package org.wildfly.security.sasl.gssapi;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
import org.apache.directory.api.ldap.model.ldif.LdifEntry;
import org.apache.directory.api.ldap.model.ldif.LdifReader;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.partition.Partition;
import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory;
import org.apache.directory.server.core.factory.DirectoryServiceFactory;
import org.apache.directory.server.core.factory.PartitionFactory;
import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
import org.apache.directory.server.kerberos.KerberosConfig;
import org.apache.directory.server.kerberos.kdc.KdcServer;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
import org.apache.directory.server.kerberos.shared.keytab.Keytab;
import org.apache.directory.server.kerberos.shared.keytab.KeytabEntry;
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.directory.server.protocol.shared.transport.Transport;
import org.apache.directory.server.protocol.shared.transport.UdpTransport;
import org.apache.directory.shared.kerberos.KerberosTime;
import org.apache.directory.shared.kerberos.components.EncryptionKey;
import org.jboss.logging.Logger;

/* loaded from: input_file:org/wildfly/security/sasl/gssapi/TestKDC.class */
public class TestKDC {
    public static final int LDAP_PORT = 11390;
    private static Logger log = Logger.getLogger(TestKDC.class);
    private File workingDir;
    private DirectoryService directoryService;
    private KdcServer kdcServer;
    private String originalConfig;
    private boolean exposeLdapServer;
    private LdapServer ldapServer;

    public TestKDC(boolean z) {
        this.exposeLdapServer = z;
    }

    public void startDirectoryService() {
        if (this.directoryService != null) {
            throw new IllegalStateException("DirectoryService already started");
        }
        createWorkingDir();
        try {
            DefaultDirectoryServiceFactory defaultDirectoryServiceFactory = new DefaultDirectoryServiceFactory();
            DirectoryService directoryService = defaultDirectoryServiceFactory.getDirectoryService();
            defaultDirectoryServiceFactory.init("Test Service");
            directoryService.getChangeLog().setEnabled(false);
            directoryService.addLast(new KeyDerivationInterceptor());
            SchemaManager schemaManager = directoryService.getSchemaManager();
            createPartition(defaultDirectoryServiceFactory, schemaManager, "wildfly", "dc=wildfly,dc=org", directoryService, this.workingDir, "uid", "krb5PrincipalName");
            processLdif(schemaManager, directoryService.getAdminSession(), "/KerberosTesting.ldif");
            this.directoryService = directoryService;
            if (this.exposeLdapServer) {
                this.ldapServer = new LdapServer();
                this.ldapServer.setServiceName("DefaultLDAP");
                this.ldapServer.addTransports(new Transport[]{new TcpTransport("localhost", LDAP_PORT, 3, 5)});
                this.ldapServer.setDirectoryService(this.directoryService);
                this.ldapServer.start();
            }
        } catch (Exception e) {
            throw new IllegalStateException("Unable to initialise DirectoryService", e);
        }
    }

    private static void createPartition(DirectoryServiceFactory directoryServiceFactory, SchemaManager schemaManager, String str, String str2, DirectoryService directoryService, File file, String... strArr) throws Exception {
        PartitionFactory partitionFactory = directoryServiceFactory.getPartitionFactory();
        Partition createPartition = partitionFactory.createPartition(schemaManager, directoryService.getDnFactory(), str, str2, 1000, file);
        for (String str3 : strArr) {
            partitionFactory.addIndex(createPartition, str3, 10);
        }
        createPartition.setCacheService(directoryService.getCacheService());
        createPartition.initialize();
        directoryService.addPartition(createPartition);
    }

    private static void processLdif(SchemaManager schemaManager, CoreSession coreSession, String str) throws Exception {
        InputStream resourceAsStream = TestKDC.class.getResourceAsStream(str);
        LdifReader ldifReader = new LdifReader(resourceAsStream);
        Iterator it = ldifReader.iterator();
        while (it.hasNext()) {
            coreSession.add(new DefaultEntry(schemaManager, ((LdifEntry) it.next()).getEntry()));
        }
        ldifReader.close();
        resourceAsStream.close();
    }

    private void stopDirectoryService() {
        if (this.directoryService == null) {
            return;
        }
        try {
            this.directoryService.shutdown();
            this.directoryService = null;
        } catch (Exception e) {
            throw new IllegalStateException("Error shutting down directory service", e);
        }
    }

    public void startKDC() {
        if (this.directoryService == null) {
            throw new IllegalStateException("No DirectoryService Available for KDC");
        }
        if (this.kdcServer != null) {
            throw new IllegalStateException("KDCServer already started");
        }
        this.originalConfig = System.setProperty("java.security.krb5.conf", new File(TestKDC.class.getResource("/krb5.conf").getFile()).getAbsolutePath());
        KdcServer kdcServer = new KdcServer();
        kdcServer.setServiceName("TestKDCServer");
        kdcServer.setSearchBaseDn("dc=wildfly,dc=org");
        KerberosConfig config = kdcServer.getConfig();
        config.setServicePrincipal("krbtgt/WILDFLY.ORG@WILDFLY.ORG");
        config.setPrimaryRealm("WILDFLY.ORG");
        config.setMaximumTicketLifetime(86400000L);
        config.setMaximumRenewableLifetime(604800000L);
        config.setPaEncTimestampRequired(false);
        kdcServer.addTransports(new Transport[]{new UdpTransport("localhost", 6088)});
        kdcServer.setDirectoryService(this.directoryService);
        try {
            kdcServer.start();
            this.kdcServer = kdcServer;
        } catch (IOException | LdapInvalidDnException e) {
            throw new IllegalStateException("Unable to start KDC", e);
        }
    }

    private void stopKDC() {
        if (this.kdcServer == null) {
            return;
        }
        this.kdcServer.stop();
        this.kdcServer = null;
        if (this.originalConfig != null) {
            System.setProperty("java.security.krb5.conf", this.originalConfig);
        }
    }

    private void createWorkingDir() {
        this.workingDir = new File("./target/apache-ds/working");
        if (!this.workingDir.exists() && !this.workingDir.mkdirs()) {
            throw new IllegalStateException("Unable to create working dir.");
        }
        emptyDir(this.workingDir);
    }

    private void cleanWorkingDir() {
        emptyDir(this.workingDir);
        this.workingDir = null;
    }

    private void emptyDir(File file) {
        for (File file2 : file.listFiles()) {
            if (!file2.delete()) {
                try {
                    throw new IllegalStateException(String.format("Unable to delete file '%s' from working dir '%s'.", file2.getName(), this.workingDir.getCanonicalPath()));
                } catch (IOException e) {
                    throw new IllegalStateException(e);
                }
            }
        }
    }

    public void stopAll() {
        stopKDC();
        stopDirectoryService();
    }

    public String generateKeyTab(String str, String... strArr) {
        log.debug("Generating keytab: " + str);
        ArrayList arrayList = new ArrayList();
        KerberosTime kerberosTime = new KerberosTime();
        int i = 0;
        while (i < strArr.length) {
            int i2 = i;
            int i3 = i + 1;
            String str2 = strArr[i2];
            i = i3 + 1;
            Iterator it = KerberosKeyFactory.getKerberosKeys(str2, strArr[i3]).entrySet().iterator();
            while (it.hasNext()) {
                EncryptionKey encryptionKey = (EncryptionKey) ((Map.Entry) it.next()).getValue();
                log.debug("Adding key=" + encryptionKey + " for principal=" + str2);
                arrayList.add(new KeytabEntry(str2, 1, kerberosTime, (byte) encryptionKey.getKeyVersion(), encryptionKey));
            }
        }
        Keytab keytab = Keytab.getInstance();
        keytab.setEntries(arrayList);
        try {
            File file = new File(this.workingDir, str);
            keytab.write(file);
            return file.getAbsolutePath();
        } catch (IOException e) {
            throw new IllegalStateException("Cannot create keytab: " + str, e);
        }
    }
}
