNull LDAPConnection lDAPConnection) throws LDAPException {
        if (useStartTLS(ldapurl, lDAPConnection)) {
            return new StartTLSPostConnectProcessor(getSSLSocketFactory(lDAPConnection));
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void close() {
        this.connectionPool.close();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isApplicableToReferral(@NotNull LDAPURL ldapurl, @NotNull LDAPConnection lDAPConnection) {
        if (this.serverAddress.equals(ldapurl.getHost()) && this.serverPort == ldapurl.getPort()) {
            return !this.checkAuthenticationID || this.authenticationIdentifier.equals(getAuthenticationIdentifier(lDAPConnection));
        }
        return false;
    }

    @Nullable
    private static String getAuthenticationIdentifier(@NotNull LDAPConnection lDAPConnection) {
        BindRequest lastBindRequest = lDAPConnection.getLastBindRequest();
        if (lastBindRequest == null) {
            return Version.VERSION_QUALIFIER;
        }
        if (lastBindRequest instanceof SimpleBindRequest) {
            SimpleBindRequest simpleBindRequest = (SimpleBindRequest) lastBindRequest;
            try {
                return "dn:" + DN.normalize(simpleBindRequest.getBindDN());
            } catch (Exception e) {
                Debug.debugException(e);
                return simpleBindRequest.getBindDN();
            }
        }
        if (lastBindRequest instanceof PLAINBindRequest) {
            PLAINBindRequest pLAINBindRequest = (PLAINBindRequest) lastBindRequest;
            return pLAINBindRequest.getAuthorizationID() == null ? getAuthenticationIdentifier(pLAINBindRequest.getAuthenticationID()) : getAuthenticationIdentifier(pLAINBindRequest.getAuthorizationID());
        }
        if (lastBindRequest instanceof SCRAMBindRequest) {
            return getAuthenticationIdentifier(((SCRAMBindRequest) lastBindRequest).getUsername());
        }
        return null;
    }

    @NotNull
    private static String getAuthenticationIdentifier(@NotNull String str) {
        if (str.startsWith("dn:")) {
            try {
                return "dn:" + new DN(str.substring(3)).toNormalizedString();
            } catch (Exception e) {
                Debug.debugException(e);
            }
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public LDAPConnectionPool getConnectionPool() {
        return this.connectionPool;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long getPoolCreateTimeMillis() {
        return this.poolCreateTimeMillis;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long getLastUsedTimeMillis() {
        return this.lastUsedTimeMillisRef.get().longValue();
    }
}
