package org.ballerinalang.auth.ldap.nativeimpl;

import java.io.File;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import org.apache.commons.lang3.StringUtils;
import org.ballerinalang.auth.ldap.CommonLdapConfiguration;
import org.ballerinalang.auth.ldap.LdapConnectionContext;
import org.ballerinalang.auth.ldap.LdapConstants;
import org.ballerinalang.auth.ldap.SslContextTrustManager;
import org.ballerinalang.auth.ldap.util.LdapUtils;
import org.ballerinalang.auth.ldap.util.SslUtils;
import org.ballerinalang.bre.Context;
import org.ballerinalang.bre.bvm.BlockingNativeCallableUnit;
import org.ballerinalang.connector.api.BLangConnectorSPIUtil;
import org.ballerinalang.connector.api.Struct;
import org.ballerinalang.connector.api.Value;
import org.ballerinalang.model.types.TypeKind;
import org.ballerinalang.model.values.BMap;
import org.ballerinalang.model.values.BValue;
import org.ballerinalang.natives.annotations.Argument;
import org.ballerinalang.natives.annotations.BallerinaFunction;
import org.ballerinalang.util.exceptions.BallerinaException;

@BallerinaFunction(orgName = "ballerina", packageName = "auth", functionName = "initLdapConnectionContext", args = {@Argument(name = "ldapAuthStoreProvider", type = TypeKind.OBJECT, structType = "LdapAuthStoreProvider"), @Argument(name = LdapConstants.ENDPOINT_INSTANCE_ID, type = TypeKind.STRING)}, isPublic = true)
/* loaded from: input_file:org/ballerinalang/auth/ldap/nativeimpl/InitLdapConnectionContext.class */
public class InitLdapConnectionContext extends BlockingNativeCallableUnit {
    public void execute(Context context) {
        String stringArgument = context.getStringArgument(0);
        BMap refArgument = context.getRefArgument(0);
        Struct struct = BLangConnectorSPIUtil.toStruct(refArgument.get(LdapConstants.LDAP_AUTH_PROVIDER_CONFIG));
        CommonLdapConfiguration commonLdapConfiguration = new CommonLdapConfiguration();
        commonLdapConfiguration.setDomainName(struct.getStringField(LdapConstants.DOMAIN_NAME));
        commonLdapConfiguration.setConnectionURL(struct.getStringField(LdapConstants.CONNECTION_URL));
        commonLdapConfiguration.setConnectionName(struct.getStringField(LdapConstants.CONNECTION_NAME));
        commonLdapConfiguration.setConnectionPassword(struct.getStringField(LdapConstants.CONNECTION_PASSWORD));
        commonLdapConfiguration.setUserSearchBase(struct.getStringField(LdapConstants.USER_SEARCH_BASE));
        commonLdapConfiguration.setUserEntryObjectClass(struct.getStringField(LdapConstants.USER_ENTRY_OBJECT_CLASS));
        commonLdapConfiguration.setUserNameAttribute(struct.getStringField(LdapConstants.USER_NAME_ATTRIBUTE));
        commonLdapConfiguration.setUserNameSearchFilter(struct.getStringField(LdapConstants.USER_NAME_SEARCH_FILTER));
        commonLdapConfiguration.setUserNameListFilter(struct.getStringField(LdapConstants.USER_NAME_LIST_FILTER));
        commonLdapConfiguration.setGroupSearchBase(getAsStringList(struct.getArrayField(LdapConstants.GROUP_SEARCH_BASE)));
        commonLdapConfiguration.setGroupEntryObjectClass(struct.getStringField(LdapConstants.GROUP_ENTRY_OBJECT_CLASS));
        commonLdapConfiguration.setGroupNameAttribute(struct.getStringField(LdapConstants.GROUP_NAME_ATTRIBUTE));
        commonLdapConfiguration.setGroupNameSearchFilter(struct.getStringField(LdapConstants.GROUP_NAME_SEARCH_FILTER));
        commonLdapConfiguration.setGroupNameListFilter(struct.getStringField(LdapConstants.GROUP_NAME_LIST_FILTER));
        commonLdapConfiguration.setMembershipAttribute(struct.getStringField(LdapConstants.MEMBERSHIP_ATTRIBUTE));
        commonLdapConfiguration.setUserRolesCacheEnabled(struct.getBooleanField(LdapConstants.USER_ROLE_CACHE_ENABLE));
        commonLdapConfiguration.setConnectionPoolingEnabled(struct.getBooleanField(LdapConstants.CONNECTION_POOLING_ENABLED));
        commonLdapConfiguration.setLdapConnectionTimeout((int) struct.getIntField(LdapConstants.CONNECTION_TIME_OUT));
        commonLdapConfiguration.setReadTimeout((int) struct.getIntField(LdapConstants.READ_TIME_OUT));
        commonLdapConfiguration.setRetryAttempts((int) struct.getIntField(LdapConstants.RETRY_ATTEMPTS));
        Struct structField = struct.getStructField(LdapConstants.SECURE_AUTH_STORE_CONFIG);
        try {
            if (structField != null) {
                try {
                    setSslConfig(structField, commonLdapConfiguration, stringArgument);
                    LdapUtils.setServiceName(stringArgument);
                } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException | NamingException e) {
                    throw new BallerinaException(e.getMessage(), e);
                }
            }
            LdapConnectionContext ldapConnectionContext = new LdapConnectionContext(commonLdapConfiguration);
            DirContext context2 = ldapConnectionContext.getContext();
            refArgument.addNativeData(LdapConstants.LDAP_CONFIGURATION, commonLdapConfiguration);
            refArgument.addNativeData(LdapConstants.LDAP_CONNECTION_SOURCE, ldapConnectionContext);
            refArgument.addNativeData(LdapConstants.LDAP_CONNECTION_CONTEXT, context2);
            refArgument.addNativeData(LdapConstants.ENDPOINT_INSTANCE_ID, stringArgument);
            context.setReturnValues(new BValue[0]);
            if (structField != null) {
                LdapUtils.removeServiceName();
            }
        } catch (Throwable th) {
            if (structField != null) {
                LdapUtils.removeServiceName();
            }
            throw th;
        }
    }

    private void setSslConfig(Struct struct, CommonLdapConfiguration commonLdapConfiguration, String str) throws IOException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, CertificateException {
        Struct structField = struct.getStructField(LdapConstants.AUTH_STORE_CONFIG_TRUST_STORE);
        String stringField = struct.getStringField(LdapConstants.AUTH_STORE_CONFIG_TRUST_CERTIFICATES);
        if (structField == null) {
            if (StringUtils.isNotBlank(stringField)) {
                commonLdapConfiguration.setClientTrustCertificates(stringField);
                SslContextTrustManager.getInstance().addSSLContext(str, SslUtils.getSslContextForCertificateFile(stringField));
                return;
            }
            return;
        }
        String stringField2 = structField.getStringField(LdapConstants.FILE_PATH);
        String stringField3 = structField.getStringField(LdapConstants.PASSWORD);
        if (stringField2 != null) {
            File file = new File(LdapUtils.substituteVariables(stringField2));
            if (!file.exists()) {
                throw new IllegalArgumentException("trustStore File " + stringField2 + " not found");
            }
            if (stringField3 == null) {
                throw new IllegalArgumentException("trustStorePass is not defined for HTTPS scheme");
            }
            commonLdapConfiguration.setTrustStoreFile(file);
            commonLdapConfiguration.setTrustStorePass(stringField3);
            SslContextTrustManager.getInstance().addSSLContext(str, SslUtils.createClientSslContext(stringField2, stringField3));
        }
    }

    private static List<String> getAsStringList(Value[] valueArr) {
        if (valueArr == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (Value value : valueArr) {
            arrayList.add(value.getStringValue().trim());
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return arrayList;
    }
}
