package net.bluemind.system.importation.commons.pool;

import com.google.common.util.concurrent.RateLimiter;
import java.io.IOException;
import java.time.Duration;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.TrustManager;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.lib.ldap.LdapProtocol;
import net.bluemind.system.importation.commons.Parameters;
import org.apache.directory.api.ldap.codec.api.DefaultConfigurableBinaryAttributeDetector;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapOperationException;
import org.apache.directory.api.ldap.model.exception.LdapTlsHandshakeException;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.ldap.client.api.DefaultPoolableLdapConnectionFactory;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapConnectionPool;
import org.apache.directory.ldap.client.api.NoVerificationTrustManager;
import org.apache.directory.ldap.client.api.exception.LdapConnectionTimeOutException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/system/importation/commons/pool/LdapPoolWrapper.class */
public class LdapPoolWrapper {
    private static final int POOL_UNAVAILABILITY = 10;
    private static final int CONNECTION_TIMEOUT_PER_SECONDS = 2;
    private static final int ERRORS_PER_SECONDS = 5;
    private LdapConnectionPool pool;
    private Parameters parameters;
    private LdapConnectionConfig connectionConfig;
    private Long unavailableUntil = Long.valueOf(System.currentTimeMillis() - POOL_UNAVAILABILITY_MS);
    private static volatile /* synthetic */ int[] $SWITCH_TABLE$net$bluemind$lib$ldap$LdapProtocol;
    private static final Logger logger = LoggerFactory.getLogger(LdapPoolWrapper.class);
    private static final long LDAP_TIMEOUT = TimeUnit.SECONDS.toMillis(2);
    private static final long POOL_UNAVAILABILITY_MS = TimeUnit.SECONDS.toMillis(10);
    private static final RateLimiter connectionTimeoutLimiter = RateLimiter.create(2.0d);
    private static final RateLimiter errorLimiter = RateLimiter.create(5.0d);
    private static final RateLimiter ldapPoolUnavailableLogLimiter = RateLimiter.create(0.2d);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/bluemind/system/importation/commons/pool/LdapPoolWrapper$StartTlsFault.class */
    public static class StartTlsFault extends ServerFault {
        private StartTlsFault() {
        }
    }

    public LdapPoolWrapper(Parameters parameters) {
        this.parameters = parameters;
    }

    public Optional<LdapConnectionContext> getConnection() {
        LdapConnectionPool pool = getPool();
        if (pool == null) {
            return Optional.empty();
        }
        try {
            return Optional.of(new LdapConnectionContext(pool.getConnection(), this.connectionConfig, this.parameters));
        } catch (RuntimeException | LdapException e) {
            if (e.getCause() instanceof InterruptedException) {
                logger.error("Getting an interrupted exception, reseting pool for {}", this.parameters, e);
                resetPool();
                return Optional.empty();
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Unable to get LDAP connection", e);
            } else {
                logger.error("Unable to get LDAP connection: {}", e.getMessage());
            }
            if (!errorLimiter.tryAcquire()) {
                logger.warn("More than {} errors/s", Integer.valueOf(ERRORS_PER_SECONDS));
                setPoolUnavailability();
            }
            return Optional.empty();
        } catch (LdapConnectionTimeOutException e2) {
            logger.error("Unable to get LDAP connection: {}", e2.getMessage());
            if (!connectionTimeoutLimiter.tryAcquire()) {
                logger.warn("More than {} connections timeout/s", Integer.valueOf(CONNECTION_TIMEOUT_PER_SECONDS));
                setPoolUnavailability();
            }
            return Optional.empty();
        }
    }

    private synchronized LdapConnectionPool getPool() {
        if (!isAvailable()) {
            if (!ldapPoolUnavailableLogLimiter.tryAcquire()) {
                return null;
            }
            logger.warn("LDAP pool disabled for {}, retry later...", this.parameters);
            return null;
        }
        if (this.pool == null) {
            initPoolFromHosts();
            if (this.pool == null) {
                logger.warn("No LDAP server available for {}, disabling pool for {}s", this.parameters, Long.valueOf(TimeUnit.MILLISECONDS.toSeconds(POOL_UNAVAILABILITY_MS)));
                setPoolUnavailability();
                return null;
            }
            logger.info("Connected to LDAP: {}", this.connectionConfig.getLdapHost());
        }
        return this.pool;
    }

    public boolean isAvailable() {
        return System.currentTimeMillis() > this.unavailableUntil.longValue();
    }

    private synchronized void setPoolUnavailability() {
        logger.warn("Suspend pool for {}", this.parameters);
        this.unavailableUntil = Long.valueOf(System.currentTimeMillis() + POOL_UNAVAILABILITY_MS);
    }

    private void initPoolFromHosts() {
        List<Parameters.Server.Host> ldapHost = this.parameters.ldapServer.getLdapHost();
        if (ldapHost == null || ldapHost.isEmpty()) {
            return;
        }
        Iterator<Parameters.Server.Host> it = ldapHost.iterator();
        while (this.pool == null && it.hasNext()) {
            Parameters.Server.Host next = it.next();
            this.connectionConfig = setLdapConnectionConfig(this.parameters, next);
            try {
                tryConnection(next, this.connectionConfig);
            } catch (StartTlsFault e) {
                logger.error("Unable to connect tls:{}:{}: {}", new Object[]{next.hostname, Integer.valueOf(next.port), e.getMessage()});
                if (this.parameters.ldapServer.protocol == LdapProtocol.TLSPLAIN) {
                    this.connectionConfig.setUseTls(false);
                    tryConnection(next, this.connectionConfig);
                }
            }
        }
    }

    private void tryConnection(Parameters.Server.Host host, LdapConnectionConfig ldapConnectionConfig) {
        if (logger.isInfoEnabled()) {
            logger.info("Trying to connect to: {}", getLdapConnectionURI(host, ldapConnectionConfig));
        }
        LdapConnectionPool ldapConnectionPool = null;
        try {
            ldapConnectionPool = new LdapConnectionPool(new DefaultPoolableLdapConnectionFactory(ldapConnectionConfig));
            ldapConnectionPool.setMaxWait(Duration.ofSeconds(10L));
            ldapConnectionPool.releaseConnection(ldapConnectionPool.getConnection());
            this.pool = ldapConnectionPool;
            this.connectionConfig = ldapConnectionConfig;
        } catch (LdapException e) {
            logger.warn("Unable to connect to {}: {}", host.hostname, e.getMessage());
            try {
                ldapConnectionPool.close();
            } catch (Exception unused) {
            }
            if (ldapConnectionConfig.isUseTls()) {
                if (((e instanceof LdapOperationException) && e.getResultCode() == ResultCodeEnum.UNAVAILABLE) || (e instanceof LdapTlsHandshakeException)) {
                    throw new StartTlsFault();
                }
            }
        }
    }

    private String getLdapConnectionURI(Parameters.Server.Host host, LdapConnectionConfig ldapConnectionConfig) {
        String str = host.hostname + ":" + host.port;
        if (ldapConnectionConfig.isUseSsl()) {
            return "ssl:" + str;
        }
        return (ldapConnectionConfig.isUseTls() ? "tls:" : "plain:") + str;
    }

    private LdapConnectionConfig setLdapConnectionConfig(Parameters parameters, Parameters.Server.Host host) {
        LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
        ldapConnectionConfig.setLdapHost(host.hostname);
        ldapConnectionConfig.setLdapPort(host.port);
        ldapConnectionConfig.setTimeout(LDAP_TIMEOUT);
        switch ($SWITCH_TABLE$net$bluemind$lib$ldap$LdapProtocol()[parameters.ldapServer.protocol.ordinal()]) {
            case 1:
            case 4:
                ldapConnectionConfig.setUseTls(true);
                ldapConnectionConfig.setUseSsl(false);
                break;
            case CONNECTION_TIMEOUT_PER_SECONDS /* 2 */:
                ldapConnectionConfig.setUseTls(false);
                ldapConnectionConfig.setUseSsl(true);
                break;
            case 3:
            default:
                ldapConnectionConfig.setUseTls(false);
                ldapConnectionConfig.setUseSsl(false);
                break;
        }
        if (parameters.ldapServer.acceptAllCertificates) {
            ldapConnectionConfig.setTrustManagers(new TrustManager[]{new NoVerificationTrustManager()});
        }
        ldapConnectionConfig.setBinaryAttributeDetector(new DefaultConfigurableBinaryAttributeDetector());
        return ldapConnectionConfig;
    }

    public void doReleaseConnection(LdapConnectionContext ldapConnectionContext) {
        if (ldapConnectionContext == null || ldapConnectionContext.ldapCon == null) {
            return;
        }
        if (this.pool == null) {
            logger.warn("No LDAP connection pool for: {}, closing connection", this.parameters);
            closeLdapConnection(ldapConnectionContext.ldapCon);
            return;
        }
        try {
            if (ldapConnectionContext.isError()) {
                logger.warn("Invalidate LDAP connection from pool {}", ldapConnectionContext.parameters);
                this.pool.invalidateObject(ldapConnectionContext.ldapCon);
            } else {
                if (ldapConnectionContext.ldapCon.isAuthenticated()) {
                    ldapConnectionContext.ldapCon.anonymousBind();
                }
                this.pool.releaseConnection(ldapConnectionContext.ldapCon);
            }
        } catch (Exception e) {
            logger.error("Unable to release connection from pool {}", ldapConnectionContext.parameters, e);
            resetPool();
        }
    }

    private void closeLdapConnection(LdapConnection ldapConnection) {
        try {
            ldapConnection.close();
        } catch (IOException unused) {
        }
    }

    private synchronized void resetPool() {
        logger.info("Reset LDAP pool for domain: {}", this.parameters);
        LdapConnectionPool ldapConnectionPool = this.pool;
        this.pool = null;
        if (ldapConnectionPool == null) {
            logger.warn("No LDAP connection pool for: {}", this.parameters);
            return;
        }
        try {
            ldapConnectionPool.clear();
            ldapConnectionPool.close();
        } catch (Exception e) {
            logger.error("Fail to close LDAP pool for: " + this.parameters.toString(), e);
        }
    }

    static /* synthetic */ int[] $SWITCH_TABLE$net$bluemind$lib$ldap$LdapProtocol() {
        int[] iArr = $SWITCH_TABLE$net$bluemind$lib$ldap$LdapProtocol;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[LdapProtocol.values().length];
        try {
            iArr2[LdapProtocol.PLAIN.ordinal()] = 3;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[LdapProtocol.SSL.ordinal()] = CONNECTION_TIMEOUT_PER_SECONDS;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[LdapProtocol.TLS.ordinal()] = 1;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[LdapProtocol.TLSPLAIN.ordinal()] = 4;
        } catch (NoSuchFieldError unused4) {
        }
        $SWITCH_TABLE$net$bluemind$lib$ldap$LdapProtocol = iArr2;
        return iArr2;
    }
}
