package org.apache.kerby.kerberos.kdc.identitybackend;

import java.io.IOException;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Map;
import org.apache.directory.api.ldap.model.cursor.CursorException;
import org.apache.directory.api.ldap.model.cursor.EntryCursor;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
import org.apache.directory.api.ldap.model.message.ModifyRequestImpl;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.name.Rdn;
import org.apache.directory.api.util.GeneralizedTime;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.kerby.config.Config;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.identity.backend.AbstractIdentityBackend;
import org.apache.kerby.kerberos.kerb.request.KrbIdentity;
import org.apache.kerby.kerberos.kerb.type.KerberosTime;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.class */
public class LdapIdentityBackend extends AbstractIdentityBackend {
    private LdapConnection connection;
    private boolean isLdapNetworkConnection;
    private static final Logger LOG = LoggerFactory.getLogger(LdapIdentityBackend.class);

    /* loaded from: input_file:org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend$KeysInfo.class */
    static class KeysInfo {
        private String[] etypes;
        private byte[][] keys;
        private String[] kvnos;

        /* JADX WARN: Type inference failed for: r1v5, types: [byte[], byte[][]] */
        KeysInfo(KrbIdentity krbIdentity) throws KrbException {
            Map keys = krbIdentity.getKeys();
            this.etypes = new String[keys.size()];
            this.keys = new byte[keys.size()];
            this.kvnos = new String[keys.size()];
            int i = 0;
            for (Map.Entry entry : keys.entrySet()) {
                this.etypes[i] = ((EncryptionType) entry.getKey()).getValue() + "";
                try {
                    this.keys[i] = ((EncryptionKey) entry.getValue()).encode();
                    this.kvnos[i] = ((EncryptionKey) entry.getValue()).getKvno() + "";
                    i++;
                } catch (IOException e) {
                    throw new KrbException("encode key failed", e);
                }
            }
        }

        public String[] getEtypes() {
            return this.etypes;
        }

        public byte[][] getKeys() {
            return this.keys;
        }

        public String[] getKvnos() {
            return this.kvnos;
        }
    }

    public LdapIdentityBackend() {
        this.isLdapNetworkConnection = true;
    }

    public LdapIdentityBackend(Config config) {
        setConfig(config);
        this.isLdapNetworkConnection = true;
    }

    public LdapIdentityBackend(Config config, LdapConnection ldapConnection) {
        setConfig(config);
        this.connection = ldapConnection;
    }

    private void startConnection() throws LdapException {
        if (this.isLdapNetworkConnection) {
            this.connection = new LdapNetworkConnection(getConfig().getString("host"), getConfig().getInt("port").intValue());
        }
        this.connection.bind(getConfig().getString("admin_dn"), getConfig().getString("admin_pw"));
    }

    protected void doInitialize() throws KrbException {
        LOG.info("Initializing the Ldap identity backend.");
        try {
            startConnection();
        } catch (LdapException e) {
            LOG.error("Failed to start connection with LDAP", e);
            throw new KrbException("Failed to start connection with LDAP", e);
        }
    }

    protected void doStop() throws KrbException {
        try {
            closeConnection();
            LOG.info("closed connection with LDAP.");
        } catch (IOException e) {
            LOG.error("Failed to close connection with LDAP", e);
            throw new KrbException("Failed to close connection with LDAP", e);
        }
    }

    private void closeConnection() throws IOException {
        if (this.connection.isConnected()) {
            this.connection.close();
        }
    }

    private String toGeneralizedTime(KerberosTime kerberosTime) {
        return new GeneralizedTime((Date) kerberosTime.getValue()).toString();
    }

    protected KrbIdentity doAddIdentity(KrbIdentity krbIdentity) throws KrbException {
        String principalName = krbIdentity.getPrincipalName();
        String[] split = principalName.split("@");
        DefaultEntry defaultEntry = new DefaultEntry();
        KeysInfo keysInfo = new KeysInfo(krbIdentity);
        try {
            defaultEntry.setDn(toDn(principalName));
            defaultEntry.add("objectClass", new String[]{"top", "person", "inetOrgPerson", "krb5principal", "krb5kdcentry"});
            defaultEntry.add("cn", new String[]{split[0]});
            defaultEntry.add("sn", new String[]{split[0]});
            defaultEntry.add("krb5Key", keysInfo.getKeys());
            defaultEntry.add("krb5EncryptionType", keysInfo.getEtypes());
            defaultEntry.add("krb5PrincipalName", new String[]{principalName});
            defaultEntry.add("krb5KeyVersionNumber", new String[]{krbIdentity.getKeyVersion() + ""});
            defaultEntry.add("krb5KDCFlags", new String[]{"" + krbIdentity.getKdcFlags()});
            defaultEntry.add("krb5AccountDisabled", new String[]{"" + krbIdentity.isDisabled()});
            defaultEntry.add("createTimestamp", new String[]{toGeneralizedTime(krbIdentity.getCreatedTime())});
            defaultEntry.add("krb5AccountLockedOut", new String[]{"" + krbIdentity.isLocked()});
            defaultEntry.add("krb5AccountExpirationTime", new String[]{toGeneralizedTime(krbIdentity.getExpireTime())});
            this.connection.add(defaultEntry);
            return getIdentity(principalName);
        } catch (LdapInvalidDnException e) {
            LOG.error("Error occurred while adding identity", e);
            throw new KrbException("Failed to add identity", e);
        } catch (LdapException e2) {
            LOG.error("Error occurred while adding identity", e2);
            throw new KrbException("Failed to add identity", e2);
        }
    }

    protected KrbIdentity doGetIdentity(String str) throws KrbException {
        KrbIdentity krbIdentity = new KrbIdentity(str);
        try {
            Entry lookup = this.connection.lookup(toDn(str), new String[]{"*", "+"});
            if (lookup == null) {
                return null;
            }
            LdapIdentityGetHelper ldapIdentityGetHelper = new LdapIdentityGetHelper(lookup);
            krbIdentity.setPrincipal(ldapIdentityGetHelper.getPrincipalName());
            krbIdentity.setKeyVersion(ldapIdentityGetHelper.getKeyVersion());
            krbIdentity.addKeys(ldapIdentityGetHelper.getKeys());
            krbIdentity.setCreatedTime(ldapIdentityGetHelper.getCreatedTime());
            krbIdentity.setExpireTime(ldapIdentityGetHelper.getExpireTime());
            krbIdentity.setDisabled(ldapIdentityGetHelper.getDisabled());
            krbIdentity.setKdcFlags(ldapIdentityGetHelper.getKdcFlags());
            krbIdentity.setLocked(ldapIdentityGetHelper.getLocked());
            return krbIdentity;
        } catch (IOException e) {
            throw new KrbException("Failed to retrieve identity", e);
        } catch (ParseException e2) {
            throw new KrbException("Failed to retrieve identity", e2);
        } catch (LdapException e3) {
            throw new KrbException("Failed to retrieve identity", e3);
        }
    }

    protected KrbIdentity doUpdateIdentity(KrbIdentity krbIdentity) throws KrbException {
        String principalName = krbIdentity.getPrincipalName();
        KeysInfo keysInfo = new KeysInfo(krbIdentity);
        try {
            Dn dn = toDn(principalName);
            ModifyRequestImpl modifyRequestImpl = new ModifyRequestImpl();
            modifyRequestImpl.setName(dn);
            modifyRequestImpl.replace("krb5KeyVersionNumber", new String[]{"" + krbIdentity.getKeyVersion()});
            modifyRequestImpl.replace("krb5Key", keysInfo.getKeys());
            modifyRequestImpl.replace("krb5EncryptionType", keysInfo.getEtypes());
            modifyRequestImpl.replace("krb5PrincipalName", new String[]{krbIdentity.getPrincipalName()});
            modifyRequestImpl.replace("krb5AccountExpirationTime", new String[]{toGeneralizedTime(krbIdentity.getExpireTime())});
            modifyRequestImpl.replace("krb5AccountDisabled", new String[]{"" + krbIdentity.isDisabled()});
            modifyRequestImpl.replace("krb5KDCFlags", new String[]{"" + krbIdentity.getKdcFlags()});
            modifyRequestImpl.replace("krb5AccountLockedOut", new String[]{"" + krbIdentity.isLocked()});
            this.connection.modify(modifyRequestImpl);
            return getIdentity(principalName);
        } catch (LdapException e) {
            LOG.error("Error occurred while updating identity: " + principalName, e);
            throw new KrbException("Failed to update identity", e);
        }
    }

    protected void doDeleteIdentity(String str) throws KrbException {
        try {
            this.connection.delete(toDn(str));
        } catch (LdapException e) {
            LOG.error("Error occurred while deleting identity: " + str);
            throw new KrbException("Failed to remove identity", e);
        }
    }

    private Dn toDn(String str) throws LdapInvalidDnException, LdapInvalidAttributeValueException {
        return new Dn(new Rdn("uid", str.split("@")[0]), new Dn(new String[]{getConfig().getString("base_dn")}));
    }

    protected Iterable<String> doGetIdentities() {
        EntryCursor search;
        ArrayList arrayList = new ArrayList();
        try {
            search = this.connection.search(getConfig().getString("base_dn"), "(objectclass=*)", SearchScope.ONELEVEL, new String[]{"krb5PrincipalName"});
        } catch (CursorException e) {
            LOG.error("With CursorException when EntryCursor getting. " + e);
        } catch (IOException e2) {
            LOG.error("With IOException when closing EntryCursor. " + e2);
        } catch (LdapException e3) {
            LOG.error("With LdapException when LdapConnection searching. " + e3);
        }
        if (search == null) {
            return null;
        }
        while (search.next()) {
            arrayList.add(((Entry) search.get()).get("krb5PrincipalName").getString());
        }
        search.close();
        Collections.sort(arrayList);
        return arrayList;
    }
}
