package org.apache.directory.server.ldap.handlers.sasl.gssapi;

import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.sasl.AuthorizeCallback;
import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
import org.apache.directory.api.ldap.model.constants.JndiPropertyConstants;
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.message.BindRequest;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.StringConstants;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.LdapPrincipal;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
import org.apache.directory.server.ldap.LdapSession;
import org.apache.directory.server.ldap.handlers.sasl.AbstractSaslCallbackHandler;
import org.apache.directory.server.ldap.handlers.sasl.SaslConstants;
import org.apache.directory.server.protocol.shared.kerberos.GetPrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:resources/libs/apacheds-service-2.0.0-M14.jar:org/apache/directory/server/ldap/handlers/sasl/gssapi/GssapiCallbackHandler.class */
public class GssapiCallbackHandler extends AbstractSaslCallbackHandler {
    private static final Logger LOG = LoggerFactory.getLogger(GssapiCallbackHandler.class);

    public GssapiCallbackHandler(LdapSession ldapSession, CoreSession coreSession, BindRequest bindRequest) {
        super(coreSession.getDirectoryService(), bindRequest);
        this.ldapSession = ldapSession;
        this.adminSession = coreSession;
    }

    @Override // org.apache.directory.server.ldap.handlers.sasl.AbstractSaslCallbackHandler
    protected Attribute lookupPassword(String str, String str2) {
        return null;
    }

    @Override // org.apache.directory.server.ldap.handlers.sasl.AbstractSaslCallbackHandler
    protected void authorize(AuthorizeCallback authorizeCallback) throws Exception {
        LOG.debug("Processing conversion of principal name to Dn.");
        String authorizationID = authorizeCallback.getAuthorizationID();
        PrincipalStoreEntry principalStoreEntry = (PrincipalStoreEntry) new GetPrincipal(new KerberosPrincipal(authorizationID)).execute(this.adminSession, new Dn(this.ldapSession.getLdapServer().getSearchBaseDn()));
        String distinguishedName = principalStoreEntry.getDistinguishedName();
        LOG.debug("Converted username {} to Dn {}.", authorizationID, distinguishedName);
        this.ldapSession.putSaslProperty(SaslConstants.SASL_AUTHENT_USER, new LdapPrincipal(this.adminSession.getDirectoryService().getSchemaManager(), new Dn(principalStoreEntry.getDistinguishedName()), AuthenticationLevel.STRONG, StringConstants.EMPTY_BYTES));
        this.ldapSession.putSaslProperty(JndiPropertyConstants.JNDI_SECURITY_PRINCIPAL, distinguishedName);
        authorizeCallback.setAuthorizedID(distinguishedName);
        authorizeCallback.setAuthorized(true);
    }
}
