package org.elasticsearch.xpack.security.authc.ldap;

import com.unboundid.ldap.sdk.BindRequest;
import com.unboundid.ldap.sdk.GetEntryLDAPConnectionPoolHealthCheck;
import com.unboundid.ldap.sdk.LDAPConnectionPool;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ServerSet;
import java.util.Optional;
import java.util.Set;
import java.util.function.Supplier;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.message.Message;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.common.lease.Releasable;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.xpack.security.authc.RealmConfig;
import org.elasticsearch.xpack.security.authc.RealmSettings;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapMetaDataResolver;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils;
import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
import org.elasticsearch.xpack.ssl.SSLService;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:lib/org.elasticsearch.plugin.xpack.api-6.1.3.jar:org/elasticsearch/xpack/security/authc/ldap/PoolingSessionFactory.class */
public abstract class PoolingSessionFactory extends SessionFactory implements Releasable {
    static final int DEFAULT_CONNECTION_POOL_SIZE = 20;
    static final int DEFAULT_CONNECTION_POOL_INITIAL_SIZE = 0;
    static final Setting<String> BIND_DN = Setting.simpleString("bind_dn", Setting.Property.NodeScope, Setting.Property.Filtered);
    static final Setting<String> BIND_PASSWORD = Setting.simpleString("bind_password", Setting.Property.NodeScope, Setting.Property.Filtered);
    private static final TimeValue DEFAULT_HEALTH_CHECK_INTERVAL = TimeValue.timeValueSeconds(60);
    private static final Setting<Integer> POOL_INITIAL_SIZE = Setting.intSetting("user_search.pool.initial_size", 0, 0, Setting.Property.NodeScope);
    private static final Setting<Integer> POOL_SIZE = Setting.intSetting("user_search.pool.size", 20, 1, Setting.Property.NodeScope);
    private static final Setting<TimeValue> HEALTH_CHECK_INTERVAL = Setting.timeSetting("user_search.pool.health_check.interval", DEFAULT_HEALTH_CHECK_INTERVAL, Setting.Property.NodeScope);
    private static final Setting<Boolean> HEALTH_CHECK_ENABLED = Setting.boolSetting("user_search.pool.health_check.enabled", true, Setting.Property.NodeScope);
    private static final Setting<Optional<String>> HEALTH_CHECK_DN = new Setting<>("user_search.pool.health_check.dn", (String) null, (v0) -> {
        return Optional.ofNullable(v0);
    }, Setting.Property.NodeScope);
    private final boolean useConnectionPool;
    private final LDAPConnectionPool connectionPool;
    final LdapMetaDataResolver metaDataResolver;
    final LdapSession.GroupsResolver groupResolver;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PoolingSessionFactory(RealmConfig realmConfig, SSLService sSLService, LdapSession.GroupsResolver groupsResolver, Setting<Boolean> setting, Supplier<BindRequest> supplier, Supplier<String> supplier2, ThreadPool threadPool) throws LDAPException {
        super(realmConfig, sSLService, threadPool);
        this.groupResolver = groupsResolver;
        this.metaDataResolver = new LdapMetaDataResolver(realmConfig.settings(), this.ignoreReferralErrors);
        this.useConnectionPool = setting.get(realmConfig.settings()).booleanValue();
        if (this.useConnectionPool) {
            this.connectionPool = createConnectionPool(realmConfig, this.serverSet, this.timeout, this.logger, supplier, supplier2);
        } else {
            this.connectionPool = null;
        }
    }

    @Override // org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory
    public final void session(String str, SecureString secureString, ActionListener<LdapSession> actionListener) {
        if (this.useConnectionPool) {
            getSessionWithPool(this.connectionPool, str, secureString, actionListener);
        } else {
            getSessionWithoutPool(str, secureString, actionListener);
        }
    }

    @Override // org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory
    public final void unauthenticatedSession(String str, ActionListener<LdapSession> actionListener) {
        if (this.useConnectionPool) {
            getUnauthenticatedSessionWithPool(this.connectionPool, str, actionListener);
        } else {
            getUnauthenticatedSessionWithoutPool(str, actionListener);
        }
    }

    abstract void getSessionWithPool(LDAPConnectionPool lDAPConnectionPool, String str, SecureString secureString, ActionListener<LdapSession> actionListener);

    abstract void getSessionWithoutPool(String str, SecureString secureString, ActionListener<LdapSession> actionListener);

    abstract void getUnauthenticatedSessionWithPool(LDAPConnectionPool lDAPConnectionPool, String str, ActionListener<LdapSession> actionListener);

    abstract void getUnauthenticatedSessionWithoutPool(String str, ActionListener<LdapSession> actionListener);

    static LDAPConnectionPool createConnectionPool(RealmConfig realmConfig, ServerSet serverSet, TimeValue timeValue, Logger logger, Supplier<BindRequest> supplier, Supplier<String> supplier2) throws LDAPException {
        Settings settings = realmConfig.settings();
        BindRequest bindRequest = supplier.get();
        int intValue = POOL_INITIAL_SIZE.get(settings).intValue();
        int intValue2 = POOL_SIZE.get(settings).intValue();
        AutoCloseable autoCloseable = null;
        try {
            LDAPConnectionPool lDAPConnectionPool = (LDAPConnectionPool) LdapUtils.privilegedConnect(() -> {
                return new LDAPConnectionPool(serverSet, bindRequest, intValue, intValue2);
            });
            lDAPConnectionPool.setRetryFailedOperationsDueToInvalidConnections(true);
            if (HEALTH_CHECK_ENABLED.get(settings).booleanValue()) {
                String orElseGet = HEALTH_CHECK_DN.get(settings).orElseGet(supplier2);
                long millis = HEALTH_CHECK_INTERVAL.get(settings).millis();
                if (orElseGet != null) {
                    lDAPConnectionPool.setHealthCheck(new GetEntryLDAPConnectionPoolHealthCheck(orElseGet, timeValue.millis(), false, false, false, true, false));
                    lDAPConnectionPool.setHealthCheckIntervalMillis(millis);
                } else {
                    logger.warn((Message) new ParameterizedMessage("[{}] and [{}} have not been specified or are not valid distinguished names,so connection health checking is disabled", RealmSettings.getFullSettingKey(realmConfig, BIND_DN), RealmSettings.getFullSettingKey(realmConfig, HEALTH_CHECK_DN)));
                }
            }
            if (1 == 0 && lDAPConnectionPool != null) {
                lDAPConnectionPool.close();
            }
            return lDAPConnectionPool;
        } catch (Throwable th) {
            if (0 == 0 && 0 != 0) {
                autoCloseable.close();
            }
            throw th;
        }
    }

    @Override // org.elasticsearch.common.lease.Releasable, java.io.Closeable, java.lang.AutoCloseable
    public final void close() {
        if (this.connectionPool != null) {
            this.connectionPool.close();
        }
    }

    LDAPConnectionPool getConnectionPool() {
        return this.connectionPool;
    }

    public static Set<Setting<?>> getSettings() {
        return Sets.newHashSet(POOL_INITIAL_SIZE, POOL_SIZE, HEALTH_CHECK_ENABLED, HEALTH_CHECK_INTERVAL, HEALTH_CHECK_DN, BIND_DN, BIND_PASSWORD);
    }
}
