package com.forgerock.opendj.cli;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Iterator;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.ConnectionFactory;
import org.forgerock.opendj.ldap.KeyManagers;
import org.forgerock.opendj.ldap.LDAPConnectionFactory;
import org.forgerock.opendj.ldap.LDAPOptions;
import org.forgerock.opendj.ldap.SSLContextBuilder;
import org.forgerock.opendj.ldap.TrustManagers;
import org.forgerock.opendj.ldap.controls.AuthorizationIdentityRequestControl;
import org.forgerock.opendj.ldap.controls.PasswordPolicyRequestControl;
import org.forgerock.opendj.ldap.requests.BindRequest;
import org.forgerock.opendj.ldap.requests.Requests;

/* loaded from: input_file:com/forgerock/opendj/cli/ConnectionFactoryProvider.class */
public final class ConnectionFactoryProvider {
    static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private StringArgument hostNameArg;
    private IntegerArgument portArg;
    private StringArgument bindNameArg;
    private FileBasedArgument bindPasswordFileArg;
    private char[] password;
    private StringArgument bindPasswordArg;
    private IntegerArgument connectTimeOut;
    private BooleanArgument trustAllArg;
    private StringArgument trustStorePathArg;
    private StringArgument trustStorePasswordArg;
    private FileBasedArgument trustStorePasswordFileArg;
    private StringArgument keyStorePathArg;
    private StringArgument keyStorePasswordArg;
    private FileBasedArgument keyStorePasswordFileArg;
    private StringArgument certNicknameArg;
    private BooleanArgument useSSLArg;
    private BooleanArgument useStartTLSArg;
    private StringArgument saslOptionArg;
    private final BooleanArgument reportAuthzIDArg;
    private final BooleanArgument usePasswordPolicyControlArg;
    private int port;
    private SSLContext sslContext;
    private ConnectionFactory connFactory;
    protected ConnectionFactory authenticatedConnFactory;
    private BindRequest bindRequest;
    private final ConsoleApplication app;
    private boolean isAdminConnection;

    public ConnectionFactoryProvider(ArgumentParser argumentParser, ConsoleApplication consoleApplication) throws ArgumentException {
        this(argumentParser, consoleApplication, "", CliConstants.DEFAULT_LDAP_PORT, false);
    }

    public ConnectionFactoryProvider(ArgumentParser argumentParser, ConsoleApplication consoleApplication, String str, int i, boolean z) throws ArgumentException {
        String str2;
        this.port = CliConstants.DEFAULT_LDAP_PORT;
        this.app = consoleApplication;
        this.useSSLArg = CommonArguments.getUseSSL();
        if (z) {
            this.useSSLArg.setPresent(true);
        } else {
            argumentParser.addLdapConnectionArgument(this.useSSLArg);
        }
        this.useStartTLSArg = CommonArguments.getStartTLS();
        if (!z) {
            argumentParser.addLdapConnectionArgument(this.useStartTLSArg);
        }
        try {
            str2 = InetAddress.getLocalHost().getHostName();
        } catch (Exception e) {
            str2 = "Unknown (" + e + ")";
        }
        this.hostNameArg = CommonArguments.getHostName(str2);
        argumentParser.addLdapConnectionArgument(this.hostNameArg);
        this.portArg = CommonArguments.getPort(i, z ? CliMessages.INFO_DESCRIPTION_ADMIN_PORT.get() : CliMessages.INFO_DESCRIPTION_PORT.get());
        argumentParser.addLdapConnectionArgument(this.portArg);
        this.bindNameArg = CommonArguments.getBindDN(str);
        argumentParser.addLdapConnectionArgument(this.bindNameArg);
        this.bindPasswordArg = CommonArguments.getBindPassword();
        argumentParser.addLdapConnectionArgument(this.bindPasswordArg);
        this.bindPasswordFileArg = CommonArguments.getBindPasswordFile();
        argumentParser.addLdapConnectionArgument(this.bindPasswordFileArg);
        this.saslOptionArg = CommonArguments.getSASL();
        argumentParser.addLdapConnectionArgument(this.saslOptionArg);
        this.trustAllArg = CommonArguments.getTrustAll();
        argumentParser.addLdapConnectionArgument(this.trustAllArg);
        this.trustStorePathArg = CommonArguments.getTrustStorePath();
        argumentParser.addLdapConnectionArgument(this.trustStorePathArg);
        this.trustStorePasswordArg = CommonArguments.getTrustStorePassword();
        argumentParser.addLdapConnectionArgument(this.trustStorePasswordArg);
        this.trustStorePasswordFileArg = CommonArguments.getTrustStorePasswordFile();
        argumentParser.addLdapConnectionArgument(this.trustStorePasswordFileArg);
        this.keyStorePathArg = CommonArguments.getKeyStorePath();
        argumentParser.addLdapConnectionArgument(this.keyStorePathArg);
        this.keyStorePasswordArg = CommonArguments.getKeyStorePassword();
        argumentParser.addLdapConnectionArgument(this.keyStorePasswordArg);
        this.keyStorePasswordFileArg = CommonArguments.getKeyStorePasswordFile();
        argumentParser.addLdapConnectionArgument(this.keyStorePasswordFileArg);
        this.certNicknameArg = CommonArguments.getCertNickName();
        argumentParser.addLdapConnectionArgument(this.certNicknameArg);
        this.reportAuthzIDArg = CommonArguments.getReportAuthzId();
        argumentParser.addArgument(this.reportAuthzIDArg);
        this.connectTimeOut = CommonArguments.getConnectTimeOut();
        argumentParser.addArgument(this.connectTimeOut);
        this.usePasswordPolicyControlArg = new BooleanArgument("usepwpolicycontrol", null, ArgumentConstants.OPTION_LONG_USE_PW_POLICY_CTL, CliMessages.INFO_DESCRIPTION_USE_PWP_CONTROL.get());
        this.usePasswordPolicyControlArg.setPropertyName(ArgumentConstants.OPTION_LONG_USE_PW_POLICY_CTL);
        argumentParser.addArgument(this.usePasswordPolicyControlArg);
    }

    public int getConnectTimeout() {
        if (!this.connectTimeOut.isPresent()) {
            return Integer.valueOf(this.connectTimeOut.getDefaultValue()).intValue();
        }
        try {
            return this.connectTimeOut.getIntValue();
        } catch (ArgumentException e) {
            return Integer.valueOf(this.connectTimeOut.getDefaultValue()).intValue();
        }
    }

    public String getHostname() throws ArgumentException {
        String readInput;
        if (this.hostNameArg.isPresent()) {
            readInput = this.hostNameArg.getValue();
        } else {
            if (!this.app.isInteractive()) {
                return this.hostNameArg.getDefaultValue() == null ? "" : this.hostNameArg.getDefaultValue();
            }
            try {
                readInput = this.app.readInput(CliMessages.INFO_DESCRIPTION_HOST.get(), this.hostNameArg.getDefaultValue() == null ? "" : this.hostNameArg.getDefaultValue());
                this.app.println();
                this.hostNameArg.addValue(readInput);
                this.hostNameArg.setPresent(true);
            } catch (ClientException e) {
                throw new ArgumentException(CliMessages.ERR_ERROR_CANNOT_READ_HOST_NAME.get(), e);
            }
        }
        return Utils.getHostNameForLdapUrl(readInput);
    }

    public int getPort() {
        if (!this.portArg.isPresent()) {
            return Integer.valueOf(this.portArg.getDefaultValue()).intValue();
        }
        try {
            return this.portArg.getIntValue();
        } catch (ArgumentException e) {
            return Integer.valueOf(this.portArg.getDefaultValue()).intValue();
        }
    }

    public boolean useSSL() {
        return this.useSSLArg.isPresent();
    }

    public boolean useStartTLS() {
        return this.useStartTLSArg.isPresent();
    }

    public ConnectionFactory getConnectionFactory() throws ArgumentException {
        if (this.connFactory == null) {
            this.port = this.portArg.isPresent() ? this.portArg.getIntValue() : 0;
            checkForConflictingArguments();
            if (this.app.isInteractive()) {
                if (!this.hostNameArg.isPresent() || this.port == 0 || !this.bindNameArg.isPresent() || (!this.bindPasswordArg.isPresent() && !this.bindPasswordFileArg.isPresent())) {
                    this.app.printHeader(CliMessages.INFO_LDAP_CONN_HEADING_CONNECTION_PARAMETERS.get());
                }
                if (!this.hostNameArg.isPresent()) {
                    getHostname();
                }
                if (this.port == 0) {
                    this.port = this.app.askPort(this.isAdminConnection ? CliMessages.INFO_DESCRIPTION_ADMIN_PORT.get() : CliMessages.INFO_DESCRIPTION_PORT.get(), Integer.valueOf(this.portArg.getDefaultValue()).intValue(), logger);
                    this.app.println();
                }
                if (!this.bindNameArg.isPresent()) {
                    getBindName();
                }
                if (!this.bindPasswordArg.isPresent() && !this.bindPasswordFileArg.isPresent()) {
                    getPassword();
                }
            }
            try {
                if (this.useSSLArg.isPresent() || this.useStartTLSArg.isPresent()) {
                    String value = this.certNicknameArg.isPresent() ? this.certNicknameArg.getValue() : null;
                    if (this.sslContext == null) {
                        TrustManager trustManager = getTrustManager();
                        X509KeyManager x509KeyManager = null;
                        X509KeyManager keyManager = getKeyManager(this.keyStorePathArg.getValue());
                        if (keyManager != null && value != null) {
                            x509KeyManager = KeyManagers.useSingleCertificate(value, keyManager);
                        }
                        this.sslContext = new SSLContextBuilder().setTrustManager(trustManager).setKeyManager(x509KeyManager).getSSLContext();
                    }
                }
                LDAPOptions lDAPOptions = new LDAPOptions();
                if (this.sslContext != null) {
                    lDAPOptions.setSSLContext(this.sslContext).setUseStartTLS(this.useStartTLSArg.isPresent());
                }
                lDAPOptions.setConnectTimeout(getConnectTimeout(), TimeUnit.MILLISECONDS);
                this.connFactory = new LDAPConnectionFactory(this.hostNameArg.getValue(), this.port, lDAPOptions);
            } catch (Exception e) {
                throw new ArgumentException(CliMessages.ERR_LDAP_CONN_CANNOT_INITIALIZE_SSL.get(e.toString()), e);
            }
        }
        return this.connFactory;
    }

    private void checkForConflictingArguments() throws ArgumentException {
        if (this.bindPasswordArg.isPresent() && this.bindPasswordFileArg.isPresent()) {
            throw new ArgumentException(CliMessages.ERR_TOOL_CONFLICTING_ARGS.get(this.bindPasswordArg.getLongIdentifier(), this.bindPasswordFileArg.getLongIdentifier()));
        }
        if (this.trustAllArg.isPresent() && this.trustStorePathArg.isPresent()) {
            throw new ArgumentException(CliMessages.ERR_TOOL_CONFLICTING_ARGS.get(this.trustAllArg.getLongIdentifier(), this.trustStorePathArg.getLongIdentifier()));
        }
        if (this.trustAllArg.isPresent() && this.trustStorePasswordArg.isPresent()) {
            throw new ArgumentException(CliMessages.ERR_TOOL_CONFLICTING_ARGS.get(this.trustAllArg.getLongIdentifier(), this.trustStorePasswordArg.getLongIdentifier()));
        }
        if (this.trustAllArg.isPresent() && this.trustStorePasswordFileArg.isPresent()) {
            throw new ArgumentException(CliMessages.ERR_TOOL_CONFLICTING_ARGS.get(this.trustAllArg.getLongIdentifier(), this.trustStorePasswordFileArg.getLongIdentifier()));
        }
        if (this.trustStorePasswordArg.isPresent() && this.trustStorePasswordFileArg.isPresent()) {
            throw new ArgumentException(CliMessages.ERR_TOOL_CONFLICTING_ARGS.get(this.trustStorePasswordArg.getLongIdentifier(), this.trustStorePasswordFileArg.getLongIdentifier()));
        }
        if (this.trustStorePathArg.isPresent()) {
            String value = this.trustStorePathArg.getValue();
            if (!canReadPath(value)) {
                throw new ArgumentException(CliMessages.ERR_CANNOT_READ_TRUSTSTORE.get(value));
            }
        }
        if (this.keyStorePathArg.isPresent()) {
            String value2 = this.keyStorePathArg.getValue();
            if (!canReadPath(value2)) {
                throw new ArgumentException(CliMessages.ERR_CANNOT_READ_KEYSTORE.get(value2));
            }
        }
        if (this.useStartTLSArg.isPresent() && this.useSSLArg.isPresent()) {
            throw new ArgumentException(CliMessages.ERR_TOOL_CONFLICTING_ARGS.get(this.useStartTLSArg.getLongIdentifier(), this.useSSLArg.getLongIdentifier()));
        }
    }

    public ConnectionFactory getAuthenticatedConnectionFactory() throws ArgumentException {
        if (this.authenticatedConnFactory == null) {
            this.authenticatedConnFactory = getConnectionFactory();
            BindRequest bindRequest = getBindRequest();
            if (bindRequest != null) {
                this.authenticatedConnFactory = new AuthenticatedConnectionFactory(this.authenticatedConnFactory, bindRequest);
            }
        }
        return this.authenticatedConnFactory;
    }

    private boolean canReadPath(String str) {
        File file = new File(str);
        return file.exists() && file.canRead();
    }

    private String getAuthID(String str) throws ArgumentException {
        String str2 = null;
        Iterator<String> it = this.saslOptionArg.getValues().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            if (next.startsWith(ArgumentConstants.SASL_PROPERTY_AUTHID)) {
                str2 = parseSASLOptionValue(next);
                break;
            }
        }
        if (str2 == null && this.bindNameArg.isPresent()) {
            str2 = "dn: " + this.bindNameArg.getValue();
        }
        if (str2 == null && this.app.isInteractive()) {
            try {
                str2 = this.app.readInput(LocalizableMessage.raw("Authentication ID:", new Object[0]), this.bindNameArg.getDefaultValue() == null ? null : "dn: " + this.bindNameArg.getDefaultValue());
            } catch (ClientException e) {
                throw new ArgumentException(LocalizableMessage.raw("Unable to read authentication ID", new Object[0]), e);
            }
        }
        if (str2 == null) {
            throw new ArgumentException(CliMessages.ERR_LDAPAUTH_SASL_AUTHID_REQUIRED.get(str));
        }
        return str2;
    }

    private String getAuthzID() throws ArgumentException {
        String str = null;
        Iterator<String> it = this.saslOptionArg.getValues().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            if (next.startsWith(ArgumentConstants.SASL_PROPERTY_AUTHZID)) {
                str = parseSASLOptionValue(next);
                break;
            }
        }
        return str;
    }

    public String getBindName() throws ArgumentException {
        String str = "";
        if (this.bindNameArg.isPresent()) {
            str = this.bindNameArg.getValue();
        } else if (this.app.isInteractive()) {
            try {
                str = this.app.readInput(this.isAdminConnection ? CliMessages.INFO_DESCRIPTION_ADMIN_BINDDN.get() : CliMessages.INFO_DESCRIPTION_BINDDN.get(), this.bindNameArg.getDefaultValue() == null ? str : this.bindNameArg.getDefaultValue());
                this.app.println();
                this.bindNameArg.clearValues();
                this.bindNameArg.addValue(str);
                this.bindNameArg.setPresent(true);
            } catch (ClientException e) {
                throw new ArgumentException(CliMessages.ERR_ERROR_CANNOT_READ_BIND_NAME.get(), e);
            }
        }
        return str;
    }

    public BindRequest getBindRequest() throws ArgumentException {
        if (this.bindRequest == null) {
            String str = null;
            Iterator<String> it = this.saslOptionArg.getValues().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String next = it.next();
                if (next.startsWith(ArgumentConstants.SASL_PROPERTY_MECH)) {
                    str = parseSASLOptionValue(next);
                    break;
                }
            }
            if (str == null) {
                if (this.bindNameArg.isPresent() || this.bindPasswordFileArg.isPresent() || this.bindPasswordArg.isPresent()) {
                    this.bindRequest = Requests.newSimpleBindRequest(getBindName(), getPassword());
                }
            } else if ("DIGEST-MD5".equals(str)) {
                this.bindRequest = Requests.newDigestMD5SASLBindRequest(getAuthID("DIGEST-MD5"), getPassword()).setAuthorizationID(getAuthzID()).setRealm(getRealm());
            } else if ("CRAM-MD5".equals(str)) {
                this.bindRequest = Requests.newCRAMMD5SASLBindRequest(getAuthID("CRAM-MD5"), getPassword());
            } else if ("GSSAPI".equals(str)) {
                this.bindRequest = Requests.newGSSAPISASLBindRequest(getAuthID("GSSAPI"), getPassword()).setKDCAddress(getKDC()).setRealm(getRealm()).setAuthorizationID(getAuthzID());
            } else if ("EXTERNAL".equals(str)) {
                if (this.sslContext == null) {
                    throw new ArgumentException(CliMessages.ERR_TOOL_SASLEXTERNAL_NEEDS_SSL_OR_TLS.get());
                }
                if (!this.keyStorePathArg.isPresent() && getKeyStore() == null) {
                    throw new ArgumentException(CliMessages.ERR_TOOL_SASLEXTERNAL_NEEDS_KEYSTORE.get());
                }
                this.bindRequest = Requests.newExternalSASLBindRequest().setAuthorizationID(getAuthzID());
            } else {
                if (!"PLAIN".equals(str)) {
                    throw new ArgumentException(CliMessages.ERR_LDAPAUTH_UNSUPPORTED_SASL_MECHANISM.get(str));
                }
                this.bindRequest = Requests.newPlainSASLBindRequest(getAuthID("PLAIN"), getPassword()).setAuthorizationID(getAuthzID());
            }
            if (this.reportAuthzIDArg.isPresent()) {
                this.bindRequest.addControl(AuthorizationIdentityRequestControl.newControl(false));
            }
            if (this.usePasswordPolicyControlArg.isPresent()) {
                this.bindRequest.addControl(PasswordPolicyRequestControl.newControl(false));
            }
        }
        return this.bindRequest;
    }

    public String toString() {
        return this.connFactory.toString();
    }

    private String getKDC() throws ArgumentException {
        String str = null;
        Iterator<String> it = this.saslOptionArg.getValues().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            if (next.startsWith(ArgumentConstants.SASL_PROPERTY_KDC)) {
                str = parseSASLOptionValue(next);
                break;
            }
        }
        return str;
    }

    public X509KeyManager getKeyManager(String str) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        if (str == null) {
            str = getKeyStore();
        }
        if (str == null) {
            return null;
        }
        String keyStorePIN = getKeyStorePIN();
        char[] cArr = null;
        if (keyStorePIN != null) {
            cArr = keyStorePIN.toCharArray();
        }
        FileInputStream fileInputStream = new FileInputStream(str);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(fileInputStream, cArr);
        fileInputStream.close();
        return new ApplicationKeyManager(keyStore, cArr);
    }

    private String getKeyStore() {
        return System.getProperty("javax.net.ssl.keyStore");
    }

    private String getKeyStorePIN() {
        return this.keyStorePasswordArg.isPresent() ? this.keyStorePasswordArg.getValue() : this.keyStorePasswordFileArg.isPresent() ? this.keyStorePasswordFileArg.getValue() : System.getProperty("javax.net.ssl.keyStorePassword");
    }

    public char[] getPassword() throws ArgumentException {
        char[] charArray = "".toCharArray();
        if (this.bindPasswordArg.isPresent()) {
            charArray = this.bindPasswordArg.getValue().toCharArray();
        } else if (this.bindPasswordFileArg.isPresent()) {
            charArray = this.bindPasswordFileArg.getValue().toCharArray();
        } else if (this.password != null) {
            return this.password;
        }
        if (charArray.length == 0 && this.app.isInteractive()) {
            try {
                charArray = this.app.readPassword(this.isAdminConnection ? CliMessages.INFO_LDAPAUTH_PASSWORD_PROMPT.get(getBindName()) : CliMessages.INFO_DESCRIPTION_BINDPASSWORD.get());
                this.app.println();
                this.password = charArray;
            } catch (ClientException e) {
                throw new ArgumentException(CliMessages.ERR_ERROR_CANNOT_READ_PASSWORD.get(), e);
            }
        }
        return charArray;
    }

    private String getRealm() throws ArgumentException {
        String str = null;
        Iterator<String> it = this.saslOptionArg.getValues().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            if (next.startsWith(ArgumentConstants.SASL_PROPERTY_REALM)) {
                str = parseSASLOptionValue(next);
                break;
            }
        }
        return str;
    }

    public TrustManager getTrustManager() throws IOException, GeneralSecurityException {
        if (this.trustAllArg.isPresent()) {
            return TrustManagers.trustAll();
        }
        X509TrustManager x509TrustManager = null;
        if (this.trustStorePathArg.isPresent() && this.trustStorePathArg.getValue().length() > 0) {
            x509TrustManager = TrustManagers.checkValidityDates(TrustManagers.checkHostName(this.hostNameArg.getValue(), TrustManagers.checkUsingTrustStore(this.trustStorePathArg.getValue(), getTrustStorePIN(), (String) null)));
        } else if (getTrustStore() != null) {
            x509TrustManager = TrustManagers.checkValidityDates(TrustManagers.checkHostName(this.hostNameArg.getValue(), TrustManagers.checkUsingTrustStore(getTrustStore(), getTrustStorePIN(), (String) null)));
        }
        return (this.app == null || this.app.isQuiet()) ? x509TrustManager : new PromptingTrustManager(this.app, x509TrustManager);
    }

    private String getTrustStore() {
        return System.getProperty("javax.net.ssl.trustStore");
    }

    private char[] getTrustStorePIN() {
        String value = this.trustStorePasswordArg.isPresent() ? this.trustStorePasswordArg.getValue() : this.trustStorePasswordFileArg.isPresent() ? this.trustStorePasswordFileArg.getValue() : System.getProperty("javax.net.ssl.trustStorePassword");
        if (value == null) {
            return null;
        }
        return value.toCharArray();
    }

    private String parseSASLOptionValue(String str) throws ArgumentException {
        int indexOf = str.indexOf(61);
        if (indexOf <= 0) {
            throw new ArgumentException(CliMessages.ERR_LDAP_CONN_CANNOT_PARSE_SASL_OPTION.get(str));
        }
        return str.substring(indexOf + 1, str.length());
    }

    public void setIsAnAdminConnection() {
        this.isAdminConnection = true;
    }
}
