package net.tirasa.connid.bundles.ad;

import java.util.ArrayList;
import java.util.Hashtable;
import javax.naming.NamingException;
import javax.naming.ldap.Control;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.StartTlsResponse;
import net.tirasa.adsddl.ntsd.controls.SDFlagsControl;
import net.tirasa.connid.bundles.ad.schema.ADSchema;
import net.tirasa.connid.bundles.ad.util.TrustAllSocketFactory;
import net.tirasa.connid.bundles.ldap.LdapConfiguration;
import net.tirasa.connid.bundles.ldap.LdapConnection;
import net.tirasa.connid.bundles.ldap.commons.LdapConstants;
import org.identityconnectors.common.Pair;
import org.identityconnectors.common.StringUtil;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.framework.common.exceptions.InvalidCredentialException;

/* loaded from: input_file:net/tirasa/connid/bundles/ad/ADConnection.class */
public class ADConnection extends LdapConnection {
    private static final Log LOG = Log.getLog(ADConnection.class);
    private static final String LDAP_CTX_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    private static final String LDAP_CTX_SOCKET_FACTORY = "java.naming.ldap.factory.socket";
    private static final String LDAP_BINARY_ATTRIBUTE = "java.naming.ldap.attributes.binary";
    private LdapContext syncCtx;

    public ADConnection(LdapConfiguration ldapConfiguration) {
        super(ldapConfiguration);
        this.syncCtx = null;
        this.schema = new ADSchema(this);
    }

    public LdapContext getSyncContext(Control[] controlArr) {
        return cloneContext(controlArr);
    }

    @Override // net.tirasa.connid.bundles.ldap.LdapConnection
    public void close() {
        try {
            super.close();
            quietClose(new Pair(this.syncCtx, this.tlsCtx));
        } finally {
            this.syncCtx = null;
        }
    }

    private LdapContext cloneContext(Control[] controlArr) {
        try {
            return getInitialContext().newInstance(controlArr);
        } catch (NamingException e) {
            LOG.error(e, "Context initialization failed", new Object[0]);
            return null;
        }
    }

    @Override // net.tirasa.connid.bundles.ldap.LdapConnection
    public LdapContext getInitialContext() {
        if (this.initCtx != null) {
            return this.initCtx;
        }
        Pair<LdapContext, StartTlsResponse> connect = connect(this.config.getPrincipal(), this.config.getCredentials());
        this.initCtx = (LdapContext) connect.first;
        this.tlsCtx = (StartTlsResponse) connect.second;
        try {
            this.initCtx.setRequestControls(new Control[]{new SDFlagsControl(4)});
        } catch (NamingException e) {
            LOG.error(e, "Error initializing request controls", new Object[0]);
        }
        return this.initCtx;
    }

    @Override // net.tirasa.connid.bundles.ldap.LdapConnection
    protected Pair<LdapConnection.AuthenticationResult, Pair<LdapContext, StartTlsResponse>> createContext(String str, GuardedString guardedString) {
        ArrayList arrayList = new ArrayList(1);
        Hashtable<?, ?> hashtable = new Hashtable<>();
        hashtable.put("java.naming.factory.initial", LDAP_CTX_FACTORY);
        hashtable.put("java.naming.provider.url", getLdapUrls());
        hashtable.put("java.naming.referral", "follow");
        hashtable.put(LdapConstants.CONNECT_TIMEOUT_ENV_PROP, Long.toString(this.config.getConnectTimeout()));
        hashtable.put(LdapConstants.READ_TIMEOUT_ENV_PROP, Long.toString(this.config.getReadTimeout()));
        if (this.config.isSsl()) {
            hashtable.put("java.naming.security.protocol", "ssl");
            if (((ADConfiguration) this.config).isTrustAllCerts()) {
                hashtable.put(LDAP_CTX_SOCKET_FACTORY, TrustAllSocketFactory.class.getName());
            }
        }
        hashtable.put(LDAP_BINARY_ATTRIBUTE, "ntSecurityDescriptor objectGUID objectSID");
        hashtable.put("java.naming.security.authentication", StringUtil.isNotBlank(str) ? "simple" : "none");
        if (LOG.isOk()) {
            LOG.ok("Initial context environment: {0}", new Object[]{hashtable});
        }
        if (StringUtil.isNotBlank(str)) {
            hashtable.put("java.naming.security.principal", str);
            if (guardedString != null) {
                guardedString.access(cArr -> {
                    if (cArr == null || cArr.length == 0) {
                        throw new InvalidCredentialException("Password is blank");
                    }
                    hashtable.put("java.naming.security.credentials", new String(cArr));
                });
            }
        }
        arrayList.add(createContext(hashtable));
        return (Pair) arrayList.get(0);
    }
}
