package org.apache.directory.server.kerberos.kdc;

import java.io.IOException;
import java.security.PrivilegedAction;
import java.util.Hashtable;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.directory.ldap.client.api.Krb5LoginConfiguration;
import org.apache.directory.server.annotations.CreateKdcServer;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.annotations.SaslMechanism;
import org.apache.directory.server.core.annotations.ContextEntry;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.annotations.CreateIndex;
import org.apache.directory.server.core.annotations.CreatePartition;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.core.jndi.CoreContextFactory;
import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.ldap.handlers.sasl.cramMD5.CramMd5MechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.digestMD5.DigestMd5MechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.gssapi.GssapiMechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.ntlm.NtlmMechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.plain.PlainMechanismHandler;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;

@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")}, saslHost = "localhost", saslPrincipal = "ldap/localhost@EXAMPLE.COM", saslMechanisms = {@SaslMechanism(name = "PLAIN", implClass = PlainMechanismHandler.class), @SaslMechanism(name = "CRAM-MD5", implClass = CramMd5MechanismHandler.class), @SaslMechanism(name = "DIGEST-MD5", implClass = DigestMd5MechanismHandler.class), @SaslMechanism(name = "GSSAPI", implClass = GssapiMechanismHandler.class), @SaslMechanism(name = "NTLM", implClass = NtlmMechanismHandler.class), @SaslMechanism(name = "GSS-SPNEGO", implClass = NtlmMechanismHandler.class)})
@CreateKdcServer(transports = {@CreateTransport(protocol = "UDP", port = 6088), @CreateTransport(protocol = "TCP", port = 6088)})
@RunWith(FrameworkRunner.class)
@CreateDS(name = "SaslGssapiBindITest-class", partitions = {@CreatePartition(name = "example", suffix = "dc=example,dc=com", contextEntry = @ContextEntry(entryLdif = "dn: dc=example,dc=com\ndc: example\nobjectClass: top\nobjectClass: domain\n\n"), indexes = {@CreateIndex(attribute = "objectClass"), @CreateIndex(attribute = "dc"), @CreateIndex(attribute = "ou")})}, additionalInterceptors = {KeyDerivationInterceptor.class})
/* loaded from: input_file:org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.class */
public class SaslGssapiBindITest extends AbstractLdapTestUnit {
    private DirContext ctx;
    protected LdapContext schemaRoot;
    protected LdapContext sysRoot;
    protected CoreSession rootDse;

    /* loaded from: input_file:org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest$CallbackHandlerBean.class */
    private class CallbackHandlerBean implements CallbackHandler {
        private String name;
        private String password;

        public CallbackHandlerBean(String str, String str2) {
            this.name = str;
            this.password = str2;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws UnsupportedCallbackException, IOException {
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(this.name);
                } else {
                    if (!(callback instanceof PasswordCallback)) {
                        throw new UnsupportedCallbackException(callback, I18n.err(I18n.ERR_617, new Object[0]));
                    }
                    ((PasswordCallback) callback).setPassword(this.password.toCharArray());
                }
            }
        }
    }

    public SaslGssapiBindITest() {
        System.setProperty("java.security.krb5.conf", getClass().getClassLoader().getResource("krb5.conf").getFile());
        System.setProperty("sun.security.krb5.debug", "false");
    }

    @Before
    public void setUp() throws Exception {
        String fixServicePrincipalName = KerberosTestUtils.fixServicePrincipalName("ldap/localhost@EXAMPLE.COM", null, getLdapServer());
        setContexts("uid=admin,ou=system", AbstractKerberosITest.USER_PASSWORD);
        Attributes attributes = this.schemaRoot.getAttributes("cn=Krb5kdc");
        boolean z = false;
        if (attributes.get("m-disabled") != null) {
            z = ((String) attributes.get("m-disabled").get()).equalsIgnoreCase("TRUE");
        }
        if (z) {
            this.schemaRoot.modifyAttributes("cn=Krb5kdc", new ModificationItem[]{new ModificationItem(3, new BasicAttribute("m-disabled"))});
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put(DirectoryService.JNDI_KEY, getService());
        hashtable.put("java.naming.factory.initial", "org.apache.directory.server.core.jndi.CoreContextFactory");
        hashtable.put("java.naming.provider.url", "dc=example,dc=com");
        hashtable.put("java.naming.security.principal", "uid=admin,ou=system");
        hashtable.put("java.naming.security.credentials", AbstractKerberosITest.USER_PASSWORD);
        hashtable.put("java.naming.security.authentication", "simple");
        this.ctx = new InitialDirContext(hashtable);
        DirContext createSubcontext = this.ctx.createSubcontext("ou=users", getOrgUnitAttributes("users"));
        createSubcontext.createSubcontext("uid=hnelson", getPrincipalAttributes("Nelson", "Horatio Nelson", AbstractKerberosITest.USER_UID, AbstractKerberosITest.USER_PASSWORD, "hnelson@EXAMPLE.COM"));
        createSubcontext.createSubcontext("uid=krbtgt", getPrincipalAttributes("Service", "KDC Service", "krbtgt", AbstractKerberosITest.USER_PASSWORD, "krbtgt/EXAMPLE.COM@EXAMPLE.COM"));
        createSubcontext.createSubcontext("uid=ldap", getPrincipalAttributes("Service", "LDAP Service", AbstractKerberosITest.LDAP_SERVICE_NAME, "randall", fixServicePrincipalName));
    }

    protected Attributes getPrincipalAttributes(String str, String str2, String str3, String str4, String str5) {
        BasicAttributes basicAttributes = new BasicAttributes(true);
        BasicAttribute basicAttribute = new BasicAttribute("objectClass");
        basicAttribute.add("top");
        basicAttribute.add("person");
        basicAttribute.add("inetOrgPerson");
        basicAttribute.add("krb5principal");
        basicAttribute.add("krb5kdcentry");
        basicAttributes.put(basicAttribute);
        basicAttributes.put("cn", str2);
        basicAttributes.put("sn", str);
        basicAttributes.put("uid", str3);
        basicAttributes.put("userPassword", str4);
        basicAttributes.put("krb5PrincipalName", str5);
        basicAttributes.put("krb5KeyVersionNumber", "0");
        return basicAttributes;
    }

    protected Attributes getOrgUnitAttributes(String str) {
        BasicAttributes basicAttributes = new BasicAttributes(true);
        BasicAttribute basicAttribute = new BasicAttribute("objectClass");
        basicAttribute.add("top");
        basicAttribute.add("organizationalUnit");
        basicAttributes.put(basicAttribute);
        basicAttributes.put("ou", str);
        return basicAttributes;
    }

    @Test
    public void testSaslGssapiBind() {
        kdcServer.getConfig().setPaEncTimestampRequired(false);
        Configuration.setConfiguration(new Krb5LoginConfiguration());
        LoginContext loginContext = null;
        try {
            loginContext = new LoginContext(SaslGssapiBindITest.class.getName(), new CallbackHandlerBean(AbstractKerberosITest.USER_UID, AbstractKerberosITest.USER_PASSWORD));
            loginContext.login();
        } catch (LoginException e) {
            Assert.fail("Authentication failed:  " + e.getMessage());
        }
        Subject.doAs(loginContext.getSubject(), new PrivilegedAction() { // from class: org.apache.directory.server.kerberos.kdc.SaslGssapiBindITest.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    Hashtable hashtable = new Hashtable();
                    hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
                    hashtable.put("java.naming.provider.url", "ldap://localhost:" + AbstractLdapTestUnit.getLdapServer().getPort());
                    hashtable.put("java.naming.security.authentication", "GSSAPI");
                    hashtable.put("javax.security.sasl.qop", "auth-conf");
                    hashtable.put("javax.security.sasl.server.authentication", "true");
                    hashtable.put("javax.security.sasl.strength", "high");
                    Attributes attributes = new InitialDirContext(hashtable).getAttributes("uid=hnelson,ou=users,dc=example,dc=com", new String[]{"uid"});
                    String str = null;
                    if (attributes.get("uid") != null) {
                        str = (String) attributes.get("uid").get();
                    }
                    Assert.assertEquals(str, AbstractKerberosITest.USER_UID);
                    return null;
                } catch (NamingException e2) {
                    Assert.fail("Should not have caught exception:  " + e2.getMessage() + e2.getRootCause());
                    return null;
                }
            }
        });
    }

    @After
    public void tearDown() throws Exception {
        this.ctx.close();
        this.ctx = null;
    }

    protected void setContexts(String str, String str2) throws Exception {
        Hashtable<String, Object> hashtable = new Hashtable<>();
        hashtable.put(DirectoryService.JNDI_KEY, getService());
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", str2);
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.factory.initial", CoreContextFactory.class.getName());
        setContexts(hashtable);
    }

    protected void setContexts(Hashtable<String, Object> hashtable) throws Exception {
        Hashtable hashtable2 = new Hashtable(hashtable);
        hashtable2.put("java.naming.provider.url", "ou=system");
        this.sysRoot = new InitialLdapContext(hashtable2, (Control[]) null);
        hashtable2.put("java.naming.provider.url", "");
        this.rootDse = getService().getAdminSession();
        hashtable2.put("java.naming.provider.url", "ou=schema");
        this.schemaRoot = new InitialLdapContext(hashtable2, (Control[]) null);
    }
}
