package org.opends.server.extensions;

import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.net.InetAddress;
import java.util.ArrayList;
import java.util.List;
import org.opends.server.admin.server.ConfigurationChangeListener;
import org.opends.server.admin.std.server.GSSAPISASLMechanismHandlerCfg;
import org.opends.server.admin.std.server.SASLMechanismHandlerCfg;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.IdentityMapper;
import org.opends.server.api.SASLMechanismHandler;
import org.opends.server.config.ConfigException;
import org.opends.server.core.BindOperation;
import org.opends.server.core.DirectoryServer;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.messages.ExtensionsMessages;
import org.opends.server.messages.MessageHandler;
import org.opends.server.types.AuthenticationInfo;
import org.opends.server.types.ConfigChangeResult;
import org.opends.server.types.DN;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.InitializationException;
import org.opends.server.types.ResultCode;
import org.opends.server.util.ServerConstants;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/extensions/GSSAPISASLMechanismHandler.class */
public class GSSAPISASLMechanismHandler extends SASLMechanismHandler<GSSAPISASLMechanismHandlerCfg> implements ConfigurationChangeListener<GSSAPISASLMechanismHandlerCfg> {
    private static final DebugTracer TRACER = DebugLogger.getTracer();
    private DN configEntryDN;
    private GSSAPISASLMechanismHandlerCfg currentConfig;
    private IdentityMapper identityMapper;
    private String serverFQDN;

    @Override // org.opends.server.api.SASLMechanismHandler
    public void initializeSASLMechanismHandler(GSSAPISASLMechanismHandlerCfg gSSAPISASLMechanismHandlerCfg) throws ConfigException, InitializationException {
        gSSAPISASLMechanismHandlerCfg.addGSSAPIChangeListener(this);
        this.currentConfig = gSSAPISASLMechanismHandlerCfg;
        this.configEntryDN = gSSAPISASLMechanismHandlerCfg.dn();
        DN identityMapperDN = gSSAPISASLMechanismHandlerCfg.getIdentityMapperDN();
        this.identityMapper = DirectoryServer.getIdentityMapper(identityMapperDN);
        if (this.identityMapper == null) {
            throw new ConfigException(ExtensionsMessages.MSGID_SASLGSSAPI_NO_SUCH_IDENTITY_MAPPER, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLGSSAPI_NO_SUCH_IDENTITY_MAPPER, String.valueOf(identityMapperDN), String.valueOf(this.configEntryDN)));
        }
        this.serverFQDN = gSSAPISASLMechanismHandlerCfg.getServerFqdn();
        if (this.serverFQDN == null) {
            try {
                this.serverFQDN = InetAddress.getLocalHost().getCanonicalHostName();
            } catch (Exception e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                throw new InitializationException(ExtensionsMessages.MSGID_SASLGSSAPI_CANNOT_GET_SERVER_FQDN, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLGSSAPI_CANNOT_GET_SERVER_FQDN, String.valueOf(this.configEntryDN), StaticUtils.getExceptionMessage(e)), e);
            }
        }
        try {
            File createTempFile = File.createTempFile("login", "conf");
            String absolutePath = createTempFile.getAbsolutePath();
            createTempFile.deleteOnExit();
            BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(createTempFile, false));
            bufferedWriter.write(getClass().getName() + " {");
            bufferedWriter.newLine();
            bufferedWriter.write("  com.sun.security.auth.module.Krb5LoginModule required storeKey=true useKeyTab=true ");
            String keytab = gSSAPISASLMechanismHandlerCfg.getKeytab();
            if (keytab != null) {
                bufferedWriter.write("keyTab=\"" + keytab + "\" ");
            }
            bufferedWriter.write("principal=\"ldap/" + this.serverFQDN);
            String realm = gSSAPISASLMechanismHandlerCfg.getRealm();
            if (realm != null) {
                bufferedWriter.write("@" + realm);
            }
            bufferedWriter.write("\";");
            bufferedWriter.newLine();
            bufferedWriter.write("};");
            bufferedWriter.newLine();
            bufferedWriter.flush();
            bufferedWriter.close();
            System.setProperty(ServerConstants.JAAS_PROPERTY_CONFIG_FILE, absolutePath);
            System.setProperty(ServerConstants.JAAS_PROPERTY_SUBJECT_CREDS_ONLY, ServerConstants.CONFIG_VALUE_FALSE);
            DirectoryServer.registerSASLMechanismHandler(ServerConstants.SASL_MECHANISM_GSSAPI, this);
        } catch (Exception e2) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e2);
            }
            throw new InitializationException(ExtensionsMessages.MSGID_SASLGSSAPI_CANNOT_CREATE_JAAS_CONFIG, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLGSSAPI_CANNOT_CREATE_JAAS_CONFIG, StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    @Override // org.opends.server.api.SASLMechanismHandler
    public void finalizeSASLMechanismHandler() {
        this.currentConfig.removeGSSAPIChangeListener(this);
        DirectoryServer.deregisterSASLMechanismHandler(ServerConstants.SASL_MECHANISM_GSSAPI);
    }

    @Override // org.opends.server.api.SASLMechanismHandler
    public void processSASLBind(BindOperation bindOperation) {
        GSSAPIStateInfo gSSAPIStateInfo;
        ClientConnection clientConnection = bindOperation.getClientConnection();
        if (clientConnection == null) {
            bindOperation.setAuthFailureReason(ExtensionsMessages.MSGID_SASLGSSAPI_NO_CLIENT_CONNECTION, MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLGSSAPI_NO_CLIENT_CONNECTION));
            bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
            return;
        }
        Object sASLAuthStateInfo = clientConnection.getSASLAuthStateInfo();
        if (sASLAuthStateInfo == null || !(sASLAuthStateInfo instanceof GSSAPIStateInfo)) {
            try {
                gSSAPIStateInfo = new GSSAPIStateInfo(this, bindOperation, this.serverFQDN);
            } catch (InitializationException e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                bindOperation.setAuthFailureReason(e.getMessageID(), e.getMessage());
                bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
                clientConnection.setSASLAuthStateInfo(null);
                return;
            }
        } else {
            gSSAPIStateInfo = (GSSAPIStateInfo) sASLAuthStateInfo;
        }
        gSSAPIStateInfo.setBindOperation(bindOperation);
        gSSAPIStateInfo.processAuthenticationStage();
        if (bindOperation.getResultCode() != ResultCode.SUCCESS) {
            if (bindOperation.getResultCode() == ResultCode.SASL_BIND_IN_PROGRESS) {
                clientConnection.setSASLAuthStateInfo(gSSAPIStateInfo);
                return;
            } else {
                clientConnection.setSASLAuthStateInfo(null);
                return;
            }
        }
        Entry userEntry = gSSAPIStateInfo.getUserEntry();
        bindOperation.setAuthenticationInfo(new AuthenticationInfo(userEntry, ServerConstants.SASL_MECHANISM_GSSAPI, DirectoryServer.isRootDN(userEntry.getDN())));
        bindOperation.setResultCode(ResultCode.SUCCESS);
        clientConnection.setSASLAuthStateInfo(null);
        try {
            gSSAPIStateInfo.dispose();
        } catch (Exception e2) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e2);
            }
        }
    }

    public Entry getUserForAuthzID(BindOperation bindOperation, String str) throws DirectoryException {
        return this.identityMapper.getEntryForID(str);
    }

    @Override // org.opends.server.api.SASLMechanismHandler
    public boolean isPasswordBased(String str) {
        return false;
    }

    @Override // org.opends.server.api.SASLMechanismHandler
    public boolean isSecure(String str) {
        return true;
    }

    @Override // org.opends.server.api.SASLMechanismHandler
    public boolean isConfigurationAcceptable(SASLMechanismHandlerCfg sASLMechanismHandlerCfg, List<String> list) {
        return isConfigurationChangeAcceptable2((GSSAPISASLMechanismHandlerCfg) sASLMechanismHandlerCfg, list);
    }

    /* renamed from: isConfigurationChangeAcceptable, reason: avoid collision after fix types in other method */
    public boolean isConfigurationChangeAcceptable2(GSSAPISASLMechanismHandlerCfg gSSAPISASLMechanismHandlerCfg, List<String> list) {
        boolean z = true;
        DN dn = gSSAPISASLMechanismHandlerCfg.dn();
        DN identityMapperDN = gSSAPISASLMechanismHandlerCfg.getIdentityMapperDN();
        if (DirectoryServer.getIdentityMapper(identityMapperDN) == null) {
            list.add(MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLGSSAPI_NO_SUCH_IDENTITY_MAPPER, String.valueOf(identityMapperDN), String.valueOf(dn)));
            z = false;
        }
        return z;
    }

    @Override // org.opends.server.admin.server.ConfigurationChangeListener
    public ConfigChangeResult applyConfigurationChange(GSSAPISASLMechanismHandlerCfg gSSAPISASLMechanismHandlerCfg) {
        ResultCode resultCode = ResultCode.SUCCESS;
        ArrayList arrayList = new ArrayList();
        DN identityMapperDN = gSSAPISASLMechanismHandlerCfg.getIdentityMapperDN();
        IdentityMapper identityMapper = DirectoryServer.getIdentityMapper(identityMapperDN);
        if (identityMapper == null) {
            if (resultCode == ResultCode.SUCCESS) {
                resultCode = ResultCode.CONSTRAINT_VIOLATION;
            }
            arrayList.add(MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLGSSAPI_NO_SUCH_IDENTITY_MAPPER, String.valueOf(identityMapperDN), String.valueOf(this.configEntryDN)));
        }
        String serverFqdn = gSSAPISASLMechanismHandlerCfg.getServerFqdn();
        if (serverFqdn == null) {
            try {
                serverFqdn = InetAddress.getLocalHost().getCanonicalHostName();
            } catch (Exception e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                if (resultCode == ResultCode.SUCCESS) {
                    resultCode = DirectoryServer.getServerErrorResultCode();
                }
                arrayList.add(MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLGSSAPI_CANNOT_GET_SERVER_FQDN, String.valueOf(this.configEntryDN), StaticUtils.getExceptionMessage(e)));
            }
        }
        if (resultCode == ResultCode.SUCCESS) {
            try {
                File createTempFile = File.createTempFile("login", "conf");
                String absolutePath = createTempFile.getAbsolutePath();
                createTempFile.deleteOnExit();
                BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(createTempFile, false));
                bufferedWriter.write(getClass().getName() + " {");
                bufferedWriter.newLine();
                bufferedWriter.write("  com.sun.security.auth.module.Krb5LoginModule required storeKey=true useKeyTab=true ");
                String keytab = gSSAPISASLMechanismHandlerCfg.getKeytab();
                if (keytab != null) {
                    bufferedWriter.write("keyTab=\"" + keytab + "\" ");
                }
                bufferedWriter.write("principal=\"ldap/" + this.serverFQDN);
                String realm = gSSAPISASLMechanismHandlerCfg.getRealm();
                if (realm != null) {
                    bufferedWriter.write("@" + realm);
                }
                bufferedWriter.write("\";");
                bufferedWriter.newLine();
                bufferedWriter.write("};");
                bufferedWriter.newLine();
                bufferedWriter.flush();
                bufferedWriter.close();
                System.setProperty(ServerConstants.JAAS_PROPERTY_CONFIG_FILE, absolutePath);
                this.identityMapper = identityMapper;
                this.serverFQDN = serverFqdn;
                this.currentConfig = gSSAPISASLMechanismHandlerCfg;
            } catch (Exception e2) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e2);
                }
                ResultCode serverErrorResultCode = DirectoryServer.getServerErrorResultCode();
                arrayList.add(MessageHandler.getMessage(ExtensionsMessages.MSGID_SASLGSSAPI_CANNOT_CREATE_JAAS_CONFIG, StaticUtils.getExceptionMessage(e2)));
                return new ConfigChangeResult(serverErrorResultCode, false, arrayList);
            }
        }
        return new ConfigChangeResult(resultCode, false, arrayList);
    }

    @Override // org.opends.server.admin.server.ConfigurationChangeListener
    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(GSSAPISASLMechanismHandlerCfg gSSAPISASLMechanismHandlerCfg, List list) {
        return isConfigurationChangeAcceptable2(gSSAPISASLMechanismHandlerCfg, (List<String>) list);
    }
}
