package org.apache.directory.server.ldap.support.bind;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import javax.naming.Name;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
import org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal;
import org.apache.directory.server.ldap.LdapConfiguration;
import org.apache.directory.server.protocol.shared.ServiceConfigurationException;
import org.apache.directory.server.protocol.shared.store.ContextOperation;
import org.apache.mina.common.IoSession;
import org.apache.mina.handler.chain.IoHandlerCommand;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/ldap/support/bind/ConfigureChain.class */
public class ConfigureChain implements IoHandlerCommand {
    private static final Logger log = LoggerFactory.getLogger(ConfigureChain.class);
    private DirContext ctx;

    public void execute(IoHandlerCommand.NextCommand nextCommand, IoSession ioSession, Object obj) throws Exception {
        LdapConfiguration ldapConfiguration = (LdapConfiguration) ioSession.getAttribute(LdapConfiguration.class.toString());
        HashMap hashMap = new HashMap();
        hashMap.put("javax.security.sasl.qop", getActiveQop(ldapConfiguration));
        hashMap.put("com.sun.security.sasl.digest.realm", getActiveRealms(ldapConfiguration));
        ioSession.setAttribute("saslProps", hashMap);
        ioSession.setAttribute("saslHost", ldapConfiguration.getSaslHost());
        ioSession.setAttribute("baseDn", ldapConfiguration.getSearchBaseDn());
        Set activeMechanisms = getActiveMechanisms(ldapConfiguration);
        if (activeMechanisms.contains("GSSAPI")) {
            try {
                ioSession.setAttribute("saslSubject", getSubject(ldapConfiguration));
            } catch (ServiceConfigurationException e) {
                activeMechanisms.remove("GSSAPI");
                log.warn(e.getMessage());
            }
        }
        ioSession.setAttribute("supportedMechanisms", activeMechanisms);
        nextCommand.execute(ioSession, obj);
    }

    private Set getActiveMechanisms(LdapConfiguration ldapConfiguration) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("SIMPLE");
        arrayList.add("CRAM-MD5");
        arrayList.add("DIGEST-MD5");
        arrayList.add("GSSAPI");
        HashSet hashSet = new HashSet();
        for (String str : ldapConfiguration.getSupportedMechanisms()) {
            if (arrayList.contains(str)) {
                hashSet.add(str);
            }
        }
        return hashSet;
    }

    private String getActiveQop(LdapConfiguration ldapConfiguration) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("auth");
        arrayList.add("auth-int");
        arrayList.add("auth-conf");
        StringBuilder sb = new StringBuilder();
        Iterator it = ldapConfiguration.getSaslQop().iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (arrayList.contains(str)) {
                sb.append(str);
            }
            if (it.hasNext()) {
                sb.append(",");
            }
        }
        return sb.toString();
    }

    private String getActiveRealms(LdapConfiguration ldapConfiguration) {
        StringBuilder sb = new StringBuilder();
        Iterator it = ldapConfiguration.getSaslRealms().iterator();
        while (it.hasNext()) {
            sb.append((String) it.next());
            if (it.hasNext()) {
                sb.append(" ");
            }
        }
        return sb.toString();
    }

    private Subject getSubject(LdapConfiguration ldapConfiguration) throws ServiceConfigurationException {
        String saslPrincipal = ldapConfiguration.getSaslPrincipal();
        KerberosPrincipal kerberosPrincipal = new KerberosPrincipal(saslPrincipal);
        try {
            PrincipalStoreEntry principalStoreEntry = (PrincipalStoreEntry) execute(ldapConfiguration, new GetPrincipal(kerberosPrincipal));
            if (principalStoreEntry == null) {
                throw new ServiceConfigurationException("Service principal " + saslPrincipal + " not found at search base DN " + ldapConfiguration.getSearchBaseDn() + ".");
            }
            EncryptionKey encryptionKey = (EncryptionKey) principalStoreEntry.getKeyMap().get(EncryptionType.DES_CBC_MD5);
            KerberosKey kerberosKey = new KerberosKey(kerberosPrincipal, encryptionKey.getKeyValue(), encryptionKey.getKeyType().getOrdinal(), encryptionKey.getKeyVersion());
            Subject subject = new Subject();
            subject.getPrivateCredentials().add(kerberosKey);
            return subject;
        } catch (Exception e) {
            throw new ServiceConfigurationException("Service principal " + saslPrincipal + " not found at search base DN " + ldapConfiguration.getSearchBaseDn() + ".", e);
        }
    }

    private Object execute(LdapConfiguration ldapConfiguration, ContextOperation contextOperation) throws Exception {
        Hashtable<String, Object> environment = getEnvironment(ldapConfiguration);
        if (this.ctx == null) {
            try {
                this.ctx = new InitialLdapContext(environment, (Control[]) null);
            } catch (NamingException e) {
                throw new ServiceConfigurationException("Failed to get initial context " + ((String) environment.get("java.naming.provider.url")), e);
            }
        }
        return contextOperation.execute(this.ctx, (Name) null);
    }

    private Hashtable<String, Object> getEnvironment(LdapConfiguration ldapConfiguration) {
        Hashtable<String, Object> hashtable = new Hashtable<>();
        hashtable.put("java.naming.factory.initial", ldapConfiguration.getInitialContextFactory());
        hashtable.put("java.naming.provider.url", ldapConfiguration.getSearchBaseDn());
        hashtable.put("java.naming.security.authentication", ldapConfiguration.getSecurityAuthentication());
        hashtable.put("java.naming.security.credentials", ldapConfiguration.getSecurityCredentials());
        hashtable.put("java.naming.security.principal", ldapConfiguration.getSecurityPrincipal());
        return hashtable;
    }
}
