package org.apache.directory.server.ldap.support;

import java.util.Hashtable;
import java.util.Set;
import javax.naming.NamingException;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.spi.InitialContextFactory;
import org.apache.directory.server.core.jndi.ServerLdapContext;
import org.apache.directory.server.ldap.LdapConfiguration;
import org.apache.directory.server.ldap.SessionRegistry;
import org.apache.directory.server.ldap.support.bind.BindHandlerChain;
import org.apache.directory.shared.ldap.exception.LdapException;
import org.apache.directory.shared.ldap.message.BindRequest;
import org.apache.directory.shared.ldap.message.BindResponse;
import org.apache.directory.shared.ldap.message.LdapResult;
import org.apache.directory.shared.ldap.message.MutableControl;
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.util.ExceptionUtils;
import org.apache.mina.common.IoSession;
import org.apache.mina.handler.chain.IoHandlerCommand;
import org.apache.mina.handler.demux.MessageHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/ldap/support/BindHandler.class */
public class BindHandler extends AbstractLdapHandler implements MessageHandler {
    private IoHandlerCommand saslBindHandler = new BindHandlerChain();
    private static final String SIMPLE_AUTHENTICATION_LEVEL = "simple";
    private static final Logger log = LoggerFactory.getLogger(BindHandler.class);
    private static final MutableControl[] EMPTY_CONTROL = new MutableControl[0];

    private Hashtable<String, Object> getEnvironment(IoSession ioSession, BindRequest bindRequest, String str) {
        LdapDN name = bindRequest.getName();
        byte[] credentials = bindRequest.getCredentials();
        if (log.isDebugEnabled()) {
            log.debug("{} {}", "java.naming.security.principal", name);
            log.debug("{} {}", "java.naming.security.credentials", credentials);
            log.debug("{} {}", "java.naming.security.authentication", str);
        }
        Hashtable<String, Object> environmentByCopy = SessionRegistry.getSingleton().getEnvironmentByCopy();
        environmentByCopy.put("java.naming.security.principal", name);
        if (credentials != null) {
            environmentByCopy.put("java.naming.security.credentials", credentials);
        }
        environmentByCopy.put("java.naming.security.authentication", str);
        if (bindRequest.getControls().containsKey("2.16.840.1.113730.3.4.2")) {
            environmentByCopy.put("java.naming.referral", "ignore");
        } else {
            environmentByCopy.put("java.naming.referral", "throw");
        }
        return environmentByCopy;
    }

    private LdapContext getLdapContext(IoSession ioSession, BindRequest bindRequest, Hashtable<String, Object> hashtable) {
        ResultCodeEnum bestEstimate;
        LdapContext ldapContext;
        LdapResult ldapResult = bindRequest.getResultResponse().getLdapResult();
        try {
            if (hashtable.containsKey("server.use.factory.instance")) {
                InitialContextFactory initialContextFactory = (InitialContextFactory) hashtable.get("server.use.factory.instance");
                if (initialContextFactory == null) {
                    log.error("The property 'server.use.factory.instance'  was set in env but was null");
                    throw new NullPointerException("server.use.factory.instance was set in env but was null");
                }
                ldapContext = initialContextFactory.getInitialContext(hashtable);
            } else {
                ldapContext = new InitialLdapContext(hashtable, (MutableControl[]) bindRequest.getControls().values().toArray(EMPTY_CONTROL));
            }
        } catch (NamingException e) {
            if (e instanceof LdapException) {
                bestEstimate = e.getResultCode();
                ldapResult.setResultCode(bestEstimate);
            } else {
                bestEstimate = ResultCodeEnum.getBestEstimate(e, bindRequest.getType());
                ldapResult.setResultCode(bestEstimate);
            }
            String str = "Bind failed: " + e.getMessage();
            if (log.isDebugEnabled()) {
                str = (str + ":\n" + ExceptionUtils.getStackTrace(e)) + "\n\nBindRequest = \n" + bindRequest.toString();
                log.debug(str);
            }
            if (e.getResolvedName() != null && (bestEstimate == ResultCodeEnum.NO_SUCH_OBJECT || bestEstimate == ResultCodeEnum.ALIAS_PROBLEM || bestEstimate == ResultCodeEnum.INVALID_DN_SYNTAX || bestEstimate == ResultCodeEnum.ALIAS_DEREFERENCING_PROBLEM)) {
                ldapResult.setMatchedDn(e.getResolvedName());
            }
            ldapResult.setErrorMessage(str);
            ioSession.write(bindRequest.getResultResponse());
            ldapContext = null;
        }
        return ldapContext;
    }

    private void handleSimpleAuth(IoSession ioSession, BindRequest bindRequest) throws NamingException {
        Set<String> supportedMechanisms = ((LdapConfiguration) ioSession.getAttribute(LdapConfiguration.class.toString())).getSupportedMechanisms();
        LdapResult ldapResult = bindRequest.getResultResponse().getLdapResult();
        if (!supportedMechanisms.contains("SIMPLE")) {
            log.error("Bind error : SIMPLE authentication not supported. Please check the server.xml configuration file (supportedMechanisms field)");
            ldapResult.setResultCode(ResultCodeEnum.STRONG_AUTH_REQUIRED);
            ldapResult.setErrorMessage("Simple binds are disabled.");
            ioSession.write(bindRequest.getResultResponse());
            return;
        }
        LdapContext ldapContext = getLdapContext(ioSession, bindRequest, getEnvironment(ioSession, bindRequest, SIMPLE_AUTHENTICATION_LEVEL));
        if (ldapContext != null) {
            LdapContext ldapContext2 = (ServerLdapContext) ldapContext.lookup("");
            setRequestControls(ldapContext2, bindRequest);
            SessionRegistry.getSingleton().setLdapContext(ioSession, ldapContext2);
            ldapResult.setResultCode(ResultCodeEnum.SUCCESS);
            BindResponse resultResponse = bindRequest.getResultResponse();
            resultResponse.addAll(ldapContext2.getResponseControls());
            ioSession.write(resultResponse);
            log.debug("Returned SUCCESS message.");
        }
    }

    public void messageReceived(IoSession ioSession, Object obj) throws Exception {
        BindRequest bindRequest = (BindRequest) obj;
        if (log.isDebugEnabled()) {
            log.debug("User {} is binding", bindRequest.getName());
            if (bindRequest.isSimple()) {
                log.debug("Using simple authentication.");
            } else {
                log.debug("Using SASL authentication with mechanism:  {}", bindRequest.getSaslMechanism());
            }
        }
        if (bindRequest.getVersion3()) {
            if (bindRequest.isSimple()) {
                handleSimpleAuth(ioSession, bindRequest);
                return;
            } else {
                this.saslBindHandler.execute((IoHandlerCommand.NextCommand) null, ioSession, obj);
                return;
            }
        }
        log.error("Bind error : Only LDAP v3 is supported.");
        LdapResult ldapResult = bindRequest.getResultResponse().getLdapResult();
        ldapResult.setResultCode(ResultCodeEnum.PROTOCOL_ERROR);
        ldapResult.setErrorMessage("Only LDAP v3 is supported.");
        ioSession.write(bindRequest.getResultResponse());
    }
}
