package org.cloudfoundry.identity.uaa.provider.ldap;

import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.net.ssl.SSLSocketFactory;
import org.apache.directory.api.util.DummySSLSocketFactory;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
import org.cloudfoundry.identity.uaa.provider.ldap.extension.DefaultTlsDirContextAuthenticationStrategy;
import org.cloudfoundry.identity.uaa.provider.ldap.extension.ExternalTlsDirContextAuthenticationStrategy;
import org.cloudfoundry.identity.uaa.security.LdapSocketFactory;
import org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy;
import org.springframework.ldap.core.support.DirContextAuthenticationStrategy;
import org.springframework.ldap.core.support.SimpleDirContextAuthenticationStrategy;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.5.6.jar:org/cloudfoundry/identity/uaa/provider/ldap/ProcessLdapProperties.class */
public class ProcessLdapProperties {
    public static final String LDAP_SOCKET_FACTORY = "java.naming.ldap.factory.socket";
    public static final String LDAP_SSL_SOCKET_FACTORY = "org.cloudfoundry.identity.ldap.ssl.factory.socket";
    public static final String SKIP_SSL_VERIFICATION_SOCKET_FACTORY = DummySSLSocketFactory.class.getName();
    public static final String EXPIRY_CHECKING_SOCKET_FACTORY = LdapSocketFactory.class.getName();
    public static final String NONE = "none";
    public static final String SIMPLE = "simple";
    public static final String EXTERNAL = "external";
    private boolean disableSslVerification;
    private String baseUrl;
    private String tlsConfig;

    public ProcessLdapProperties(String str, boolean z, String str2) {
        this.tlsConfig = "none";
        this.baseUrl = str;
        this.disableSslVerification = z;
        this.tlsConfig = str2;
    }

    public Map process(Map map) throws KeyManagementException, NoSuchAlgorithmException {
        LinkedHashMap linkedHashMap = new LinkedHashMap(map);
        if (isDisableSslVerification()) {
            linkedHashMap.put(LDAP_SSL_SOCKET_FACTORY, SKIP_SSL_VERIFICATION_SOCKET_FACTORY);
        } else {
            linkedHashMap.put(LDAP_SSL_SOCKET_FACTORY, EXPIRY_CHECKING_SOCKET_FACTORY);
        }
        if (isLdapsUrl()) {
            linkedHashMap.put("java.naming.ldap.factory.socket", linkedHashMap.get(LDAP_SSL_SOCKET_FACTORY));
        }
        return linkedHashMap;
    }

    public boolean isLdapsUrl() {
        return this.baseUrl != null && this.baseUrl.startsWith("ldaps");
    }

    public boolean isDisableSslVerification() {
        return this.disableSslVerification;
    }

    public SSLSocketFactory getSSLSocketFactory() throws NoSuchAlgorithmException, KeyManagementException, IllegalAccessException, InstantiationException, ClassNotFoundException {
        return (SSLSocketFactory) Class.forName((String) process(new HashMap()).get(LDAP_SSL_SOCKET_FACTORY), true, ProcessLdapProperties.class.getClassLoader()).newInstance();
    }

    public void setDisableSslVerification(boolean z) {
        this.disableSslVerification = z;
    }

    public void setBaseUrl(String str) {
        this.baseUrl = str;
    }

    public DirContextAuthenticationStrategy getAuthenticationStrategy() throws ClassNotFoundException, NoSuchAlgorithmException, IllegalAccessException, InstantiationException, KeyManagementException {
        AbstractTlsDirContextAuthenticationStrategy externalTlsDirContextAuthenticationStrategy;
        if (!StringUtils.hasText(this.tlsConfig)) {
            this.tlsConfig = "none";
        }
        String str = this.tlsConfig;
        boolean z = -1;
        switch (str.hashCode()) {
            case -1820761141:
                if (str.equals("external")) {
                    z = 2;
                    break;
                }
                break;
            case -902286926:
                if (str.equals("simple")) {
                    z = true;
                    break;
                }
                break;
            case 3387192:
                if (str.equals("none")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return new SimpleDirContextAuthenticationStrategy();
            case true:
                externalTlsDirContextAuthenticationStrategy = new DefaultTlsDirContextAuthenticationStrategy();
                break;
            case true:
                externalTlsDirContextAuthenticationStrategy = new ExternalTlsDirContextAuthenticationStrategy();
                break;
            default:
                throw new IllegalArgumentException(this.tlsConfig);
        }
        externalTlsDirContextAuthenticationStrategy.setHostnameVerifier(new AllowAllHostnameVerifier());
        externalTlsDirContextAuthenticationStrategy.setSslSocketFactory(getSSLSocketFactory());
        return externalTlsDirContextAuthenticationStrategy;
    }
}
