package org.ldaptive.provider.apache;

import java.security.GeneralSecurityException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.TrustManager;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.ldaptive.ConnectionConfig;
import org.ldaptive.LdapURL;
import org.ldaptive.provider.Provider;
import org.ldaptive.provider.ProviderConnectionFactory;
import org.ldaptive.ssl.CertificateHostnameVerifier;
import org.ldaptive.ssl.CredentialConfig;
import org.ldaptive.ssl.DefaultHostnameVerifier;
import org.ldaptive.ssl.DefaultSSLContextInitializer;
import org.ldaptive.ssl.HostnameVerifierConfig;
import org.ldaptive.ssl.HostnameVerifyingTrustManager;
import org.ldaptive.ssl.SSLContextInitializer;

/* loaded from: input_file:org/ldaptive/provider/apache/ApacheLdapProvider.class */
public class ApacheLdapProvider implements Provider<ApacheLdapProviderConfig> {
    private ApacheLdapProviderConfig config = new ApacheLdapProviderConfig();

    public ProviderConnectionFactory<ApacheLdapProviderConfig> getConnectionFactory(ConnectionConfig connectionConfig) {
        LdapConnectionConfig ldapConnectionConfig = this.config.getLdapConnectionConfig();
        if (ldapConnectionConfig == null) {
            ldapConnectionConfig = getDefaultLdapConnectionConfig(connectionConfig);
        }
        return new ApacheLdapConnectionFactory(connectionConfig.getLdapUrl(), this.config, ldapConnectionConfig, connectionConfig.getUseStartTLS(), connectionConfig.getResponseTimeout());
    }

    protected SSLContextInitializer getHostnameVerifierSSLContextInitializer(ConnectionConfig connectionConfig) {
        SSLContextInitializer defaultSSLContextInitializer;
        LdapURL ldapURL = new LdapURL(connectionConfig.getLdapUrl());
        if (connectionConfig.getSslConfig() == null || connectionConfig.getSslConfig().isEmpty()) {
            defaultSSLContextInitializer = new DefaultSSLContextInitializer(true);
            defaultSSLContextInitializer.setTrustManagers(new TrustManager[]{new HostnameVerifyingTrustManager(new DefaultHostnameVerifier(), ldapURL.getEntriesAsString())});
        } else {
            CredentialConfig credentialConfig = connectionConfig.getSslConfig().getCredentialConfig();
            TrustManager[] trustManagers = connectionConfig.getSslConfig().getTrustManagers();
            CertificateHostnameVerifier hostnameVerifier = connectionConfig.getSslConfig().getHostnameVerifier();
            if (credentialConfig != null) {
                try {
                    defaultSSLContextInitializer = credentialConfig.createSSLContextInitializer();
                } catch (GeneralSecurityException e) {
                    throw new IllegalArgumentException(e);
                }
            } else {
                defaultSSLContextInitializer = trustManagers != null ? new DefaultSSLContextInitializer(false) : new DefaultSSLContextInitializer(true);
            }
            if (trustManagers != null) {
                defaultSSLContextInitializer.setTrustManagers(trustManagers);
            }
            if (hostnameVerifier != null) {
                defaultSSLContextInitializer.setHostnameVerifierConfig(new HostnameVerifierConfig(hostnameVerifier, ldapURL.getEntriesAsString()));
            } else {
                defaultSSLContextInitializer.setHostnameVerifierConfig(new HostnameVerifierConfig(new DefaultHostnameVerifier(), ldapURL.getEntriesAsString()));
            }
        }
        return defaultSSLContextInitializer;
    }

    protected LdapConnectionConfig getDefaultLdapConnectionConfig(ConnectionConfig connectionConfig) {
        LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
        if (connectionConfig.getUseStartTLS() || connectionConfig.getUseSSL() || connectionConfig.getLdapUrl().toLowerCase().contains("ldaps://")) {
            SSLContextInitializer hostnameVerifierSSLContextInitializer = getHostnameVerifierSSLContextInitializer(connectionConfig);
            try {
                TrustManager[] trustManagers = hostnameVerifierSSLContextInitializer.getTrustManagers();
                KeyManager[] keyManagers = hostnameVerifierSSLContextInitializer.getKeyManagers();
                ldapConnectionConfig.setUseSsl(connectionConfig.getUseSSL() || connectionConfig.getLdapUrl().toLowerCase().contains("ldaps://"));
                ldapConnectionConfig.setTrustManagers(trustManagers);
                ldapConnectionConfig.setKeyManagers(keyManagers);
                if (connectionConfig.getSslConfig() != null && connectionConfig.getSslConfig().getEnabledCipherSuites() != null) {
                    ldapConnectionConfig.setEnabledCipherSuites(connectionConfig.getSslConfig().getEnabledCipherSuites());
                }
                if (connectionConfig.getSslConfig() != null && connectionConfig.getSslConfig().getEnabledProtocols() != null) {
                    ldapConnectionConfig.setSslProtocol(connectionConfig.getSslConfig().getEnabledProtocols()[0]);
                }
            } catch (GeneralSecurityException e) {
                throw new IllegalArgumentException(e);
            }
        }
        return ldapConnectionConfig;
    }

    /* renamed from: getProviderConfig, reason: merged with bridge method [inline-methods] */
    public ApacheLdapProviderConfig m4getProviderConfig() {
        return this.config;
    }

    public void setProviderConfig(ApacheLdapProviderConfig apacheLdapProviderConfig) {
        this.config = apacheLdapProviderConfig;
    }

    /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
    public ApacheLdapProvider m3newInstance() {
        return new ApacheLdapProvider();
    }
}
