package org.opends.server.util.cli;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.net.InetAddress;
import java.net.URI;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import org.opends.admin.ads.ADSContext;
import org.opends.admin.ads.util.ApplicationKeyManager;
import org.opends.admin.ads.util.ApplicationTrustManager;
import org.opends.messages.Message;
import org.opends.messages.QuickSetupMessages;
import org.opends.messages.ToolMessages;
import org.opends.messages.UtilityMessages;
import org.opends.quicksetup.Step;
import org.opends.quicksetup.UserDataCertificateException;
import org.opends.quicksetup.util.Utils;
import org.opends.server.admin.client.cli.SecureConnectionCliArgs;
import org.opends.server.tools.LDAPConnectionOptions;
import org.opends.server.tools.SSLConnectionException;
import org.opends.server.tools.SSLConnectionFactory;
import org.opends.server.tools.dsconfig.ArgumentExceptionFactory;
import org.opends.server.util.CertificateManager;
import org.opends.server.util.SelectableCertificateKeyManager;
import org.opends.server.util.args.ArgumentException;

/* loaded from: input_file:WEB-INF/lib/OpenDS.jar:org/opends/server/util/cli/LDAPConnectionConsoleInteraction.class */
public class LDAPConnectionConsoleInteraction {
    private boolean useSSL;
    private boolean useStartTLS;
    private String hostName;
    private int portNumber;
    private String bindDN;
    private String providedBindDN;
    private String adminUID;
    private String providedAdminUID;
    private String bindPassword;
    private KeyManager keyManager;
    private ApplicationTrustManager trustManager;
    private SecureConnectionCliArgs secureArgsList;
    private ConsoleApplication app;
    private boolean trustAll;
    private boolean trustManagerInitialized;
    private KeyStore truststore;
    private String keystorePath;
    private String keystorePassword;
    private String certifNickname;
    private String truststorePath;
    private String truststorePassword;
    private int connectTimeout;
    private SecureConnectionCliArgs copySecureArgsList;
    private boolean useAdminOrBindDn = false;
    private boolean displayLdapIfSecureParameters = false;
    private boolean isHeadingDisplayed = false;
    private boolean trustStoreInMemory = false;
    private Message heading = UtilityMessages.INFO_LDAP_CONN_HEADING_CONNECTION_PARAMETERS.get();
    private CommandBuilder commandBuilder = new CommandBuilder(null);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/OpenDS.jar:org/opends/server/util/cli/LDAPConnectionConsoleInteraction$Protocols.class */
    public enum Protocols {
        LDAP(1, UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_LDAP.get()),
        SSL(2, UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_USE_SSL.get()),
        START_TLS(3, UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_USE_START_TLS.get());

        private Integer choice;
        private Message msg;

        Protocols(int i, Message message) {
            this.choice = Integer.valueOf(i);
            this.msg = message;
        }

        public Integer getChoice() {
            return this.choice;
        }

        public Message getMenuMessage() {
            return this.msg;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/OpenDS.jar:org/opends/server/util/cli/LDAPConnectionConsoleInteraction$TrustMethod.class */
    public enum TrustMethod {
        TRUSTALL(1, UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_USE_TRUST_ALL.get()),
        TRUSTSTORE(2, UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_TRUSTSTORE.get()),
        DISPLAY_CERTIFICATE(3, UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_MANUAL_CHECK.get());

        private Integer choice;
        private Message msg;

        TrustMethod(int i, Message message) {
            this.choice = new Integer(i);
            this.msg = message;
        }

        public Integer getChoice() {
            return this.choice;
        }

        public Message getMenuMessage() {
            return this.msg;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/OpenDS.jar:org/opends/server/util/cli/LDAPConnectionConsoleInteraction$TrustOption.class */
    public enum TrustOption {
        UNTRUSTED(1, UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_TRUST_OPTION_NO.get()),
        SESSION(2, UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_TRUST_OPTION_SESSION.get()),
        PERMAMENT(3, UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_TRUST_OPTION_ALWAYS.get()),
        CERTIFICATE_DETAILS(4, UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_CERTIFICATE_DETAILS.get());

        private Integer choice;
        private Message msg;

        TrustOption(int i, Message message) {
            this.choice = new Integer(i);
            this.msg = message;
        }

        public Integer getChoice() {
            return this.choice;
        }

        public Message getMenuMessage() {
            return this.msg;
        }
    }

    public LDAPConnectionConsoleInteraction(ConsoleApplication consoleApplication, SecureConnectionCliArgs secureConnectionCliArgs) {
        this.secureArgsList = null;
        this.trustAll = false;
        this.copySecureArgsList = null;
        this.app = consoleApplication;
        this.secureArgsList = secureConnectionCliArgs;
        this.useSSL = secureConnectionCliArgs.useSSL();
        this.useStartTLS = secureConnectionCliArgs.useStartTLS();
        this.trustAll = secureConnectionCliArgs.trustAllArg.isPresent();
        this.copySecureArgsList = new SecureConnectionCliArgs(secureConnectionCliArgs.alwaysSSL());
        try {
            this.copySecureArgsList.createGlobalArguments();
        } catch (Throwable th) {
            throw new RuntimeException("Unexpected error: " + th, th);
        }
    }

    public void run() throws ArgumentException {
        run(true, true);
    }

    public void run(boolean z, boolean z2) throws ArgumentException {
        this.commandBuilder.clearArguments();
        this.copySecureArgsList.createGlobalArguments();
        boolean z3 = (z || z2) && (this.secureArgsList.useSSLArg.isPresent() || this.secureArgsList.useStartTLSArg.isPresent() || this.secureArgsList.trustAllArg.isPresent() || this.secureArgsList.trustStorePathArg.isPresent() || this.secureArgsList.trustStorePasswordArg.isPresent() || this.secureArgsList.trustStorePasswordFileArg.isPresent() || this.secureArgsList.keyStorePathArg.isPresent() || this.secureArgsList.keyStorePasswordArg.isPresent() || this.secureArgsList.keyStorePasswordFileArg.isPresent());
        this.hostName = this.secureArgsList.hostNameArg.getValue();
        final String str = this.hostName;
        if (this.app.isInteractive() && !this.secureArgsList.hostNameArg.isPresent()) {
            checkHeadingDisplayed();
            ValidationCallback<String> validationCallback = new ValidationCallback<String>() { // from class: org.opends.server.util.cli.LDAPConnectionConsoleInteraction.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.opends.server.util.cli.ValidationCallback
                public String validate(ConsoleApplication consoleApplication, String str2) throws CLIException {
                    String trim = str2.trim();
                    if (trim.length() == 0) {
                        return str;
                    }
                    try {
                        InetAddress.getByName(trim);
                        return trim;
                    } catch (UnknownHostException e) {
                        consoleApplication.println();
                        consoleApplication.println(UtilityMessages.ERR_LDAP_CONN_BAD_HOST_NAME.get(trim));
                        consoleApplication.println();
                        return null;
                    }
                }
            };
            try {
                this.app.println();
                this.hostName = (String) this.app.readValidatedInput(UtilityMessages.INFO_LDAP_CONN_PROMPT_HOST_NAME.get(this.hostName), validationCallback);
            } catch (CLIException e) {
                throw ArgumentExceptionFactory.unableToReadConnectionParameters(e);
            }
        }
        this.copySecureArgsList.hostNameArg.clearValues();
        this.copySecureArgsList.hostNameArg.addValue(this.hostName);
        this.commandBuilder.addArgument(this.copySecureArgsList.hostNameArg);
        this.useSSL = this.secureArgsList.useSSL();
        this.useStartTLS = this.secureArgsList.useStartTLS();
        boolean z4 = this.secureArgsList.alwaysSSL() || this.secureArgsList.useSSLArg.isPresent() || this.secureArgsList.useStartTLSArg.isPresent() || (this.secureArgsList.useSSLArg.isValueSetByProperty() && this.secureArgsList.useStartTLSArg.isValueSetByProperty());
        if (this.app.isInteractive() && !z4) {
            checkHeadingDisplayed();
            MenuBuilder menuBuilder = new MenuBuilder(this.app);
            menuBuilder.setPrompt(UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_USE_SECURE_CTX.get());
            Protocols protocols = z3 ? Protocols.SSL : Protocols.LDAP;
            for (Protocols protocols2 : Protocols.values()) {
                if ((!z3 || !protocols2.equals(Protocols.LDAP) || this.displayLdapIfSecureParameters) && ((z || !protocols2.equals(Protocols.SSL)) && (z2 || !protocols2.equals(Protocols.START_TLS)))) {
                    int addNumberedOption = menuBuilder.addNumberedOption(protocols2.getMenuMessage(), MenuResult.success(protocols2.getChoice()), new Message[0]);
                    if (protocols2.equals(protocols)) {
                        menuBuilder.setDefault(UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_PROTOCOL_DEFAULT_CHOICE.get(Integer.valueOf(addNumberedOption)), MenuResult.success(protocols2.getChoice()));
                    }
                }
            }
            try {
                MenuResult run = menuBuilder.toMenu().run();
                if (!run.isSuccess()) {
                    throw new RuntimeException();
                }
                if (((Integer) run.getValue()).equals(Protocols.SSL.getChoice())) {
                    this.useSSL = true;
                } else if (((Integer) run.getValue()).equals(Protocols.START_TLS.getChoice())) {
                    this.useStartTLS = true;
                }
            } catch (CLIException e2) {
                throw new RuntimeException(e2);
            }
        }
        if (this.useSSL) {
            this.commandBuilder.addArgument(this.copySecureArgsList.useSSLArg);
        } else if (this.useStartTLS) {
            this.commandBuilder.addArgument(this.copySecureArgsList.useStartTLSArg);
        }
        if (!this.useSSL) {
            this.portNumber = this.secureArgsList.portArg.getIntValue();
        } else if (this.secureArgsList.portArg.isPresent()) {
            this.portNumber = this.secureArgsList.portArg.getIntValue();
        } else {
            this.portNumber = this.secureArgsList.getPortFromConfig();
        }
        final int i = this.portNumber;
        if (this.app.isInteractive() && !this.secureArgsList.portArg.isPresent()) {
            checkHeadingDisplayed();
            ValidationCallback<Integer> validationCallback2 = new ValidationCallback<Integer>() { // from class: org.opends.server.util.cli.LDAPConnectionConsoleInteraction.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.opends.server.util.cli.ValidationCallback
                public Integer validate(ConsoleApplication consoleApplication, String str2) throws CLIException {
                    String trim = str2.trim();
                    if (trim.length() == 0) {
                        return Integer.valueOf(i);
                    }
                    try {
                        int parseInt = Integer.parseInt(trim);
                        if (parseInt < 1 || parseInt > 65535) {
                            throw new NumberFormatException();
                        }
                        return Integer.valueOf(parseInt);
                    } catch (NumberFormatException e3) {
                        consoleApplication.println();
                        consoleApplication.println(UtilityMessages.ERR_LDAP_CONN_BAD_PORT_NUMBER.get(trim));
                        consoleApplication.println();
                        return null;
                    }
                }
            };
            try {
                this.app.println();
                this.portNumber = ((Integer) this.app.readValidatedInput(this.secureArgsList.alwaysSSL() ? UtilityMessages.INFO_ADMIN_CONN_PROMPT_PORT_NUMBER.get(Integer.valueOf(this.portNumber)) : UtilityMessages.INFO_LDAP_CONN_PROMPT_PORT_NUMBER.get(Integer.valueOf(this.portNumber)), validationCallback2)).intValue();
            } catch (CLIException e3) {
                throw ArgumentExceptionFactory.unableToReadConnectionParameters(e3);
            }
        }
        this.copySecureArgsList.portArg.clearValues();
        this.copySecureArgsList.portArg.addValue(String.valueOf(this.portNumber));
        this.commandBuilder.addArgument(this.copySecureArgsList.portArg);
        if ((this.useSSL || this.useStartTLS) && this.trustManager == null) {
            initializeTrustManager();
        }
        this.bindDN = this.secureArgsList.bindDnArg.getValue();
        this.adminUID = this.secureArgsList.adminUidArg.getValue();
        final boolean useAdminUID = this.secureArgsList.useAdminUID();
        if (useAdminUID && this.secureArgsList.adminUidArg.isPresent()) {
            this.providedAdminUID = this.adminUID;
        } else {
            this.providedAdminUID = null;
        }
        if ((!useAdminUID || this.useAdminOrBindDn) && this.secureArgsList.bindDnArg.isPresent()) {
            this.providedBindDN = this.bindDN;
        } else {
            this.providedBindDN = null;
        }
        boolean z5 = (this.providedAdminUID == null && this.providedBindDN == null) ? false : true;
        final String str2 = this.bindDN;
        final String str3 = this.adminUID;
        if (this.keyManager == null) {
            if (this.app.isInteractive() && !z5) {
                checkHeadingDisplayed();
                ValidationCallback<String> validationCallback3 = new ValidationCallback<String>() { // from class: org.opends.server.util.cli.LDAPConnectionConsoleInteraction.3
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // org.opends.server.util.cli.ValidationCallback
                    public String validate(ConsoleApplication consoleApplication, String str4) throws CLIException {
                        String trim = str4.trim();
                        return trim.length() == 0 ? useAdminUID ? str3 : str2 : trim;
                    }
                };
                try {
                    this.app.println();
                    if (this.useAdminOrBindDn) {
                        String str4 = (String) this.app.readValidatedInput(UtilityMessages.INFO_LDAP_CONN_GLOBAL_ADMINISTRATOR_OR_BINDDN_PROMPT.get(this.adminUID != null ? this.adminUID : this.bindDN), validationCallback3);
                        if (Utils.isDn(str4)) {
                            this.bindDN = str4;
                            this.providedBindDN = str4;
                            this.adminUID = null;
                            this.providedAdminUID = null;
                        } else {
                            this.bindDN = null;
                            this.providedBindDN = null;
                            this.adminUID = str4;
                            this.providedAdminUID = str4;
                        }
                    } else if (useAdminUID) {
                        this.adminUID = (String) this.app.readValidatedInput(UtilityMessages.INFO_LDAP_CONN_PROMPT_ADMINISTRATOR_UID.get(this.adminUID), validationCallback3);
                        this.providedAdminUID = this.adminUID;
                    } else {
                        this.bindDN = (String) this.app.readValidatedInput(UtilityMessages.INFO_LDAP_CONN_PROMPT_BIND_DN.get(this.bindDN), validationCallback3);
                        this.providedBindDN = this.bindDN;
                    }
                } catch (CLIException e4) {
                    throw ArgumentExceptionFactory.unableToReadConnectionParameters(e4);
                }
            }
            if (this.useAdminOrBindDn) {
                boolean z6 = this.providedAdminUID != null;
                boolean z7 = this.providedBindDN != null;
                if (!z6 && !z7) {
                    z6 = getAdministratorUID() != null;
                    z7 = getBindDN() != null;
                }
                if (z6) {
                    this.copySecureArgsList.adminUidArg.clearValues();
                    this.copySecureArgsList.adminUidArg.addValue(getAdministratorUID());
                    this.commandBuilder.addArgument(this.copySecureArgsList.adminUidArg);
                } else if (z7) {
                    this.copySecureArgsList.bindDnArg.clearValues();
                    this.copySecureArgsList.bindDnArg.addValue(getBindDN());
                    this.commandBuilder.addArgument(this.copySecureArgsList.bindDnArg);
                }
            } else if (useAdminUID) {
                this.copySecureArgsList.adminUidArg.clearValues();
                this.copySecureArgsList.adminUidArg.addValue(getAdministratorUID());
                this.commandBuilder.addArgument(this.copySecureArgsList.adminUidArg);
            } else {
                this.copySecureArgsList.bindDnArg.clearValues();
                this.copySecureArgsList.bindDnArg.addValue(getBindDN());
                this.commandBuilder.addArgument(this.copySecureArgsList.bindDnArg);
            }
        } else {
            this.bindDN = null;
            this.adminUID = null;
        }
        boolean z8 = false;
        this.bindPassword = this.secureArgsList.bindPasswordArg.getValue();
        if (this.keyManager == null) {
            if (this.secureArgsList.bindPasswordFileArg.isPresent()) {
                this.bindPassword = this.secureArgsList.bindPasswordFileArg.getValue();
                if (this.bindPassword == null) {
                    if (!useAdminUID) {
                        throw ArgumentExceptionFactory.missingBindPassword(this.bindDN);
                    }
                    throw ArgumentExceptionFactory.missingBindPassword(this.adminUID);
                }
                this.copySecureArgsList.bindPasswordFileArg.clearValues();
                this.copySecureArgsList.bindPasswordFileArg.getNameToValueMap().putAll(this.secureArgsList.bindPasswordFileArg.getNameToValueMap());
                this.commandBuilder.addArgument(this.copySecureArgsList.bindPasswordFileArg);
                z8 = true;
            } else if (this.bindPassword == null || this.bindPassword.equals("-")) {
                if (!this.app.isInteractive()) {
                    throw ArgumentExceptionFactory.unableToReadBindPasswordInteractively();
                }
                checkHeadingDisplayed();
                try {
                    this.app.println();
                    this.bindPassword = this.app.readPassword(this.providedAdminUID != null ? ToolMessages.INFO_LDAPAUTH_PASSWORD_PROMPT.get(this.providedAdminUID) : this.providedBindDN != null ? ToolMessages.INFO_LDAPAUTH_PASSWORD_PROMPT.get(this.providedBindDN) : this.bindDN != null ? ToolMessages.INFO_LDAPAUTH_PASSWORD_PROMPT.get(this.bindDN) : ToolMessages.INFO_LDAPAUTH_PASSWORD_PROMPT.get(this.adminUID));
                } catch (Exception e5) {
                    throw ArgumentExceptionFactory.unableToReadConnectionParameters(e5);
                }
            }
            this.copySecureArgsList.bindPasswordArg.clearValues();
            this.copySecureArgsList.bindPasswordArg.addValue(this.bindPassword);
            if (!z8) {
                this.commandBuilder.addObfuscatedArgument(this.copySecureArgsList.bindPasswordArg);
            }
        }
        this.connectTimeout = this.secureArgsList.connectTimeoutArg.getIntValue();
    }

    private ApplicationTrustManager getTrustManagerInternal() throws ArgumentException {
        this.commandBuilder.removeArgument(this.copySecureArgsList.trustAllArg);
        this.commandBuilder.removeArgument(this.copySecureArgsList.trustStorePathArg);
        this.commandBuilder.removeArgument(this.copySecureArgsList.trustStorePasswordArg);
        this.commandBuilder.removeArgument(this.copySecureArgsList.trustStorePasswordFileArg);
        if (this.secureArgsList.trustAllArg.isPresent()) {
            this.commandBuilder.addArgument(this.copySecureArgsList.trustAllArg);
            return null;
        }
        boolean z = (this.secureArgsList.trustAllArg.isPresent() || this.secureArgsList.trustStorePathArg.isPresent() || this.secureArgsList.trustStorePasswordArg.isPresent() || this.secureArgsList.trustStorePasswordFileArg.isPresent()) ? false : true;
        boolean z2 = false;
        this.trustAll = this.secureArgsList.trustAllArg.isPresent();
        if (z && addLocalTrustStore()) {
            z = false;
        }
        if (this.app.isInteractive() && z) {
            checkHeadingDisplayed();
            this.app.println();
            MenuBuilder menuBuilder = new MenuBuilder(this.app);
            menuBuilder.setPrompt(UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_TRUST_METHOD.get());
            TrustMethod trustMethod = TrustMethod.DISPLAY_CERTIFICATE;
            for (TrustMethod trustMethod2 : TrustMethod.values()) {
                int addNumberedOption = menuBuilder.addNumberedOption(trustMethod2.getMenuMessage(), MenuResult.success(trustMethod2.getChoice()), new Message[0]);
                if (trustMethod2.equals(trustMethod)) {
                    menuBuilder.setDefault(UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_PROTOCOL_DEFAULT_CHOICE.get(new Integer(addNumberedOption)), MenuResult.success(trustMethod2.getChoice()));
                }
            }
            Menu menu = menuBuilder.toMenu();
            this.trustStoreInMemory = false;
            try {
                MenuResult run = menu.run();
                if (!run.isSuccess()) {
                    throw new RuntimeException();
                }
                if (((Integer) run.getValue()).equals(TrustMethod.TRUSTALL.getChoice())) {
                    this.commandBuilder.addArgument(this.copySecureArgsList.trustAllArg);
                    this.trustAll = true;
                    return null;
                }
                if (((Integer) run.getValue()).equals(TrustMethod.TRUSTSTORE.getChoice())) {
                    z2 = true;
                } else {
                    if (!((Integer) run.getValue()).equals(TrustMethod.DISPLAY_CERTIFICATE.getChoice())) {
                        throw new RuntimeException();
                    }
                    z2 = false;
                    this.trustStoreInMemory = true;
                    this.commandBuilder.addArgument(this.copySecureArgsList.trustAllArg);
                }
            } catch (CLIException e) {
                throw new RuntimeException(e);
            }
        }
        this.truststorePath = this.secureArgsList.trustStorePathArg.getValue();
        if (this.app.isInteractive() && !this.secureArgsList.trustStorePathArg.isPresent() && z2) {
            checkHeadingDisplayed();
            ValidationCallback<String> validationCallback = new ValidationCallback<String>() { // from class: org.opends.server.util.cli.LDAPConnectionConsoleInteraction.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.opends.server.util.cli.ValidationCallback
                public String validate(ConsoleApplication consoleApplication, String str) throws CLIException {
                    String trim = str.trim();
                    if (trim.length() == 0) {
                        consoleApplication.println();
                        consoleApplication.println(UtilityMessages.ERR_LDAP_CONN_PROMPT_SECURITY_INVALID_FILE_PATH.get());
                        consoleApplication.println();
                        return null;
                    }
                    File file = new File(trim);
                    if (file.exists() && file.canRead() && !file.isDirectory()) {
                        return trim;
                    }
                    consoleApplication.println();
                    consoleApplication.println(UtilityMessages.ERR_LDAP_CONN_PROMPT_SECURITY_INVALID_FILE_PATH.get());
                    consoleApplication.println();
                    return null;
                }
            };
            try {
                this.app.println();
                this.truststorePath = (String) this.app.readValidatedInput(UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_TRUSTSTORE_PATH.get(), validationCallback);
            } catch (CLIException e2) {
                throw ArgumentExceptionFactory.unableToReadConnectionParameters(e2);
            }
        }
        if (this.truststorePath != null) {
            this.copySecureArgsList.trustStorePathArg.clearValues();
            this.copySecureArgsList.trustStorePathArg.addValue(this.truststorePath);
            this.commandBuilder.addArgument(this.copySecureArgsList.trustStorePathArg);
        }
        this.truststorePassword = this.secureArgsList.trustStorePasswordArg.getValue();
        if (this.secureArgsList.trustStorePasswordFileArg.isPresent()) {
            this.truststorePassword = this.secureArgsList.trustStorePasswordFileArg.getValue();
        }
        if (this.truststorePassword != null && this.truststorePassword.equals("-")) {
            if (this.app.isInteractive()) {
                checkHeadingDisplayed();
                try {
                    this.app.println();
                    this.truststorePassword = this.app.readPassword(UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_TRUSTSTORE_PASSWORD.get(this.truststorePath));
                } catch (Exception e3) {
                    throw ArgumentExceptionFactory.unableToReadConnectionParameters(e3);
                }
            } else {
                this.truststorePassword = null;
            }
        }
        try {
            this.truststore = KeyStore.getInstance(KeyStore.getDefaultType());
            if (this.truststorePath != null) {
                FileInputStream fileInputStream = new FileInputStream(this.truststorePath);
                if (this.truststorePassword != null) {
                    this.truststore.load(fileInputStream, this.truststorePassword.toCharArray());
                } else {
                    this.truststore.load(fileInputStream, null);
                }
                fileInputStream.close();
            } else {
                this.truststore.load(null, null);
            }
            if (this.secureArgsList.trustStorePasswordFileArg.isPresent() && this.truststorePath != null) {
                this.copySecureArgsList.trustStorePasswordFileArg.clearValues();
                this.copySecureArgsList.trustStorePasswordFileArg.getNameToValueMap().putAll(this.secureArgsList.trustStorePasswordFileArg.getNameToValueMap());
                this.commandBuilder.addArgument(this.copySecureArgsList.trustStorePasswordFileArg);
            } else if (this.truststorePassword != null && this.truststorePath != null) {
                this.copySecureArgsList.trustStorePasswordArg.clearValues();
                this.copySecureArgsList.trustStorePasswordArg.addValue(this.truststorePassword);
                this.commandBuilder.addObfuscatedArgument(this.copySecureArgsList.trustStorePasswordArg);
            }
            return new ApplicationTrustManager(this.truststore);
        } catch (Exception e4) {
            throw ArgumentExceptionFactory.unableToReadConnectionParameters(e4);
        }
    }

    private KeyManager getKeyManagerInternal() throws ArgumentException {
        this.commandBuilder.removeArgument(this.copySecureArgsList.certNicknameArg);
        this.commandBuilder.removeArgument(this.copySecureArgsList.keyStorePathArg);
        this.commandBuilder.removeArgument(this.copySecureArgsList.keyStorePasswordArg);
        this.commandBuilder.removeArgument(this.copySecureArgsList.keyStorePasswordFileArg);
        if ((this.secureArgsList.keyStorePathArg.isPresent() || this.secureArgsList.keyStorePasswordArg.isPresent() || this.secureArgsList.keyStorePasswordFileArg.isPresent() || this.secureArgsList.certNicknameArg.isPresent()) ? false : true) {
            return null;
        }
        this.keystorePath = this.secureArgsList.keyStorePathArg.getValue();
        if (this.app.isInteractive() && !this.secureArgsList.keyStorePathArg.isPresent()) {
            checkHeadingDisplayed();
            ValidationCallback<String> validationCallback = new ValidationCallback<String>() { // from class: org.opends.server.util.cli.LDAPConnectionConsoleInteraction.5
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.opends.server.util.cli.ValidationCallback
                public String validate(ConsoleApplication consoleApplication, String str) throws CLIException {
                    String trim = str.trim();
                    if (trim.length() == 0) {
                        return trim;
                    }
                    File file = new File(trim);
                    if (file.exists() && file.canRead() && !file.isDirectory()) {
                        return trim;
                    }
                    consoleApplication.println();
                    consoleApplication.println(UtilityMessages.ERR_LDAP_CONN_PROMPT_SECURITY_INVALID_FILE_PATH.get());
                    consoleApplication.println();
                    return null;
                }
            };
            try {
                this.app.println();
                this.keystorePath = (String) this.app.readValidatedInput(UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_KEYSTORE_PATH.get(), validationCallback);
            } catch (CLIException e) {
                throw ArgumentExceptionFactory.unableToReadConnectionParameters(e);
            }
        }
        if (this.keystorePath != null) {
            this.copySecureArgsList.keyStorePathArg.clearValues();
            this.copySecureArgsList.keyStorePathArg.addValue(this.keystorePath);
            this.commandBuilder.addArgument(this.copySecureArgsList.keyStorePathArg);
        }
        this.keystorePassword = this.secureArgsList.keyStorePasswordArg.getValue();
        if (this.secureArgsList.keyStorePasswordFileArg.isPresent()) {
            this.keystorePassword = this.secureArgsList.keyStorePasswordFileArg.getValue();
            if (this.keystorePassword == null) {
                throw ArgumentExceptionFactory.missingBindPassword(this.keystorePassword);
            }
        } else if (this.keystorePassword == null || this.keystorePassword.equals("-")) {
            if (!this.app.isInteractive()) {
                throw ArgumentExceptionFactory.unableToReadBindPasswordInteractively();
            }
            checkHeadingDisplayed();
            try {
                this.app.println();
                this.keystorePassword = this.app.readPassword(UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_KEYSTORE_PASSWORD.get(this.keystorePath));
            } catch (Exception e2) {
                throw ArgumentExceptionFactory.unableToReadConnectionParameters(e2);
            }
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(this.keystorePath);
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(fileInputStream, this.keystorePassword.toCharArray());
            fileInputStream.close();
            Enumeration<String> aliases = keyStore.aliases();
            this.certifNickname = this.secureArgsList.certNicknameArg.getValue();
            if (this.app.isInteractive() && !this.secureArgsList.certNicknameArg.isPresent() && aliases.hasMoreElements()) {
                checkHeadingDisplayed();
                try {
                    MenuBuilder menuBuilder = new MenuBuilder(this.app);
                    menuBuilder.setPrompt(UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_CERTIFICATE_ALIASES.get());
                    int i = 0;
                    while (aliases.hasMoreElements()) {
                        String nextElement = aliases.nextElement();
                        if (keyStore.isKeyEntry(nextElement)) {
                            i++;
                            menuBuilder.addNumberedOption(UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_CERTIFICATE_ALIAS.get(nextElement, ((X509Certificate) keyStore.getCertificate(nextElement)).getSubjectDN().getName()), MenuResult.success(nextElement), new Message[0]);
                        }
                    }
                    if (i > 1) {
                        this.app.println();
                        MenuResult run = menuBuilder.toMenu().run();
                        if (!run.isSuccess()) {
                            throw new RuntimeException();
                        }
                        this.certifNickname = (String) run.getValue();
                    } else {
                        this.certifNickname = null;
                    }
                } catch (KeyStoreException e3) {
                    throw ArgumentExceptionFactory.unableToReadConnectionParameters(e3);
                } catch (CLIException e4) {
                    throw ArgumentExceptionFactory.unableToReadConnectionParameters(e4);
                }
            }
            ApplicationKeyManager applicationKeyManager = new ApplicationKeyManager(keyStore, this.keystorePassword.toCharArray());
            if (this.secureArgsList.keyStorePasswordFileArg.isPresent()) {
                this.copySecureArgsList.keyStorePasswordFileArg.clearValues();
                this.copySecureArgsList.keyStorePasswordFileArg.getNameToValueMap().putAll(this.secureArgsList.keyStorePasswordFileArg.getNameToValueMap());
                this.commandBuilder.addArgument(this.copySecureArgsList.keyStorePasswordFileArg);
            } else if (this.keystorePassword != null) {
                this.copySecureArgsList.keyStorePasswordArg.clearValues();
                this.copySecureArgsList.keyStorePasswordArg.addValue(this.keystorePassword);
                this.commandBuilder.addObfuscatedArgument(this.copySecureArgsList.keyStorePasswordArg);
            }
            if (this.certifNickname != null) {
                this.copySecureArgsList.certNicknameArg.clearValues();
                this.copySecureArgsList.certNicknameArg.addValue(this.certifNickname);
            }
            return this.certifNickname != null ? new SelectableCertificateKeyManager(applicationKeyManager, this.certifNickname) : applicationKeyManager;
        } catch (Exception e5) {
            throw ArgumentExceptionFactory.unableToReadConnectionParameters(e5);
        }
    }

    public boolean useSSL() {
        return this.useSSL;
    }

    public boolean useStartTLS() {
        return this.useStartTLS;
    }

    public String getHostName() {
        return this.hostName;
    }

    public int getPortNumber() {
        return this.portNumber;
    }

    public void setPortNumber(int i) {
        this.portNumber = i;
    }

    public String getBindDN() {
        return this.useAdminOrBindDn ? this.providedBindDN != null ? this.providedBindDN : this.providedAdminUID != null ? ADSContext.getAdministratorDN(this.providedAdminUID) : this.bindDN != null ? this.bindDN : this.adminUID != null ? ADSContext.getAdministratorDN(this.adminUID) : null : this.secureArgsList.useAdminUID() ? ADSContext.getAdministratorDN(this.adminUID) : this.bindDN;
    }

    public String getAdministratorUID() {
        return this.adminUID;
    }

    public String getBindPassword() {
        return this.bindPassword;
    }

    public ApplicationTrustManager getTrustManager() {
        return this.trustManager;
    }

    public KeyStore getKeyStore() {
        return this.truststore;
    }

    public KeyManager getKeyManager() {
        return this.keyManager;
    }

    public boolean isTrustStoreInMemory() {
        return this.trustStoreInMemory;
    }

    public boolean isTrustAll() {
        return this.trustAll;
    }

    public int getConnectTimeout() {
        return this.connectTimeout;
    }

    public boolean checkServerCertificate(X509Certificate[] x509CertificateArr) {
        return checkServerCertificate(x509CertificateArr, null, null);
    }

    public boolean checkServerCertificate(X509Certificate[] x509CertificateArr, String str, String str2) {
        FileInputStream fileInputStream;
        if (this.trustManager == null) {
            try {
                initializeTrustManager();
            } catch (ArgumentException e) {
                throw new RuntimeException(e);
            }
        }
        this.app.println();
        this.app.println(UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_SERVER_CERTIFICATE.get());
        this.app.println();
        for (int i = 0; i < x509CertificateArr.length; i++) {
            this.app.println(UtilityMessages.INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE_USER_DN.get(x509CertificateArr[i].getSubjectDN().toString()));
            this.app.println(UtilityMessages.INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE_VALIDITY.get(x509CertificateArr[i].getNotBefore().toString(), x509CertificateArr[i].getNotAfter().toString()));
            this.app.println(UtilityMessages.INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE_ISSUER.get(x509CertificateArr[i].getIssuerDN().toString()));
            if (i + 1 < x509CertificateArr.length) {
                this.app.println();
                this.app.println();
            }
        }
        MenuBuilder menuBuilder = new MenuBuilder(this.app);
        menuBuilder.setPrompt(UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_TRUST_OPTION.get());
        TrustOption trustOption = TrustOption.SESSION;
        for (TrustOption trustOption2 : TrustOption.values()) {
            int addNumberedOption = menuBuilder.addNumberedOption(trustOption2.getMenuMessage(), MenuResult.success(trustOption2.getChoice()), new Message[0]);
            if (trustOption2.equals(trustOption)) {
                menuBuilder.setDefault(UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_PROTOCOL_DEFAULT_CHOICE.get(new Integer(addNumberedOption)), MenuResult.success(trustOption2.getChoice()));
            }
        }
        this.app.println();
        this.app.println();
        Menu menu = menuBuilder.toMenu();
        while (true) {
            try {
                MenuResult run = menu.run();
                if (!run.isSuccess()) {
                    throw new RuntimeException();
                }
                if (((Integer) run.getValue()).equals(TrustOption.UNTRUSTED.getChoice())) {
                    return false;
                }
                if (!((Integer) run.getValue()).equals(TrustOption.CERTIFICATE_DETAILS.getChoice())) {
                    for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                        try {
                            this.truststore.setCertificateEntry(x509CertificateArr[i2].getSubjectDN().getName(), x509CertificateArr[i2]);
                        } catch (KeyStoreException e2) {
                            return false;
                        }
                    }
                    if (this.trustManager == null) {
                        this.trustManager = new ApplicationTrustManager(this.truststore);
                    }
                    if (str == null || str2 == null) {
                        this.trustManager = new ApplicationTrustManager(this.truststore);
                    } else {
                        this.trustManager.acceptCertificate(x509CertificateArr, str, str2);
                    }
                    if (!((Integer) run.getValue()).equals(TrustOption.PERMAMENT.getChoice())) {
                        return true;
                    }
                    ValidationCallback<String> validationCallback = new ValidationCallback<String>() { // from class: org.opends.server.util.cli.LDAPConnectionConsoleInteraction.6
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // org.opends.server.util.cli.ValidationCallback
                        public String validate(ConsoleApplication consoleApplication, String str3) throws CLIException {
                            String trim = str3.trim();
                            if (trim.length() == 0) {
                                consoleApplication.println();
                                consoleApplication.println(UtilityMessages.ERR_LDAP_CONN_PROMPT_SECURITY_INVALID_FILE_PATH.get());
                                consoleApplication.println();
                                return null;
                            }
                            if (!new File(trim).isDirectory()) {
                                return trim;
                            }
                            consoleApplication.println();
                            consoleApplication.println(UtilityMessages.ERR_LDAP_CONN_PROMPT_SECURITY_INVALID_FILE_PATH.get());
                            consoleApplication.println();
                            return null;
                        }
                    };
                    try {
                        this.app.println();
                        String str3 = (String) this.app.readValidatedInput(UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_TRUSTSTORE_PATH.get(), validationCallback);
                        try {
                            this.app.println();
                            String readPassword = this.app.readPassword(UtilityMessages.INFO_LDAP_CONN_PROMPT_SECURITY_KEYSTORE_PASSWORD.get(str3));
                            try {
                                KeyStore keyStore = KeyStore.getInstance(CertificateManager.KEY_STORE_TYPE_JKS);
                                try {
                                    fileInputStream = new FileInputStream(str3);
                                } catch (FileNotFoundException e3) {
                                    fileInputStream = null;
                                }
                                keyStore.load(fileInputStream, readPassword.toCharArray());
                                if (fileInputStream != null) {
                                    fileInputStream.close();
                                }
                                for (int i3 = 0; i3 < x509CertificateArr.length; i3++) {
                                    keyStore.setCertificateEntry(x509CertificateArr[i3].getSubjectDN().getName(), x509CertificateArr[i3]);
                                }
                                FileOutputStream fileOutputStream = new FileOutputStream(str3);
                                keyStore.store(fileOutputStream, readPassword.toCharArray());
                                if (fileOutputStream != null) {
                                    fileOutputStream.close();
                                }
                                return true;
                            } catch (Exception e4) {
                                return true;
                            }
                        } catch (Exception e5) {
                            return true;
                        }
                    } catch (CLIException e6) {
                        return true;
                    }
                }
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    this.app.println();
                    this.app.println(UtilityMessages.INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE.get(x509Certificate.toString()));
                }
            } catch (CLIException e7) {
                throw new RuntimeException(e7);
            }
        }
    }

    public LDAPConnectionOptions populateLDAPOptions(LDAPConnectionOptions lDAPConnectionOptions) throws SSLConnectionException {
        if (lDAPConnectionOptions == null) {
            lDAPConnectionOptions = new LDAPConnectionOptions();
        }
        if (this.useSSL) {
            lDAPConnectionOptions.setUseSSL(true);
            SSLConnectionFactory sSLConnectionFactory = new SSLConnectionFactory();
            sSLConnectionFactory.init(getTrustManager() == null, this.keystorePath, this.keystorePassword, this.certifNickname, this.truststorePath, this.truststorePassword);
            lDAPConnectionOptions.setSSLConnectionFactory(sSLConnectionFactory);
        } else {
            lDAPConnectionOptions.setUseSSL(false);
        }
        lDAPConnectionOptions.setStartTLS(this.useStartTLS);
        return lDAPConnectionOptions;
    }

    public boolean promptForCertificateConfirmation(Throwable th, ApplicationTrustManager applicationTrustManager, String str, boolean z, Logger logger) {
        String message;
        int i;
        boolean z2 = false;
        ApplicationTrustManager.Cause lastRefusedCause = applicationTrustManager != null ? applicationTrustManager.getLastRefusedCause() : null;
        if (logger != null) {
            logger.log(Level.INFO, "Certificate exception cause: " + lastRefusedCause);
        }
        UserDataCertificateException.Type type = null;
        if (lastRefusedCause == ApplicationTrustManager.Cause.NOT_TRUSTED) {
            type = UserDataCertificateException.Type.NOT_TRUSTED;
        } else if (lastRefusedCause == ApplicationTrustManager.Cause.HOST_NAME_MISMATCH) {
            type = UserDataCertificateException.Type.HOST_NAME_MISMATCH;
        } else {
            this.app.println(Utils.getThrowableMsg(QuickSetupMessages.INFO_ERROR_CONNECTING_TO_LOCAL.get(), th));
        }
        if (type != null) {
            try {
                URI uri = new URI(str);
                message = uri.getHost();
                i = uri.getPort();
            } catch (Throwable th2) {
                if (logger != null) {
                    logger.log(Level.WARNING, "Error parsing ldap url of ldap url.", th2);
                }
                message = QuickSetupMessages.INFO_NOT_AVAILABLE_LABEL.get().toString();
                i = -1;
            }
            UserDataCertificateException userDataCertificateException = new UserDataCertificateException(Step.REPLICATION_OPTIONS, QuickSetupMessages.INFO_CERTIFICATE_EXCEPTION.get(message, String.valueOf(i)), th, message, i, applicationTrustManager.getLastRefusedChain(), applicationTrustManager.getLastRefusedAuthType(), type);
            Message message2 = userDataCertificateException.getType() == UserDataCertificateException.Type.NOT_TRUSTED ? QuickSetupMessages.INFO_CERTIFICATE_NOT_TRUSTED_TEXT_CLI.get(userDataCertificateException.getHost(), String.valueOf(userDataCertificateException.getPort())) : QuickSetupMessages.INFO_CERTIFICATE_NAME_MISMATCH_TEXT_CLI.get(userDataCertificateException.getHost(), String.valueOf(userDataCertificateException.getPort()), userDataCertificateException.getHost(), userDataCertificateException.getHost(), String.valueOf(userDataCertificateException.getPort()));
            if (z) {
                this.app.println(message2);
            }
            X509Certificate[] chain = userDataCertificateException.getChain();
            String authType = userDataCertificateException.getAuthType();
            String host = userDataCertificateException.getHost();
            if (logger != null) {
                if (chain == null) {
                    logger.log(Level.WARNING, "The chain is null for the UserDataCertificateException");
                }
                if (authType == null) {
                    logger.log(Level.WARNING, "The auth type is null for the UserDataCertificateException");
                }
                if (host == null) {
                    logger.log(Level.WARNING, "The host is null for the UserDataCertificateException");
                }
            }
            if (chain != null) {
                z2 = checkServerCertificate(chain, authType, host);
            }
        }
        return z2;
    }

    public void setHeadingMessage(Message message) {
        this.heading = message;
    }

    public CommandBuilder getCommandBuilder() {
        return this.commandBuilder;
    }

    private void checkHeadingDisplayed() {
        if (this.isHeadingDisplayed) {
            return;
        }
        this.app.println();
        this.app.println();
        this.app.println(this.heading);
        this.isHeadingDisplayed = true;
    }

    public boolean isUseAdminOrBindDn() {
        return this.useAdminOrBindDn;
    }

    public void setUseAdminOrBindDn(boolean z) {
        this.useAdminOrBindDn = z;
    }

    public void setDisplayLdapIfSecureParameters(boolean z) {
        this.displayLdapIfSecureParameters = z;
    }

    public void resetHeadingDisplayed() {
        this.isHeadingDisplayed = false;
    }

    public void resetTrustManager() {
        this.trustManager = null;
    }

    public void initializeTrustManagerIfRequired() throws ArgumentException {
        if (this.trustManagerInitialized) {
            return;
        }
        initializeTrustManager();
    }

    public void initializeGlobalArguments(String str, int i, String str2, String str3, String str4, LinkedHashMap<String, String> linkedHashMap) {
        resetConnectionArguments();
        if (str != null) {
            this.secureArgsList.hostNameArg.addValue(str);
            this.secureArgsList.hostNameArg.setPresent(true);
        }
        this.secureArgsList.portArg.clearValues();
        if (i != -1) {
            this.secureArgsList.portArg.addValue(String.valueOf(i));
            this.secureArgsList.portArg.setPresent(true);
        } else {
            this.secureArgsList.portArg.addValue(this.secureArgsList.portArg.getDefaultValue());
        }
        this.secureArgsList.useSSLArg.setPresent(this.useSSL);
        this.secureArgsList.useStartTLSArg.setPresent(this.useStartTLS);
        if (str2 != null) {
            this.secureArgsList.adminUidArg.addValue(str2);
            this.secureArgsList.adminUidArg.setPresent(true);
        }
        if (str3 != null) {
            this.secureArgsList.bindDnArg.addValue(str3);
            this.secureArgsList.bindDnArg.setPresent(true);
        }
        if (linkedHashMap == null) {
            if (str4 != null) {
                this.secureArgsList.bindPasswordArg.addValue(str4);
                this.secureArgsList.bindPasswordArg.setPresent(true);
                return;
            }
            return;
        }
        this.secureArgsList.bindPasswordFileArg.getNameToValueMap().putAll(linkedHashMap);
        Iterator<String> it = linkedHashMap.keySet().iterator();
        while (it.hasNext()) {
            this.secureArgsList.bindPasswordFileArg.addValue(it.next());
        }
        this.secureArgsList.bindPasswordFileArg.setPresent(true);
    }

    public void resetConnectionArguments() {
        this.secureArgsList.hostNameArg.clearValues();
        this.secureArgsList.hostNameArg.setPresent(false);
        this.secureArgsList.portArg.clearValues();
        this.secureArgsList.portArg.setPresent(false);
        this.secureArgsList.portArg.addValue(this.secureArgsList.portArg.getDefaultValue());
        this.secureArgsList.bindDnArg.clearValues();
        this.secureArgsList.bindDnArg.setPresent(false);
        this.secureArgsList.bindPasswordArg.clearValues();
        this.secureArgsList.bindPasswordArg.setPresent(false);
        this.secureArgsList.bindPasswordFileArg.clearValues();
        this.secureArgsList.bindPasswordFileArg.getNameToValueMap().clear();
        this.secureArgsList.bindPasswordFileArg.setPresent(false);
        this.secureArgsList.adminUidArg.clearValues();
        this.secureArgsList.adminUidArg.setPresent(false);
    }

    private void initializeTrustManager() throws ArgumentException {
        this.trustManager = getTrustManagerInternal();
        this.keyManager = getKeyManagerInternal();
        this.trustManagerInitialized = true;
    }

    public String getProvidedAdminUID() {
        return this.providedAdminUID;
    }

    public String getProvidedBindDN() {
        return this.providedBindDN;
    }

    private boolean addLocalTrustStore() {
        String truststoreFileFromConfig;
        try {
            if (!InetAddress.getLocalHost().getHostName().equals(this.hostName) || this.secureArgsList.getAdminPortFromConfig() != this.portNumber || (truststoreFileFromConfig = this.secureArgsList.getTruststoreFileFromConfig()) == null) {
                return false;
            }
            this.secureArgsList.trustStorePathArg.addValue(truststoreFileFromConfig);
            return true;
        } catch (Exception e) {
            return false;
        }
    }
}
