package com.unboundid.util;

import com.unboundid.ldap.sdk.AggregatePostConnectProcessor;
import com.unboundid.ldap.sdk.BindRequest;
import com.unboundid.ldap.sdk.Control;
import com.unboundid.ldap.sdk.EXTERNALBindRequest;
import com.unboundid.ldap.sdk.ExtendedResult;
import com.unboundid.ldap.sdk.InternalSDKHelper;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.LDAPConnectionPool;
import com.unboundid.ldap.sdk.LDAPConnectionPoolHealthCheck;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPURL;
import com.unboundid.ldap.sdk.PostConnectProcessor;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.RoundRobinServerSet;
import com.unboundid.ldap.sdk.ServerSet;
import com.unboundid.ldap.sdk.SimpleBindRequest;
import com.unboundid.ldap.sdk.SingleServerSet;
import com.unboundid.ldap.sdk.StartTLSPostConnectProcessor;
import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
import com.unboundid.util.args.Argument;
import com.unboundid.util.args.ArgumentException;
import com.unboundid.util.args.ArgumentParser;
import com.unboundid.util.args.BooleanArgument;
import com.unboundid.util.args.DNArgument;
import com.unboundid.util.args.FileArgument;
import com.unboundid.util.args.IntegerArgument;
import com.unboundid.util.args.StringArgument;
import com.unboundid.util.ssl.AggregateTrustManager;
import com.unboundid.util.ssl.HostNameSSLSocketVerifier;
import com.unboundid.util.ssl.KeyStoreKeyManager;
import com.unboundid.util.ssl.PKCS11KeyManager;
import com.unboundid.util.ssl.SSLUtil;
import com.unboundid.util.ssl.TrustAllTrustManager;
import com.unboundid.util.ssl.TrustStoreTrustManager;
import java.io.File;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.text.lookup.StringLookupFactory;
import org.stringtemplate.v4.compiler.STLexer;

@ThreadSafety(level = ThreadSafetyLevel.INTERFACE_NOT_THREADSAFE)
@Extensible
/* loaded from: input_file:com/unboundid/util/LDAPCommandLineTool.class */
public abstract class LDAPCommandLineTool extends CommandLineTool {

    @Nullable
    private BooleanArgument defaultTrust;

    @Nullable
    private BooleanArgument helpSASL;

    @Nullable
    private BooleanArgument enableSSLDebugging;

    @Nullable
    private BooleanArgument promptForBindPassword;

    @Nullable
    private BooleanArgument promptForKeyStorePassword;

    @Nullable
    private BooleanArgument promptForTrustStorePassword;

    @Nullable
    private BooleanArgument trustAll;

    @Nullable
    private BooleanArgument useSASLExternal;

    @Nullable
    private BooleanArgument useSSL;

    @Nullable
    private BooleanArgument useStartTLS;

    @Nullable
    private BooleanArgument verifyCertificateHostnames;

    @Nullable
    private DNArgument bindDN;

    @Nullable
    private FileArgument bindPasswordFile;

    @Nullable
    private FileArgument keyStorePasswordFile;

    @Nullable
    private FileArgument trustStorePasswordFile;

    @Nullable
    private IntegerArgument port;

    @Nullable
    private StringArgument bindPassword;

    @Nullable
    private StringArgument certificateNickname;

    @Nullable
    private StringArgument host;

    @Nullable
    private StringArgument keyStoreFormat;

    @Nullable
    private StringArgument keyStorePath;

    @Nullable
    private StringArgument keyStorePassword;

    @Nullable
    private StringArgument saslOption;

    @Nullable
    private StringArgument trustStoreFormat;

    @Nullable
    private StringArgument trustStorePath;

    @Nullable
    private StringArgument trustStorePassword;

    @Nullable
    private BindRequest bindRequest;

    @Nullable
    private ServerSet serverSet;

    @Nullable
    private SSLSocketFactory startTLSSocketFactory;

    @NotNull
    private final AtomicReference<AggregateTrustManager> promptTrustManager;

    public LDAPCommandLineTool(@Nullable OutputStream outputStream, @Nullable OutputStream outputStream2) {
        super(outputStream, outputStream2);
        this.defaultTrust = null;
        this.helpSASL = null;
        this.enableSSLDebugging = null;
        this.promptForBindPassword = null;
        this.promptForKeyStorePassword = null;
        this.promptForTrustStorePassword = null;
        this.trustAll = null;
        this.useSASLExternal = null;
        this.useSSL = null;
        this.useStartTLS = null;
        this.verifyCertificateHostnames = null;
        this.bindDN = null;
        this.bindPasswordFile = null;
        this.keyStorePasswordFile = null;
        this.trustStorePasswordFile = null;
        this.port = null;
        this.bindPassword = null;
        this.certificateNickname = null;
        this.host = null;
        this.keyStoreFormat = null;
        this.keyStorePath = null;
        this.keyStorePassword = null;
        this.saslOption = null;
        this.trustStoreFormat = null;
        this.trustStorePath = null;
        this.trustStorePassword = null;
        this.bindRequest = null;
        this.serverSet = null;
        this.startTLSSocketFactory = null;
        this.promptTrustManager = new AtomicReference<>();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public static Set<String> getLongLDAPArgumentIdentifiers(@NotNull LDAPCommandLineTool lDAPCommandLineTool) {
        LinkedHashSet linkedHashSet = new LinkedHashSet(StaticUtils.computeMapCapacity(21));
        linkedHashSet.add("hostname");
        linkedHashSet.add("port");
        if (lDAPCommandLineTool.supportsAuthentication()) {
            linkedHashSet.add("bindDN");
            linkedHashSet.add("bindPassword");
            linkedHashSet.add("bindPasswordFile");
            linkedHashSet.add("promptForBindPassword");
        }
        linkedHashSet.add("useSSL");
        linkedHashSet.add("useStartTLS");
        linkedHashSet.add("defaultTrust");
        linkedHashSet.add("trustAll");
        linkedHashSet.add("keyStorePath");
        linkedHashSet.add("keyStorePassword");
        linkedHashSet.add("keyStorePasswordFile");
        linkedHashSet.add("promptForKeyStorePassword");
        linkedHashSet.add("keyStoreFormat");
        linkedHashSet.add("trustStorePath");
        linkedHashSet.add("trustStorePassword");
        linkedHashSet.add("trustStorePasswordFile");
        linkedHashSet.add("promptForTrustStorePassword");
        linkedHashSet.add("trustStoreFormat");
        linkedHashSet.add("certNickname");
        linkedHashSet.add("verifyCertificateHostnames");
        if (lDAPCommandLineTool.supportsAuthentication()) {
            linkedHashSet.add("saslOption");
            linkedHashSet.add("useSASLExternal");
            linkedHashSet.add("helpSASL");
        }
        return Collections.unmodifiableSet(linkedHashSet);
    }

    @NotNull
    protected Set<Character> getSuppressedShortIdentifiers() {
        return Collections.emptySet();
    }

    @Nullable
    private Character getShortIdentifierIfNotSuppressed(@NotNull Character ch) {
        if (getSuppressedShortIdentifiers().contains(ch)) {
            return null;
        }
        return ch;
    }

    @Override // com.unboundid.util.CommandLineTool
    public final void addToolArguments(@NotNull ArgumentParser argumentParser) throws ArgumentException {
        boolean supportsAuthentication = supportsAuthentication();
        String str = supportsAuthentication ? UtilityMessages.INFO_LDAP_TOOL_ARG_GROUP_CONNECT_AND_AUTH.get() : UtilityMessages.INFO_LDAP_TOOL_ARG_GROUP_CONNECT.get();
        this.host = new StringArgument(getShortIdentifierIfNotSuppressed('h'), "hostname", true, supportsMultipleServers() ? 0 : 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_HOST.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_HOST.get(), StringLookupFactory.KEY_LOCALHOST);
        if (includeAlternateLongIdentifiers()) {
            this.host.addLongIdentifier("host", true);
            this.host.addLongIdentifier("address", true);
        }
        this.host.setArgumentGroupName(str);
        argumentParser.addArgument(this.host);
        this.port = new IntegerArgument(getShortIdentifierIfNotSuppressed('p'), "port", true, supportsMultipleServers() ? 0 : 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PORT.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_PORT.get(), 1, STLexer.EOF, Integer.valueOf(LDAPURL.DEFAULT_LDAP_PORT));
        this.port.setArgumentGroupName(str);
        argumentParser.addArgument(this.port);
        if (supportsAuthentication) {
            this.bindDN = new DNArgument(getShortIdentifierIfNotSuppressed('D'), "bindDN", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_DN.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_BIND_DN.get());
            this.bindDN.setArgumentGroupName(str);
            if (includeAlternateLongIdentifiers()) {
                this.bindDN.addLongIdentifier("bind-dn", true);
            }
            argumentParser.addArgument(this.bindDN);
            this.bindPassword = new StringArgument(getShortIdentifierIfNotSuppressed('w'), "bindPassword", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PASSWORD.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_BIND_PW.get());
            this.bindPassword.setSensitive(true);
            this.bindPassword.setArgumentGroupName(str);
            if (includeAlternateLongIdentifiers()) {
                this.bindPassword.addLongIdentifier("bind-password", true);
            }
            argumentParser.addArgument(this.bindPassword);
            this.bindPasswordFile = new FileArgument(getShortIdentifierIfNotSuppressed('j'), "bindPasswordFile", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PATH.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_BIND_PW_FILE.get(), true, true, true, false);
            this.bindPasswordFile.setArgumentGroupName(str);
            if (includeAlternateLongIdentifiers()) {
                this.bindPasswordFile.addLongIdentifier("bind-password-file", true);
            }
            argumentParser.addArgument(this.bindPasswordFile);
            this.promptForBindPassword = new BooleanArgument(null, "promptForBindPassword", 1, UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_BIND_PW_PROMPT.get());
            this.promptForBindPassword.setArgumentGroupName(str);
            if (includeAlternateLongIdentifiers()) {
                this.promptForBindPassword.addLongIdentifier("prompt-for-bind-password", true);
            }
            argumentParser.addArgument(this.promptForBindPassword);
        }
        this.useSSL = new BooleanArgument(getShortIdentifierIfNotSuppressed('Z'), "useSSL", 1, UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_USE_SSL.get());
        this.useSSL.setArgumentGroupName(str);
        if (includeAlternateLongIdentifiers()) {
            this.useSSL.addLongIdentifier("use-ssl", true);
        }
        argumentParser.addArgument(this.useSSL);
        this.useStartTLS = new BooleanArgument(getShortIdentifierIfNotSuppressed('q'), "useStartTLS", 1, UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_USE_START_TLS.get());
        this.useStartTLS.setArgumentGroupName(str);
        if (includeAlternateLongIdentifiers()) {
            this.useStartTLS.addLongIdentifier("use-starttls", true);
            this.useStartTLS.addLongIdentifier("use-start-tls", true);
        }
        argumentParser.addArgument(this.useStartTLS);
        this.defaultTrust = new BooleanArgument(null, "defaultTrust", 1, InternalSDKHelper.getPingIdentityServerRoot() != null ? UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_DEFAULT_TRUST_WITH_PING_DS.get() : UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_DEFAULT_TRUST_WITHOUT_PING_DS.get());
        this.defaultTrust.setArgumentGroupName(str);
        if (includeAlternateLongIdentifiers()) {
            this.defaultTrust.addLongIdentifier("default-trust", true);
            this.defaultTrust.addLongIdentifier("useDefaultTrust", true);
            this.defaultTrust.addLongIdentifier("use-default-trust", true);
        }
        argumentParser.addArgument(this.defaultTrust);
        this.trustAll = new BooleanArgument(getShortIdentifierIfNotSuppressed('X'), "trustAll", 1, UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_TRUST_ALL.get());
        this.trustAll.setArgumentGroupName(str);
        if (includeAlternateLongIdentifiers()) {
            this.trustAll.addLongIdentifier("trustAllCertificates", true);
            this.trustAll.addLongIdentifier("trust-all", true);
            this.trustAll.addLongIdentifier("trust-all-certificates", true);
        }
        argumentParser.addArgument(this.trustAll);
        this.keyStorePath = new StringArgument(getShortIdentifierIfNotSuppressed('K'), "keyStorePath", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PATH.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_KEY_STORE_PATH.get());
        this.keyStorePath.setArgumentGroupName(str);
        if (includeAlternateLongIdentifiers()) {
            this.keyStorePath.addLongIdentifier("key-store-path", true);
        }
        argumentParser.addArgument(this.keyStorePath);
        this.keyStorePassword = new StringArgument(getShortIdentifierIfNotSuppressed('W'), "keyStorePassword", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PASSWORD.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_KEY_STORE_PASSWORD.get());
        this.keyStorePassword.setSensitive(true);
        this.keyStorePassword.setArgumentGroupName(str);
        if (includeAlternateLongIdentifiers()) {
            this.keyStorePassword.addLongIdentifier("keyStorePIN", true);
            this.keyStorePassword.addLongIdentifier("key-store-password", true);
            this.keyStorePassword.addLongIdentifier("key-store-pin", true);
        }
        argumentParser.addArgument(this.keyStorePassword);
        this.keyStorePasswordFile = new FileArgument(getShortIdentifierIfNotSuppressed('u'), "keyStorePasswordFile", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PATH.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_KEY_STORE_PASSWORD_FILE.get());
        this.keyStorePasswordFile.setArgumentGroupName(str);
        if (includeAlternateLongIdentifiers()) {
            this.keyStorePasswordFile.addLongIdentifier("keyStorePINFile", true);
            this.keyStorePasswordFile.addLongIdentifier("key-store-password-file", true);
            this.keyStorePasswordFile.addLongIdentifier("key-store-pin-file", true);
        }
        argumentParser.addArgument(this.keyStorePasswordFile);
        this.promptForKeyStorePassword = new BooleanArgument(null, "promptForKeyStorePassword", 1, UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_KEY_STORE_PASSWORD_PROMPT.get());
        this.promptForKeyStorePassword.setArgumentGroupName(str);
        if (includeAlternateLongIdentifiers()) {
            this.promptForKeyStorePassword.addLongIdentifier("promptForKeyStorePIN", true);
            this.promptForKeyStorePassword.addLongIdentifier("prompt-for-key-store-password", true);
            this.promptForKeyStorePassword.addLongIdentifier("prompt-for-key-store-pin", true);
        }
        argumentParser.addArgument(this.promptForKeyStorePassword);
        this.keyStoreFormat = new StringArgument(null, "keyStoreFormat", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_FORMAT.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_KEY_STORE_FORMAT.get());
        this.keyStoreFormat.setArgumentGroupName(str);
        if (includeAlternateLongIdentifiers()) {
            this.keyStoreFormat.addLongIdentifier("keyStoreType", true);
            this.keyStoreFormat.addLongIdentifier("key-store-format", true);
            this.keyStoreFormat.addLongIdentifier("key-store-type", true);
        }
        argumentParser.addArgument(this.keyStoreFormat);
        this.trustStorePath = new StringArgument(getShortIdentifierIfNotSuppressed('P'), "trustStorePath", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PATH.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_TRUST_STORE_PATH.get());
        this.trustStorePath.setArgumentGroupName(str);
        if (includeAlternateLongIdentifiers()) {
            this.trustStorePath.addLongIdentifier("trust-store-path", true);
        }
        argumentParser.addArgument(this.trustStorePath);
        this.trustStorePassword = new StringArgument(getShortIdentifierIfNotSuppressed('T'), "trustStorePassword", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PASSWORD.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_TRUST_STORE_PASSWORD.get());
        this.trustStorePassword.setSensitive(true);
        this.trustStorePassword.setArgumentGroupName(str);
        if (includeAlternateLongIdentifiers()) {
            this.trustStorePassword.addLongIdentifier("trustStorePIN", true);
            this.trustStorePassword.addLongIdentifier("trust-store-password", true);
            this.trustStorePassword.addLongIdentifier("trust-store-pin", true);
        }
        argumentParser.addArgument(this.trustStorePassword);
        this.trustStorePasswordFile = new FileArgument(getShortIdentifierIfNotSuppressed('U'), "trustStorePasswordFile", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_PATH.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_TRUST_STORE_PASSWORD_FILE.get());
        this.trustStorePasswordFile.setArgumentGroupName(str);
        if (includeAlternateLongIdentifiers()) {
            this.trustStorePasswordFile.addLongIdentifier("trustStorePINFile", true);
            this.trustStorePasswordFile.addLongIdentifier("trust-store-password-file", true);
            this.trustStorePasswordFile.addLongIdentifier("trust-store-pin-file", true);
        }
        argumentParser.addArgument(this.trustStorePasswordFile);
        this.promptForTrustStorePassword = new BooleanArgument(null, "promptForTrustStorePassword", 1, UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_TRUST_STORE_PASSWORD_PROMPT.get());
        this.promptForTrustStorePassword.setArgumentGroupName(str);
        if (includeAlternateLongIdentifiers()) {
            this.promptForTrustStorePassword.addLongIdentifier("promptForTrustStorePIN", true);
            this.promptForTrustStorePassword.addLongIdentifier("prompt-for-trust-store-password", true);
            this.promptForTrustStorePassword.addLongIdentifier("prompt-for-trust-store-pin", true);
        }
        argumentParser.addArgument(this.promptForTrustStorePassword);
        this.trustStoreFormat = new StringArgument(null, "trustStoreFormat", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_FORMAT.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_TRUST_STORE_FORMAT.get());
        this.trustStoreFormat.setArgumentGroupName(str);
        if (includeAlternateLongIdentifiers()) {
            this.trustStoreFormat.addLongIdentifier("trustStoreType", true);
            this.trustStoreFormat.addLongIdentifier("trust-store-format", true);
            this.trustStoreFormat.addLongIdentifier("trust-store-type", true);
        }
        argumentParser.addArgument(this.trustStoreFormat);
        this.verifyCertificateHostnames = new BooleanArgument(null, "verifyCertificateHostnames", 1, UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_VERIFY_CERT_HOSTNAMES.get());
        this.verifyCertificateHostnames.setArgumentGroupName(str);
        if (includeAlternateLongIdentifiers()) {
            this.verifyCertificateHostnames.addLongIdentifier("verifyCertificateHostname", true);
            this.verifyCertificateHostnames.addLongIdentifier("validateCertificateHostname", true);
            this.verifyCertificateHostnames.addLongIdentifier("validateCertificateHostnames", true);
            this.verifyCertificateHostnames.addLongIdentifier("verify-certificate-hostnames", true);
            this.verifyCertificateHostnames.addLongIdentifier("verify-certificate-hostname", true);
            this.verifyCertificateHostnames.addLongIdentifier("validate-certificate-hostnames", true);
            this.verifyCertificateHostnames.addLongIdentifier("validate-certificate-hostname", true);
        }
        argumentParser.addArgument(this.verifyCertificateHostnames);
        this.certificateNickname = new StringArgument(getShortIdentifierIfNotSuppressed('N'), "certNickname", false, 1, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_CERT_NICKNAME.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_CERT_NICKNAME.get());
        this.certificateNickname.setArgumentGroupName(str);
        if (includeAlternateLongIdentifiers()) {
            this.certificateNickname.addLongIdentifier("certificateNickname", true);
            this.certificateNickname.addLongIdentifier("cert-nickname", true);
            this.certificateNickname.addLongIdentifier("certificate-nickname", true);
        }
        argumentParser.addArgument(this.certificateNickname);
        if (supportsSSLDebugging()) {
            this.enableSSLDebugging = new BooleanArgument(null, "enableSSLDebugging", 1, UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_ENABLE_SSL_DEBUGGING.get());
            this.enableSSLDebugging.setArgumentGroupName(str);
            if (includeAlternateLongIdentifiers()) {
                this.enableSSLDebugging.addLongIdentifier("enableTLSDebugging", true);
                this.enableSSLDebugging.addLongIdentifier("enableStartTLSDebugging", true);
                this.enableSSLDebugging.addLongIdentifier("enable-ssl-debugging", true);
                this.enableSSLDebugging.addLongIdentifier("enable-tls-debugging", true);
                this.enableSSLDebugging.addLongIdentifier("enable-starttls-debugging", true);
                this.enableSSLDebugging.addLongIdentifier("enable-start-tls-debugging", true);
            }
            argumentParser.addArgument(this.enableSSLDebugging);
            addEnableSSLDebuggingArgument(this.enableSSLDebugging);
        }
        if (supportsAuthentication) {
            this.saslOption = new StringArgument(getShortIdentifierIfNotSuppressed('o'), "saslOption", false, 0, UtilityMessages.INFO_LDAP_TOOL_PLACEHOLDER_SASL_OPTION.get(), UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_SASL_OPTION.get());
            this.saslOption.setArgumentGroupName(str);
            if (includeAlternateLongIdentifiers()) {
                this.saslOption.addLongIdentifier("sasl-option", true);
            }
            argumentParser.addArgument(this.saslOption);
            this.useSASLExternal = new BooleanArgument(null, "useSASLExternal", 1, UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_USE_SASL_EXTERNAL.get());
            this.useSASLExternal.setArgumentGroupName(str);
            if (includeAlternateLongIdentifiers()) {
                this.useSASLExternal.addLongIdentifier("use-sasl-external", true);
            }
            argumentParser.addArgument(this.useSASLExternal);
            if (supportsSASLHelp()) {
                this.helpSASL = new BooleanArgument(null, "helpSASL", UtilityMessages.INFO_LDAP_TOOL_DESCRIPTION_HELP_SASL.get());
                this.helpSASL.setArgumentGroupName(str);
                if (includeAlternateLongIdentifiers()) {
                    this.helpSASL.addLongIdentifier("help-sasl", true);
                }
                this.helpSASL.setUsageArgument(true);
                argumentParser.addArgument(this.helpSASL);
                setHelpSASLArgument(this.helpSASL);
            }
        }
        argumentParser.addExclusiveArgumentSet(this.useSSL, this.useStartTLS, new Argument[0]);
        argumentParser.addExclusiveArgumentSet(this.keyStorePassword, this.keyStorePasswordFile, this.promptForKeyStorePassword);
        argumentParser.addExclusiveArgumentSet(this.trustStorePassword, this.trustStorePasswordFile, this.promptForTrustStorePassword);
        argumentParser.addExclusiveArgumentSet(this.defaultTrust, this.trustAll, new Argument[0]);
        argumentParser.addExclusiveArgumentSet(this.trustAll, this.trustStorePath, new Argument[0]);
        argumentParser.addDependentArgumentSet(this.keyStorePassword, this.keyStorePath, new Argument[0]);
        argumentParser.addDependentArgumentSet(this.keyStorePasswordFile, this.keyStorePath, new Argument[0]);
        argumentParser.addDependentArgumentSet(this.promptForKeyStorePassword, this.keyStorePath, new Argument[0]);
        argumentParser.addDependentArgumentSet(this.trustStorePassword, this.trustStorePath, new Argument[0]);
        argumentParser.addDependentArgumentSet(this.trustStorePasswordFile, this.trustStorePath, new Argument[0]);
        argumentParser.addDependentArgumentSet(this.promptForTrustStorePassword, this.trustStorePath, new Argument[0]);
        argumentParser.addDependentArgumentSet(this.keyStorePath, this.useSSL, this.useStartTLS);
        argumentParser.addDependentArgumentSet(this.trustStorePath, this.useSSL, this.useStartTLS);
        argumentParser.addDependentArgumentSet(this.defaultTrust, this.useSSL, this.useStartTLS);
        argumentParser.addDependentArgumentSet(this.trustAll, this.useSSL, this.useStartTLS);
        if (supportsAuthentication) {
            if (!defaultToPromptForBindPassword()) {
                argumentParser.addDependentArgumentSet(this.bindDN, this.bindPassword, this.bindPasswordFile, this.promptForBindPassword);
            }
            argumentParser.addExclusiveArgumentSet(this.bindDN, this.saslOption, this.useSASLExternal);
            argumentParser.addExclusiveArgumentSet(this.bindPassword, this.bindPasswordFile, this.promptForBindPassword);
            argumentParser.addDependentArgumentSet(this.bindPassword, this.bindDN, this.saslOption);
            argumentParser.addDependentArgumentSet(this.bindPasswordFile, this.bindDN, this.saslOption);
            argumentParser.addDependentArgumentSet(this.promptForBindPassword, this.bindDN, this.saslOption);
        }
        addNonLDAPArguments(argumentParser);
    }

    public abstract void addNonLDAPArguments(@NotNull ArgumentParser argumentParser) throws ArgumentException;

    @Override // com.unboundid.util.CommandLineTool
    public final void doExtendedArgumentValidation() throws ArgumentException {
        if ((this.host.getValues().size() > 1 || this.port.getValues().size() > 1) && this.host.getValues().size() != this.port.getValues().size()) {
            throw new ArgumentException(UtilityMessages.ERR_LDAP_TOOL_HOST_PORT_COUNT_MISMATCH.get(this.host.getLongIdentifier(), this.port.getLongIdentifier()));
        }
        doExtendedNonLDAPArgumentValidation();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean supportsAuthentication() {
        return true;
    }

    protected boolean defaultToPromptForBindPassword() {
        return false;
    }

    protected boolean supportsSASLHelp() {
        return true;
    }

    protected boolean includeAlternateLongIdentifiers() {
        return false;
    }

    @Nullable
    protected List<Control> getBindControls() {
        return null;
    }

    protected boolean supportsMultipleServers() {
        return false;
    }

    protected boolean supportsSSLDebugging() {
        return false;
    }

    public void doExtendedNonLDAPArgumentValidation() throws ArgumentException {
    }

    @NotNull
    public LDAPConnectionOptions getConnectionOptions() {
        return new LDAPConnectionOptions();
    }

    @NotNull
    protected final LDAPConnectionOptions getConnectionOptionsWithRequestedSettings() {
        LDAPConnectionOptions duplicate = getConnectionOptions().duplicate();
        if (this.verifyCertificateHostnames.isPresent()) {
            duplicate.setSSLSocketVerifier(new HostNameSSLSocketVerifier(true));
        }
        return duplicate;
    }

    @ThreadSafety(level = ThreadSafetyLevel.METHOD_THREADSAFE)
    @NotNull
    public final LDAPConnection getConnection() throws LDAPException {
        LDAPConnection unauthenticatedConnection = getUnauthenticatedConnection();
        try {
            if (this.bindRequest != null) {
                unauthenticatedConnection.bind(this.bindRequest);
            }
            return unauthenticatedConnection;
        } catch (LDAPException e) {
            Debug.debugException(e);
            unauthenticatedConnection.close();
            throw e;
        }
    }

    @ThreadSafety(level = ThreadSafetyLevel.METHOD_THREADSAFE)
    @NotNull
    public final LDAPConnection getUnauthenticatedConnection() throws LDAPException {
        if (this.serverSet == null) {
            this.serverSet = createServerSet();
            this.bindRequest = createBindRequest();
        }
        LDAPConnection connection = this.serverSet.getConnection();
        if (this.useStartTLS.isPresent()) {
            try {
                ExtendedResult processExtendedOperation = connection.processExtendedOperation(new StartTLSExtendedRequest(this.startTLSSocketFactory));
                if (!processExtendedOperation.getResultCode().equals(ResultCode.SUCCESS)) {
                    throw new LDAPException(processExtendedOperation.getResultCode(), UtilityMessages.ERR_LDAP_TOOL_START_TLS_FAILED.get(processExtendedOperation.getDiagnosticMessage()));
                }
            } catch (LDAPException e) {
                Debug.debugException(e);
                connection.close();
                throw e;
            }
        }
        return connection;
    }

    @ThreadSafety(level = ThreadSafetyLevel.METHOD_THREADSAFE)
    @NotNull
    public final LDAPConnectionPool getConnectionPool(int i, int i2) throws LDAPException {
        return getConnectionPool(i, i2, 1, null, null, true, null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v13, types: [com.unboundid.ldap.sdk.PostConnectProcessor] */
    @ThreadSafety(level = ThreadSafetyLevel.METHOD_THREADSAFE)
    @NotNull
    public final LDAPConnectionPool getConnectionPool(int i, int i2, int i3, @Nullable PostConnectProcessor postConnectProcessor, @Nullable PostConnectProcessor postConnectProcessor2, boolean z, @Nullable LDAPConnectionPoolHealthCheck lDAPConnectionPoolHealthCheck) throws LDAPException {
        AggregatePostConnectProcessor aggregatePostConnectProcessor;
        if (this.serverSet == null) {
            this.serverSet = createServerSet();
            this.bindRequest = createBindRequest();
        }
        ArrayList arrayList = new ArrayList(3);
        if (postConnectProcessor != null) {
            arrayList.add(postConnectProcessor);
        }
        if (this.useStartTLS.isPresent()) {
            arrayList.add(new StartTLSPostConnectProcessor(this.startTLSSocketFactory));
        }
        if (postConnectProcessor2 != null) {
            arrayList.add(postConnectProcessor2);
        }
        switch (arrayList.size()) {
            case 0:
                aggregatePostConnectProcessor = null;
                break;
            case 1:
                aggregatePostConnectProcessor = (PostConnectProcessor) arrayList.get(0);
                break;
            default:
                aggregatePostConnectProcessor = new AggregatePostConnectProcessor(arrayList);
                break;
        }
        return new LDAPConnectionPool(this.serverSet, this.bindRequest, i, i2, i3, aggregatePostConnectProcessor, z, lDAPConnectionPoolHealthCheck);
    }

    @NotNull
    public ServerSet createServerSet() throws LDAPException {
        SSLUtil createSSLUtil = createSSLUtil();
        SSLSocketFactory sSLSocketFactory = null;
        if (this.useSSL.isPresent()) {
            try {
                sSLSocketFactory = createSSLUtil.createSSLSocketFactory();
            } catch (Exception e) {
                Debug.debugException(e);
                throw new LDAPException(ResultCode.LOCAL_ERROR, UtilityMessages.ERR_LDAP_TOOL_CANNOT_CREATE_SSL_SOCKET_FACTORY.get(StaticUtils.getExceptionMessage(e)), e);
            }
        } else if (this.useStartTLS.isPresent()) {
            try {
                this.startTLSSocketFactory = createSSLUtil.createSSLSocketFactory();
            } catch (Exception e2) {
                Debug.debugException(e2);
                throw new LDAPException(ResultCode.LOCAL_ERROR, UtilityMessages.ERR_LDAP_TOOL_CANNOT_CREATE_SSL_SOCKET_FACTORY.get(StaticUtils.getExceptionMessage(e2)), e2);
            }
        }
        if (this.host.getValues().size() == 1) {
            return new SingleServerSet(this.host.getValue(), this.port.getValue().intValue(), sSLSocketFactory, getConnectionOptionsWithRequestedSettings());
        }
        List<String> values = this.host.getValues();
        List<Integer> values2 = this.port.getValues();
        String[] strArr = new String[values.size()];
        int[] iArr = new int[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = values.get(i);
            iArr[i] = values2.get(i).intValue();
        }
        return new RoundRobinServerSet(strArr, iArr, sSLSocketFactory, getConnectionOptionsWithRequestedSettings());
    }

    @Nullable
    public SSLUtil createSSLUtil() throws LDAPException {
        return createSSLUtil(false);
    }

    @Nullable
    public SSLUtil createSSLUtil(boolean z) throws LDAPException {
        X509TrustManager x509TrustManager;
        if (!z && !this.useSSL.isPresent() && !this.useStartTLS.isPresent()) {
            return null;
        }
        KeyManager keyManager = null;
        if (this.keyStorePath.isPresent()) {
            char[] cArr = null;
            if (this.keyStorePassword.isPresent()) {
                cArr = this.keyStorePassword.getValue().toCharArray();
            } else if (this.keyStorePasswordFile.isPresent()) {
                try {
                    cArr = getPasswordFileReader().readPassword(this.keyStorePasswordFile.getValue());
                } catch (Exception e) {
                    Debug.debugException(e);
                    throw new LDAPException(ResultCode.LOCAL_ERROR, UtilityMessages.ERR_LDAP_TOOL_CANNOT_READ_KEY_STORE_PASSWORD.get(StaticUtils.getExceptionMessage(e)), e);
                }
            } else if (this.promptForKeyStorePassword.isPresent()) {
                getOut().print(UtilityMessages.INFO_LDAP_TOOL_ENTER_KEY_STORE_PASSWORD.get());
                cArr = StaticUtils.toUTF8String(PasswordReader.readPassword()).toCharArray();
                getOut().println();
            }
            try {
                keyManager = (this.keyStoreFormat.isPresent() && this.keyStoreFormat.getValue().equalsIgnoreCase("PKCS11")) ? new PKCS11KeyManager(null, new File(this.keyStorePath.getValue()), null, cArr, this.certificateNickname.getValue()) : new KeyStoreKeyManager(this.keyStorePath.getValue(), cArr, this.keyStoreFormat.getValue(), this.certificateNickname.getValue(), true);
            } catch (Exception e2) {
                Debug.debugException(e2);
                throw new LDAPException(ResultCode.LOCAL_ERROR, UtilityMessages.ERR_LDAP_TOOL_CANNOT_CREATE_KEY_MANAGER.get(StaticUtils.getExceptionMessage(e2)), e2);
            }
        }
        if (this.trustAll.isPresent()) {
            x509TrustManager = new TrustAllTrustManager(false);
        } else if (this.trustStorePath.isPresent()) {
            char[] cArr2 = null;
            if (this.trustStorePassword.isPresent()) {
                cArr2 = this.trustStorePassword.getValue().toCharArray();
            } else if (this.trustStorePasswordFile.isPresent()) {
                try {
                    cArr2 = getPasswordFileReader().readPassword(this.trustStorePasswordFile.getValue());
                } catch (Exception e3) {
                    Debug.debugException(e3);
                    throw new LDAPException(ResultCode.LOCAL_ERROR, UtilityMessages.ERR_LDAP_TOOL_CANNOT_READ_TRUST_STORE_PASSWORD.get(StaticUtils.getExceptionMessage(e3)), e3);
                }
            } else if (this.promptForTrustStorePassword.isPresent()) {
                getOut().print(UtilityMessages.INFO_LDAP_TOOL_ENTER_TRUST_STORE_PASSWORD.get());
                cArr2 = StaticUtils.toUTF8String(PasswordReader.readPassword()).toCharArray();
                getOut().println();
            }
            X509TrustManager trustStoreTrustManager = new TrustStoreTrustManager(this.trustStorePath.getValue(), cArr2, this.trustStoreFormat.getValue(), true);
            x509TrustManager = this.defaultTrust.isPresent() ? InternalSDKHelper.getPreferredNonInteractiveTrustManagerChain(trustStoreTrustManager) : trustStoreTrustManager;
        } else if (this.defaultTrust.isPresent()) {
            x509TrustManager = InternalSDKHelper.getPreferredNonInteractiveTrustManagerChain(new X509TrustManager[0]);
        } else if (this.promptTrustManager.get() != null) {
            x509TrustManager = this.promptTrustManager.get();
        } else {
            ArrayList arrayList = new ArrayList(5);
            if (this.useSSL.isPresent() || this.useStartTLS.isPresent()) {
                arrayList.addAll(this.host.getValues());
            }
            AggregateTrustManager preferredPromptTrustManagerChain = InternalSDKHelper.getPreferredPromptTrustManagerChain(arrayList);
            x509TrustManager = this.promptTrustManager.compareAndSet(null, preferredPromptTrustManagerChain) ? preferredPromptTrustManagerChain : this.promptTrustManager.get();
        }
        return new SSLUtil(keyManager, x509TrustManager);
    }

    @Nullable
    public BindRequest createBindRequest() throws LDAPException {
        Control[] controlArr;
        byte[] bytes;
        if (!supportsAuthentication()) {
            return null;
        }
        List<Control> bindControls = getBindControls();
        if (bindControls == null || bindControls.isEmpty()) {
            controlArr = StaticUtils.NO_CONTROLS;
        } else {
            controlArr = new Control[bindControls.size()];
            bindControls.toArray(controlArr);
        }
        if (this.bindPassword.isPresent()) {
            bytes = StaticUtils.getBytes(this.bindPassword.getValue());
        } else if (this.bindPasswordFile.isPresent()) {
            try {
                bytes = StaticUtils.getBytes(new String(getPasswordFileReader().readPassword(this.bindPasswordFile.getValue())));
            } catch (Exception e) {
                Debug.debugException(e);
                throw new LDAPException(ResultCode.LOCAL_ERROR, UtilityMessages.ERR_LDAP_TOOL_CANNOT_READ_BIND_PASSWORD.get(StaticUtils.getExceptionMessage(e)), e);
            }
        } else if (this.promptForBindPassword.isPresent()) {
            getOriginalOut().print(UtilityMessages.INFO_LDAP_TOOL_ENTER_BIND_PASSWORD.get());
            bytes = PasswordReader.readPassword();
            getOriginalOut().println();
        } else {
            bytes = null;
        }
        if (this.saslOption.isPresent()) {
            return SASLUtils.createBindRequest(this.bindDN.isPresent() ? this.bindDN.getValue().toString() : null, bytes, defaultToPromptForBindPassword(), this, null, this.saslOption.getValues(), controlArr);
        }
        if (this.useSASLExternal.isPresent()) {
            return new EXTERNALBindRequest(controlArr);
        }
        if (!this.bindDN.isPresent()) {
            return null;
        }
        if (bytes == null && !this.bindDN.getValue().isNullDN() && defaultToPromptForBindPassword()) {
            getOriginalOut().print(UtilityMessages.INFO_LDAP_TOOL_ENTER_BIND_PASSWORD.get());
            bytes = PasswordReader.readPassword();
            getOriginalOut().println();
        }
        return new SimpleBindRequest(this.bindDN.getValue(), bytes, controlArr);
    }

    public final boolean anyLDAPArgumentsProvided() {
        return isAnyPresent(this.host, this.port, this.bindDN, this.bindPassword, this.bindPasswordFile, this.promptForBindPassword, this.useSSL, this.useStartTLS, this.trustAll, this.keyStorePath, this.keyStorePassword, this.keyStorePasswordFile, this.promptForKeyStorePassword, this.keyStoreFormat, this.trustStorePath, this.trustStorePassword, this.trustStorePasswordFile, this.trustStoreFormat, this.certificateNickname, this.saslOption, this.useSASLExternal);
    }

    private static boolean isAnyPresent(@NotNull Argument... argumentArr) {
        for (Argument argument : argumentArr) {
            if (argument != null && argument.getNumOccurrences() > 0) {
                return true;
            }
        }
        return false;
    }
}
