package org.wso2.carbon.apacheds.impl;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import javax.naming.NamingException;
import org.apache.axiom.om.util.Base64;
import org.apache.directory.server.core.CoreSession;
import org.apache.directory.server.core.DirectoryService;
import org.apache.directory.server.core.LdapPrincipal;
import org.apache.directory.server.core.factory.DirectoryServiceFactory;
import org.apache.directory.server.core.interceptor.Interceptor;
import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.ldap.handlers.bind.cramMD5.CramMd5MechanismHandler;
import org.apache.directory.server.ldap.handlers.bind.digestMD5.DigestMd5MechanismHandler;
import org.apache.directory.server.ldap.handlers.bind.gssapi.GssapiMechanismHandler;
import org.apache.directory.server.ldap.handlers.bind.ntlm.NtlmMechanismHandler;
import org.apache.directory.server.ldap.handlers.bind.plain.PlainMechanismHandler;
import org.apache.directory.server.ldap.handlers.extended.StartTlsHandler;
import org.apache.directory.server.ldap.handlers.extended.StoredProcedureExtendedOperationHandler;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
import org.apache.directory.shared.ldap.entry.DefaultServerAttribute;
import org.apache.directory.shared.ldap.entry.ModificationOperation;
import org.apache.directory.shared.ldap.entry.ServerModification;
import org.apache.directory.shared.ldap.exception.LdapException;
import org.apache.directory.shared.ldap.schema.AttributeType;
import org.apache.directory.shared.ldap.schema.SchemaManager;
import org.apache.directory.shared.ldap.schema.registries.AttributeTypeRegistry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.apacheds.LDAPConfiguration;
import org.wso2.carbon.apacheds.LDAPServer;
import org.wso2.carbon.apacheds.PartitionManager;
import org.wso2.carbon.ldap.server.exception.DirectoryServerException;

/* loaded from: input_file:org/wso2/carbon/apacheds/impl/ApacheLDAPServer.class */
public class ApacheLDAPServer implements LDAPServer {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ApacheLDAPServer.class);
    private DirectoryService service;
    private LdapServer ldapServer;
    private PartitionManager partitionManager;
    private LDAPConfiguration ldapConfigurations;

    @Override // org.wso2.carbon.apacheds.LDAPServer
    public void init(LDAPConfiguration lDAPConfiguration) throws DirectoryServerException {
        if (lDAPConfiguration == null) {
            logger.error("LDAP server initialization failed. LDAP server configuration is invalid.");
            throw new DirectoryServerException("Cannot initialize LDAP server. Configuration is null");
        }
        this.ldapConfigurations = lDAPConfiguration;
        try {
            initializeDefaultDirectoryService();
            initializeLDAPServer();
            this.partitionManager = new ApacheDirectoryPartitionManager(this.service, this.ldapConfigurations.getWorkingDirectory());
        } catch (Exception e) {
            logger.error("LDAP server initialization failed.", (Throwable) e);
            throw new DirectoryServerException("Error initializing ApacheLDAPServer. ", e);
        }
    }

    public DirectoryService getService() {
        return this.service;
    }

    public void setService(DirectoryService directoryService) {
        this.service = directoryService;
    }

    @Override // org.wso2.carbon.apacheds.LDAPServer
    public void start() throws DirectoryServerException {
        try {
            this.service.startup();
            this.ldapServer.start();
            logger.info("LDAP server started.");
        } catch (Exception e) {
            logger.error("Error starting LDAP server.", (Throwable) e);
            throw new DirectoryServerException("Can not start the server ", e);
        }
    }

    @Override // org.wso2.carbon.apacheds.LDAPServer
    public void stop() throws DirectoryServerException {
        try {
            this.ldapServer.stop();
            this.service.shutdown();
            logger.info("LDAP server stopped.");
        } catch (Exception e) {
            logger.error("Error stopping LDAP server.", (Throwable) e);
            throw new DirectoryServerException("Can not start the server ", e);
        }
    }

    @Override // org.wso2.carbon.apacheds.LDAPServer
    public PartitionManager getPartitionManager() throws DirectoryServerException {
        return this.partitionManager;
    }

    protected void initializeDefaultDirectoryService() throws DirectoryServerException {
        try {
            DirectoryServiceFactory directoryServiceFactory = CarbonDirectoryServiceFactory.DEFAULT;
            this.service = directoryServiceFactory.getDirectoryService();
            configureDirectoryService();
            directoryServiceFactory.init(this.ldapConfigurations.getInstanceId());
        } catch (Exception e) {
            throw new DirectoryServerException("Can not start the Default apacheds service ", e);
        }
    }

    private AttributeType getAttributeType(String str) throws DirectoryServerException {
        if (this.service == null) {
            logger.error("The directory service is null. LDAP server might not have started.");
            throw new DirectoryServerException("The directory service is null. LDAP server might not have started.");
        }
        SchemaManager schemaManager = this.service.getSchemaManager();
        if (schemaManager == null) {
            logger.error("Cannot access schema manager. Directory server may not have started.");
            throw new DirectoryServerException("Cannot access schema manager. Directory server may not have started.");
        }
        AttributeTypeRegistry attributeTypeRegistry = schemaManager.getAttributeTypeRegistry();
        if (attributeTypeRegistry == null) {
            logger.error("Could not get attribute registry.");
            throw new DirectoryServerException("Could not get attribute registry.");
        }
        try {
            return attributeTypeRegistry.lookup(attributeTypeRegistry.getOidByName(str));
        } catch (LdapException e) {
            String str2 = "An error occurred while querying attribute " + str + " from registry.";
            logger.error(str2, (Throwable) e);
            throw new DirectoryServerException(str2, e);
        }
    }

    @Override // org.wso2.carbon.apacheds.LDAPServer
    public String getConnectionDomainName() throws DirectoryServerException {
        return getAdminPrinciple().getClonedName().getName();
    }

    private LdapPrincipal getAdminPrinciple() throws DirectoryServerException {
        if (this.service == null) {
            logger.error("Directory service is null. The LDAP server may not have started yet.");
            throw new DirectoryServerException("Directory service is null. The LDAP server may not have started yet.");
        }
        try {
            CoreSession adminSession = this.service.getAdminSession();
            if (adminSession == null) {
                logger.error("Directory admin session is null. The LDAP server may not have started yet.");
                throw new DirectoryServerException("Directory admin session is null. The LDAP server may not have started yet.");
            }
            LdapPrincipal authenticatedPrincipal = adminSession.getAuthenticatedPrincipal();
            if (authenticatedPrincipal != null) {
                return authenticatedPrincipal;
            }
            logger.error("Could not retrieve admin principle. Failed changing connection user password.");
            throw new DirectoryServerException("Could not retrieve admin principle. Failed changing connection user password.");
        } catch (Exception e) {
            logger.error("An error occurred while retraining admin session.", (Throwable) e);
            throw new DirectoryServerException("An error occurred while retraining admin session.", e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v16, types: [byte[], byte[][]] */
    @Override // org.wso2.carbon.apacheds.LDAPServer
    public void changeConnectionUserPassword(String str) throws DirectoryServerException {
        if (this.service == null) {
            logger.error("Directory service is null. The LDAP server may not have started yet.");
            throw new DirectoryServerException("Directory service is null. The LDAP server may not have started yet.");
        }
        try {
            CoreSession adminSession = this.service.getAdminSession();
            if (adminSession == null) {
                logger.error("Directory admin session is null. The LDAP server may not have started yet.");
                throw new DirectoryServerException("Directory admin session is null. The LDAP server may not have started yet.");
            }
            LdapPrincipal authenticatedPrincipal = adminSession.getAuthenticatedPrincipal();
            if (authenticatedPrincipal == null) {
                logger.error("Could not retrieve admin principle. Failed changing connection user password.");
                throw new DirectoryServerException("Could not retrieve admin principle. Failed changing connection user password.");
            }
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA");
                messageDigest.update(str.getBytes());
                String str2 = "{SHA}" + Base64.encode(messageDigest.digest());
                authenticatedPrincipal.setUserPassword(str2.getBytes());
                DefaultServerAttribute defaultServerAttribute = new DefaultServerAttribute(getAttributeType(SchemaConstants.USER_PASSWORD_AT));
                defaultServerAttribute.add((byte[][]) new byte[]{str2.getBytes()});
                ServerModification serverModification = new ServerModification(ModificationOperation.REPLACE_ATTRIBUTE, defaultServerAttribute);
                ArrayList arrayList = new ArrayList();
                arrayList.add(serverModification);
                try {
                    adminSession.modify(authenticatedPrincipal.getClonedName(), arrayList);
                } catch (Exception e) {
                    logger.error("Failed changing connection user password.", (Throwable) e);
                    throw new DirectoryServerException("Failed changing connection user password.", e);
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new DirectoryServerException("Could not find digest algorithm - SHA", e2);
            }
        } catch (Exception e3) {
            logger.error("An error occurred while retraining admin session.", (Throwable) e3);
            throw new DirectoryServerException("An error occurred while retraining admin session.", e3);
        }
    }

    private void configureDirectoryService() throws NamingException, DirectoryServerException {
        if (null == this.ldapConfigurations) {
            throw new DirectoryServerException("Directory service is not initialized.");
        }
        System.setProperty("workingDirectory", this.ldapConfigurations.getWorkingDirectory());
        this.service.setShutdownHookEnabled(false);
        this.service.setInstanceId(this.ldapConfigurations.getInstanceId());
        this.service.setAllowAnonymousAccess(this.ldapConfigurations.isAllowAnonymousAccess());
        this.service.setAccessControlEnabled(this.ldapConfigurations.isAccessControlOn());
        this.service.setDenormalizeOpAttrsEnabled(this.ldapConfigurations.isDeNormalizedAttributesEnabled());
        this.service.setMaxPDUSize(this.ldapConfigurations.getMaxPDUSize());
        this.service.getChangeLog().setEnabled(this.ldapConfigurations.isChangeLogEnabled());
        List<Interceptor> interceptors = this.service.getInterceptors();
        interceptors.add(new KeyDerivationInterceptor());
        this.service.setInterceptors(interceptors);
    }

    protected void initializeLDAPServer() throws DirectoryServerException {
        if (null == this.service || null == this.ldapConfigurations) {
            throw new DirectoryServerException("The default apacheds service is not initialized. Make sure apacheds service is initialized first.");
        }
        this.ldapServer = new LdapServer();
        this.ldapServer.setTransports(new TcpTransport(this.ldapConfigurations.getLdapPort()));
        this.ldapServer.setAllowAnonymousAccess(false);
        this.ldapServer.setMaxTimeLimit(this.ldapConfigurations.getMaxTimeLimit());
        this.ldapServer.setMaxSizeLimit(this.ldapConfigurations.getMaxSizeLimit());
        this.ldapServer.setSaslHost(this.ldapConfigurations.getSaslHostName());
        this.ldapServer.setSaslPrincipal(this.ldapConfigurations.getSaslPrincipalName());
        this.ldapServer.setDirectoryService(this.service);
        setupSaslMechanisms();
        try {
            this.ldapServer.addExtendedOperationHandler(new StartTlsHandler());
            this.ldapServer.addExtendedOperationHandler(new StoredProcedureExtendedOperationHandler());
        } catch (Exception e) {
            throw new DirectoryServerException("can not add the extension handlers ", e);
        }
    }

    private void setupSaslMechanisms() {
        HashMap hashMap = new HashMap();
        hashMap.put(SupportedSaslMechanisms.PLAIN, new PlainMechanismHandler());
        hashMap.put(SupportedSaslMechanisms.CRAM_MD5, new CramMd5MechanismHandler());
        hashMap.put(SupportedSaslMechanisms.DIGEST_MD5, new DigestMd5MechanismHandler());
        hashMap.put(SupportedSaslMechanisms.GSSAPI, new GssapiMechanismHandler());
        NtlmMechanismHandler ntlmMechanismHandler = new NtlmMechanismHandler();
        hashMap.put("NTLM", ntlmMechanismHandler);
        hashMap.put(SupportedSaslMechanisms.GSS_SPNEGO, ntlmMechanismHandler);
        this.ldapServer.setSaslMechanismHandlers(hashMap);
    }
}
