package org.opends.server.tools;

import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.PrivilegedExceptionAction;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.concurrent.atomic.AtomicInteger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import org.opends.messages.Message;
import org.opends.messages.ToolMessages;
import org.opends.server.protocols.asn1.ASN1Exception;
import org.opends.server.protocols.asn1.ASN1OctetString;
import org.opends.server.protocols.ldap.BindRequestProtocolOp;
import org.opends.server.protocols.ldap.BindResponseProtocolOp;
import org.opends.server.protocols.ldap.ExtendedRequestProtocolOp;
import org.opends.server.protocols.ldap.ExtendedResponseProtocolOp;
import org.opends.server.protocols.ldap.LDAPConstants;
import org.opends.server.protocols.ldap.LDAPControl;
import org.opends.server.protocols.ldap.LDAPMessage;
import org.opends.server.protocols.ldap.LDAPResultCode;
import org.opends.server.types.LDAPException;
import org.opends.server.types.LDAPURL;
import org.opends.server.util.Base64;
import org.opends.server.util.PasswordReader;
import org.opends.server.util.ServerConstants;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/tools/LDAPAuthenticationHandler.class */
public class LDAPAuthenticationHandler implements PrivilegedExceptionAction<Object>, CallbackHandler {
    private ASN1OctetString gssapiBindDN;
    private LDAPReader reader;
    private LDAPWriter writer;
    private AtomicInteger nextMessageID;
    private char[] gssapiAuthPW;
    private String gssapiAuthID;
    private String gssapiAuthzID;
    private String gssapiQoP;
    private String hostName;
    private String saslMechanism;
    private MessageDigest md5Digest = null;
    private SecureRandom secureRandom = null;
    private byte[] iPad = null;
    private byte[] oPad = null;

    public LDAPAuthenticationHandler(LDAPReader lDAPReader, LDAPWriter lDAPWriter, String str, AtomicInteger atomicInteger) {
        this.reader = lDAPReader;
        this.writer = lDAPWriter;
        this.hostName = str;
        this.nextMessageID = atomicInteger;
    }

    public static String[] getSupportedSASLMechanisms() {
        return new String[]{ServerConstants.SASL_MECHANISM_ANONYMOUS, ServerConstants.SASL_MECHANISM_CRAM_MD5, ServerConstants.SASL_MECHANISM_DIGEST_MD5, ServerConstants.SASL_MECHANISM_EXTERNAL, ServerConstants.SASL_MECHANISM_GSSAPI, ServerConstants.SASL_MECHANISM_PLAIN};
    }

    public static LinkedHashMap<String, Message> getSASLProperties(String str) {
        String upperCase = StaticUtils.toUpperCase(str);
        if (upperCase.equals(ServerConstants.SASL_MECHANISM_ANONYMOUS)) {
            return getSASLAnonymousProperties();
        }
        if (upperCase.equals(ServerConstants.SASL_MECHANISM_CRAM_MD5)) {
            return getSASLCRAMMD5Properties();
        }
        if (upperCase.equals(ServerConstants.SASL_MECHANISM_DIGEST_MD5)) {
            return getSASLDigestMD5Properties();
        }
        if (upperCase.equals(ServerConstants.SASL_MECHANISM_EXTERNAL)) {
            return getSASLExternalProperties();
        }
        if (upperCase.equals(ServerConstants.SASL_MECHANISM_GSSAPI)) {
            return getSASLGSSAPIProperties();
        }
        if (upperCase.equals(ServerConstants.SASL_MECHANISM_PLAIN)) {
            return getSASLPlainProperties();
        }
        return null;
    }

    public String doSimpleBind(int i, ASN1OctetString aSN1OctetString, ASN1OctetString aSN1OctetString2, ArrayList<LDAPControl> arrayList, ArrayList<LDAPControl> arrayList2) throws ClientException, LDAPException {
        if (aSN1OctetString2 == null) {
            if (aSN1OctetString == null) {
                aSN1OctetString2 = new ASN1OctetString();
            } else {
                System.out.print(ToolMessages.INFO_LDAPAUTH_PASSWORD_PROMPT.get(aSN1OctetString.stringValue()));
                System.out.flush();
                char[] readPassword = PasswordReader.readPassword();
                if (readPassword == null) {
                    aSN1OctetString2 = new ASN1OctetString();
                } else {
                    aSN1OctetString2 = new ASN1OctetString(StaticUtils.getBytes(readPassword));
                    Arrays.fill(readPassword, (char) 0);
                }
            }
        }
        if (aSN1OctetString == null) {
            aSN1OctetString = new ASN1OctetString();
        }
        try {
            this.writer.writeMessage(new LDAPMessage(this.nextMessageID.getAndIncrement(), new BindRequestProtocolOp(aSN1OctetString, i, aSN1OctetString2), arrayList));
            try {
                LDAPMessage readMessage = this.reader.readMessage();
                if (readMessage == null) {
                    throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CONNECTION_CLOSED_WITHOUT_BIND_RESPONSE.get());
                }
                ArrayList<LDAPControl> controls = readMessage.getControls();
                if (controls != null && !controls.isEmpty()) {
                    arrayList2.addAll(controls);
                }
                switch (readMessage.getProtocolOpType()) {
                    case 97:
                        BindResponseProtocolOp bindResponseProtocolOp = readMessage.getBindResponseProtocolOp();
                        int resultCode = bindResponseProtocolOp.getResultCode();
                        if (resultCode == 0) {
                            return null;
                        }
                        throw new LDAPException(resultCode, bindResponseProtocolOp.getErrorMessage(), ToolMessages.ERR_LDAPAUTH_SIMPLE_BIND_FAILED.get(), bindResponseProtocolOp.getMatchedDN(), null);
                    case 120:
                        ExtendedResponseProtocolOp extendedResponseProtocolOp = readMessage.getExtendedResponseProtocolOp();
                        String oid = extendedResponseProtocolOp.getOID();
                        if (oid == null || !oid.equals(LDAPConstants.OID_NOTICE_OF_DISCONNECTION)) {
                            throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_EXTENDED_RESPONSE.get(String.valueOf(extendedResponseProtocolOp)));
                        }
                        throw new LDAPException(extendedResponseProtocolOp.getResultCode(), ToolMessages.ERR_LDAPAUTH_SERVER_DISCONNECT.get(Integer.valueOf(extendedResponseProtocolOp.getResultCode()), extendedResponseProtocolOp.getErrorMessage()));
                    default:
                        throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_RESPONSE.get(String.valueOf(readMessage.getProtocolOp())));
                }
            } catch (IOException e) {
                throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e)), e);
            } catch (ASN1Exception e2) {
                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e2)), e2);
            } catch (LDAPException e3) {
                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e3)), e3);
            } catch (Exception e4) {
                throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e4)), e4);
            }
        } catch (IOException e5) {
            throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_SIMPLE_BIND.get(StaticUtils.getExceptionMessage(e5)), e5);
        } catch (Exception e6) {
            throw new ClientException(83, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_SIMPLE_BIND.get(StaticUtils.getExceptionMessage(e6)), e6);
        }
    }

    public String doSASLBind(ASN1OctetString aSN1OctetString, ASN1OctetString aSN1OctetString2, String str, Map<String, List<String>> map, ArrayList<LDAPControl> arrayList, ArrayList<LDAPControl> arrayList2) throws ClientException, LDAPException {
        if (aSN1OctetString == null) {
            aSN1OctetString = new ASN1OctetString();
        }
        if (str == null || str.length() == 0) {
            throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_NO_SASL_MECHANISM.get());
        }
        this.saslMechanism = StaticUtils.toUpperCase(str);
        if (this.saslMechanism.equals(ServerConstants.SASL_MECHANISM_ANONYMOUS)) {
            return doSASLAnonymous(aSN1OctetString, map, arrayList, arrayList2);
        }
        if (this.saslMechanism.equals(ServerConstants.SASL_MECHANISM_CRAM_MD5)) {
            return doSASLCRAMMD5(aSN1OctetString, aSN1OctetString2, map, arrayList, arrayList2);
        }
        if (this.saslMechanism.equals(ServerConstants.SASL_MECHANISM_DIGEST_MD5)) {
            return doSASLDigestMD5(aSN1OctetString, aSN1OctetString2, map, arrayList, arrayList2);
        }
        if (this.saslMechanism.equals(ServerConstants.SASL_MECHANISM_EXTERNAL)) {
            return doSASLExternal(aSN1OctetString, map, arrayList, arrayList2);
        }
        if (this.saslMechanism.equals(ServerConstants.SASL_MECHANISM_GSSAPI)) {
            return doSASLGSSAPI(aSN1OctetString, aSN1OctetString2, map, arrayList, arrayList2);
        }
        if (this.saslMechanism.equals(ServerConstants.SASL_MECHANISM_PLAIN)) {
            return doSASLPlain(aSN1OctetString, aSN1OctetString2, map, arrayList, arrayList2);
        }
        throw new ClientException(86, ToolMessages.ERR_LDAPAUTH_UNSUPPORTED_SASL_MECHANISM.get(str));
    }

    public String doSASLAnonymous(ASN1OctetString aSN1OctetString, Map<String, List<String>> map, ArrayList<LDAPControl> arrayList, ArrayList<LDAPControl> arrayList2) throws ClientException, LDAPException {
        String str = null;
        if (map != null && !map.isEmpty()) {
            for (String str2 : map.keySet()) {
                if (!str2.equalsIgnoreCase(ToolConstants.SASL_PROPERTY_TRACE)) {
                    throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_INVALID_SASL_PROPERTY.get(str2, ServerConstants.SASL_MECHANISM_ANONYMOUS));
                }
                Iterator<String> it = map.get(str2).iterator();
                if (it.hasNext()) {
                    str = it.next();
                    if (it.hasNext()) {
                        throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_TRACE_SINGLE_VALUED.get());
                    }
                }
            }
        }
        try {
            this.writer.writeMessage(new LDAPMessage(this.nextMessageID.getAndIncrement(), new BindRequestProtocolOp(aSN1OctetString, ServerConstants.SASL_MECHANISM_ANONYMOUS, str == null ? null : new ASN1OctetString(str)), arrayList));
            try {
                LDAPMessage readMessage = this.reader.readMessage();
                if (readMessage == null) {
                    throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CONNECTION_CLOSED_WITHOUT_BIND_RESPONSE.get());
                }
                ArrayList<LDAPControl> controls = readMessage.getControls();
                if (controls != null && !controls.isEmpty()) {
                    arrayList2.addAll(controls);
                }
                switch (readMessage.getProtocolOpType()) {
                    case 97:
                        BindResponseProtocolOp bindResponseProtocolOp = readMessage.getBindResponseProtocolOp();
                        int resultCode = bindResponseProtocolOp.getResultCode();
                        if (resultCode == 0) {
                            return null;
                        }
                        throw new LDAPException(resultCode, bindResponseProtocolOp.getErrorMessage(), ToolMessages.ERR_LDAPAUTH_SASL_BIND_FAILED.get(ServerConstants.SASL_MECHANISM_ANONYMOUS), bindResponseProtocolOp.getMatchedDN(), null);
                    case 120:
                        ExtendedResponseProtocolOp extendedResponseProtocolOp = readMessage.getExtendedResponseProtocolOp();
                        String oid = extendedResponseProtocolOp.getOID();
                        if (oid == null || !oid.equals(LDAPConstants.OID_NOTICE_OF_DISCONNECTION)) {
                            throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_EXTENDED_RESPONSE.get(String.valueOf(extendedResponseProtocolOp)));
                        }
                        throw new LDAPException(extendedResponseProtocolOp.getResultCode(), ToolMessages.ERR_LDAPAUTH_SERVER_DISCONNECT.get(Integer.valueOf(extendedResponseProtocolOp.getResultCode()), extendedResponseProtocolOp.getErrorMessage()));
                    default:
                        throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_RESPONSE.get(String.valueOf(readMessage.getProtocolOp())));
                }
            } catch (IOException e) {
                throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e)), e);
            } catch (ASN1Exception e2) {
                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e2)), e2);
            } catch (LDAPException e3) {
                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e3)), e3);
            } catch (Exception e4) {
                throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e4)), e4);
            }
        } catch (IOException e5) {
            throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_SASL_BIND.get(ServerConstants.SASL_MECHANISM_ANONYMOUS, StaticUtils.getExceptionMessage(e5)), e5);
        } catch (Exception e6) {
            throw new ClientException(83, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_SASL_BIND.get(ServerConstants.SASL_MECHANISM_ANONYMOUS, StaticUtils.getExceptionMessage(e6)), e6);
        }
    }

    public static LinkedHashMap<String, Message> getSASLAnonymousProperties() {
        LinkedHashMap<String, Message> linkedHashMap = new LinkedHashMap<>(1);
        linkedHashMap.put(ToolConstants.SASL_PROPERTY_TRACE, ToolMessages.INFO_LDAPAUTH_PROPERTY_DESCRIPTION_TRACE.get());
        return linkedHashMap;
    }

    public String doSASLCRAMMD5(ASN1OctetString aSN1OctetString, ASN1OctetString aSN1OctetString2, Map<String, List<String>> map, ArrayList<LDAPControl> arrayList, ArrayList<LDAPControl> arrayList2) throws ClientException, LDAPException {
        String str = null;
        if (map == null || map.isEmpty()) {
            throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_NO_SASL_PROPERTIES.get(ServerConstants.SASL_MECHANISM_CRAM_MD5));
        }
        for (String str2 : map.keySet()) {
            if (!StaticUtils.toLowerCase(str2).equals(ToolConstants.SASL_PROPERTY_AUTHID)) {
                throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_INVALID_SASL_PROPERTY.get(str2, ServerConstants.SASL_MECHANISM_CRAM_MD5));
            }
            Iterator<String> it = map.get(str2).iterator();
            if (it.hasNext()) {
                str = it.next();
                if (it.hasNext()) {
                    throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_AUTHID_SINGLE_VALUED.get());
                }
            }
        }
        if (str == null || str.length() == 0) {
            throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_SASL_AUTHID_REQUIRED.get(ServerConstants.SASL_MECHANISM_CRAM_MD5));
        }
        if (aSN1OctetString2 == null) {
            System.out.print(ToolMessages.INFO_LDAPAUTH_PASSWORD_PROMPT.get(str));
            char[] readPassword = PasswordReader.readPassword();
            if (readPassword == null) {
                aSN1OctetString2 = new ASN1OctetString();
            } else {
                aSN1OctetString2 = new ASN1OctetString(StaticUtils.getBytes(readPassword));
                Arrays.fill(readPassword, (char) 0);
            }
        }
        try {
            this.writer.writeMessage(new LDAPMessage(this.nextMessageID.getAndIncrement(), new BindRequestProtocolOp(aSN1OctetString, ServerConstants.SASL_MECHANISM_CRAM_MD5, (ASN1OctetString) null)));
            try {
                LDAPMessage readMessage = this.reader.readMessage();
                if (readMessage == null) {
                    throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CONNECTION_CLOSED_WITHOUT_BIND_RESPONSE.get());
                }
                switch (readMessage.getProtocolOpType()) {
                    case 97:
                        BindResponseProtocolOp bindResponseProtocolOp = readMessage.getBindResponseProtocolOp();
                        int resultCode = bindResponseProtocolOp.getResultCode();
                        if (resultCode != 14) {
                            Message errorMessage = bindResponseProtocolOp.getErrorMessage();
                            if (errorMessage == null) {
                                errorMessage = Message.EMPTY;
                            }
                            throw new LDAPException(resultCode, errorMessage, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_INITIAL_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_CRAM_MD5, Integer.valueOf(resultCode), LDAPResultCode.toString(resultCode), errorMessage), bindResponseProtocolOp.getMatchedDN(), null);
                        }
                        ASN1OctetString serverSASLCredentials = bindResponseProtocolOp.getServerSASLCredentials();
                        if (serverSASLCredentials == null) {
                            throw new LDAPException(2, ToolMessages.ERR_LDAPAUTH_NO_CRAMMD5_SERVER_CREDENTIALS.get());
                        }
                        try {
                            this.writer.writeMessage(new LDAPMessage(this.nextMessageID.getAndIncrement(), new BindRequestProtocolOp(aSN1OctetString, ServerConstants.SASL_MECHANISM_CRAM_MD5, new ASN1OctetString(str + ' ' + generateCRAMMD5Digest(aSN1OctetString2, serverSASLCredentials))), arrayList));
                            try {
                                LDAPMessage readMessage2 = this.reader.readMessage();
                                if (readMessage2 == null) {
                                    throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CONNECTION_CLOSED_WITHOUT_BIND_RESPONSE.get());
                                }
                                ArrayList<LDAPControl> controls = readMessage2.getControls();
                                if (controls != null && !controls.isEmpty()) {
                                    arrayList2.addAll(controls);
                                }
                                switch (readMessage2.getProtocolOpType()) {
                                    case 97:
                                        BindResponseProtocolOp bindResponseProtocolOp2 = readMessage2.getBindResponseProtocolOp();
                                        int resultCode2 = bindResponseProtocolOp2.getResultCode();
                                        if (resultCode2 == 0) {
                                            return null;
                                        }
                                        throw new LDAPException(resultCode2, bindResponseProtocolOp2.getErrorMessage(), ToolMessages.ERR_LDAPAUTH_SASL_BIND_FAILED.get(ServerConstants.SASL_MECHANISM_CRAM_MD5), bindResponseProtocolOp2.getMatchedDN(), null);
                                    case 120:
                                        ExtendedResponseProtocolOp extendedResponseProtocolOp = readMessage2.getExtendedResponseProtocolOp();
                                        String oid = extendedResponseProtocolOp.getOID();
                                        if (oid == null || !oid.equals(LDAPConstants.OID_NOTICE_OF_DISCONNECTION)) {
                                            throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_EXTENDED_RESPONSE.get(String.valueOf(extendedResponseProtocolOp)));
                                        }
                                        throw new LDAPException(extendedResponseProtocolOp.getResultCode(), ToolMessages.ERR_LDAPAUTH_SERVER_DISCONNECT.get(Integer.valueOf(extendedResponseProtocolOp.getResultCode()), extendedResponseProtocolOp.getErrorMessage()));
                                    default:
                                        throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_RESPONSE.get(String.valueOf(readMessage2.getProtocolOp())));
                                }
                            } catch (IOException e) {
                                throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_SECOND_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_CRAM_MD5, StaticUtils.getExceptionMessage(e)), e);
                            } catch (ASN1Exception e2) {
                                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_SECOND_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_CRAM_MD5, StaticUtils.getExceptionMessage(e2)), e2);
                            } catch (LDAPException e3) {
                                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_SECOND_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_CRAM_MD5, StaticUtils.getExceptionMessage(e3)), e3);
                            } catch (Exception e4) {
                                throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_SECOND_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_CRAM_MD5, StaticUtils.getExceptionMessage(e4)), e4);
                            }
                        } catch (IOException e5) {
                            throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_SECOND_SASL_BIND.get(ServerConstants.SASL_MECHANISM_CRAM_MD5, StaticUtils.getExceptionMessage(e5)), e5);
                        } catch (Exception e6) {
                            throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_SECOND_SASL_BIND.get(ServerConstants.SASL_MECHANISM_CRAM_MD5, StaticUtils.getExceptionMessage(e6)), e6);
                        }
                    case 120:
                        ExtendedResponseProtocolOp extendedResponseProtocolOp2 = readMessage.getExtendedResponseProtocolOp();
                        String oid2 = extendedResponseProtocolOp2.getOID();
                        if (oid2 == null || !oid2.equals(LDAPConstants.OID_NOTICE_OF_DISCONNECTION)) {
                            throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_EXTENDED_RESPONSE.get(String.valueOf(extendedResponseProtocolOp2)));
                        }
                        throw new LDAPException(extendedResponseProtocolOp2.getResultCode(), ToolMessages.ERR_LDAPAUTH_SERVER_DISCONNECT.get(Integer.valueOf(extendedResponseProtocolOp2.getResultCode()), extendedResponseProtocolOp2.getErrorMessage()));
                    default:
                        throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_RESPONSE.get(String.valueOf(readMessage.getProtocolOp())));
                }
            } catch (IOException e7) {
                throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_INITIAL_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_CRAM_MD5, StaticUtils.getExceptionMessage(e7)), e7);
            } catch (ASN1Exception e8) {
                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_INITIAL_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_CRAM_MD5, StaticUtils.getExceptionMessage(e8)), e8);
            } catch (LDAPException e9) {
                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_INITIAL_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_CRAM_MD5, StaticUtils.getExceptionMessage(e9)), e9);
            } catch (Exception e10) {
                throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_INITIAL_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_CRAM_MD5, StaticUtils.getExceptionMessage(e10)), e10);
            }
        } catch (IOException e11) {
            throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_INITIAL_SASL_BIND.get(ServerConstants.SASL_MECHANISM_CRAM_MD5, StaticUtils.getExceptionMessage(e11)), e11);
        } catch (Exception e12) {
            throw new ClientException(83, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_INITIAL_SASL_BIND.get(ServerConstants.SASL_MECHANISM_CRAM_MD5, StaticUtils.getExceptionMessage(e12)), e12);
        }
    }

    private String generateCRAMMD5Digest(ASN1OctetString aSN1OctetString, ASN1OctetString aSN1OctetString2) throws ClientException {
        if (this.md5Digest == null) {
            try {
                this.md5Digest = MessageDigest.getInstance("MD5");
            } catch (Exception e) {
                throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_CANNOT_INITIALIZE_MD5_DIGEST.get(StaticUtils.getExceptionMessage(e)), e);
            }
        }
        if (this.iPad == null) {
            this.iPad = new byte[64];
            this.oPad = new byte[64];
            Arrays.fill(this.iPad, (byte) 54);
            Arrays.fill(this.oPad, (byte) 92);
        }
        byte[] value = aSN1OctetString.value();
        byte[] value2 = aSN1OctetString2.value();
        if (value.length > 64) {
            value = this.md5Digest.digest(value);
        }
        byte[] bArr = new byte[64 + value2.length];
        System.arraycopy(this.iPad, 0, bArr, 0, 64);
        System.arraycopy(value2, 0, bArr, 64, value2.length);
        byte[] bArr2 = new byte[80];
        System.arraycopy(this.oPad, 0, bArr2, 0, 64);
        for (int i = 0; i < value.length; i++) {
            int i2 = i;
            bArr[i2] = (byte) (bArr[i2] ^ value[i]);
            int i3 = i;
            bArr2[i3] = (byte) (bArr2[i3] ^ value[i]);
        }
        System.arraycopy(this.md5Digest.digest(bArr), 0, bArr2, 64, 16);
        byte[] digest = this.md5Digest.digest(bArr2);
        StringBuilder sb = new StringBuilder(2 * digest.length);
        for (byte b : digest) {
            sb.append(StaticUtils.byteToLowerHex(b));
        }
        return sb.toString();
    }

    public static LinkedHashMap<String, Message> getSASLCRAMMD5Properties() {
        LinkedHashMap<String, Message> linkedHashMap = new LinkedHashMap<>(1);
        linkedHashMap.put(ToolConstants.SASL_PROPERTY_AUTHID, ToolMessages.INFO_LDAPAUTH_PROPERTY_DESCRIPTION_AUTHID.get());
        return linkedHashMap;
    }

    public String doSASLDigestMD5(ASN1OctetString aSN1OctetString, ASN1OctetString aSN1OctetString2, Map<String, List<String>> map, ArrayList<LDAPControl> arrayList, ArrayList<LDAPControl> arrayList2) throws ClientException, LDAPException {
        String str = null;
        String str2 = null;
        String str3 = "auth";
        String str4 = "ldap/" + this.hostName;
        String str5 = null;
        boolean z = false;
        if (map == null || map.isEmpty()) {
            throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_NO_SASL_PROPERTIES.get(ServerConstants.SASL_MECHANISM_DIGEST_MD5));
        }
        for (String str6 : map.keySet()) {
            String lowerCase = StaticUtils.toLowerCase(str6);
            if (lowerCase.equals(ToolConstants.SASL_PROPERTY_AUTHID)) {
                Iterator<String> it = map.get(str6).iterator();
                if (it.hasNext()) {
                    str = it.next();
                    if (it.hasNext()) {
                        throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_AUTHID_SINGLE_VALUED.get());
                    }
                } else {
                    continue;
                }
            } else if (lowerCase.equals(ToolConstants.SASL_PROPERTY_REALM)) {
                Iterator<String> it2 = map.get(str6).iterator();
                if (it2.hasNext()) {
                    str2 = it2.next();
                    z = true;
                    if (it2.hasNext()) {
                        throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_REALM_SINGLE_VALUED.get());
                    }
                } else {
                    continue;
                }
            } else if (lowerCase.equals(ToolConstants.SASL_PROPERTY_QOP)) {
                Iterator<String> it3 = map.get(str6).iterator();
                if (it3.hasNext()) {
                    str3 = StaticUtils.toLowerCase(it3.next());
                    if (it3.hasNext()) {
                        throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_QOP_SINGLE_VALUED.get());
                    }
                    if (!str3.equals("auth")) {
                        if (str3.equals("auth-int") || str3.equals("auth-conf")) {
                            throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_DIGESTMD5_QOP_NOT_SUPPORTED.get(str3));
                        }
                        throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_DIGESTMD5_INVALID_QOP.get(str3));
                    }
                } else {
                    continue;
                }
            } else if (lowerCase.equals(ToolConstants.SASL_PROPERTY_DIGEST_URI)) {
                Iterator<String> it4 = map.get(str6).iterator();
                if (it4.hasNext()) {
                    str4 = StaticUtils.toLowerCase(it4.next());
                    if (it4.hasNext()) {
                        throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_DIGEST_URI_SINGLE_VALUED.get());
                    }
                } else {
                    continue;
                }
            } else {
                if (!lowerCase.equals(ToolConstants.SASL_PROPERTY_AUTHZID)) {
                    throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_INVALID_SASL_PROPERTY.get(str6, ServerConstants.SASL_MECHANISM_DIGEST_MD5));
                }
                Iterator<String> it5 = map.get(str6).iterator();
                if (it5.hasNext()) {
                    str5 = StaticUtils.toLowerCase(it5.next());
                    if (it5.hasNext()) {
                        throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_AUTHZID_SINGLE_VALUED.get());
                    }
                } else {
                    continue;
                }
            }
        }
        if (str == null || str.length() == 0) {
            throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_SASL_AUTHID_REQUIRED.get(ServerConstants.SASL_MECHANISM_DIGEST_MD5));
        }
        if (aSN1OctetString2 == null) {
            System.out.print(ToolMessages.INFO_LDAPAUTH_PASSWORD_PROMPT.get(str));
            char[] readPassword = PasswordReader.readPassword();
            if (readPassword == null) {
                aSN1OctetString2 = new ASN1OctetString();
            } else {
                aSN1OctetString2 = new ASN1OctetString(StaticUtils.getBytes(readPassword));
                Arrays.fill(readPassword, (char) 0);
            }
        }
        try {
            this.writer.writeMessage(new LDAPMessage(this.nextMessageID.getAndIncrement(), new BindRequestProtocolOp(aSN1OctetString, ServerConstants.SASL_MECHANISM_DIGEST_MD5, (ASN1OctetString) null)));
            try {
                LDAPMessage readMessage = this.reader.readMessage();
                if (readMessage == null) {
                    throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CONNECTION_CLOSED_WITHOUT_BIND_RESPONSE.get());
                }
                switch (readMessage.getProtocolOpType()) {
                    case 97:
                        BindResponseProtocolOp bindResponseProtocolOp = readMessage.getBindResponseProtocolOp();
                        int resultCode = bindResponseProtocolOp.getResultCode();
                        if (resultCode != 14) {
                            Message errorMessage = bindResponseProtocolOp.getErrorMessage();
                            if (errorMessage == null) {
                                errorMessage = Message.EMPTY;
                            }
                            throw new LDAPException(resultCode, errorMessage, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_INITIAL_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_DIGEST_MD5, Integer.valueOf(resultCode), LDAPResultCode.toString(resultCode), errorMessage), bindResponseProtocolOp.getMatchedDN(), null);
                        }
                        ASN1OctetString serverSASLCredentials = bindResponseProtocolOp.getServerSASLCredentials();
                        if (serverSASLCredentials == null) {
                            throw new LDAPException(2, ToolMessages.ERR_LDAPAUTH_NO_DIGESTMD5_SERVER_CREDENTIALS.get());
                        }
                        String stringValue = serverSASLCredentials.stringValue();
                        String lowerCase2 = StaticUtils.toLowerCase(stringValue);
                        String str7 = null;
                        boolean z2 = false;
                        int i = 0;
                        int length = stringValue.length();
                        while (i < length) {
                            int indexOf = stringValue.indexOf(61, i + 1);
                            if (indexOf < 0) {
                                throw new LDAPException(2, ToolMessages.ERR_LDAPAUTH_DIGESTMD5_INVALID_TOKEN_IN_CREDENTIALS.get(stringValue, Integer.valueOf(i)));
                            }
                            String substring = lowerCase2.substring(i, indexOf);
                            StringBuilder sb = new StringBuilder();
                            i = readToken(stringValue, indexOf + 1, length, sb);
                            String sb2 = sb.toString();
                            if (substring.equals("charset")) {
                                if (!sb2.equalsIgnoreCase("utf-8")) {
                                    throw new LDAPException(2, ToolMessages.ERR_LDAPAUTH_DIGESTMD5_INVALID_CHARSET.get(sb2));
                                }
                                z2 = true;
                            } else if (substring.equals(ToolConstants.SASL_PROPERTY_REALM)) {
                                if (!z) {
                                    if (str2 == null) {
                                        str2 = sb2;
                                    } else {
                                        str2 = null;
                                        z = true;
                                    }
                                }
                            } else if (substring.equals("nonce")) {
                                str7 = sb2;
                            } else if (substring.equals(ToolConstants.SASL_PROPERTY_QOP)) {
                                StringTokenizer stringTokenizer = new StringTokenizer(sb2, ",");
                                LinkedList linkedList = new LinkedList();
                                while (stringTokenizer.hasMoreTokens()) {
                                    linkedList.add(StaticUtils.toLowerCase(stringTokenizer.nextToken().trim()));
                                }
                                if (!linkedList.contains(str3)) {
                                    throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_REQUESTED_QOP_NOT_SUPPORTED_BY_SERVER.get(str3, sb2));
                                }
                            } else {
                                continue;
                            }
                        }
                        if (str7 == null) {
                            throw new LDAPException(2, ToolMessages.ERR_LDAPAUTH_DIGESTMD5_NO_NONCE.get());
                        }
                        String generateCNonce = generateCNonce();
                        String str8 = z2 ? "UTF-8" : "ISO-8859-1";
                        try {
                            String generateDigestMD5Response = generateDigestMD5Response(str, str5, aSN1OctetString2.value(), str2, str7, generateCNonce, "00000001", str4, str3, str8);
                            StringBuilder sb3 = new StringBuilder();
                            sb3.append("username=\"");
                            sb3.append(str);
                            sb3.append("\"");
                            if (str2 != null) {
                                sb3.append(",realm=\"");
                                sb3.append(str2);
                                sb3.append("\"");
                            }
                            sb3.append(",nonce=\"");
                            sb3.append(str7);
                            sb3.append("\",cnonce=\"");
                            sb3.append(generateCNonce);
                            sb3.append("\",nc=");
                            sb3.append("00000001");
                            sb3.append(",qop=");
                            sb3.append(str3);
                            sb3.append(",digest-uri=\"");
                            sb3.append(str4);
                            sb3.append("\",response=");
                            sb3.append(generateDigestMD5Response);
                            if (z2) {
                                sb3.append(",charset=utf-8");
                            }
                            if (str5 != null) {
                                sb3.append(",authzid=\"");
                                sb3.append(str5);
                                sb3.append("\"");
                            }
                            try {
                                this.writer.writeMessage(new LDAPMessage(this.nextMessageID.getAndIncrement(), new BindRequestProtocolOp(aSN1OctetString, ServerConstants.SASL_MECHANISM_DIGEST_MD5, new ASN1OctetString(sb3.toString())), arrayList));
                                try {
                                    LDAPMessage readMessage2 = this.reader.readMessage();
                                    if (readMessage2 == null) {
                                        throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CONNECTION_CLOSED_WITHOUT_BIND_RESPONSE.get());
                                    }
                                    ArrayList<LDAPControl> controls = readMessage2.getControls();
                                    if (controls != null && !controls.isEmpty()) {
                                        arrayList2.addAll(controls);
                                    }
                                    switch (readMessage2.getProtocolOpType()) {
                                        case 97:
                                            BindResponseProtocolOp bindResponseProtocolOp2 = readMessage2.getBindResponseProtocolOp();
                                            int resultCode2 = bindResponseProtocolOp2.getResultCode();
                                            if (resultCode2 != 0) {
                                                throw new LDAPException(resultCode2, bindResponseProtocolOp2.getErrorMessage(), ToolMessages.ERR_LDAPAUTH_SASL_BIND_FAILED.get(ServerConstants.SASL_MECHANISM_DIGEST_MD5), bindResponseProtocolOp2.getMatchedDN(), null);
                                            }
                                            ASN1OctetString serverSASLCredentials2 = bindResponseProtocolOp2.getServerSASLCredentials();
                                            if (serverSASLCredentials2 == null) {
                                                throw new LDAPException(2, ToolMessages.ERR_LDAPAUTH_DIGESTMD5_NO_RSPAUTH_CREDS.get());
                                            }
                                            String lowerCase3 = StaticUtils.toLowerCase(serverSASLCredentials2.stringValue());
                                            if (!lowerCase3.startsWith("rspauth=")) {
                                                throw new LDAPException(2, ToolMessages.ERR_LDAPAUTH_DIGESTMD5_NO_RSPAUTH_CREDS.get());
                                            }
                                            try {
                                                try {
                                                    if (Arrays.equals(StaticUtils.hexStringToByteArray(lowerCase3.substring(8)), generateDigestMD5RspAuth(str, str5, aSN1OctetString2.value(), str2, str7, generateCNonce, "00000001", str4, str3, str8))) {
                                                        return null;
                                                    }
                                                    throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_DIGESTMD5_RSPAUTH_MISMATCH.get());
                                                } catch (Exception e) {
                                                    throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_DIGESTMD5_COULD_NOT_CALCULATE_RSPAUTH.get(StaticUtils.getExceptionMessage(e)));
                                                }
                                            } catch (Exception e2) {
                                                throw new LDAPException(2, ToolMessages.ERR_LDAPAUTH_DIGESTMD5_COULD_NOT_DECODE_RSPAUTH.get(StaticUtils.getExceptionMessage(e2)));
                                            }
                                        case 120:
                                            ExtendedResponseProtocolOp extendedResponseProtocolOp = readMessage2.getExtendedResponseProtocolOp();
                                            String oid = extendedResponseProtocolOp.getOID();
                                            if (oid == null || !oid.equals(LDAPConstants.OID_NOTICE_OF_DISCONNECTION)) {
                                                throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_EXTENDED_RESPONSE.get(String.valueOf(extendedResponseProtocolOp)));
                                            }
                                            throw new LDAPException(extendedResponseProtocolOp.getResultCode(), ToolMessages.ERR_LDAPAUTH_SERVER_DISCONNECT.get(Integer.valueOf(extendedResponseProtocolOp.getResultCode()), extendedResponseProtocolOp.getErrorMessage()));
                                        default:
                                            throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_RESPONSE.get(String.valueOf(readMessage2.getProtocolOp())));
                                    }
                                } catch (IOException e3) {
                                    throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_SECOND_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_DIGEST_MD5, StaticUtils.getExceptionMessage(e3)), e3);
                                } catch (ASN1Exception e4) {
                                    throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_SECOND_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_DIGEST_MD5, StaticUtils.getExceptionMessage(e4)), e4);
                                } catch (LDAPException e5) {
                                    throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_SECOND_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_DIGEST_MD5, StaticUtils.getExceptionMessage(e5)), e5);
                                } catch (Exception e6) {
                                    throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_SECOND_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_DIGEST_MD5, StaticUtils.getExceptionMessage(e6)), e6);
                                }
                            } catch (IOException e7) {
                                throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_SECOND_SASL_BIND.get(ServerConstants.SASL_MECHANISM_DIGEST_MD5, StaticUtils.getExceptionMessage(e7)), e7);
                            } catch (Exception e8) {
                                throw new ClientException(83, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_SECOND_SASL_BIND.get(ServerConstants.SASL_MECHANISM_DIGEST_MD5, StaticUtils.getExceptionMessage(e8)), e8);
                            }
                        } catch (ClientException e9) {
                            throw e9;
                        } catch (Exception e10) {
                            throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_DIGESTMD5_CANNOT_CREATE_RESPONSE_DIGEST.get(StaticUtils.getExceptionMessage(e10)), e10);
                        }
                    case 120:
                        ExtendedResponseProtocolOp extendedResponseProtocolOp2 = readMessage.getExtendedResponseProtocolOp();
                        String oid2 = extendedResponseProtocolOp2.getOID();
                        if (oid2 == null || !oid2.equals(LDAPConstants.OID_NOTICE_OF_DISCONNECTION)) {
                            throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_EXTENDED_RESPONSE.get(String.valueOf(extendedResponseProtocolOp2)));
                        }
                        throw new LDAPException(extendedResponseProtocolOp2.getResultCode(), ToolMessages.ERR_LDAPAUTH_SERVER_DISCONNECT.get(Integer.valueOf(extendedResponseProtocolOp2.getResultCode()), extendedResponseProtocolOp2.getErrorMessage()));
                    default:
                        throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_RESPONSE.get(String.valueOf(readMessage.getProtocolOp())));
                }
            } catch (IOException e11) {
                throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_INITIAL_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_DIGEST_MD5, StaticUtils.getExceptionMessage(e11)), e11);
            } catch (ASN1Exception e12) {
                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_INITIAL_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_DIGEST_MD5, StaticUtils.getExceptionMessage(e12)), e12);
            } catch (LDAPException e13) {
                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_INITIAL_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_DIGEST_MD5, StaticUtils.getExceptionMessage(e13)), e13);
            } catch (Exception e14) {
                throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_INITIAL_BIND_RESPONSE.get(ServerConstants.SASL_MECHANISM_DIGEST_MD5, StaticUtils.getExceptionMessage(e14)), e14);
            }
        } catch (IOException e15) {
            throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_INITIAL_SASL_BIND.get(ServerConstants.SASL_MECHANISM_DIGEST_MD5, StaticUtils.getExceptionMessage(e15)), e15);
        } catch (Exception e16) {
            throw new ClientException(83, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_INITIAL_SASL_BIND.get(ServerConstants.SASL_MECHANISM_DIGEST_MD5, StaticUtils.getExceptionMessage(e16)), e16);
        }
    }

    private int readToken(String str, int i, int i2, StringBuilder sb) throws LDAPException {
        if (i >= i2) {
            return i;
        }
        boolean z = false;
        boolean z2 = false;
        int i3 = i + 1;
        char charAt = str.charAt(i);
        if (charAt == ',') {
            return i3;
        }
        if (charAt == '\"') {
            z2 = true;
        } else if (charAt == '\\') {
            z = true;
        } else {
            sb.append(charAt);
        }
        while (true) {
            if (i3 >= i2) {
                break;
            }
            int i4 = i3;
            i3++;
            char charAt2 = str.charAt(i4);
            if (z) {
                sb.append(charAt2);
                z = false;
            } else if (charAt2 == ',') {
                if (!z2) {
                    break;
                }
                sb.append(charAt2);
            } else if (charAt2 == '\"') {
                if (!z2) {
                    sb.append(charAt2);
                } else if (i3 < i2) {
                    i3++;
                    if (str.charAt(i3) != ',') {
                        throw new LDAPException(49, ToolMessages.ERR_LDAPAUTH_DIGESTMD5_INVALID_CLOSING_QUOTE_POS.get(Integer.valueOf(i3 - 2)));
                    }
                }
            } else if (charAt2 == '\\') {
                z = true;
            } else {
                sb.append(charAt2);
            }
        }
        return i3;
    }

    private String generateCNonce() {
        if (this.secureRandom == null) {
            this.secureRandom = new SecureRandom();
        }
        byte[] bArr = new byte[16];
        this.secureRandom.nextBytes(bArr);
        return Base64.encode(bArr);
    }

    private String generateDigestMD5Response(String str, String str2, byte[] bArr, String str3, String str4, String str5, String str6, String str7, String str8, String str9) throws ClientException, UnsupportedEncodingException {
        if (this.md5Digest == null) {
            try {
                this.md5Digest = MessageDigest.getInstance("MD5");
            } catch (Exception e) {
                throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_CANNOT_INITIALIZE_MD5_DIGEST.get(StaticUtils.getExceptionMessage(e)), e);
            }
        }
        StringBuilder sb = new StringBuilder();
        sb.append(str);
        sb.append(':');
        sb.append(str3 == null ? "" : str3);
        sb.append(':');
        byte[] bytes = sb.toString().getBytes(str9);
        byte[] bArr2 = new byte[bytes.length + bArr.length];
        System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
        System.arraycopy(bArr, 0, bArr2, bytes.length, bArr.length);
        byte[] digest = this.md5Digest.digest(bArr2);
        StringBuilder sb2 = new StringBuilder();
        sb2.append(':');
        sb2.append(str4);
        sb2.append(':');
        sb2.append(str5);
        if (str2 != null) {
            sb2.append(':');
            sb2.append(str2);
        }
        byte[] bytes2 = sb2.toString().getBytes(str9);
        byte[] bArr3 = new byte[digest.length + bytes2.length];
        System.arraycopy(digest, 0, bArr3, 0, digest.length);
        System.arraycopy(bytes2, 0, bArr3, digest.length, bytes2.length);
        byte[] digest2 = this.md5Digest.digest(bArr3);
        byte[] digest3 = this.md5Digest.digest(("AUTHENTICATE:" + str7).getBytes(str9));
        return getHexString(this.md5Digest.digest((getHexString(digest2) + ':' + str4 + ':' + str6 + ':' + str5 + ':' + str8 + ':' + getHexString(digest3)).getBytes(str9)));
    }

    public byte[] generateDigestMD5RspAuth(String str, String str2, byte[] bArr, String str3, String str4, String str5, String str6, String str7, String str8, String str9) throws UnsupportedEncodingException {
        byte[] bytes = (str + ':' + str3 + ':').getBytes(str9);
        byte[] bArr2 = new byte[bytes.length + bArr.length];
        System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
        System.arraycopy(bArr, 0, bArr2, bytes.length, bArr.length);
        byte[] digest = this.md5Digest.digest(bArr2);
        StringBuilder sb = new StringBuilder();
        sb.append(':');
        sb.append(str4);
        sb.append(':');
        sb.append(str5);
        if (str2 != null) {
            sb.append(':');
            sb.append(str2);
        }
        byte[] bytes2 = sb.toString().getBytes(str9);
        byte[] bArr3 = new byte[digest.length + bytes2.length];
        System.arraycopy(digest, 0, bArr3, 0, digest.length);
        System.arraycopy(bytes2, 0, bArr3, digest.length, bytes2.length);
        byte[] digest2 = this.md5Digest.digest(bArr3);
        String str10 = ToolConstants.LIST_TABLE_SEPARATOR + str7;
        if (str8.equals("auth-int") || str8.equals("auth-conf")) {
            str10 = str10 + ":00000000000000000000000000000000";
        }
        byte[] digest3 = this.md5Digest.digest(str10.getBytes(str9));
        return this.md5Digest.digest((getHexString(digest2) + ':' + str4 + ':' + str6 + ':' + str5 + ':' + str8 + ':' + getHexString(digest3)).getBytes(str9));
    }

    private String getHexString(byte[] bArr) {
        StringBuilder sb = new StringBuilder(2 * bArr.length);
        for (byte b : bArr) {
            sb.append(StaticUtils.byteToLowerHex(b));
        }
        return sb.toString();
    }

    public static LinkedHashMap<String, Message> getSASLDigestMD5Properties() {
        LinkedHashMap<String, Message> linkedHashMap = new LinkedHashMap<>(5);
        linkedHashMap.put(ToolConstants.SASL_PROPERTY_AUTHID, ToolMessages.INFO_LDAPAUTH_PROPERTY_DESCRIPTION_AUTHID.get());
        linkedHashMap.put(ToolConstants.SASL_PROPERTY_REALM, ToolMessages.INFO_LDAPAUTH_PROPERTY_DESCRIPTION_REALM.get());
        linkedHashMap.put(ToolConstants.SASL_PROPERTY_QOP, ToolMessages.INFO_LDAPAUTH_PROPERTY_DESCRIPTION_QOP.get());
        linkedHashMap.put(ToolConstants.SASL_PROPERTY_DIGEST_URI, ToolMessages.INFO_LDAPAUTH_PROPERTY_DESCRIPTION_DIGEST_URI.get());
        linkedHashMap.put(ToolConstants.SASL_PROPERTY_AUTHZID, ToolMessages.INFO_LDAPAUTH_PROPERTY_DESCRIPTION_AUTHZID.get());
        return linkedHashMap;
    }

    public String doSASLExternal(ASN1OctetString aSN1OctetString, Map<String, List<String>> map, ArrayList<LDAPControl> arrayList, ArrayList<LDAPControl> arrayList2) throws ClientException, LDAPException {
        if (map != null && !map.isEmpty()) {
            throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_NO_ALLOWED_SASL_PROPERTIES.get(ServerConstants.SASL_MECHANISM_EXTERNAL));
        }
        try {
            this.writer.writeMessage(new LDAPMessage(this.nextMessageID.getAndIncrement(), new BindRequestProtocolOp(aSN1OctetString, ServerConstants.SASL_MECHANISM_EXTERNAL, (ASN1OctetString) null), arrayList));
            try {
                LDAPMessage readMessage = this.reader.readMessage();
                if (readMessage == null) {
                    throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CONNECTION_CLOSED_WITHOUT_BIND_RESPONSE.get());
                }
                ArrayList<LDAPControl> controls = readMessage.getControls();
                if (controls != null && !controls.isEmpty()) {
                    arrayList2.addAll(controls);
                }
                switch (readMessage.getProtocolOpType()) {
                    case 97:
                        BindResponseProtocolOp bindResponseProtocolOp = readMessage.getBindResponseProtocolOp();
                        int resultCode = bindResponseProtocolOp.getResultCode();
                        if (resultCode == 0) {
                            return null;
                        }
                        throw new LDAPException(resultCode, bindResponseProtocolOp.getErrorMessage(), ToolMessages.ERR_LDAPAUTH_SASL_BIND_FAILED.get(ServerConstants.SASL_MECHANISM_EXTERNAL), bindResponseProtocolOp.getMatchedDN(), null);
                    case 120:
                        ExtendedResponseProtocolOp extendedResponseProtocolOp = readMessage.getExtendedResponseProtocolOp();
                        String oid = extendedResponseProtocolOp.getOID();
                        if (oid == null || !oid.equals(LDAPConstants.OID_NOTICE_OF_DISCONNECTION)) {
                            throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_EXTENDED_RESPONSE.get(String.valueOf(extendedResponseProtocolOp)));
                        }
                        throw new LDAPException(extendedResponseProtocolOp.getResultCode(), ToolMessages.ERR_LDAPAUTH_SERVER_DISCONNECT.get(Integer.valueOf(extendedResponseProtocolOp.getResultCode()), extendedResponseProtocolOp.getErrorMessage()));
                    default:
                        throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_RESPONSE.get(String.valueOf(readMessage.getProtocolOp())));
                }
            } catch (IOException e) {
                throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e)), e);
            } catch (ASN1Exception e2) {
                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e2)), e2);
            } catch (LDAPException e3) {
                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e3)), e3);
            } catch (Exception e4) {
                throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e4)), e4);
            }
        } catch (IOException e5) {
            throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_SASL_BIND.get(ServerConstants.SASL_MECHANISM_EXTERNAL, StaticUtils.getExceptionMessage(e5)), e5);
        } catch (Exception e6) {
            throw new ClientException(83, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_SASL_BIND.get(ServerConstants.SASL_MECHANISM_EXTERNAL, StaticUtils.getExceptionMessage(e6)), e6);
        }
    }

    public static LinkedHashMap<String, Message> getSASLExternalProperties() {
        return new LinkedHashMap<>(0);
    }

    public String doSASLGSSAPI(ASN1OctetString aSN1OctetString, ASN1OctetString aSN1OctetString2, Map<String, List<String>> map, ArrayList<LDAPControl> arrayList, ArrayList<LDAPControl> arrayList2) throws ClientException, LDAPException {
        String str = null;
        String str2 = null;
        this.gssapiBindDN = aSN1OctetString;
        this.gssapiAuthID = null;
        this.gssapiAuthzID = null;
        this.gssapiQoP = "auth";
        if (aSN1OctetString2 == null) {
            this.gssapiAuthPW = null;
        } else {
            this.gssapiAuthPW = aSN1OctetString2.stringValue().toCharArray();
        }
        if (map == null || map.isEmpty()) {
            throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_NO_SASL_PROPERTIES.get(ServerConstants.SASL_MECHANISM_GSSAPI));
        }
        for (String str3 : map.keySet()) {
            String lowerCase = StaticUtils.toLowerCase(str3);
            if (lowerCase.equals(ToolConstants.SASL_PROPERTY_AUTHID)) {
                Iterator<String> it = map.get(str3).iterator();
                if (it.hasNext()) {
                    this.gssapiAuthID = it.next();
                    if (it.hasNext()) {
                        throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_AUTHID_SINGLE_VALUED.get());
                    }
                } else {
                    continue;
                }
            } else if (lowerCase.equals(ToolConstants.SASL_PROPERTY_AUTHZID)) {
                Iterator<String> it2 = map.get(str3).iterator();
                if (it2.hasNext()) {
                    this.gssapiAuthzID = it2.next();
                    if (it2.hasNext()) {
                        throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_AUTHZID_SINGLE_VALUED.get());
                    }
                } else {
                    continue;
                }
            } else if (lowerCase.equals(ToolConstants.SASL_PROPERTY_KDC)) {
                Iterator<String> it3 = map.get(str3).iterator();
                if (it3.hasNext()) {
                    str = it3.next();
                    if (it3.hasNext()) {
                        throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_KDC_SINGLE_VALUED.get());
                    }
                } else {
                    continue;
                }
            } else if (lowerCase.equals(ToolConstants.SASL_PROPERTY_QOP)) {
                Iterator<String> it4 = map.get(str3).iterator();
                if (it4.hasNext()) {
                    this.gssapiQoP = StaticUtils.toLowerCase(it4.next());
                    if (it4.hasNext()) {
                        throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_QOP_SINGLE_VALUED.get());
                    }
                    if (!this.gssapiQoP.equals("auth")) {
                        if (this.gssapiQoP.equals("auth-int") || this.gssapiQoP.equals("auth-conf")) {
                            throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_DIGESTMD5_QOP_NOT_SUPPORTED.get(this.gssapiQoP));
                        }
                        throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_GSSAPI_INVALID_QOP.get(this.gssapiQoP));
                    }
                } else {
                    continue;
                }
            } else {
                if (!lowerCase.equals(ToolConstants.SASL_PROPERTY_REALM)) {
                    throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_INVALID_SASL_PROPERTY.get(str3, ServerConstants.SASL_MECHANISM_GSSAPI));
                }
                Iterator<String> it5 = map.get(str3).iterator();
                if (it5.hasNext()) {
                    str2 = it5.next();
                    if (it5.hasNext()) {
                        throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_REALM_SINGLE_VALUED.get());
                    }
                } else {
                    continue;
                }
            }
        }
        if (this.gssapiAuthID == null || this.gssapiAuthID.length() == 0) {
            throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_SASL_AUTHID_REQUIRED.get(ServerConstants.SASL_MECHANISM_GSSAPI));
        }
        if (this.gssapiAuthzID == null) {
            this.gssapiAuthzID = this.gssapiAuthID;
        }
        if (str2 != null) {
            System.setProperty(ServerConstants.KRBV_PROPERTY_REALM, str2);
        }
        if (str != null) {
            System.setProperty(ServerConstants.KRBV_PROPERTY_KDC, str);
        }
        try {
            File createTempFile = File.createTempFile("login", "conf");
            String absolutePath = createTempFile.getAbsolutePath();
            createTempFile.deleteOnExit();
            BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(createTempFile, false));
            bufferedWriter.write(getClass().getName() + " {");
            bufferedWriter.newLine();
            bufferedWriter.write("  com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=TRUE;");
            bufferedWriter.newLine();
            bufferedWriter.write("};");
            bufferedWriter.newLine();
            bufferedWriter.flush();
            bufferedWriter.close();
            System.setProperty(ServerConstants.JAAS_PROPERTY_CONFIG_FILE, absolutePath);
            System.setProperty(ServerConstants.JAAS_PROPERTY_SUBJECT_CREDS_ONLY, ServerConstants.CONFIG_VALUE_TRUE);
            try {
                LoginContext loginContext = new LoginContext(getClass().getName(), this);
                loginContext.login();
                try {
                    Subject.doAs(loginContext.getSubject(), this);
                    return null;
                } catch (Exception e) {
                    if (e instanceof ClientException) {
                        throw ((ClientException) e);
                    }
                    if (e instanceof LDAPException) {
                        throw ((LDAPException) e);
                    }
                    throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_GSSAPI_REMOTE_AUTHENTICATION_FAILED.get(StaticUtils.getExceptionMessage(e)), e);
                }
            } catch (Exception e2) {
                throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_GSSAPI_LOCAL_AUTHENTICATION_FAILED.get(StaticUtils.getExceptionMessage(e2)), e2);
            }
        } catch (Exception e3) {
            throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_GSSAPI_CANNOT_CREATE_JAAS_CONFIG.get(StaticUtils.getExceptionMessage(e3)), e3);
        }
    }

    public static LinkedHashMap<String, Message> getSASLGSSAPIProperties() {
        LinkedHashMap<String, Message> linkedHashMap = new LinkedHashMap<>(4);
        linkedHashMap.put(ToolConstants.SASL_PROPERTY_AUTHID, ToolMessages.INFO_LDAPAUTH_PROPERTY_DESCRIPTION_AUTHID.get());
        linkedHashMap.put(ToolConstants.SASL_PROPERTY_AUTHZID, ToolMessages.INFO_LDAPAUTH_PROPERTY_DESCRIPTION_AUTHZID.get());
        linkedHashMap.put(ToolConstants.SASL_PROPERTY_KDC, ToolMessages.INFO_LDAPAUTH_PROPERTY_DESCRIPTION_KDC.get());
        linkedHashMap.put(ToolConstants.SASL_PROPERTY_REALM, ToolMessages.INFO_LDAPAUTH_PROPERTY_DESCRIPTION_REALM.get());
        return linkedHashMap;
    }

    public String doSASLPlain(ASN1OctetString aSN1OctetString, ASN1OctetString aSN1OctetString2, Map<String, List<String>> map, ArrayList<LDAPControl> arrayList, ArrayList<LDAPControl> arrayList2) throws ClientException, LDAPException {
        String str = null;
        String str2 = null;
        if (map == null || map.isEmpty()) {
            throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_NO_SASL_PROPERTIES.get(ServerConstants.SASL_MECHANISM_PLAIN));
        }
        for (String str3 : map.keySet()) {
            String lowerCase = StaticUtils.toLowerCase(str3);
            if (lowerCase.equals(ToolConstants.SASL_PROPERTY_AUTHID)) {
                Iterator<String> it = map.get(str3).iterator();
                if (it.hasNext()) {
                    str = it.next();
                    if (it.hasNext()) {
                        throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_AUTHID_SINGLE_VALUED.get());
                    }
                } else {
                    continue;
                }
            } else {
                if (!lowerCase.equals(ToolConstants.SASL_PROPERTY_AUTHZID)) {
                    throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_INVALID_SASL_PROPERTY.get(str3, ServerConstants.SASL_MECHANISM_PLAIN));
                }
                Iterator<String> it2 = map.get(str3).iterator();
                if (it2.hasNext()) {
                    str2 = it2.next();
                    if (it2.hasNext()) {
                        throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_AUTHZID_SINGLE_VALUED.get());
                    }
                } else {
                    continue;
                }
            }
        }
        if (str == null || str.length() == 0) {
            throw new ClientException(89, ToolMessages.ERR_LDAPAUTH_SASL_AUTHID_REQUIRED.get(ServerConstants.SASL_MECHANISM_PLAIN));
        }
        if (aSN1OctetString2 == null) {
            System.out.print(ToolMessages.INFO_LDAPAUTH_PASSWORD_PROMPT.get(str));
            char[] readPassword = PasswordReader.readPassword();
            if (readPassword == null) {
                aSN1OctetString2 = new ASN1OctetString();
            } else {
                aSN1OctetString2 = new ASN1OctetString(StaticUtils.getBytes(readPassword));
                Arrays.fill(readPassword, (char) 0);
            }
        }
        StringBuilder sb = new StringBuilder();
        if (str2 != null) {
            sb.append(str2);
        }
        sb.append((char) 0);
        sb.append(str);
        sb.append((char) 0);
        sb.append(aSN1OctetString2.stringValue());
        try {
            this.writer.writeMessage(new LDAPMessage(this.nextMessageID.getAndIncrement(), new BindRequestProtocolOp(aSN1OctetString, ServerConstants.SASL_MECHANISM_PLAIN, new ASN1OctetString(sb.toString())), arrayList));
            try {
                LDAPMessage readMessage = this.reader.readMessage();
                if (readMessage == null) {
                    throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CONNECTION_CLOSED_WITHOUT_BIND_RESPONSE.get());
                }
                ArrayList<LDAPControl> controls = readMessage.getControls();
                if (controls != null && !controls.isEmpty()) {
                    arrayList2.addAll(controls);
                }
                switch (readMessage.getProtocolOpType()) {
                    case 97:
                        BindResponseProtocolOp bindResponseProtocolOp = readMessage.getBindResponseProtocolOp();
                        int resultCode = bindResponseProtocolOp.getResultCode();
                        if (resultCode == 0) {
                            return null;
                        }
                        throw new LDAPException(resultCode, bindResponseProtocolOp.getErrorMessage(), ToolMessages.ERR_LDAPAUTH_SASL_BIND_FAILED.get(ServerConstants.SASL_MECHANISM_PLAIN), bindResponseProtocolOp.getMatchedDN(), null);
                    case 120:
                        ExtendedResponseProtocolOp extendedResponseProtocolOp = readMessage.getExtendedResponseProtocolOp();
                        String oid = extendedResponseProtocolOp.getOID();
                        if (oid == null || !oid.equals(LDAPConstants.OID_NOTICE_OF_DISCONNECTION)) {
                            throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_EXTENDED_RESPONSE.get(String.valueOf(extendedResponseProtocolOp)));
                        }
                        throw new LDAPException(extendedResponseProtocolOp.getResultCode(), ToolMessages.ERR_LDAPAUTH_SERVER_DISCONNECT.get(Integer.valueOf(extendedResponseProtocolOp.getResultCode()), extendedResponseProtocolOp.getErrorMessage()));
                    default:
                        throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_RESPONSE.get(String.valueOf(readMessage.getProtocolOp())));
                }
            } catch (IOException e) {
                throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e)), e);
            } catch (ASN1Exception e2) {
                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e2)), e2);
            } catch (LDAPException e3) {
                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e3)), e3);
            } catch (Exception e4) {
                throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e4)), e4);
            }
        } catch (IOException e5) {
            throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_SASL_BIND.get(ServerConstants.SASL_MECHANISM_PLAIN, StaticUtils.getExceptionMessage(e5)), e5);
        } catch (Exception e6) {
            throw new ClientException(83, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_SASL_BIND.get(ServerConstants.SASL_MECHANISM_PLAIN, StaticUtils.getExceptionMessage(e6)), e6);
        }
    }

    public static LinkedHashMap<String, Message> getSASLPlainProperties() {
        LinkedHashMap<String, Message> linkedHashMap = new LinkedHashMap<>(2);
        linkedHashMap.put(ToolConstants.SASL_PROPERTY_AUTHID, ToolMessages.INFO_LDAPAUTH_PROPERTY_DESCRIPTION_AUTHID.get());
        linkedHashMap.put(ToolConstants.SASL_PROPERTY_AUTHZID, ToolMessages.INFO_LDAPAUTH_PROPERTY_DESCRIPTION_AUTHZID.get());
        return linkedHashMap;
    }

    @Override // java.security.PrivilegedExceptionAction
    public Object run() throws ClientException, LDAPException {
        ASN1OctetString aSN1OctetString;
        byte[] evaluateChallenge;
        if (this.saslMechanism == null) {
            throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_NONSASL_RUN_INVOCATION.get(StaticUtils.getBacktrace()));
        }
        if (!this.saslMechanism.equals(ServerConstants.SASL_MECHANISM_GSSAPI)) {
            throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_RUN_INVOCATION.get(this.saslMechanism, StaticUtils.getBacktrace()));
        }
        HashMap hashMap = new HashMap();
        hashMap.put("javax.security.sasl.qop", this.gssapiQoP);
        hashMap.put("javax.security.sasl.server.authentication", ServerConstants.CONFIG_VALUE_TRUE);
        try {
            SaslClient createSaslClient = Sasl.createSaslClient(new String[]{ServerConstants.SASL_MECHANISM_GSSAPI}, this.gssapiAuthzID, LDAPURL.DEFAULT_SCHEME, this.hostName, hashMap, this);
            if (createSaslClient.hasInitialResponse()) {
                try {
                    aSN1OctetString = new ASN1OctetString(createSaslClient.evaluateChallenge(new byte[0]));
                } catch (Exception e) {
                    throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_GSSAPI_CANNOT_CREATE_INITIAL_CHALLENGE.get(StaticUtils.getExceptionMessage(e)), e);
                }
            } else {
                aSN1OctetString = null;
            }
            try {
                this.writer.writeMessage(new LDAPMessage(this.nextMessageID.getAndIncrement(), new BindRequestProtocolOp(this.gssapiBindDN, ServerConstants.SASL_MECHANISM_GSSAPI, aSN1OctetString)));
                try {
                    LDAPMessage readMessage = this.reader.readMessage();
                    if (readMessage == null) {
                        throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CONNECTION_CLOSED_WITHOUT_BIND_RESPONSE.get());
                    }
                    switch (readMessage.getProtocolOpType()) {
                        case 97:
                            break;
                        case 120:
                            ExtendedResponseProtocolOp extendedResponseProtocolOp = readMessage.getExtendedResponseProtocolOp();
                            String oid = extendedResponseProtocolOp.getOID();
                            if (oid == null || !oid.equals(LDAPConstants.OID_NOTICE_OF_DISCONNECTION)) {
                                throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_EXTENDED_RESPONSE.get(String.valueOf(extendedResponseProtocolOp)));
                            }
                            throw new LDAPException(extendedResponseProtocolOp.getResultCode(), ToolMessages.ERR_LDAPAUTH_SERVER_DISCONNECT.get(Integer.valueOf(extendedResponseProtocolOp.getResultCode()), extendedResponseProtocolOp.getErrorMessage()));
                        default:
                            throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_RESPONSE.get(String.valueOf(readMessage.getProtocolOp())));
                    }
                    while (true) {
                        BindResponseProtocolOp bindResponseProtocolOp = readMessage.getBindResponseProtocolOp();
                        int resultCode = bindResponseProtocolOp.getResultCode();
                        if (resultCode == 0) {
                            ASN1OctetString serverSASLCredentials = bindResponseProtocolOp.getServerSASLCredentials();
                            if (serverSASLCredentials != null) {
                                try {
                                    createSaslClient.evaluateChallenge(serverSASLCredentials.value());
                                } catch (Exception e2) {
                                    throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_GSSAPI_CANNOT_VALIDATE_SERVER_CREDS.get(StaticUtils.getExceptionMessage(e2)), e2);
                                }
                            }
                            if (createSaslClient.isComplete()) {
                                return null;
                            }
                            throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_GSSAPI_UNEXPECTED_SUCCESS_RESPONSE.get());
                        }
                        if (resultCode != 14) {
                            throw new LDAPException(resultCode, bindResponseProtocolOp.getErrorMessage(), ToolMessages.ERR_LDAPAUTH_GSSAPI_BIND_FAILED.get(), bindResponseProtocolOp.getMatchedDN(), null);
                        }
                        ASN1OctetString serverSASLCredentials2 = bindResponseProtocolOp.getServerSASLCredentials();
                        if (serverSASLCredentials2 == null) {
                            try {
                                evaluateChallenge = createSaslClient.evaluateChallenge(new byte[0]);
                            } catch (Exception e3) {
                                throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_GSSAPI_CANNOT_VALIDATE_SERVER_CREDS.get(StaticUtils.getExceptionMessage(e3)), e3);
                            }
                        } else {
                            evaluateChallenge = createSaslClient.evaluateChallenge(serverSASLCredentials2.value());
                        }
                        try {
                            this.writer.writeMessage(new LDAPMessage(this.nextMessageID.getAndIncrement(), new BindRequestProtocolOp(this.gssapiBindDN, ServerConstants.SASL_MECHANISM_GSSAPI, new ASN1OctetString(evaluateChallenge))));
                            try {
                                readMessage = this.reader.readMessage();
                                if (readMessage == null) {
                                    throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CONNECTION_CLOSED_WITHOUT_BIND_RESPONSE.get());
                                }
                                switch (readMessage.getProtocolOpType()) {
                                    case 97:
                                    case 120:
                                        ExtendedResponseProtocolOp extendedResponseProtocolOp2 = readMessage.getExtendedResponseProtocolOp();
                                        String oid2 = extendedResponseProtocolOp2.getOID();
                                        if (oid2 == null || !oid2.equals(LDAPConstants.OID_NOTICE_OF_DISCONNECTION)) {
                                            throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_EXTENDED_RESPONSE.get(String.valueOf(extendedResponseProtocolOp2)));
                                        }
                                        throw new LDAPException(extendedResponseProtocolOp2.getResultCode(), ToolMessages.ERR_LDAPAUTH_SERVER_DISCONNECT.get(Integer.valueOf(extendedResponseProtocolOp2.getResultCode()), extendedResponseProtocolOp2.getErrorMessage()));
                                    default:
                                        throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_RESPONSE.get(String.valueOf(readMessage.getProtocolOp())));
                                }
                            } catch (IOException e4) {
                                throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e4)), e4);
                            } catch (ASN1Exception e5) {
                                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e5)), e5);
                            } catch (LDAPException e6) {
                                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e6)), e6);
                            } catch (Exception e7) {
                                throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e7)), e7);
                            }
                        } catch (IOException e8) {
                            throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_SASL_BIND.get(ServerConstants.SASL_MECHANISM_GSSAPI, StaticUtils.getExceptionMessage(e8)), e8);
                        } catch (Exception e9) {
                            throw new ClientException(83, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_SASL_BIND.get(ServerConstants.SASL_MECHANISM_GSSAPI, StaticUtils.getExceptionMessage(e9)), e9);
                        }
                    }
                } catch (IOException e10) {
                    throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e10)), e10);
                } catch (ASN1Exception e11) {
                    throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e11)), e11);
                } catch (LDAPException e12) {
                    throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e12)), e12);
                } catch (Exception e13) {
                    throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_BIND_RESPONSE.get(StaticUtils.getExceptionMessage(e13)), e13);
                }
            } catch (IOException e14) {
                throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_SASL_BIND.get(ServerConstants.SASL_MECHANISM_GSSAPI, StaticUtils.getExceptionMessage(e14)), e14);
            } catch (Exception e15) {
                throw new ClientException(83, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_SASL_BIND.get(ServerConstants.SASL_MECHANISM_GSSAPI, StaticUtils.getExceptionMessage(e15)), e15);
            }
        } catch (Exception e16) {
            throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_GSSAPI_CANNOT_CREATE_SASL_CLIENT.get(StaticUtils.getExceptionMessage(e16)), e16);
        }
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
        if (this.saslMechanism == null) {
            throw new UnsupportedCallbackException(callbackArr[0], ToolMessages.ERR_LDAPAUTH_NONSASL_CALLBACK_INVOCATION.get(StaticUtils.getBacktrace()).toString());
        }
        if (!this.saslMechanism.equals(ServerConstants.SASL_MECHANISM_GSSAPI)) {
            throw new UnsupportedCallbackException(callbackArr[0], ToolMessages.ERR_LDAPAUTH_UNEXPECTED_CALLBACK_INVOCATION.get(this.saslMechanism, StaticUtils.getBacktrace()).toString());
        }
        for (Callback callback : callbackArr) {
            if (callback instanceof NameCallback) {
                ((NameCallback) callback).setName(this.gssapiAuthID);
            } else {
                if (!(callback instanceof PasswordCallback)) {
                    throw new UnsupportedCallbackException(callback, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_GSSAPI_CALLBACK.get(String.valueOf(callback)).toString());
                }
                if (this.gssapiAuthPW == null) {
                    System.out.print(ToolMessages.INFO_LDAPAUTH_PASSWORD_PROMPT.get(this.gssapiAuthID));
                    this.gssapiAuthPW = PasswordReader.readPassword();
                }
                ((PasswordCallback) callback).setPassword(this.gssapiAuthPW);
            }
        }
    }

    public ASN1OctetString requestAuthorizationIdentity() throws ClientException, LDAPException {
        String stringValue;
        try {
            this.writer.writeMessage(new LDAPMessage(this.nextMessageID.getAndIncrement(), new ExtendedRequestProtocolOp(ServerConstants.OID_WHO_AM_I_REQUEST)));
            try {
                LDAPMessage readMessage = this.reader.readMessage();
                if (readMessage == null) {
                    throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CONNECTION_CLOSED_WITHOUT_BIND_RESPONSE.get());
                }
                if (readMessage.getProtocolOpType() != 120) {
                    throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_UNEXPECTED_RESPONSE.get(String.valueOf(readMessage.getProtocolOp())));
                }
                ExtendedResponseProtocolOp extendedResponseProtocolOp = readMessage.getExtendedResponseProtocolOp();
                String oid = extendedResponseProtocolOp.getOID();
                if (oid != null && oid.equals(LDAPConstants.OID_NOTICE_OF_DISCONNECTION)) {
                    throw new LDAPException(extendedResponseProtocolOp.getResultCode(), ToolMessages.ERR_LDAPAUTH_SERVER_DISCONNECT.get(Integer.valueOf(extendedResponseProtocolOp.getResultCode()), extendedResponseProtocolOp.getErrorMessage()));
                }
                int resultCode = extendedResponseProtocolOp.getResultCode();
                if (resultCode != 0) {
                    throw new LDAPException(resultCode, extendedResponseProtocolOp.getErrorMessage(), ToolMessages.ERR_LDAPAUTH_WHOAMI_FAILED.get(), extendedResponseProtocolOp.getMatchedDN(), null);
                }
                ASN1OctetString value = extendedResponseProtocolOp.getValue();
                if (value == null || value.value() == null || value.value().length == 0 || (stringValue = value.stringValue()) == null || stringValue.length() == 0 || stringValue.equalsIgnoreCase("dn:")) {
                    return null;
                }
                return value;
            } catch (IOException e) {
                throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_WHOAMI_RESPONSE.get(StaticUtils.getExceptionMessage(e)), e);
            } catch (ASN1Exception e2) {
                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_WHOAMI_RESPONSE.get(StaticUtils.getExceptionMessage(e2)), e2);
            } catch (LDAPException e3) {
                throw new ClientException(84, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_WHOAMI_RESPONSE.get(StaticUtils.getExceptionMessage(e3)), e3);
            } catch (Exception e4) {
                throw new ClientException(82, ToolMessages.ERR_LDAPAUTH_CANNOT_READ_WHOAMI_RESPONSE.get(StaticUtils.getExceptionMessage(e4)), e4);
            }
        } catch (IOException e5) {
            throw new ClientException(81, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_WHOAMI_REQUEST.get(StaticUtils.getExceptionMessage(e5)), e5);
        } catch (Exception e6) {
            throw new ClientException(83, ToolMessages.ERR_LDAPAUTH_CANNOT_SEND_WHOAMI_REQUEST.get(StaticUtils.getExceptionMessage(e6)), e6);
        }
    }
}
