package com.nimbusds.common.config;

import com.nimbusds.common.ldap.LDAPConnectionSecurity;
import com.thetransactioncompany.util.PropertyParseException;
import com.thetransactioncompany.util.PropertyRetriever;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPURL;
import java.util.Properties;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/nimbusds/common/config/LDAPServerDetails.class */
public class LDAPServerDetails implements LoggableConfiguration {
    public final LDAPURL[] url;
    public final ServerSelectionAlgorithm selectionAlgorithm;
    public final LDAPConnectionSecurity security;
    public final int connectTimeout;
    public static final int DEFAULT_CONNECT_TIMEOUT = 0;
    public final boolean trustSelfSignedCerts;
    public static final boolean DEFAULT_SELF_SIGNED_CERTS_TRUST = false;
    public static final ServerSelectionAlgorithm DEFAULT_SELECTION_ALGORITHM = ServerSelectionAlgorithm.FAILOVER;
    public static final LDAPConnectionSecurity DEFAULT_SECURITY = LDAPConnectionSecurity.STARTTLS;

    public LDAPServerDetails(LDAPURL ldapurl, LDAPConnectionSecurity lDAPConnectionSecurity, int i, boolean z) {
        if (ldapurl == null) {
            throw new IllegalArgumentException("The LDAP server URL must not be null");
        }
        this.url = new LDAPURL[1];
        this.url[0] = ldapurl;
        this.selectionAlgorithm = null;
        if (lDAPConnectionSecurity == null) {
            throw new IllegalArgumentException("The LDAP connection security must not be null");
        }
        this.security = lDAPConnectionSecurity;
        this.connectTimeout = i;
        this.trustSelfSignedCerts = z;
    }

    public LDAPServerDetails(LDAPURL[] ldapurlArr, ServerSelectionAlgorithm serverSelectionAlgorithm, LDAPConnectionSecurity lDAPConnectionSecurity, int i, boolean z) {
        if (ldapurlArr == null) {
            throw new IllegalArgumentException("The LDAP server URL must not be null");
        }
        if (ldapurlArr.length == 0) {
            throw new IllegalArgumentException("The LDAP server URL array must contain at least one entry");
        }
        this.url = ldapurlArr;
        if (ldapurlArr.length > 1 && serverSelectionAlgorithm == null) {
            throw new IllegalArgumentException("An LDAP server selection algorithm must be specified");
        }
        this.selectionAlgorithm = serverSelectionAlgorithm;
        if (lDAPConnectionSecurity == null) {
            throw new IllegalArgumentException("The LDAP connection security must not be null");
        }
        this.security = lDAPConnectionSecurity;
        this.connectTimeout = i;
        this.trustSelfSignedCerts = z;
    }

    public LDAPServerDetails(String str, Properties properties) throws PropertyParseException {
        this(str, properties, true);
    }

    public LDAPServerDetails(String str, Properties properties, boolean z) throws PropertyParseException {
        PropertyRetriever propertyRetriever = new PropertyRetriever(properties);
        String optString = propertyRetriever.getOptString(str + "url", (String) null);
        if (optString == null || optString.trim().isEmpty()) {
            if (z) {
                throw new PropertyParseException("Missing LDAP URL", str + "url");
            }
            this.url = null;
        } else {
            String[] split = optString.split("\\s+");
            this.url = new LDAPURL[split.length];
            for (int i = 0; i < split.length; i++) {
                try {
                    this.url[i] = new LDAPURL(split[i]);
                    if (this.url[i].getHost() == null) {
                        throw new PropertyParseException("Missing host in LDAP URL", str + "url", split[i]);
                    }
                } catch (LDAPException e) {
                    throw new PropertyParseException("Invalid LDAP URL", str + "url", split[i]);
                }
            }
        }
        if (this.url == null || this.url.length <= 1) {
            this.selectionAlgorithm = null;
        } else {
            this.selectionAlgorithm = (ServerSelectionAlgorithm) propertyRetriever.getOptEnum(str + "selectionAlgorithm", ServerSelectionAlgorithm.class, DEFAULT_SELECTION_ALGORITHM);
        }
        this.security = (LDAPConnectionSecurity) propertyRetriever.getOptEnum(str + "security", LDAPConnectionSecurity.class, DEFAULT_SECURITY);
        this.connectTimeout = propertyRetriever.getOptInt(str + "connectTimeout", 0);
        this.trustSelfSignedCerts = propertyRetriever.getOptBoolean(str + "trustSelfSignedCerts", false);
    }

    @Override // com.nimbusds.common.config.LoggableConfiguration
    public void log() {
        Logger logger = Logger.getLogger(LDAPServerDetails.class);
        if (this.url == null) {
            logger.info("LDAP server URL: not specified");
            return;
        }
        for (int i = 0; i < this.url.length; i++) {
            logger.info("LDAP server [" + i + "]: " + this.url[i].getHost() + ':' + this.url[i].getPort() + " (transport security " + this.security + ") ");
        }
        if (this.security == LDAPConnectionSecurity.NONE) {
            logger.warn("LDAP server connection not protected (security=NONE), consider using STARTTLS or SSL");
        }
        if (this.url.length > 1) {
            logger.info("LDAP server selection algorithm: " + this.selectionAlgorithm);
        }
        if (this.connectTimeout > 0) {
            logger.info("LDAP server connect timeout (ms): " + this.connectTimeout);
        } else {
            logger.info("LDAP server connect timeout: Determined by LDAP client library");
        }
        logger.info("Self-signed LDAP server certificates are trusted: " + this.trustSelfSignedCerts);
    }
}
