package org.apache.directory.server.ldap.handlers.extended;

import java.security.KeyStore;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.directory.server.core.security.CoreKeyStoreSpi;
import org.apache.directory.server.ldap.ExtendedOperationHandler;
import org.apache.directory.server.ldap.LdapService;
import org.apache.directory.server.ldap.LdapSession;
import org.apache.directory.shared.ldap.message.ExtendedRequest;
import org.apache.directory.shared.ldap.message.ExtendedResponseImpl;
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.mina.common.IoFilterChain;
import org.apache.mina.filter.SSLFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:resources/libs/apacheds-1.5.3/apacheds-protocol-ldap-1.5.3.jar:org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.class
 */
/* loaded from: input_file:resources/libs/apacheds-1.5.4/apacheds-protocol-ldap-1.5.4.jar:org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.class */
public class StartTlsHandler implements ExtendedOperationHandler {
    public static final String EXTENSION_OID = "1.3.6.1.4.1.1466.20037";
    private static final Set<String> EXTENSION_OIDS;
    private static final Logger LOG = LoggerFactory.getLogger(StartTlsHandler.class);
    private SSLContext sslContext;

    /* JADX WARN: Classes with same name are omitted:
      input_file:resources/libs/apacheds-1.5.3/apacheds-protocol-ldap-1.5.3.jar:org/apache/directory/server/ldap/handlers/extended/StartTlsHandler$ServerX509TrustManager.class
     */
    /* loaded from: input_file:resources/libs/apacheds-1.5.4/apacheds-protocol-ldap-1.5.4.jar:org/apache/directory/server/ldap/handlers/extended/StartTlsHandler$ServerX509TrustManager.class */
    class ServerX509TrustManager implements X509TrustManager {
        ServerX509TrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            StartTlsHandler.LOG.debug("checkClientTrusted() called");
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            StartTlsHandler.LOG.debug("checkServerTrusted() called");
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            StartTlsHandler.LOG.debug("getAcceptedIssuers() called");
            return new X509Certificate[0];
        }
    }

    @Override // org.apache.directory.server.ldap.ExtendedOperationHandler
    public void handleExtendedOperation(LdapSession ldapSession, ExtendedRequest extendedRequest) throws Exception {
        LOG.info("Handling StartTLS request.");
        IoFilterChain filterChain = ldapSession.getIoSession().getFilterChain();
        SSLFilter sSLFilter = (SSLFilter) filterChain.get("sslFilter");
        if (sSLFilter == null) {
            filterChain.addFirst("sslFilter", new SSLFilter(this.sslContext));
        } else {
            sSLFilter.startSSL(ldapSession.getIoSession());
        }
        ExtendedResponseImpl extendedResponseImpl = new ExtendedResponseImpl(extendedRequest.getMessageId());
        extendedResponseImpl.getLdapResult().setResultCode(ResultCodeEnum.SUCCESS);
        extendedResponseImpl.setResponseName(EXTENSION_OID);
        extendedResponseImpl.setResponse(new byte[0]);
        ldapSession.getIoSession().setAttribute(SSLFilter.DISABLE_ENCRYPTION_ONCE);
        ldapSession.getIoSession().write(extendedResponseImpl);
    }

    @Override // org.apache.directory.server.ldap.ExtendedOperationHandler
    public final Set<String> getExtensionOids() {
        return EXTENSION_OIDS;
    }

    @Override // org.apache.directory.server.ldap.ExtendedOperationHandler
    public final String getOid() {
        return EXTENSION_OID;
    }

    @Override // org.apache.directory.server.ldap.ExtendedOperationHandler
    public void setLdapServer(LdapService ldapService) {
        LOG.debug("Setting LDAP Service");
        Provider provider = Security.getProvider("SUN");
        LOG.debug("provider = {}", provider);
        KeyStore keyStore = new KeyStore(new CoreKeyStoreSpi(ldapService.getDirectoryService()), provider, "JKS") { // from class: org.apache.directory.server.ldap.handlers.extended.StartTlsHandler.1
        };
        try {
            keyStore.load(null, null);
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                try {
                    keyManagerFactory.init(keyStore, null);
                    try {
                        this.sslContext = SSLContext.getInstance("TLS");
                        try {
                            this.sslContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{new ServerX509TrustManager()}, new SecureRandom());
                        } catch (Exception e) {
                            throw new RuntimeException("Failed to initialize SSLContext", e);
                        }
                    } catch (Exception e2) {
                        throw new RuntimeException("Failed to create SSLContext", e2);
                    }
                } catch (Exception e3) {
                    throw new RuntimeException("Failed to initialize KeyManagerFactory", e3);
                }
            } catch (Exception e4) {
                throw new RuntimeException("Failed to create KeyManagerFactory", e4);
            }
        } catch (Exception e5) {
            throw new RuntimeException("Failed on keystore load which should never really happen.");
        }
    }

    static {
        HashSet hashSet = new HashSet(3);
        hashSet.add(EXTENSION_OID);
        EXTENSION_OIDS = Collections.unmodifiableSet(hashSet);
    }
}
