package at.knowcenter.wag.egov.egiz.ldap.client;

import iaik.x509.X509Certificate;
import iaik.x509.net.ldap.Handler;
import iaik.x509.net.ldap.LdapURLConnection;
import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLStreamHandler;
import org.apache.log4j.Logger;

/* loaded from: input_file:at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.class */
public final class LDAPClientImpl implements LDAPClient {
    protected static final String DEFAULT_LDAP_ATTR_SERIAL_NUMBER = "eidCertificateSerialNumber";
    private static final Handler LDAP_HANDLER = new Handler();
    private static final long TIME_ON_BLACKLIST_IN_SECONDS = 300;
    private static final int READ_TIMEOUT = 15;
    private static final int CONNECTION_TIMEOUT = 15;
    private Logger log;
    private URL url;
    private String serialNumberAttrName;
    private long timeStampForBlackList;

    protected LDAPClientImpl() {
        this.log = Logger.getLogger(getClass());
        setSerialNumberAttrName(DEFAULT_LDAP_ATTR_SERIAL_NUMBER);
        this.timeStampForBlackList = 0L;
    }

    protected LDAPClientImpl(URL url) {
        this();
        setUrl(url);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public LDAPClientImpl(String str) throws LDAPException {
        this();
        try {
            setUrl(new URL((URL) null, str, (URLStreamHandler) LDAP_HANDLER));
        } catch (MalformedURLException e) {
            throw new LDAPException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public LDAPClientImpl(LDAPMapping lDAPMapping) {
        this();
        setUrl(lDAPMapping.getLdapURL());
        setSerialNumberAttrName(lDAPMapping.getSerialNumberAttrName());
    }

    @Override // at.knowcenter.wag.egov.egiz.ldap.client.LDAPClient
    public URL getUrl() {
        return this.url;
    }

    @Override // at.knowcenter.wag.egov.egiz.ldap.client.LDAPClient
    public void setUrl(URL url) {
        if (url == null) {
            throw new NullPointerException("LDAP url must not be null.");
        }
        this.url = url;
    }

    @Override // at.knowcenter.wag.egov.egiz.ldap.client.LDAPClient
    public String getSerialNumberAttrName() {
        return this.serialNumberAttrName;
    }

    @Override // at.knowcenter.wag.egov.egiz.ldap.client.LDAPClient
    public void setSerialNumberAttrName(String str) {
        if (str != null && str.length() == 0) {
            throw new IllegalArgumentException("Serial number attribute name must not be empty");
        }
        this.serialNumberAttrName = str != null ? str : DEFAULT_LDAP_ATTR_SERIAL_NUMBER;
    }

    @Override // at.knowcenter.wag.egov.egiz.ldap.client.LDAPClient
    public X509Certificate[] retrieveCertificates(String str) throws LDAPException {
        if (str == null) {
            throw new NullPointerException("Filter string must not be null.");
        }
        if (str.length() == 0) {
            throw new IllegalArgumentException("Filter string must not be empty.");
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[0];
        long currentTimeMillis = System.currentTimeMillis();
        if (this.timeStampForBlackList + 300000 >= currentTimeMillis) {
            this.log.warn(new StringBuffer().append("LDAP connections to URL \"").append(getUrl().toString()).append("\" are blocked for ").append(TIME_ON_BLACKLIST_IN_SECONDS - ((currentTimeMillis - this.timeStampForBlackList) / 1000)).append(" (").append(TIME_ON_BLACKLIST_IN_SECONDS).append(") seconds due to previous errors.").toString());
            return x509CertificateArr;
        }
        LdapURLConnection ldapURLConnection = null;
        try {
            try {
                validateData();
                ldapURLConnection = (LdapURLConnection) this.url.openConnection();
                this.log.debug("Setting timeout for LDAPClient: connection timeout = 15 seconds, read timeout = 15 seconds.");
                ldapURLConnection.setReadTimeout(15000);
                ldapURLConnection.setConnectTimeout(15000);
                ldapURLConnection.setRequestProperty("attributeDescription", "userCertificate;binary");
                ldapURLConnection.setRequestProperty("scope", "sub");
                ldapURLConnection.setRequestProperty("filter", str);
                this.log.debug(new StringBuffer().append("Connecting to \"").append(this.url.toString()).append("\".").toString());
                X509Certificate[] x509CertificateArr2 = (X509Certificate[]) ldapURLConnection.getContent();
                this.log.debug(new StringBuffer().append("Result of LDAP query received (").append(x509CertificateArr2 != null ? x509CertificateArr2.length : 0).append(" result(s)).").toString());
                if (ldapURLConnection != null) {
                    ldapURLConnection.disconnect();
                }
                return x509CertificateArr2;
            } catch (IOException e) {
                this.timeStampForBlackList = System.currentTimeMillis();
                this.log.warn(new StringBuffer().append("Unable to get certificate from \"").append(getUrl().toString()).append("\". LDAPClient is now blocking that URL for ").append(TIME_ON_BLACKLIST_IN_SECONDS).append(" seconds.").toString());
                throw new LDAPException(e);
            }
        } catch (Throwable th) {
            if (ldapURLConnection != null) {
                ldapURLConnection.disconnect();
            }
            throw th;
        }
    }

    @Override // at.knowcenter.wag.egov.egiz.ldap.client.LDAPClient
    public X509Certificate retrieveCertificate(BigInteger bigInteger) throws LDAPException {
        if (bigInteger == null) {
            throw new NullPointerException("Serial number must not be null");
        }
        validateData();
        X509Certificate[] retrieveCertificates = retrieveCertificates(new StringBuffer().append("(").append(this.serialNumberAttrName).append("=").append(bigInteger).append(")").toString());
        if (retrieveCertificates.length > 1) {
            throw new LDAPException(new StringBuffer().append("There was more than one certificate with serial number ").append(bigInteger).append(".").toString());
        }
        if (retrieveCertificates.length == 0) {
            return null;
        }
        return retrieveCertificates[0];
    }

    public void validateData() throws LDAPException {
        if (this.url == null) {
            throw new LDAPException("LDAP URL must not be null.");
        }
        if (this.serialNumberAttrName == null || this.serialNumberAttrName.length() == 0) {
            throw new LDAPException("LDAP key for serial number is null or empty.");
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("ldapURL = ").append(this.url);
        stringBuffer.append(", serialNumberAttrName = ").append(this.serialNumberAttrName);
        return stringBuffer.toString();
    }
}
