package org.apache.directory.server.kerberos.kdc;

import java.io.File;
import java.io.IOException;
import java.util.Collections;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.SystemUtils;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
import org.apache.directory.api.ldap.model.entry.DefaultModification;
import org.apache.directory.api.ldap.model.entry.Modification;
import org.apache.directory.api.ldap.model.entry.ModificationOperation;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.util.Strings;
import org.apache.directory.server.core.api.LdapCoreSessionConnection;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.directory.server.protocol.shared.transport.Transport;
import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
import org.apache.directory.shared.kerberos.crypto.checksum.ChecksumType;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.rules.TemporaryFolder;

/* loaded from: input_file:org/apache/directory/server/kerberos/kdc/AbstractKerberosITest.class */
public class AbstractKerberosITest extends AbstractLdapTestUnit {
    public static final String USERS_DN = "ou=users,dc=example,dc=com";
    public static final String REALM = "EXAMPLE.COM";
    public static final String USER_UID = "hnelson";
    public static final String USER_PASSWORD = "secret";
    public static final String LDAP_SERVICE_NAME = "ldap";
    public static final String HOSTNAME = KerberosTestUtils.getHostName();

    @Rule
    public TemporaryFolder folder = new TemporaryFolder();
    protected LdapCoreSessionConnection conn;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/directory/server/kerberos/kdc/AbstractKerberosITest$ObtainTicketParameters.class */
    public class ObtainTicketParameters {
        Class<? extends Transport> transport;
        EncryptionType encryptionType;
        ChecksumType checksumType;
        Integer oldUdpPrefLimit;
        Integer oldCksumtypeDefault;

        public ObtainTicketParameters(Class<? extends Transport> cls, EncryptionType encryptionType, ChecksumType checksumType) {
            this.transport = cls;
            this.encryptionType = encryptionType;
            this.checksumType = checksumType;
        }
    }

    @Before
    public void setUp() throws Exception {
        this.conn = new LdapCoreSessionConnection(service);
        enableKerberosSchema();
    }

    @After
    public void tearDown() throws Exception {
        this.conn.close();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void testObtainTickets(ObtainTicketParameters obtainTicketParameters) throws Exception {
        setupEnv(obtainTicketParameters);
        Subject subject = new Subject();
        KerberosTestUtils.obtainTGT(subject, USER_UID, USER_PASSWORD);
        Assert.assertEquals(1L, subject.getPrivateCredentials().size());
        Assert.assertEquals(0L, subject.getPublicCredentials().size());
        KerberosTestUtils.obtainServiceTickets(subject, USER_UID, LDAP_SERVICE_NAME, HOSTNAME);
        Assert.assertEquals(2L, subject.getPrivateCredentials().size());
        Assert.assertEquals(0L, subject.getPublicCredentials().size());
        Iterator it = subject.getPrivateCredentials(KerberosTicket.class).iterator();
        while (it.hasNext()) {
            Assert.assertEquals(obtainTicketParameters.encryptionType.getValue(), ((KerberosTicket) it.next()).getSessionKeyType());
        }
    }

    private void enableKerberosSchema() throws LdapException {
        this.conn.modify("cn=Krb5kdc,ou=schema", new Modification[]{new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, "m-disabled", new String[]{"FALSE"})});
    }

    protected void setupEnv(ObtainTicketParameters obtainTicketParameters) throws Exception {
        System.setProperty("java.security.krb5.conf", createKrb5Conf(obtainTicketParameters.checksumType, obtainTicketParameters.encryptionType, obtainTicketParameters.transport == TcpTransport.class));
        kdcServer.getConfig().setEncryptionTypes(Collections.singleton(obtainTicketParameters.encryptionType));
        createPrincipal("uid=hnelson", "Last", "First Last", USER_UID, USER_PASSWORD, "hnelson@EXAMPLE.COM");
        createPrincipal("uid=krbtgt", "KDC Service", "KDC Service", "krbtgt", USER_PASSWORD, "krbtgt/EXAMPLE.COM@EXAMPLE.COM");
        createPrincipal("uid=ldap", "Service", "LDAP Service", LDAP_SERVICE_NAME, "randall", "ldap/" + HOSTNAME + "@" + REALM);
    }

    private String createKrb5Conf(ChecksumType checksumType, EncryptionType encryptionType, boolean z) throws IOException {
        File newFile = this.folder.newFile("krb5.conf");
        String str = ((((("[libdefaults]" + SystemUtils.LINE_SEPARATOR) + "default_realm = EXAMPLE.COM" + SystemUtils.LINE_SEPARATOR) + "default_tkt_enctypes = " + encryptionType.getName() + SystemUtils.LINE_SEPARATOR) + "default_tgs_enctypes = " + encryptionType.getName() + SystemUtils.LINE_SEPARATOR) + "permitted_enctypes = " + encryptionType.getName() + SystemUtils.LINE_SEPARATOR) + "default-checksum_type = " + checksumType.getName() + SystemUtils.LINE_SEPARATOR;
        if (z) {
            str = str + "udp_preference_limit = 1" + SystemUtils.LINE_SEPARATOR;
        }
        FileUtils.writeStringToFile(newFile, ((((((str + "[realms]" + SystemUtils.LINE_SEPARATOR) + "EXAMPLE.COM = {" + SystemUtils.LINE_SEPARATOR) + "kdc = " + HOSTNAME + ":" + kdcServer.getTransports()[0].getPort() + SystemUtils.LINE_SEPARATOR) + "}" + SystemUtils.LINE_SEPARATOR) + "[domain_realm]" + SystemUtils.LINE_SEPARATOR) + "." + Strings.toLowerCase(REALM) + " = " + REALM + SystemUtils.LINE_SEPARATOR) + Strings.toLowerCase(REALM) + " = " + REALM + SystemUtils.LINE_SEPARATOR);
        return newFile.getAbsolutePath();
    }

    private void createPrincipal(String str, String str2, String str3, String str4, String str5, String str6) throws LdapException {
        DefaultEntry defaultEntry = new DefaultEntry();
        defaultEntry.setDn(str + "," + USERS_DN);
        defaultEntry.add("objectClass", new String[]{"top", "person", "inetOrgPerson", "krb5principal", "krb5kdcentry"});
        defaultEntry.add("cn", new String[]{str3});
        defaultEntry.add("sn", new String[]{str2});
        defaultEntry.add("uid", new String[]{str4});
        defaultEntry.add("userPassword", new String[]{str5});
        defaultEntry.add("krb5PrincipalName", new String[]{str6});
        defaultEntry.add("krb5KeyVersionNumber", new String[]{"0"});
        this.conn.add(defaultEntry);
    }
}
