package org.apache.directory.server.ldap.handlers.bind.gssapi;

import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslServer;
import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
import org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal;
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.ldap.LdapSession;
import org.apache.directory.server.ldap.handlers.bind.AbstractMechanismHandler;
import org.apache.directory.server.ldap.handlers.bind.SaslConstants;
import org.apache.directory.server.protocol.shared.ServiceConfigurationException;
import org.apache.directory.shared.ldap.constants.JndiPropertyConstants;
import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
import org.apache.directory.shared.ldap.message.InternalBindRequest;
import org.apache.directory.shared.ldap.name.LdapDN;

/* loaded from: input_file:resources/libs/apacheds-protocol-ldap-1.5.5.jar:org/apache/directory/server/ldap/handlers/bind/gssapi/GssapiMechanismHandler.class */
public class GssapiMechanismHandler extends AbstractMechanismHandler {
    @Override // org.apache.directory.server.ldap.handlers.bind.MechanismHandler
    public SaslServer handleMechanism(LdapSession ldapSession, InternalBindRequest internalBindRequest) throws Exception {
        SaslServer saslServer = (SaslServer) ldapSession.getSaslProperty(SaslConstants.SASL_SERVER);
        if (saslServer == null) {
            Subject subject = getSubject(ldapSession.getLdapServer());
            final String str = (String) ldapSession.getSaslProperty(SaslConstants.SASL_HOST);
            final Map map = (Map) ldapSession.getSaslProperty(SaslConstants.SASL_PROPS);
            final GssapiCallbackHandler gssapiCallbackHandler = new GssapiCallbackHandler(ldapSession, ldapSession.getLdapServer().getDirectoryService().getAdminSession(), internalBindRequest);
            saslServer = (SaslServer) Subject.doAs(subject, new PrivilegedExceptionAction<SaslServer>() { // from class: org.apache.directory.server.ldap.handlers.bind.gssapi.GssapiMechanismHandler.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public SaslServer run() throws Exception {
                    return Sasl.createSaslServer(SupportedSaslMechanisms.GSSAPI, "ldap", str, map, gssapiCallbackHandler);
                }
            });
            ldapSession.putSaslProperty(SaslConstants.SASL_SERVER, saslServer);
        }
        return saslServer;
    }

    @Override // org.apache.directory.server.ldap.handlers.bind.MechanismHandler
    public void init(LdapSession ldapSession) {
        ldapSession.putSaslProperty(SaslConstants.SASL_HOST, ldapSession.getLdapServer().getSaslHost());
        HashMap hashMap = new HashMap();
        hashMap.put(JndiPropertyConstants.JNDI_SASL_QOP, ldapSession.getLdapServer().getSaslQopString());
        ldapSession.putSaslProperty(SaslConstants.SASL_PROPS, hashMap);
    }

    @Override // org.apache.directory.server.ldap.handlers.bind.MechanismHandler
    public void cleanup(LdapSession ldapSession) {
        insertSaslFilter(ldapSession);
        ldapSession.removeSaslProperty(SaslConstants.SASL_HOST);
        ldapSession.removeSaslProperty(SaslConstants.SASL_USER_BASE_DN);
        ldapSession.removeSaslProperty(SaslConstants.SASL_MECH);
        ldapSession.removeSaslProperty(SaslConstants.SASL_PROPS);
        ldapSession.removeSaslProperty(SaslConstants.SASL_AUTHENT_USER);
    }

    private Subject getSubject(LdapServer ldapServer) throws Exception {
        String saslPrincipal = ldapServer.getSaslPrincipal();
        KerberosPrincipal kerberosPrincipal = new KerberosPrincipal(saslPrincipal);
        try {
            PrincipalStoreEntry findPrincipal = findPrincipal(ldapServer, new GetPrincipal(kerberosPrincipal));
            if (findPrincipal == null) {
                throw new ServiceConfigurationException("Service principal " + saslPrincipal + " not found at search base DN " + ldapServer.getSearchBaseDn() + ".");
            }
            Subject subject = new Subject();
            Iterator<EncryptionType> it = findPrincipal.getKeyMap().keySet().iterator();
            while (it.hasNext()) {
                EncryptionKey encryptionKey = findPrincipal.getKeyMap().get(it.next());
                subject.getPrivateCredentials().add(new KerberosKey(kerberosPrincipal, encryptionKey.getKeyValue(), encryptionKey.getKeyType().getOrdinal(), encryptionKey.getKeyVersion()));
            }
            return subject;
        } catch (ServiceConfigurationException e) {
            throw new ServiceConfigurationException("Service principal " + saslPrincipal + " not found at search base DN " + ldapServer.getSearchBaseDn() + ".", e);
        }
    }

    private PrincipalStoreEntry findPrincipal(LdapServer ldapServer, GetPrincipal getPrincipal) throws Exception {
        return (PrincipalStoreEntry) getPrincipal.execute(ldapServer.getDirectoryService().getAdminSession(), new LdapDN(ldapServer.getSearchBaseDn()));
    }
}
