package org.infinispan.server.test.core.ldap;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
import org.apache.directory.api.ldap.model.ldif.LdifEntry;
import org.apache.directory.api.ldap.model.ldif.LdifReader;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.AnnotationUtils;
import org.apache.directory.server.core.annotations.ContextEntry;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.annotations.CreateIndex;
import org.apache.directory.server.core.annotations.CreatePartition;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.factory.DSAnnotationProcessor;
import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
import org.apache.directory.server.factory.ServerAnnotationProcessor;
import org.apache.directory.server.kerberos.KerberosConfig;
import org.apache.directory.server.kerberos.kdc.KdcServer;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
import org.apache.directory.server.kerberos.shared.keytab.Keytab;
import org.apache.directory.server.kerberos.shared.keytab.KeytabEntry;
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.directory.server.protocol.shared.transport.Transport;
import org.apache.directory.server.protocol.shared.transport.UdpTransport;
import org.apache.directory.shared.kerberos.KerberosTime;
import org.apache.directory.shared.kerberos.components.EncryptionKey;
import org.infinispan.commons.util.Util;
import org.infinispan.server.security.AbstractAuthenticationKeyCloak;

/* loaded from: input_file:org/infinispan/server/test/core/ldap/ApacheLdapServer.class */
public class ApacheLdapServer extends AbstractLdapServer {
    private static final String LDAP_HOST = "0.0.0.0";
    public static final int KDC_PORT = 6088;
    public static final int LDAP_PORT = 10389;
    public static final int LDAPS_PORT = 10636;
    public static final String DOMAIN = "dc=infinispan,dc=org";
    public static final String REALM = "INFINISPAN.ORG";
    private DirectoryService directoryService;
    private LdapServer ldapServer;
    private KdcServer kdcServer;
    private boolean withKdc;
    private String initLDIF;

    public ApacheLdapServer(boolean z, String str) {
        this.withKdc = z;
        this.initLDIF = str;
    }

    @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", port = LDAP_PORT, address = LDAP_HOST)})
    public void createLdap(String str, String str2) throws Exception {
        SchemaManager schemaManager = this.directoryService.getSchemaManager();
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(str2);
        try {
            Iterator it = new LdifReader(resourceAsStream).iterator();
            while (it.hasNext()) {
                this.directoryService.getAdminSession().add(new DefaultEntry(schemaManager, ((LdifEntry) it.next()).getEntry()));
            }
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
            this.ldapServer = ServerAnnotationProcessor.instantiateLdapServer((CreateLdapServer) AnnotationUtils.getInstance(CreateLdapServer.class), this.directoryService);
            this.ldapServer.setKeystoreFile(str);
            this.ldapServer.setCertificatePassword("secret");
            Transport tcpTransport = new TcpTransport(LDAPS_PORT);
            tcpTransport.enableSSL(true);
            this.ldapServer.addTransports(new Transport[]{tcpTransport});
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @CreateDS(name = "InfinispanDS", partitions = {@CreatePartition(name = AbstractAuthenticationKeyCloak.INFINISPAN_REALM, suffix = DOMAIN, contextEntry = @ContextEntry(entryLdif = "dn: dc=infinispan,dc=org\ndc: infinispan\nobjectClass: top\nobjectClass: domain\n\n"), indexes = {@CreateIndex(attribute = "objectClass"), @CreateIndex(attribute = "dc"), @CreateIndex(attribute = "ou"), @CreateIndex(attribute = "uid")})})
    public void createDs() throws Exception {
        this.directoryService = DSAnnotationProcessor.getDirectoryService();
        this.directoryService.getChangeLog().setEnabled(false);
        this.directoryService.addLast(new KeyDerivationInterceptor());
    }

    @Override // org.infinispan.server.test.core.ldap.AbstractLdapServer
    public void start(String str, File file) throws Exception {
        if (this.withKdc) {
            generateKeyTab(new File(file, "hotrod.keytab"), "hotrod/datagrid@INFINISPAN.ORG", "hotrodPassword");
            generateKeyTab(new File(file, "http.keytab"), "HTTP/localhost@INFINISPAN.ORG", "httpPassword");
        }
        createDs();
        createLdap(str, this.initLDIF);
        this.ldapServer.start();
        if (this.withKdc) {
            startKdc();
        }
    }

    @Override // org.infinispan.server.test.core.ldap.AbstractLdapServer
    public void stop() throws Exception {
        try {
            if (this.kdcServer != null) {
                this.kdcServer.stop();
                this.kdcServer = null;
            }
            this.ldapServer.stop();
            this.directoryService.shutdown();
        } finally {
            Util.recursiveFileRemove(this.directoryService.getInstanceLayout().getInstanceDirectory());
        }
    }

    private void startKdc() throws IOException, LdapInvalidDnException {
        createKdc();
        this.kdcServer.start();
    }

    private void createKdc() {
        KdcServer kdcServer = new KdcServer();
        kdcServer.setServiceName("TestKDCServer");
        kdcServer.setSearchBaseDn(DOMAIN);
        KerberosConfig config = kdcServer.getConfig();
        config.setServicePrincipal("krbtgt/INFINISPAN.ORG@INFINISPAN.ORG");
        config.setPrimaryRealm(REALM);
        config.setMaximumTicketLifetime(86400000L);
        config.setMaximumRenewableLifetime(604800000L);
        config.setPaEncTimestampRequired(false);
        kdcServer.addTransports(new Transport[]{new UdpTransport(LDAP_HOST, KDC_PORT)});
        kdcServer.setDirectoryService(this.directoryService);
        this.kdcServer = kdcServer;
    }

    public static String generateKeyTab(File file, String... strArr) {
        ArrayList arrayList = new ArrayList();
        KerberosTime kerberosTime = new KerberosTime();
        int i = 0;
        while (i < strArr.length) {
            int i2 = i;
            int i3 = i + 1;
            String str = strArr[i2];
            i = i3 + 1;
            Iterator it = KerberosKeyFactory.getKerberosKeys(str, strArr[i3]).entrySet().iterator();
            while (it.hasNext()) {
                EncryptionKey encryptionKey = (EncryptionKey) ((Map.Entry) it.next()).getValue();
                arrayList.add(new KeytabEntry(str, 1, kerberosTime, (byte) encryptionKey.getKeyVersion(), encryptionKey));
            }
        }
        Keytab keytab = Keytab.getInstance();
        keytab.setEntries(arrayList);
        try {
            keytab.write(file);
            return file.getAbsolutePath();
        } catch (IOException e) {
            throw new IllegalStateException("Cannot create keytab: " + file, e);
        }
    }
}
