package org.apache.directory.server.ldap.handlers.bind;

import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.directory.shared.ldap.model.constants.JndiPropertyConstants;
import org.apache.directory.shared.ldap.model.constants.SaslQoP;
import org.apache.mina.core.buffer.IoBuffer;
import org.apache.mina.core.filterchain.IoFilter;
import org.apache.mina.core.filterchain.IoFilterAdapter;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.core.write.DefaultWriteRequest;
import org.apache.mina.core.write.WriteRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:resources/libs/apacheds-service-2.0.0-M3.jar:org/apache/directory/server/ldap/handlers/bind/SaslFilter.class */
public class SaslFilter extends IoFilterAdapter {
    private static final Logger log = LoggerFactory.getLogger(SaslFilter.class);
    public static final String DISABLE_SECURITY_LAYER_ONCE = SaslFilter.class.getName() + ".DisableSecurityLayerOnce";
    private SaslServer saslServer;

    public SaslFilter(SaslServer saslServer) {
        if (saslServer == null) {
            throw new IllegalStateException();
        }
        this.saslServer = saslServer;
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void messageReceived(IoFilter.NextFilter nextFilter, IoSession ioSession, Object obj) throws SaslException {
        log.debug("Message received:  {}", obj);
        String str = (String) this.saslServer.getNegotiatedProperty(JndiPropertyConstants.JNDI_SASL_QOP);
        if (!(str != null && (str.equals(SaslQoP.AUTH_INT.getValue()) || str.equals(SaslQoP.AUTH_CONF.getValue())))) {
            log.debug("Will not use SASL on received message.");
            nextFilter.messageReceived(ioSession, obj);
            return;
        }
        IoBuffer ioBuffer = (IoBuffer) obj;
        int i = ioBuffer.getInt();
        byte[] bArr = new byte[i];
        ioBuffer.get(bArr);
        log.debug("Will use SASL to unwrap received message of length:  {}", Integer.valueOf(i));
        nextFilter.messageReceived(ioSession, IoBuffer.wrap(this.saslServer.unwrap(bArr, 0, bArr.length)));
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void filterWrite(IoFilter.NextFilter nextFilter, IoSession ioSession, WriteRequest writeRequest) throws SaslException {
        log.debug("Filtering write request:  {}", writeRequest);
        if (ioSession.containsAttribute(DISABLE_SECURITY_LAYER_ONCE)) {
            log.debug("Disabling SaslFilter once; will not use SASL on write request.");
            ioSession.removeAttribute(DISABLE_SECURITY_LAYER_ONCE);
            nextFilter.filterWrite(ioSession, writeRequest);
            return;
        }
        String str = (String) this.saslServer.getNegotiatedProperty(JndiPropertyConstants.JNDI_SASL_QOP);
        if (!(str != null && (str.equals(SaslQoP.AUTH_INT.getValue()) || str.equals(SaslQoP.AUTH_CONF.getValue())))) {
            log.debug("Will not use SASL on write request.");
            nextFilter.filterWrite(ioSession, writeRequest);
            return;
        }
        IoBuffer ioBuffer = (IoBuffer) writeRequest.getMessage();
        int remaining = ioBuffer.remaining();
        byte[] bArr = new byte[remaining];
        ioBuffer.get(bArr);
        log.debug("Will use SASL to wrap message of length:  {}", Integer.valueOf(remaining));
        byte[] wrap = this.saslServer.wrap(bArr, 0, bArr.length);
        IoBuffer allocate = IoBuffer.allocate(4 + wrap.length);
        allocate.putInt(wrap.length);
        allocate.put(wrap);
        allocate.position(0);
        allocate.limit(4 + wrap.length);
        log.debug("Sending encrypted token of length {}.", Integer.valueOf(allocate.limit()));
        nextFilter.filterWrite(ioSession, new DefaultWriteRequest(allocate, writeRequest.getFuture()));
    }
}
