package org.apache.james.user.ldap;

import com.github.fge.lambdas.Throwing;
import com.github.fge.lambdas.functions.ThrowingFunction;
import com.google.common.collect.ImmutableList;
import com.unboundid.ldap.sdk.BindRequest;
import com.unboundid.ldap.sdk.FailoverServerSet;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.LDAPConnectionPool;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.PostConnectProcessor;
import com.unboundid.ldap.sdk.SimpleBindRequest;
import com.unboundid.ldap.sdk.SingleServerSet;
import java.net.URI;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:org/apache/james/user/ldap/LDAPConnectionFactory.class */
public class LDAPConnectionFactory {
    private static final TrustManager DUMMY_TRUST_MANAGER = new X509TrustManager() { // from class: org.apache.james.user.ldap.LDAPConnectionFactory.1
        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }
    };
    private final LdapRepositoryConfiguration configuration;
    private final LDAPConnectionPool ldapConnectionPool;

    public LDAPConnectionFactory(LdapRepositoryConfiguration ldapRepositoryConfiguration) throws LDAPException {
        this.configuration = ldapRepositoryConfiguration;
        LDAPConnectionOptions lDAPConnectionOptions = new LDAPConnectionOptions();
        lDAPConnectionOptions.setConnectTimeoutMillis(ldapRepositoryConfiguration.getConnectionTimeout());
        lDAPConnectionOptions.setResponseTimeoutMillis(ldapRepositoryConfiguration.getReadTimeout());
        SimpleBindRequest simpleBindRequest = new SimpleBindRequest(ldapRepositoryConfiguration.getPrincipal(), ldapRepositoryConfiguration.getCredentials());
        this.ldapConnectionPool = new LDAPConnectionPool(new FailoverServerSet((List) ldapRepositoryConfiguration.getLdapHosts().stream().map(toSingleServerSet(lDAPConnectionOptions, simpleBindRequest)).collect(ImmutableList.toImmutableList())), simpleBindRequest, ldapRepositoryConfiguration.getPoolSize());
        this.ldapConnectionPool.setRetryFailedOperationsDueToInvalidConnections(true);
        this.ldapConnectionPool.setMaxWaitTimeMillis(ldapRepositoryConfiguration.getMaxWaitTime());
    }

    private ThrowingFunction<URI, SingleServerSet> toSingleServerSet(LDAPConnectionOptions lDAPConnectionOptions, BindRequest bindRequest) {
        return Throwing.function(uri -> {
            return new SingleServerSet(uri.getHost(), uri.getPort(), supportLDAPS(uri), lDAPConnectionOptions, bindRequest, (PostConnectProcessor) null);
        });
    }

    private SocketFactory supportLDAPS(URI uri) throws KeyManagementException, NoSuchAlgorithmException {
        if (!uri.getScheme().equals("ldaps")) {
            return null;
        }
        if (!this.configuration.isTrustAllCerts()) {
            return SSLSocketFactory.getDefault();
        }
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(null, new TrustManager[]{DUMMY_TRUST_MANAGER}, null);
        return sSLContext.getSocketFactory();
    }

    public LDAPConnectionPool getLdapConnectionPool() {
        return this.ldapConnectionPool;
    }
}
