package org.apache.directory.server.ldap.handlers.bind.digestMD5;

import java.util.HashSet;
import javax.security.sasl.AuthorizeCallback;
import org.apache.directory.server.core.CoreSession;
import org.apache.directory.server.core.authn.LdapPrincipal;
import org.apache.directory.server.core.entry.ClonedServerEntry;
import org.apache.directory.server.core.filtering.EntryFilteringCursor;
import org.apache.directory.server.ldap.LdapSession;
import org.apache.directory.server.ldap.handlers.bind.AbstractSaslCallbackHandler;
import org.apache.directory.server.ldap.handlers.bind.SaslConstants;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.constants.JndiPropertyConstants;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.filter.ExprNode;
import org.apache.directory.shared.ldap.filter.FilterParser;
import org.apache.directory.shared.ldap.filter.SearchScope;
import org.apache.directory.shared.ldap.message.AliasDerefMode;
import org.apache.directory.shared.ldap.message.InternalBindRequest;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.schema.AttributeType;
import org.apache.directory.shared.ldap.schema.AttributeTypeOptions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/apacheds-all-1.5.5.jar:org/apache/directory/server/ldap/handlers/bind/digestMD5/DigestMd5CallbackHandler.class */
public class DigestMd5CallbackHandler extends AbstractSaslCallbackHandler {
    private static final Logger LOG = LoggerFactory.getLogger(DigestMd5CallbackHandler.class);
    private String bindDn;
    private String userPassword;

    public DigestMd5CallbackHandler(LdapSession ldapSession, CoreSession coreSession, InternalBindRequest internalBindRequest) {
        super(coreSession.getDirectoryService(), internalBindRequest);
        this.ldapSession = ldapSession;
        this.adminSession = coreSession;
    }

    @Override // org.apache.directory.server.ldap.handlers.bind.AbstractSaslCallbackHandler
    protected EntryAttribute lookupPassword(String str, String str2) {
        try {
            ExprNode parse = FilterParser.parse("(uid=" + str + ")");
            HashSet hashSet = new HashSet();
            AttributeType lookup = this.adminSession.getDirectoryService().getRegistries().getAttributeTypeRegistry().lookup(SchemaConstants.USER_PASSWORD_AT);
            hashSet.add(new AttributeTypeOptions(lookup));
            this.bindDn = (String) this.ldapSession.getSaslProperty(SaslConstants.SASL_USER_BASE_DN);
            EntryFilteringCursor search = this.adminSession.search(new LdapDN(this.bindDn), SearchScope.SUBTREE, parse, AliasDerefMode.DEREF_ALWAYS, hashSet);
            search.beforeFirst();
            ClonedServerEntry clonedServerEntry = null;
            while (search.next()) {
                clonedServerEntry = search.get();
                this.ldapSession.putSaslProperty(SaslConstants.SASL_AUTHENT_USER, new LdapPrincipal(clonedServerEntry.getDn(), AuthenticationLevel.STRONG, clonedServerEntry.get(SchemaConstants.USER_PASSWORD_AT).getBytes()));
            }
            return clonedServerEntry.get(lookup);
        } catch (Exception e) {
            return null;
        }
    }

    @Override // org.apache.directory.server.ldap.handlers.bind.AbstractSaslCallbackHandler
    protected void authorize(AuthorizeCallback authorizeCallback) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Converted username " + getUsername() + " to DN " + this.bindDn + " with password " + this.userPassword + ".");
        }
        this.ldapSession.putSaslProperty(JndiPropertyConstants.JNDI_SECURITY_PRINCIPAL, this.bindDn);
        authorizeCallback.setAuthorizedID(this.bindDn);
        authorizeCallback.setAuthorized(true);
    }
}
