package com.unboundid.util;

import com.unboundid.ldap.sdk.BindRequest;
import com.unboundid.ldap.sdk.Control;
import com.unboundid.ldap.sdk.ExtendedResult;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.LDAPConnectionPool;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.RoundRobinServerSet;
import com.unboundid.ldap.sdk.ServerSet;
import com.unboundid.ldap.sdk.SimpleBindRequest;
import com.unboundid.ldap.sdk.SingleServerSet;
import com.unboundid.ldap.sdk.StartTLSPostConnectProcessor;
import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
import com.unboundid.util.args.Argument;
import com.unboundid.util.args.ArgumentException;
import com.unboundid.util.args.ArgumentParser;
import com.unboundid.util.args.BooleanArgument;
import com.unboundid.util.args.DNArgument;
import com.unboundid.util.args.FileArgument;
import com.unboundid.util.args.IntegerArgument;
import com.unboundid.util.args.StringArgument;
import com.unboundid.util.ssl.KeyStoreKeyManager;
import com.unboundid.util.ssl.PromptTrustManager;
import com.unboundid.util.ssl.SSLUtil;
import com.unboundid.util.ssl.TrustAllTrustManager;
import com.unboundid.util.ssl.TrustStoreTrustManager;
import java.io.OutputStream;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.tools.mail.MailMessage;

@ThreadSafety(level = ThreadSafetyLevel.INTERFACE_NOT_THREADSAFE)
@Extensible
/* loaded from: input_file:com/unboundid/util/LDAPCommandLineTool.class */
public abstract class LDAPCommandLineTool extends CommandLineTool {
    private BooleanArgument trustAll;
    private BooleanArgument useSSL;
    private BooleanArgument useStartTLS;
    private DNArgument bindDN;
    private FileArgument bindPasswordFile;
    private FileArgument keyStorePasswordFile;
    private FileArgument trustStorePasswordFile;
    private IntegerArgument port;
    private StringArgument bindPassword;
    private StringArgument certificateNickname;
    private StringArgument host;
    private StringArgument keyStoreFormat;
    private StringArgument keyStorePath;
    private StringArgument keyStorePassword;
    private StringArgument saslOption;
    private StringArgument trustStoreFormat;
    private StringArgument trustStorePath;
    private StringArgument trustStorePassword;
    private BindRequest bindRequest;
    private ServerSet serverSet;
    private SSLContext startTLSContext;
    private final AtomicReference<PromptTrustManager> promptTrustManager;

    public LDAPCommandLineTool(OutputStream outputStream, OutputStream outputStream2) {
        super(outputStream, outputStream2);
        this.trustAll = null;
        this.useSSL = null;
        this.useStartTLS = null;
        this.bindDN = null;
        this.bindPasswordFile = null;
        this.keyStorePasswordFile = null;
        this.trustStorePasswordFile = null;
        this.port = null;
        this.bindPassword = null;
        this.certificateNickname = null;
        this.host = null;
        this.keyStoreFormat = null;
        this.keyStorePath = null;
        this.keyStorePassword = null;
        this.saslOption = null;
        this.trustStoreFormat = null;
        this.trustStorePath = null;
        this.trustStorePassword = null;
        this.bindRequest = null;
        this.serverSet = null;
        this.startTLSContext = null;
        this.promptTrustManager = new AtomicReference<>();
    }

    @Override // com.unboundid.util.CommandLineTool
    public final void addToolArguments(ArgumentParser argumentParser) throws ArgumentException {
        this.host = new StringArgument((Character) 'h', "hostname", true, supportsMultipleServers() ? 0 : 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_HOST.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_HOST.get(), MailMessage.DEFAULT_HOST);
        argumentParser.addArgument(this.host);
        this.port = new IntegerArgument((Character) 'p', "port", true, supportsMultipleServers() ? 0 : 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PORT.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_PORT.get(), 1, 65535, (Integer) 389);
        argumentParser.addArgument(this.port);
        this.bindDN = new DNArgument('D', "bindDN", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_DN.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_BIND_DN.get());
        argumentParser.addArgument(this.bindDN);
        this.bindPassword = new StringArgument('w', "bindPassword", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PASSWORD.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_BIND_PW.get());
        argumentParser.addArgument(this.bindPassword);
        this.bindPasswordFile = new FileArgument('j', "bindPasswordFile", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PATH.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_BIND_PW_FILE.get(), true, true, true, false);
        argumentParser.addArgument(this.bindPasswordFile);
        this.useSSL = new BooleanArgument('Z', "useSSL", 1, UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_USE_SSL.get());
        argumentParser.addArgument(this.useSSL);
        this.useStartTLS = new BooleanArgument('q', "useStartTLS", 1, UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_USE_START_TLS.get());
        argumentParser.addArgument(this.useStartTLS);
        this.trustAll = new BooleanArgument('X', "trustAll", 1, UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_TRUST_ALL.get());
        argumentParser.addArgument(this.trustAll);
        this.keyStorePath = new StringArgument('K', "keyStorePath", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PATH.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_KEY_STORE_PATH.get());
        argumentParser.addArgument(this.keyStorePath);
        this.keyStorePassword = new StringArgument('W', "keyStorePassword", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PASSWORD.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_KEY_STORE_PASSWORD.get());
        argumentParser.addArgument(this.keyStorePassword);
        this.keyStorePasswordFile = new FileArgument('u', "keyStorePasswordFile", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PATH.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_KEY_STORE_PASSWORD_FILE.get());
        argumentParser.addArgument(this.keyStorePasswordFile);
        this.keyStoreFormat = new StringArgument(null, "keyStoreFormat", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_FORMAT.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_KEY_STORE_FORMAT.get());
        argumentParser.addArgument(this.keyStoreFormat);
        this.trustStorePath = new StringArgument('P', "trustStorePath", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PATH.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_TRUST_STORE_PATH.get());
        argumentParser.addArgument(this.trustStorePath);
        this.trustStorePassword = new StringArgument('T', "trustStorePassword", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PASSWORD.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_TRUST_STORE_PASSWORD.get());
        argumentParser.addArgument(this.trustStorePassword);
        this.trustStorePasswordFile = new FileArgument('U', "trustStorePasswordFile", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PATH.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_TRUST_STORE_PASSWORD_FILE.get());
        argumentParser.addArgument(this.trustStorePasswordFile);
        this.trustStoreFormat = new StringArgument(null, "trustStoreFormat", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_FORMAT.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_TRUST_STORE_FORMAT.get());
        argumentParser.addArgument(this.trustStoreFormat);
        this.certificateNickname = new StringArgument('N', "certNickname", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_CERT_NICKNAME.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_CERT_NICKNAME.get());
        argumentParser.addArgument(this.certificateNickname);
        this.saslOption = new StringArgument('o', "saslOption", false, 0, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_SASL_OPTION.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_SASL_OPTION.get());
        argumentParser.addArgument(this.saslOption);
        argumentParser.addDependentArgumentSet(this.bindDN, this.bindPassword, this.bindPasswordFile);
        argumentParser.addExclusiveArgumentSet(this.useSSL, this.useStartTLS, new Argument[0]);
        argumentParser.addExclusiveArgumentSet(this.bindPassword, this.bindPasswordFile, new Argument[0]);
        argumentParser.addExclusiveArgumentSet(this.keyStorePassword, this.keyStorePasswordFile, new Argument[0]);
        argumentParser.addExclusiveArgumentSet(this.trustStorePassword, this.trustStorePasswordFile, new Argument[0]);
        argumentParser.addExclusiveArgumentSet(this.trustAll, this.trustStorePath, new Argument[0]);
        addNonLDAPArguments(argumentParser);
    }

    public abstract void addNonLDAPArguments(ArgumentParser argumentParser) throws ArgumentException;

    @Override // com.unboundid.util.CommandLineTool
    public final void doExtendedArgumentValidation() throws ArgumentException {
        if ((this.host.getValues().size() > 1 || this.port.getValues().size() > 1) && this.host.getValues().size() != this.port.getValues().size()) {
            throw new ArgumentException(UtilityMessages.ERR_LDAP_TOOL_HOST_PORT_COUNT_MISMATCH.get(this.host.getLongIdentifier(), this.port.getLongIdentifier()));
        }
        doExtendedNonLDAPArgumentValidation();
    }

    protected boolean supportsMultipleServers() {
        return false;
    }

    public void doExtendedNonLDAPArgumentValidation() throws ArgumentException {
    }

    public LDAPConnectionOptions getConnectionOptions() {
        return new LDAPConnectionOptions();
    }

    @ThreadSafety(level = ThreadSafetyLevel.METHOD_THREADSAFE)
    public final LDAPConnection getConnection() throws LDAPException {
        if (this.serverSet == null) {
            this.serverSet = createServerSet();
            this.bindRequest = createBindRequest();
        }
        LDAPConnection connection = this.serverSet.getConnection();
        if (this.useStartTLS.isPresent()) {
            try {
                ExtendedResult processExtendedOperation = connection.processExtendedOperation(new StartTLSExtendedRequest(this.startTLSContext));
                if (!processExtendedOperation.getResultCode().equals(ResultCode.SUCCESS)) {
                    throw new LDAPException(processExtendedOperation.getResultCode(), UtilityMessages.ERR_LDAP_TOOL_START_TLS_FAILED.get(processExtendedOperation.getDiagnosticMessage()));
                }
            } catch (LDAPException e) {
                Debug.debugException(e);
                connection.close();
                throw e;
            }
        }
        try {
            if (this.bindRequest != null) {
                connection.bind(this.bindRequest);
            }
            return connection;
        } catch (LDAPException e2) {
            Debug.debugException(e2);
            connection.close();
            throw e2;
        }
    }

    @ThreadSafety(level = ThreadSafetyLevel.METHOD_THREADSAFE)
    public final LDAPConnectionPool getConnectionPool(int i, int i2) throws LDAPException {
        if (this.serverSet == null) {
            this.serverSet = createServerSet();
            this.bindRequest = createBindRequest();
        }
        StartTLSPostConnectProcessor startTLSPostConnectProcessor = null;
        if (this.useStartTLS.isPresent()) {
            startTLSPostConnectProcessor = new StartTLSPostConnectProcessor(this.startTLSContext);
        }
        return new LDAPConnectionPool(this.serverSet, this.bindRequest, i, i2, startTLSPostConnectProcessor);
    }

    public ServerSet createServerSet() throws LDAPException {
        SSLUtil createSSLUtil = createSSLUtil();
        SSLSocketFactory sSLSocketFactory = null;
        if (this.useSSL.isPresent()) {
            try {
                sSLSocketFactory = createSSLUtil.createSSLSocketFactory();
            } catch (Exception e) {
                Debug.debugException(e);
                throw new LDAPException(ResultCode.LOCAL_ERROR, UtilityMessages.ERR_LDAP_TOOL_CANNOT_CREATE_SSL_SOCKET_FACTORY.get(StaticUtils.getExceptionMessage(e)), e);
            }
        } else if (this.useStartTLS.isPresent()) {
            try {
                this.startTLSContext = createSSLUtil.createSSLContext();
            } catch (Exception e2) {
                Debug.debugException(e2);
                throw new LDAPException(ResultCode.LOCAL_ERROR, UtilityMessages.ERR_LDAP_TOOL_CANNOT_CREATE_SSL_CONTEXT.get(StaticUtils.getExceptionMessage(e2)), e2);
            }
        }
        if (this.host.getValues().size() == 1) {
            return new SingleServerSet(this.host.getValue(), this.port.getValue().intValue(), sSLSocketFactory, getConnectionOptions());
        }
        List<String> values = this.host.getValues();
        List<Integer> values2 = this.port.getValues();
        String[] strArr = new String[values.size()];
        int[] iArr = new int[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = values.get(i);
            iArr[i] = values2.get(i).intValue();
        }
        return new RoundRobinServerSet(strArr, iArr, sSLSocketFactory, getConnectionOptions());
    }

    private SSLUtil createSSLUtil() throws LDAPException {
        X509TrustManager x509TrustManager;
        if (!this.useSSL.isPresent() && !this.useStartTLS.isPresent()) {
            return null;
        }
        KeyStoreKeyManager keyStoreKeyManager = null;
        if (this.keyStorePath.isPresent()) {
            char[] cArr = null;
            if (this.keyStorePassword.isPresent()) {
                cArr = this.keyStorePassword.getValue().toCharArray();
            } else if (this.keyStorePasswordFile.isPresent()) {
                try {
                    cArr = this.keyStorePasswordFile.getNonBlankFileLines().get(0).toCharArray();
                } catch (Exception e) {
                    Debug.debugException(e);
                    throw new LDAPException(ResultCode.LOCAL_ERROR, UtilityMessages.ERR_LDAP_TOOL_CANNOT_READ_KEY_STORE_PASSWORD.get(StaticUtils.getExceptionMessage(e)), e);
                }
            }
            try {
                keyStoreKeyManager = new KeyStoreKeyManager(this.keyStorePath.getValue(), cArr, this.keyStoreFormat.getValue(), this.certificateNickname.getValue());
            } catch (Exception e2) {
                Debug.debugException(e2);
                throw new LDAPException(ResultCode.LOCAL_ERROR, UtilityMessages.ERR_LDAP_TOOL_CANNOT_CREATE_KEY_MANAGER.get(StaticUtils.getExceptionMessage(e2)), e2);
            }
        }
        if (this.trustAll.isPresent()) {
            x509TrustManager = new TrustAllTrustManager(false);
        } else if (this.trustStorePath.isPresent()) {
            char[] cArr2 = null;
            if (this.trustStorePassword.isPresent()) {
                cArr2 = this.trustStorePassword.getValue().toCharArray();
            } else if (this.trustStorePasswordFile.isPresent()) {
                try {
                    cArr2 = this.trustStorePasswordFile.getNonBlankFileLines().get(0).toCharArray();
                } catch (Exception e3) {
                    Debug.debugException(e3);
                    throw new LDAPException(ResultCode.LOCAL_ERROR, UtilityMessages.ERR_LDAP_TOOL_CANNOT_READ_TRUST_STORE_PASSWORD.get(StaticUtils.getExceptionMessage(e3)), e3);
                }
            }
            x509TrustManager = new TrustStoreTrustManager(this.trustStorePath.getValue(), cArr2, this.trustStoreFormat.getValue(), true);
        } else {
            x509TrustManager = this.promptTrustManager.get();
            if (x509TrustManager == null) {
                this.promptTrustManager.compareAndSet(null, new PromptTrustManager());
                x509TrustManager = this.promptTrustManager.get();
            }
        }
        return new SSLUtil(keyStoreKeyManager, x509TrustManager);
    }

    private BindRequest createBindRequest() throws LDAPException {
        String str;
        if (this.bindPassword.isPresent()) {
            str = this.bindPassword.getValue();
        } else if (this.bindPasswordFile.isPresent()) {
            try {
                str = this.bindPasswordFile.getNonBlankFileLines().get(0);
            } catch (Exception e) {
                Debug.debugException(e);
                throw new LDAPException(ResultCode.LOCAL_ERROR, UtilityMessages.ERR_LDAP_TOOL_CANNOT_READ_BIND_PASSWORD.get(StaticUtils.getExceptionMessage(e)), e);
            }
        } else {
            str = null;
        }
        if (this.saslOption.isPresent()) {
            return SASLUtils.createBindRequest(this.bindDN.isPresent() ? this.bindDN.getValue().toString() : null, str, (String) null, this.saslOption.getValues(), new Control[0]);
        }
        if (this.bindDN.isPresent()) {
            return new SimpleBindRequest(this.bindDN.getValue(), str);
        }
        return null;
    }
}
